0e5f0493fdaeb5cb2ed35e6bc92f14ea8bdb566dd1240e9481f6dcfeeb9bbf23

Resubmissions

02/03/2023, 09:20

230302-lax7wscc44 7

27/02/2023, 12:30

230227-ppk3nadd8s 7

Analysis

max time kernel
392s
max time network
429s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/03/2023, 09:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ChatGPT For Windows Setup 1.0.0.exe
Size

165.9MB
MD5

ab99ccd02b6681210cfccb6b381fdfda
SHA1

e1f277ac2f304a6c0744fe0c151f471766728a54
SHA256

0e5f0493fdaeb5cb2ed35e6bc92f14ea8bdb566dd1240e9481f6dcfeeb9bbf23
SHA512

29b2e8faf4dd0f7d56e31d2c99aa1a696d5f82c9c408607c3a5275a32d6388ff44d9359d9283cb9f80085ff1173ecdde8746d5b8db92566f61d416532c4febff
SSDEEP

3145728:xnd3Ke4rAjBuqvah8YhlSyIGGu40mGgNiqfslqLOUGgByv1EwOWAW6cmCfitnAT:xdae4kdaiY7SyVHvggWsl2OUHyNEwOWP

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 18 IoCs

pid	Process
1792	ChatGPT For Windows.exe
1680	ChatGPTSupport.exe
1996	ChatGPT For Windows.exe
1604	ChatGPT For Windows.exe
928	ChatGPT For Windows.exe
1816	ChatGPT For Windows.exe
1616	ChatGPT For Windows.exe
672	ChatGPT For Windows.exe
1684	ChatGPT For Windows.exe
1948	ChatGPTSupport.exe
1728	ChatGPT For Windows.exe
1944	ChatGPT For Windows.exe
1956	ChatGPT For Windows.exe
1544	ChatGPT For Windows.exe
1764	ChatGPT For Windows.exe
1616	ChatGPT For Windows.exe
1636	ChatGPT For Windows.exe
1652	ChatGPT For Windows.exe

Loads dropped DLL 64 IoCs

pid	Process
1724	ChatGPT For Windows Setup 1.0.0.exe
1724	ChatGPT For Windows Setup 1.0.0.exe
1724	ChatGPT For Windows Setup 1.0.0.exe
1724	ChatGPT For Windows Setup 1.0.0.exe
1724	ChatGPT For Windows Setup 1.0.0.exe
1724	ChatGPT For Windows Setup 1.0.0.exe
1724	ChatGPT For Windows Setup 1.0.0.exe
1724	ChatGPT For Windows Setup 1.0.0.exe
1724	ChatGPT For Windows Setup 1.0.0.exe
1724	ChatGPT For Windows Setup 1.0.0.exe
1724	ChatGPT For Windows Setup 1.0.0.exe
1252	Process not Found
1252	Process not Found
1252	Process not Found
1252	Process not Found
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1792	ChatGPT For Windows.exe
1568	cmd.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe
1996	ChatGPT For Windows.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run	ChatGPT For Windows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.ChatGPT For Windows = "C:\\Users\\Admin\\AppData\\Local\\Programs\\vbloks\\resources\\resource\\ChatGPTSupport.exe --processStart \"ChatGPT For Windows.exe\" --process-start-args \"--hidden\""	ChatGPT For Windows.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run	ChatGPT For Windows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.ChatGPT For Windows = "C:\\Users\\Admin\\AppData\\Local\\Programs\\vbloks\\resources\\resource\\ChatGPTSupport.exe --processStart \"ChatGPT For Windows.exe\" --process-start-args \"--hidden\""	ChatGPT For Windows.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1724	ChatGPT For Windows Setup 1.0.0.exe
1724	ChatGPT For Windows Setup 1.0.0.exe
1724	ChatGPT For Windows Setup 1.0.0.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1724	ChatGPT For Windows Setup 1.0.0.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1792	ChatGPT For Windows.exe
1684	ChatGPT For Windows.exe

Suspicious use of WriteProcessMemory 54 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 1568	1792	ChatGPT For Windows.exe	30
PID 1792 wrote to memory of 1568	1792	ChatGPT For Windows.exe	30
PID 1792 wrote to memory of 1568	1792	ChatGPT For Windows.exe	30
PID 1568 wrote to memory of 1680	1568	cmd.exe	31
PID 1568 wrote to memory of 1680	1568	cmd.exe	31
PID 1568 wrote to memory of 1680	1568	cmd.exe	31
PID 1792 wrote to memory of 1996	1792	ChatGPT For Windows.exe	33
PID 1792 wrote to memory of 1996	1792	ChatGPT For Windows.exe	33
PID 1792 wrote to memory of 1996	1792	ChatGPT For Windows.exe	33
PID 1792 wrote to memory of 1604	1792	ChatGPT For Windows.exe	34
PID 1792 wrote to memory of 1604	1792	ChatGPT For Windows.exe	34
PID 1792 wrote to memory of 1604	1792	ChatGPT For Windows.exe	34
PID 1792 wrote to memory of 928	1792	ChatGPT For Windows.exe	35
PID 1792 wrote to memory of 928	1792	ChatGPT For Windows.exe	35
PID 1792 wrote to memory of 928	1792	ChatGPT For Windows.exe	35
PID 1792 wrote to memory of 1816	1792	ChatGPT For Windows.exe	36
PID 1792 wrote to memory of 1816	1792	ChatGPT For Windows.exe	36
PID 1792 wrote to memory of 1816	1792	ChatGPT For Windows.exe	36
PID 1792 wrote to memory of 1616	1792	ChatGPT For Windows.exe	37
PID 1792 wrote to memory of 1616	1792	ChatGPT For Windows.exe	37
PID 1792 wrote to memory of 1616	1792	ChatGPT For Windows.exe	37
PID 1792 wrote to memory of 672	1792	ChatGPT For Windows.exe	38
PID 1792 wrote to memory of 672	1792	ChatGPT For Windows.exe	38
PID 1792 wrote to memory of 672	1792	ChatGPT For Windows.exe	38
PID 1684 wrote to memory of 2040	1684	ChatGPT For Windows.exe	40
PID 1684 wrote to memory of 2040	1684	ChatGPT For Windows.exe	40
PID 1684 wrote to memory of 2040	1684	ChatGPT For Windows.exe	40
PID 2040 wrote to memory of 1948	2040	cmd.exe	41
PID 2040 wrote to memory of 1948	2040	cmd.exe	41
PID 2040 wrote to memory of 1948	2040	cmd.exe	41
PID 1684 wrote to memory of 1728	1684	ChatGPT For Windows.exe	43
PID 1684 wrote to memory of 1728	1684	ChatGPT For Windows.exe	43
PID 1684 wrote to memory of 1728	1684	ChatGPT For Windows.exe	43
PID 1684 wrote to memory of 1944	1684	ChatGPT For Windows.exe	44
PID 1684 wrote to memory of 1944	1684	ChatGPT For Windows.exe	44
PID 1684 wrote to memory of 1944	1684	ChatGPT For Windows.exe	44
PID 1684 wrote to memory of 1956	1684	ChatGPT For Windows.exe	45
PID 1684 wrote to memory of 1956	1684	ChatGPT For Windows.exe	45
PID 1684 wrote to memory of 1956	1684	ChatGPT For Windows.exe	45
PID 1684 wrote to memory of 1544	1684	ChatGPT For Windows.exe	46
PID 1684 wrote to memory of 1544	1684	ChatGPT For Windows.exe	46
PID 1684 wrote to memory of 1544	1684	ChatGPT For Windows.exe	46
PID 1684 wrote to memory of 1764	1684	ChatGPT For Windows.exe	47
PID 1684 wrote to memory of 1764	1684	ChatGPT For Windows.exe	47
PID 1684 wrote to memory of 1764	1684	ChatGPT For Windows.exe	47
PID 1684 wrote to memory of 1616	1684	ChatGPT For Windows.exe	48
PID 1684 wrote to memory of 1616	1684	ChatGPT For Windows.exe	48
PID 1684 wrote to memory of 1616	1684	ChatGPT For Windows.exe	48
PID 1684 wrote to memory of 1636	1684	ChatGPT For Windows.exe	49
PID 1684 wrote to memory of 1636	1684	ChatGPT For Windows.exe	49
PID 1684 wrote to memory of 1636	1684	ChatGPT For Windows.exe	49
PID 1684 wrote to memory of 1652	1684	ChatGPT For Windows.exe	50
PID 1684 wrote to memory of 1652	1684	ChatGPT For Windows.exe	50
PID 1684 wrote to memory of 1652	1684	ChatGPT For Windows.exe	50

C:\Users\Admin\AppData\Local\Temp\ChatGPT For Windows Setup 1.0.0.exe
"C:\Users\Admin\AppData\Local\Temp\ChatGPT For Windows Setup 1.0.0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1724

C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
"C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Programs\vbloks\resources\resource\ChatGPTSupport.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1568
- - C:\Users\Admin\AppData\Local\Programs\vbloks\resources\resource\ChatGPTSupport.exe
    C:\Users\Admin\AppData\Local\Programs\vbloks\resources\resource\ChatGPTSupport.exe
    3⤵
    - Executes dropped EXE
    PID:1680
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=renderer --no-sandbox --service-pipe-token=22E42297BDD05A8EB8A61B5AE2C4DE86 --lang=en-US --app-user-model-id="electron.app.ChatGPT For Windows" --app-path="C:\Users\Admin\AppData\Local\Programs\vbloks\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --background-color=#fff --context-id=2 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=22E42297BDD05A8EB8A61B5AE2C4DE86 --renderer-client-id=3 --mojo-platform-channel-handle=1368 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1996
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=renderer --no-sandbox --service-pipe-token=9DC0D349E801F31A6E233EFE17939397 --lang=en-US --app-user-model-id="electron.app.ChatGPT For Windows" --app-path="C:\Users\Admin\AppData\Local\Programs\vbloks\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --background-color=#fff --context-id=2 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=9DC0D349E801F31A6E233EFE17939397 --renderer-client-id=5 --mojo-platform-channel-handle=576 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=gpu-process --no-sandbox --disable-direct-composition --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,13,22,23,24,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --service-request-channel-token=A5C9C068ACE4CEBF5B41F9E28316975A --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=gpu-process --no-sandbox --disable-direct-composition --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,13,22,23,24,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --service-request-channel-token=9D892B98A76B70A0AC73A581B0508EF3 --mojo-platform-channel-handle=2348 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=gpu-process --no-sandbox --disable-direct-composition --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,13,22,23,24,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --service-request-channel-token=FB97ACD2B64451B12B3B25BC3A31D67C --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=gpu-process --no-sandbox --disable-direct-composition --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,13,22,23,24,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --service-request-channel-token=EBEAD17757D950C10CA6A642AB8B3068 --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:672

C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
"C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Programs\vbloks\resources\resource\ChatGPTSupport.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Users\Admin\AppData\Local\Programs\vbloks\resources\resource\ChatGPTSupport.exe
    C:\Users\Admin\AppData\Local\Programs\vbloks\resources\resource\ChatGPTSupport.exe
    3⤵
    - Executes dropped EXE
    PID:1948
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=renderer --no-sandbox --service-pipe-token=0B451FB28F861E592D8781D3EACAEE80 --lang=en-US --app-user-model-id="electron.app.ChatGPT For Windows" --app-path="C:\Users\Admin\AppData\Local\Programs\vbloks\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --background-color=#fff --context-id=2 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=0B451FB28F861E592D8781D3EACAEE80 --renderer-client-id=3 --mojo-platform-channel-handle=1364 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=renderer --no-sandbox --service-pipe-token=DF2102270AEECC965BAB58091D2DFF5C --lang=en-US --app-user-model-id="electron.app.ChatGPT For Windows" --app-path="C:\Users\Admin\AppData\Local\Programs\vbloks\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --background-color=#fff --context-id=2 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=DF2102270AEECC965BAB58091D2DFF5C --renderer-client-id=5 --mojo-platform-channel-handle=576 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=gpu-process --no-sandbox --disable-direct-composition --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,13,22,23,24,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --service-request-channel-token=602377131932860C3B0138AD22B6C80C --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=gpu-process --no-sandbox --disable-direct-composition --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,13,22,23,24,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --service-request-channel-token=47007A3372F5F50158DA4547E64C9541 --mojo-platform-channel-handle=2344 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=gpu-process --no-sandbox --disable-direct-composition --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,13,22,23,24,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --service-request-channel-token=4B61520376D750BE0DC281E5EFFE5A17 --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=gpu-process --no-sandbox --disable-direct-composition --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,13,22,23,24,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --service-request-channel-token=66FC018226D43680B0BA46580404887D --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=renderer --no-sandbox --service-pipe-token=FCD95D75CD4A58932533FBF8BE99402C --lang=en-US --app-user-model-id="electron.app.ChatGPT For Windows" --app-path="C:\Users\Admin\AppData\Local\Programs\vbloks\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --background-color=#fff --context-id=1 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=FCD95D75CD4A58932533FBF8BE99402C --renderer-client-id=11 --mojo-platform-channel-handle=2240 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe
  "C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe" --type=renderer --no-sandbox --service-pipe-token=E17BDAD4264F8AEFC7184679F2383DB2 --lang=en-US --app-user-model-id="electron.app.ChatGPT For Windows" --app-path="C:\Users\Admin\AppData\Local\Programs\vbloks\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --background-color=#fff --context-id=1 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=E17BDAD4264F8AEFC7184679F2383DB2 --renderer-client-id=12 --mojo-platform-channel-handle=1372 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1652

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe

Filesize
64.6MB

MD5
986920d8ab6c83d99ab92d4e3aaea1b1

SHA1
a2e5220db567a0f10b437e46c485be0571eb870c

SHA256
2ab7a1c0accddd712b18f78d3ff0e5585a4288079ef3bd7c3e1b87768a1c2d55

SHA512
024e763d6ffb0b961ab27c6d44020f0bda4c1f688ace012d51518df12757f29456f1508601f7c4f16f3f41d2b6bb8b55958d5fc35043e933bf0826acd274325e

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe

Filesize
64.6MB

MD5
986920d8ab6c83d99ab92d4e3aaea1b1

SHA1
a2e5220db567a0f10b437e46c485be0571eb870c

SHA256
2ab7a1c0accddd712b18f78d3ff0e5585a4288079ef3bd7c3e1b87768a1c2d55

SHA512
024e763d6ffb0b961ab27c6d44020f0bda4c1f688ace012d51518df12757f29456f1508601f7c4f16f3f41d2b6bb8b55958d5fc35043e933bf0826acd274325e

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\MSVCP140.dll

Filesize
618KB

MD5
9ff712c25312821b8aec84c4f8782a34

SHA1
1a7a250d92a59c3af72a9573cffec2fcfa525f33

SHA256
517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094

SHA512
5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\VCRUNTIME140.dll

Filesize
85KB

MD5
edf9d5c18111d82cf10ec99f6afa6b47

SHA1
d247f5b9d4d3061e3d421e0e623595aa40d9493c

SHA256
d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb

SHA512
bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
31e207b01e67b6563d2cf9110d06a1d2

SHA1
f12832e055c0f0d70fc44b4cb0215c17aa948332

SHA256
6b31a206c051815be9f7b366d2a9d2464747a56888a7307a924ecdac558271e1

SHA512
8a19324c8719ad6e7509de44fe79c6614c064daa47c4206a2b6ba4124b45bc4d8785cd51b8877c9ae5a1e0768ee1bba8f98e8d8c17b700aa8dadbd2801035a92

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
f2d12342c68e51aa748d4937f3ec7ded

SHA1
22368cebce89feb929004f73bd0f7236f7050e36

SHA256
6ba964ad55822f55eea14f73a48deb164b337639a82da677fc6efc1c539fe81e

SHA512
1e1440c97237716a6ac63e038d932edd0e7962230bfd6956b8aafa378b344daf92da696f0d1a57b0d71fef3722296b0d02f59b0fc9551e7944c445cc6b2b26a4

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
9b43f5733a98e5c6095996916f889987

SHA1
01ba4d84cb2adf3536c31b1c41375d141dcd2ba1

SHA256
2b7e6b54ebc2b9556e2f75e7372d4b2d16758f928b79395b8a55c7acdca93341

SHA512
b3497f31c155049c68b18d2f28383843bd8b8c078db119c07d63ec1900a6204e266a3bc1503734fd85c3766bddb25029880291e4f6060afe5df82717af6ae092

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
95b0eb891b1e869568a2bf9ab67eab0f

SHA1
09cf1cbb3089fc418eb933d1b4611cca0d4ad327

SHA256
5129795d6e0aeca2fa56aaa56d71d2e9809c2ad77c14265abcb51fe832105e00

SHA512
7b2a74278fb7e51242006dc1e60d0e7cc3ed763eb4e7ed7e9da87797ea81fdb05857de838b745fac03468f85c755fe86331746466c30f87f127172de5524f057

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
215c5909343c6eef550c5bfb9859a542

SHA1
48174742989e4886c123157952f966528a4be963

SHA256
d95346a16d088e510def0eff7cbdcb71d70adf335d0a88a7838c9476590c8f8c

SHA512
ec00cf8ce3d74bee680b96418f3fe75bcfd2de54441d7818fb62fad73034b07bef0aae36dd0ac34fc85a9669636cdfa0d647e21a871a676feba09251a5f0fe15

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
69d1c46b9927d1c7cad8dfb5e18ab7ab

SHA1
1917be91adb466085678ebe036643cb187a7f4d5

SHA256
23f035627abed3460e6dbe8436e5b608c7c30f69091011f655f10ee49ebfd282

SHA512
365dbc3811b9bc2417937e433b7b748080c3ca1f4fc1b361117db46fd9dcfe49d948407dca33ca75d307b0e7f7919cc3550caa16e6950f10b0f46d16cbd36172

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-conio-l1-1-0.dll

Filesize
19KB

MD5
3f14aadfaf34257f399ddb6c554d8a51

SHA1
695f7a5d42fd16109ad744a2b215dbd4543e2b84

SHA256
edf658d7655b524f5158b69a189d9715f87ceac701a055acc23ce608e4ea0774

SHA512
002a34bb9210401270f321eb973afd1fd807a3dc395fcd69adbcabca413d77ea748f78f70c61818da52902a74d38ffc9a5b655887d9336a02355072b421cae22

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
e3495c380c381670908355181787d7ea

SHA1
30b2d379cf483e3394a462a5824092e555974f26

SHA256
b353bd22b97fd3704557a99359c9ea0b4e0ad8b7e43b5e21700dabd1a1d84923

SHA512
be973074be09fb0e11d4819c0a04d07daad5bf82d3b2c689ab9a5a6d74d39bd24cf526bcfd926f69f5986f0dbfce2d3b4e21a2449ad8e6e9a8a2cfd52b572868

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
5746d1dc01f0a069f009ecd7f8738c41

SHA1
5d8696c5cfab3b9c91806a95c9a84d539a4500a3

SHA256
325e7bb5c8a3c7f9db8698a570b7d9d9424a028d51f937a2dff3dc5ff0b6e457

SHA512
c73d63216f0bfda185928172b737aa652ba30d88471b22c5161b162bd5d68d7b60c3b90af648cc7c1c2b409af416383db106abf8366733ba4c61f3f104c8db41

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
c8211d9a8f2595c9ee6f75c9b6d5cb29

SHA1
f90ee7350a2d922f5ab614a43c81a42604a86306

SHA256
b78607f566599e92bfa8ff5de0f28c439207abf17f274a045500a0d107287d41

SHA512
846583349a448d2df8b4a9957a72b6734b0e394135cef6b03bdf197c6752c9e688e47c7d51ce4825f20f47d933ff9133b481b4daec6b0ec729a739b157617377

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
28579ca40c9e19cc6dc23dfb8b6871cd

SHA1
804cdccdb65ad15e016072b5d6f9843096140864

SHA256
a57d8275c34c1094f6a4535e23c7bee4759532e08776ff84c5fe487c0f925eb4

SHA512
9489cdc3d5df75dd2686ea82dd689aae0a4fd503d2831091c10bc53820320b4947cd9f321501448d258b219516e5d9aaf6790f13189248835ba20b2f86674b9c

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
4140ee5c6ea9f933c483615141fd54fe

SHA1
3ef9da0df943f56f1838853fc5406280b2823516

SHA256
29abdc8c5396132b004e6751464641b8f0562249333b2257a1d2eb4aecc8d9dc

SHA512
1cc86a050dcd1619e9e2cc9aa37c76da21e4a4d8f1700916c5ff6ed883d3c4218df17b1980a4875c803f5a5de5b80b45ebe5f0fd20b38726fe6cd8d8039d49a2

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-math-l1-1-0.dll

Filesize
26KB

MD5
6c7d9c87af17330357fdb7f39751080b

SHA1
3a1dd4a6290d0c9764e43f430bb447ae4cce674d

SHA256
6a9dd5a4e52c1aa0e341e35e9dc1a6fbf476ebacd64add3a53c146f019a9a4c6

SHA512
d03b8c177b81dd7d55cb1c2dc76301d52ff6d0cbef61398bffd9d113814fa64801196414abefb2f635cbc3e28de3960a47f4b6d6170fe252ac0642701de75d27

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
26KB

MD5
0cad941678316da4f162c2d65600f578

SHA1
b14d054e8f787e22b352aefbec819b381a64010c

SHA256
acb97f64896cb96cea09c2a2e691a8e2302885150a0699aa0ac0593bcdc89e9f

SHA512
2d505027a60b4d2964d869a69756242e537f064633df63a4ffc45aa2df0bfc9ac483aa4455aceb7afa8ebb30d5b685955ad4a14170c891cbdee693c9cb601886

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
21KB

MD5
f576fd38085005b4ab2ff1dacd293c48

SHA1
75074cfc7543b34f0bcace916370413055dee2ae

SHA256
6e794d0fad29cc5bdd5d0511fd923d3434ed122cff0ed697903900c93c807582

SHA512
3887ba832965e3bbe248002e926b0ea8374b4755e6b736c25850088287790e20052d3334000eb7afc2c86fd2a14ba05d5e564c1bd811d8baa8e524f4f7fcfc25

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
1cec55e31418a818093c73e96bd41973

SHA1
69a57fb9c17ccfd607749d8e9c8e80792904ea44

SHA256
513bb1dd16be7491ced8fa2494b604257285f76062525685c2991391d0c048c3

SHA512
31f0e1f4ec0e8b94f4fe403f182596839c916f5d810b8d81c1f399868d18c68192a1362f03f9983d92cb7b7c8575421da12c345838321c95d056c20517ee9b55

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
e730cd977ac7f60f0824775e39c8fd2c

SHA1
fdfaf759a360293687bd2838b7d9feb628edaf5b

SHA256
63de06332e8ff15a5bff699e70ed2537a9d273ba62463fa16265d261f3c5bb31

SHA512
d6a30e82a061f7e5f27aaa928819ebefff2bb5963ab7d4be33d41e0099576b1e7d0c671082fa08ce0e1bd8e89c4dc8ae427a22f0162ac05b8a0259392bb50fe8

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
090027e2a3ef8d8ebf9ced36fdc7b492

SHA1
bc75462090e7b95a44c9d22ddec394da30d4b6e4

SHA256
803b6f86f178e71f462dfdd6521c9f4791059c1fab5dc86de17c34c25e55f8bd

SHA512
4ba291e44be86ab8e2f3619155ad503d68e65f84eab0870844c23893b5c169a1fe85fb1feb6cd0ba692373d84b40db3e8fcec3ad231899a0f3ffbecc971fe48b

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
6bc85715c6a0006cdeff1b3d7ffd796f

SHA1
fac4bdf44990b06c7a1c2ffed214ebd710264b3f

SHA256
7a578dd2ceb4387ae8f67f6a82ab553ca1570d1588ab6645859e5625585af95c

SHA512
a8ed5d78d973efd248971795dc1e3a6e27421746d2c7d47740e846a7e19f3153e7a7e508327a20edf9a2354dbc82da6985e1e212474a066c905a00a32de99bc7

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\ffmpeg.dll

Filesize
1.9MB

MD5
b6fb618728926017ee8c9509ce2f67fa

SHA1
82632736becff2f089cdbaf443b06a77353efade

SHA256
70261a9b27668b88a6c82350067b9eef2f2f4bc48a98e1495f38bc49d8c79047

SHA512
cf8f5f42a558ba27a7b7abe2c29878ad9c22a887de22f9d384226c81994f422f8bccb76c52ad1b5bb7505f2a4c8581f421e197dc8c4fb96b543de219f62b3198

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\node.dll

Filesize
17.0MB

MD5
18d3b17c5008b0e021651f13a1aa255d

SHA1
1fbaa3c6cebdc76ce041c986b4f49f80c11dd9fa

SHA256
77dc18092a56886a5236cd0927585c7045eff2abe03b6c38235cab135dd14235

SHA512
841e38d88cadea44126f7bbff2bdc302a02182f85977389b786a0f23b061d3ec9ce9ebdf086c29c18955f6e92692da142af6284947e0ca69c1a46aae6b7a6156

Download Submit
C:\Users\Admin\AppData\Local\Programs\vbloks\ucrtbase.DLL

Filesize
977KB

MD5
5b1c91b53ac3c3026d50de8c05aba139

SHA1
b9c2d160b1ce856d9904a340362236473a3d559c

SHA256
d804ea40eacfc22a5e029b66d6d4f83d81f76a7ead80313b33839253f90af6b7

SHA512
8e01056830e65320d684245bf055305e03ef136545efb51aad484a5b1b006f7d534c30b7973da8628f49c31710ae23d3420f941156c941172b97efe9e1ef9a1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj281C.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj281C.tmp\StdUtils.dll

Filesize
101KB

MD5
33b4e69e7835e18b9437623367dd1787

SHA1
53afa03edaf931abdc2d828e5a2c89ad573d926c

SHA256
72d38ef115e71fc73dc5978987c583fc8c6b50ff12e4a5d30649a4d164a8b6ae

SHA512
ca890e785d1a0a7e0b4a748416fba417826ae66b46e600f407d4e795b444612a8b830f579f2cf5b6e051bea800604f34f8801cc3daf05c8d29ad05bcda454a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj281C.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj281C.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj281C.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj281C.tmp\nsis7z.dll

Filesize
391KB

MD5
c6a070b3e68b292bb0efc9b26e85e9cc

SHA1
5a922b96eda6595a68fd0a9051236162ff2e2ada

SHA256
66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b

SHA512
8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8

Download Submit
C:\Users\Admin\AppData\Roaming\vbloks\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe

Filesize
64.6MB

MD5
986920d8ab6c83d99ab92d4e3aaea1b1

SHA1
a2e5220db567a0f10b437e46c485be0571eb870c

SHA256
2ab7a1c0accddd712b18f78d3ff0e5585a4288079ef3bd7c3e1b87768a1c2d55

SHA512
024e763d6ffb0b961ab27c6d44020f0bda4c1f688ace012d51518df12757f29456f1508601f7c4f16f3f41d2b6bb8b55958d5fc35043e933bf0826acd274325e

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe

Filesize
64.6MB

MD5
986920d8ab6c83d99ab92d4e3aaea1b1

SHA1
a2e5220db567a0f10b437e46c485be0571eb870c

SHA256
2ab7a1c0accddd712b18f78d3ff0e5585a4288079ef3bd7c3e1b87768a1c2d55

SHA512
024e763d6ffb0b961ab27c6d44020f0bda4c1f688ace012d51518df12757f29456f1508601f7c4f16f3f41d2b6bb8b55958d5fc35043e933bf0826acd274325e

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe

Filesize
64.6MB

MD5
986920d8ab6c83d99ab92d4e3aaea1b1

SHA1
a2e5220db567a0f10b437e46c485be0571eb870c

SHA256
2ab7a1c0accddd712b18f78d3ff0e5585a4288079ef3bd7c3e1b87768a1c2d55

SHA512
024e763d6ffb0b961ab27c6d44020f0bda4c1f688ace012d51518df12757f29456f1508601f7c4f16f3f41d2b6bb8b55958d5fc35043e933bf0826acd274325e

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe

Filesize
64.6MB

MD5
986920d8ab6c83d99ab92d4e3aaea1b1

SHA1
a2e5220db567a0f10b437e46c485be0571eb870c

SHA256
2ab7a1c0accddd712b18f78d3ff0e5585a4288079ef3bd7c3e1b87768a1c2d55

SHA512
024e763d6ffb0b961ab27c6d44020f0bda4c1f688ace012d51518df12757f29456f1508601f7c4f16f3f41d2b6bb8b55958d5fc35043e933bf0826acd274325e

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe

Filesize
64.6MB

MD5
986920d8ab6c83d99ab92d4e3aaea1b1

SHA1
a2e5220db567a0f10b437e46c485be0571eb870c

SHA256
2ab7a1c0accddd712b18f78d3ff0e5585a4288079ef3bd7c3e1b87768a1c2d55

SHA512
024e763d6ffb0b961ab27c6d44020f0bda4c1f688ace012d51518df12757f29456f1508601f7c4f16f3f41d2b6bb8b55958d5fc35043e933bf0826acd274325e

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe

Filesize
64.6MB

MD5
986920d8ab6c83d99ab92d4e3aaea1b1

SHA1
a2e5220db567a0f10b437e46c485be0571eb870c

SHA256
2ab7a1c0accddd712b18f78d3ff0e5585a4288079ef3bd7c3e1b87768a1c2d55

SHA512
024e763d6ffb0b961ab27c6d44020f0bda4c1f688ace012d51518df12757f29456f1508601f7c4f16f3f41d2b6bb8b55958d5fc35043e933bf0826acd274325e

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe

Filesize
64.6MB

MD5
986920d8ab6c83d99ab92d4e3aaea1b1

SHA1
a2e5220db567a0f10b437e46c485be0571eb870c

SHA256
2ab7a1c0accddd712b18f78d3ff0e5585a4288079ef3bd7c3e1b87768a1c2d55

SHA512
024e763d6ffb0b961ab27c6d44020f0bda4c1f688ace012d51518df12757f29456f1508601f7c4f16f3f41d2b6bb8b55958d5fc35043e933bf0826acd274325e

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\ChatGPT For Windows.exe

Filesize
64.6MB

MD5
986920d8ab6c83d99ab92d4e3aaea1b1

SHA1
a2e5220db567a0f10b437e46c485be0571eb870c

SHA256
2ab7a1c0accddd712b18f78d3ff0e5585a4288079ef3bd7c3e1b87768a1c2d55

SHA512
024e763d6ffb0b961ab27c6d44020f0bda4c1f688ace012d51518df12757f29456f1508601f7c4f16f3f41d2b6bb8b55958d5fc35043e933bf0826acd274325e

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
31e207b01e67b6563d2cf9110d06a1d2

SHA1
f12832e055c0f0d70fc44b4cb0215c17aa948332

SHA256
6b31a206c051815be9f7b366d2a9d2464747a56888a7307a924ecdac558271e1

SHA512
8a19324c8719ad6e7509de44fe79c6614c064daa47c4206a2b6ba4124b45bc4d8785cd51b8877c9ae5a1e0768ee1bba8f98e8d8c17b700aa8dadbd2801035a92

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
f2d12342c68e51aa748d4937f3ec7ded

SHA1
22368cebce89feb929004f73bd0f7236f7050e36

SHA256
6ba964ad55822f55eea14f73a48deb164b337639a82da677fc6efc1c539fe81e

SHA512
1e1440c97237716a6ac63e038d932edd0e7962230bfd6956b8aafa378b344daf92da696f0d1a57b0d71fef3722296b0d02f59b0fc9551e7944c445cc6b2b26a4

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
9b43f5733a98e5c6095996916f889987

SHA1
01ba4d84cb2adf3536c31b1c41375d141dcd2ba1

SHA256
2b7e6b54ebc2b9556e2f75e7372d4b2d16758f928b79395b8a55c7acdca93341

SHA512
b3497f31c155049c68b18d2f28383843bd8b8c078db119c07d63ec1900a6204e266a3bc1503734fd85c3766bddb25029880291e4f6060afe5df82717af6ae092

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
95b0eb891b1e869568a2bf9ab67eab0f

SHA1
09cf1cbb3089fc418eb933d1b4611cca0d4ad327

SHA256
5129795d6e0aeca2fa56aaa56d71d2e9809c2ad77c14265abcb51fe832105e00

SHA512
7b2a74278fb7e51242006dc1e60d0e7cc3ed763eb4e7ed7e9da87797ea81fdb05857de838b745fac03468f85c755fe86331746466c30f87f127172de5524f057

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
215c5909343c6eef550c5bfb9859a542

SHA1
48174742989e4886c123157952f966528a4be963

SHA256
d95346a16d088e510def0eff7cbdcb71d70adf335d0a88a7838c9476590c8f8c

SHA512
ec00cf8ce3d74bee680b96418f3fe75bcfd2de54441d7818fb62fad73034b07bef0aae36dd0ac34fc85a9669636cdfa0d647e21a871a676feba09251a5f0fe15

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
69d1c46b9927d1c7cad8dfb5e18ab7ab

SHA1
1917be91adb466085678ebe036643cb187a7f4d5

SHA256
23f035627abed3460e6dbe8436e5b608c7c30f69091011f655f10ee49ebfd282

SHA512
365dbc3811b9bc2417937e433b7b748080c3ca1f4fc1b361117db46fd9dcfe49d948407dca33ca75d307b0e7f7919cc3550caa16e6950f10b0f46d16cbd36172

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-conio-l1-1-0.dll

Filesize
19KB

MD5
3f14aadfaf34257f399ddb6c554d8a51

SHA1
695f7a5d42fd16109ad744a2b215dbd4543e2b84

SHA256
edf658d7655b524f5158b69a189d9715f87ceac701a055acc23ce608e4ea0774

SHA512
002a34bb9210401270f321eb973afd1fd807a3dc395fcd69adbcabca413d77ea748f78f70c61818da52902a74d38ffc9a5b655887d9336a02355072b421cae22

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
e3495c380c381670908355181787d7ea

SHA1
30b2d379cf483e3394a462a5824092e555974f26

SHA256
b353bd22b97fd3704557a99359c9ea0b4e0ad8b7e43b5e21700dabd1a1d84923

SHA512
be973074be09fb0e11d4819c0a04d07daad5bf82d3b2c689ab9a5a6d74d39bd24cf526bcfd926f69f5986f0dbfce2d3b4e21a2449ad8e6e9a8a2cfd52b572868

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
5746d1dc01f0a069f009ecd7f8738c41

SHA1
5d8696c5cfab3b9c91806a95c9a84d539a4500a3

SHA256
325e7bb5c8a3c7f9db8698a570b7d9d9424a028d51f937a2dff3dc5ff0b6e457

SHA512
c73d63216f0bfda185928172b737aa652ba30d88471b22c5161b162bd5d68d7b60c3b90af648cc7c1c2b409af416383db106abf8366733ba4c61f3f104c8db41

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
c8211d9a8f2595c9ee6f75c9b6d5cb29

SHA1
f90ee7350a2d922f5ab614a43c81a42604a86306

SHA256
b78607f566599e92bfa8ff5de0f28c439207abf17f274a045500a0d107287d41

SHA512
846583349a448d2df8b4a9957a72b6734b0e394135cef6b03bdf197c6752c9e688e47c7d51ce4825f20f47d933ff9133b481b4daec6b0ec729a739b157617377

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
28579ca40c9e19cc6dc23dfb8b6871cd

SHA1
804cdccdb65ad15e016072b5d6f9843096140864

SHA256
a57d8275c34c1094f6a4535e23c7bee4759532e08776ff84c5fe487c0f925eb4

SHA512
9489cdc3d5df75dd2686ea82dd689aae0a4fd503d2831091c10bc53820320b4947cd9f321501448d258b219516e5d9aaf6790f13189248835ba20b2f86674b9c

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
4140ee5c6ea9f933c483615141fd54fe

SHA1
3ef9da0df943f56f1838853fc5406280b2823516

SHA256
29abdc8c5396132b004e6751464641b8f0562249333b2257a1d2eb4aecc8d9dc

SHA512
1cc86a050dcd1619e9e2cc9aa37c76da21e4a4d8f1700916c5ff6ed883d3c4218df17b1980a4875c803f5a5de5b80b45ebe5f0fd20b38726fe6cd8d8039d49a2

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-math-l1-1-0.dll

Filesize
26KB

MD5
6c7d9c87af17330357fdb7f39751080b

SHA1
3a1dd4a6290d0c9764e43f430bb447ae4cce674d

SHA256
6a9dd5a4e52c1aa0e341e35e9dc1a6fbf476ebacd64add3a53c146f019a9a4c6

SHA512
d03b8c177b81dd7d55cb1c2dc76301d52ff6d0cbef61398bffd9d113814fa64801196414abefb2f635cbc3e28de3960a47f4b6d6170fe252ac0642701de75d27

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
26KB

MD5
0cad941678316da4f162c2d65600f578

SHA1
b14d054e8f787e22b352aefbec819b381a64010c

SHA256
acb97f64896cb96cea09c2a2e691a8e2302885150a0699aa0ac0593bcdc89e9f

SHA512
2d505027a60b4d2964d869a69756242e537f064633df63a4ffc45aa2df0bfc9ac483aa4455aceb7afa8ebb30d5b685955ad4a14170c891cbdee693c9cb601886

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
21KB

MD5
f576fd38085005b4ab2ff1dacd293c48

SHA1
75074cfc7543b34f0bcace916370413055dee2ae

SHA256
6e794d0fad29cc5bdd5d0511fd923d3434ed122cff0ed697903900c93c807582

SHA512
3887ba832965e3bbe248002e926b0ea8374b4755e6b736c25850088287790e20052d3334000eb7afc2c86fd2a14ba05d5e564c1bd811d8baa8e524f4f7fcfc25

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
1cec55e31418a818093c73e96bd41973

SHA1
69a57fb9c17ccfd607749d8e9c8e80792904ea44

SHA256
513bb1dd16be7491ced8fa2494b604257285f76062525685c2991391d0c048c3

SHA512
31f0e1f4ec0e8b94f4fe403f182596839c916f5d810b8d81c1f399868d18c68192a1362f03f9983d92cb7b7c8575421da12c345838321c95d056c20517ee9b55

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
e730cd977ac7f60f0824775e39c8fd2c

SHA1
fdfaf759a360293687bd2838b7d9feb628edaf5b

SHA256
63de06332e8ff15a5bff699e70ed2537a9d273ba62463fa16265d261f3c5bb31

SHA512
d6a30e82a061f7e5f27aaa928819ebefff2bb5963ab7d4be33d41e0099576b1e7d0c671082fa08ce0e1bd8e89c4dc8ae427a22f0162ac05b8a0259392bb50fe8

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
090027e2a3ef8d8ebf9ced36fdc7b492

SHA1
bc75462090e7b95a44c9d22ddec394da30d4b6e4

SHA256
803b6f86f178e71f462dfdd6521c9f4791059c1fab5dc86de17c34c25e55f8bd

SHA512
4ba291e44be86ab8e2f3619155ad503d68e65f84eab0870844c23893b5c169a1fe85fb1feb6cd0ba692373d84b40db3e8fcec3ad231899a0f3ffbecc971fe48b

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
6bc85715c6a0006cdeff1b3d7ffd796f

SHA1
fac4bdf44990b06c7a1c2ffed214ebd710264b3f

SHA256
7a578dd2ceb4387ae8f67f6a82ab553ca1570d1588ab6645859e5625585af95c

SHA512
a8ed5d78d973efd248971795dc1e3a6e27421746d2c7d47740e846a7e19f3153e7a7e508327a20edf9a2354dbc82da6985e1e212474a066c905a00a32de99bc7

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\ffmpeg.dll

Filesize
1.9MB

MD5
b6fb618728926017ee8c9509ce2f67fa

SHA1
82632736becff2f089cdbaf443b06a77353efade

SHA256
70261a9b27668b88a6c82350067b9eef2f2f4bc48a98e1495f38bc49d8c79047

SHA512
cf8f5f42a558ba27a7b7abe2c29878ad9c22a887de22f9d384226c81994f422f8bccb76c52ad1b5bb7505f2a4c8581f421e197dc8c4fb96b543de219f62b3198

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\msvcp140.dll

Filesize
618KB

MD5
9ff712c25312821b8aec84c4f8782a34

SHA1
1a7a250d92a59c3af72a9573cffec2fcfa525f33

SHA256
517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094

SHA512
5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\node.dll

Filesize
17.0MB

MD5
18d3b17c5008b0e021651f13a1aa255d

SHA1
1fbaa3c6cebdc76ce041c986b4f49f80c11dd9fa

SHA256
77dc18092a56886a5236cd0927585c7045eff2abe03b6c38235cab135dd14235

SHA512
841e38d88cadea44126f7bbff2bdc302a02182f85977389b786a0f23b061d3ec9ce9ebdf086c29c18955f6e92692da142af6284947e0ca69c1a46aae6b7a6156

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\ucrtbase.dll

Filesize
977KB

MD5
5b1c91b53ac3c3026d50de8c05aba139

SHA1
b9c2d160b1ce856d9904a340362236473a3d559c

SHA256
d804ea40eacfc22a5e029b66d6d4f83d81f76a7ead80313b33839253f90af6b7

SHA512
8e01056830e65320d684245bf055305e03ef136545efb51aad484a5b1b006f7d534c30b7973da8628f49c31710ae23d3420f941156c941172b97efe9e1ef9a1f

Download Submit
\Users\Admin\AppData\Local\Programs\vbloks\vcruntime140.dll

Filesize
85KB

MD5
edf9d5c18111d82cf10ec99f6afa6b47

SHA1
d247f5b9d4d3061e3d421e0e623595aa40d9493c

SHA256
d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb

SHA512
bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

Download Submit
\Users\Admin\AppData\Local\Temp\nsj281C.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsj281C.tmp\StdUtils.dll

Filesize
101KB

MD5
33b4e69e7835e18b9437623367dd1787

SHA1
53afa03edaf931abdc2d828e5a2c89ad573d926c

SHA256
72d38ef115e71fc73dc5978987c583fc8c6b50ff12e4a5d30649a4d164a8b6ae

SHA512
ca890e785d1a0a7e0b4a748416fba417826ae66b46e600f407d4e795b444612a8b830f579f2cf5b6e051bea800604f34f8801cc3daf05c8d29ad05bcda454a77

Download Submit
\Users\Admin\AppData\Local\Temp\nsj281C.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
\Users\Admin\AppData\Local\Temp\nsj281C.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj281C.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj281C.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsj281C.tmp\nsis7z.dll

Filesize
391KB

MD5
c6a070b3e68b292bb0efc9b26e85e9cc

SHA1
5a922b96eda6595a68fd0a9051236162ff2e2ada

SHA256
66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b

SHA512
8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8

Download Submit
memory/1684-719-0x000000013F540000-0x000000014361C000-memory.dmp

Filesize
64.9MB

Download
memory/1684-723-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/1724-576-0x00000000038E0000-0x00000000038E2000-memory.dmp

Filesize
8KB

Download
memory/1792-630-0x000000013FCE0000-0x0000000143DBC000-memory.dmp

Filesize
64.9MB

Download
memory/1792-648-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download