0ec4fd786822cc3ee0716c3185d65f26974b8bad5ac667c33e7305498c9200de

Analysis

max time kernel
128s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-03-2023 10:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Metis.Mod.Launcher.Setup.msi
Size

82.5MB
MD5

9a510715bcb6ed15630ed5c40c38cd3b
SHA1

9e5fb5d404c5428cf1c3db2eee9f7f41e3b56e27
SHA256

0ec4fd786822cc3ee0716c3185d65f26974b8bad5ac667c33e7305498c9200de
SHA512

eb03d52dedad348305e5c6fa3afd81144e337c8978c533f1a08c793b266110a115dc1146794f4603584e5d1a06d2bb56fc4daf2957c995f97f93c2ffa3d11bf0
SSDEEP

1572864:PgJOpcXVaHAd5K15bRM4D2ZGfCjZq19kxNNxAzFchtMrded/3lLXM3XfZ2LhO:PgJoiJDK1vBCLjqk8XEZ0Z2LhO

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	Metis Mod Launcher.exe

Executes dropped EXE 1 IoCs

pid	Process
1400	Metis Mod Launcher.exe

Loads dropped DLL 64 IoCs

pid	Process
5056	MsiExec.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\e_sqlite3.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\pt-BR\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.ComponentModel.EventBasedAsync.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\PresentationFramework.Luna.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Diagnostics.Process.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Runtime.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Drawing.Design.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\tr\WindowsBase.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\ja\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\tr\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\pl\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\Resources\Background_02.png	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\api-ms-win-core-file-l2-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\Microsoft.Extensions.Options.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\zh-Hant\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\spdlog\sinks\qt_sinks.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\Microsoft.Extensions.Caching.Memory.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\toml++\impl\node_view.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\zh-Hant\System.Windows.Controls.Ribbon.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\es\PresentationUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\es\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\it\ReachFramework.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\spdlog\cfg\env.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\ko\WindowsBase.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.IO.IsolatedStorage.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\spdlog\details\windows_include.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\luaconf.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\toml++\impl\key.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\Microsoft.Extensions.FileProviders.Abstractions.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\api-ms-win-crt-string-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\es\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\pt-BR\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\modengine\util\memory_scanner.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\spdlog\details\console_globals.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\Microsoft.Win32.Registry.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\pt-BR\PresentationUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\toml++\impl\source_region.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\Microsoft.VisualBasic.Core.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\api-ms-win-core-file-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\ja\ReachFramework.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\de\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\spdlog\sinks\ansicolor_sink.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Threading.Timer.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\fr\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\fr\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\UIAutomationTypes.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\SQLitePCLRaw.provider.e_sqlite3.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\api-ms-win-core-file-l1-2-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\zh-Hans\PresentationUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\SQLitePCLRaw.core.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\spdlog\fmt\bin_to_hex.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\PresentationNative_cor3.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Private.Xml.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\spdlog\sinks\dist_sink.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\api-ms-win-core-datetime-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\PresentationFramework.Aero.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\Microsoft.Extensions.Configuration.Json.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Runtime.Numerics.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\fmt\xchar.h	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Net.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\PresentationFramework-SystemDrawing.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\win-x86\TCPeasy.dll	msiexec.exe
File created	C:\Program Files (x86)\Metis Mod Launcher\ModEngine2\ModEngine-2.0.0-preview4-win64\modengine2\include\fmt\format.h	msiexec.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\{76CAF7FC-9641-4C0A-8AFA-6D59C069D0A8}\icon.ico	msiexec.exe
File created	C:\Windows\Installer\e5743a2.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5743a0.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\{76CAF7FC-9641-4C0A-8AFA-6D59C069D0A8}\icon.ico	msiexec.exe
File created	C:\Windows\Installer\SourceHash{76CAF7FC-9641-4C0A-8AFA-6D59C069D0A8}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4F1A.tmp	msiexec.exe
File created	C:\Windows\Installer\e5743a0.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a8dca56a4fb650f70000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a8dca56a0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900a8dca56a000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a8dca56a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a8dca56a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E4350CAA-27C9-320E-AC79-71294ABDA592}\InprocServer32\ = "mscoree.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD1C0C7A-BC95-339A-8321-9DBF4803CAF4}\Implemented Categories	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E396945B-2690-377E-A992-12775D444CD7}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}\	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{E1B40E53-356B-32E7-859E-B9A40465E987}\3.1.2.0\CodeBase = "file:///C:\\Program Files (x86)\\Metis Mod Launcher\\win-x86\\Tommy.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2B708A48-52D8-3049-9565-6BA42EE2BE17}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\System.CodeDom.CodeAttributeDeclarationCollection\CLSID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{395C1A4D-AABB-3415-B527-8CB694777B84}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}\	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{943B4474-D661-344E-AD1B-1A1F3C8EA01A}\InprocServer32\4.0.0.0\CodeBase = "file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1898F22E-40B7-37A5-8429-1BE5F8238962}\Implemented Categories	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{943B4474-D661-344E-AD1B-1A1F3C8EA01A}\ProgID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3BA98C3-39CF-3C2D-ADA5-75BD63D7AF08}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56813035-CFF3-3FAC-9D4B-00A12AFA41D0}\InprocServer32\ = "mscoree.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{932861EC-65C4-30F0-905D-905B9CE98979}\InprocServer32\4.0.0.0\RuntimeVersion = "v4.0.30319"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D79B10B1-16A3-3A23-A606-CE1227F3765A}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DE2AE793-C1C1-3C33-8B9C-0D8F90301860}\InprocServer32\4.0.0.0\RuntimeVersion = "v4.0.30319"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\System.CodeDom.CodeLinePragma\CLSID	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{17575EA6-BE56-381E-88E7-74B376743E77}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{24B3BCED-984A-340B-923C-C9B39D94D5A9}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7FD9E7C0-B133-302F-A3A1-42167780CB62}\InprocServer32\Class = "System.CodeDom.CodeParameterDeclarationExpressionCollection"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5E30108-7A5B-398F-B50C-09793C6299E1}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Tommy.TomlDateTimeLocal\ = "Tommy.TomlDateTimeLocal"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{26D06C1F-81BA-33C3-BDE2-49747AA83A11}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{509AF058-A0E5-32E6-AE00-15F8209D31F9}\Implemented Categories	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{395C1A4D-AABB-3415-B527-8CB694777B84}\ = "System.CodeDom.CodePropertySetValueReferenceExpression"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A531374E-FA08-36C6-AF96-31C684EEFC08}\InprocServer32\CodeBase = "file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\System.CodeDom.CodeFieldReferenceExpression\ = "System.CodeDom.CodeFieldReferenceExpression"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\System.CodeDom.CodeEventReferenceExpression\ = "System.CodeDom.CodeEventReferenceExpression"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3DE25AC-25ED-374C-8805-4B6456FA0CB2}\ProgID\ = "System.CodeDom.CodeTypeReference"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21206362-562F-3F08-8F06-4BCFD2C95F29}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{06E6FAA2-7623-396A-B9F1-75D31A17CF27}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{E1B40E53-356B-32E7-859E-B9A40465E987}\3.1.2.0\Class = "Tommy.TOMLParser+ParseState"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{06E6FAA2-7623-396A-B9F1-75D31A17CF27}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{10A98D9F-994D-3762-89B4-2116A95063EE}\InprocServer32\CodeBase = "file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{26D06C1F-81BA-33C3-BDE2-49747AA83A11}\ProgID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7544623F-E6DE-3918-9E10-29AAF16E560B}\InprocServer32\CodeBase = "file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB3BF2D6-DB22-31DF-A6F4-E3707972E10C}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{CB3BF2D6-DB22-31DF-A6F4-E3707972E10C}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD1C0C7A-BC95-339A-8321-9DBF4803CAF4}\InprocServer32\4.0.0.0\Assembly = "System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E396945B-2690-377E-A992-12775D444CD7}\InprocServer32\4.0.0.0\CodeBase = "file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A9E7044-FBD0-3E23-82AE-F0DFB86C0C4E}\ProgID	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{6ACD3B02-EF29-31B9-8958-45B47BAD4A00}\ProgID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3DE25AC-25ED-374C-8805-4B6456FA0CB2}\InprocServer32\CodeBase = "file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{395C1A4D-AABB-3415-B527-8CB694777B84}\InprocServer32\4.0.0.0\Class = "System.CodeDom.CodePropertySetValueReferenceExpression"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{85D435C5-7AF6-30E9-8A0B-C978737C2849}\InprocServer32\4.0.0.0\Class = "System.CodeDom.CodeTypeMemberCollection"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{50B8F431-2117-36FA-A14D-DCCD754355B6}\InprocServer32\Assembly = "Tommy, Version=3.1.2.0, Culture=neutral, PublicKeyToken=null"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Record\{6F0CE718-EB43-36BF-8517-714F01B892AF}\3.1.2.0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2A7A02A4-408D-32C6-B5E2-BC4B57399B0C}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F2E333C-9A04-33AC-95C7-7B0015BEB345}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6FBC1E34-565D-3721-B5C0-5C796540481F}\InprocServer32\Class = "System.CodeDom.CodeTypeDelegate"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{812E9B72-2CCC-364B-9EB8-DA8F4EAE724F}\InprocServer32\CodeBase = "file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD1C0C7A-BC95-339A-8321-9DBF4803CAF4}\ProgID	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\System.ComponentModel.Component\CLSID	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\System.CodeDom.CodeComment	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3E7E9C5-E63A-3F3B-A4F8-096E82664819}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3EA51066-67A2-3CDE-94E6-A765C3E017A8}\InprocServer32\2.3.1.0\Class = "DynamicExpresso.Exceptions.ReflectionNotAllowedException"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36AE2637-C0A4-3214-8A93-AEE1CABD540E}\InprocServer32\Class = "System.CodeDom.CodeMethodReferenceExpression"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5FEA4BE0-D7FC-3DAF-877E-16F181F18BAE}\ProgID\ = "System.CodeDom.CodeDirectionExpression"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{6C1E6791-0558-3CD3-AAB8-C90A2B03EF5F}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\System.CodeDom.CodeVariableDeclarationStatement\ = "System.CodeDom.CodeVariableDeclarationStatement"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{F4267FE0-72E6-34E2-9093-17DEA43078C1}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7544623F-E6DE-3918-9E10-29AAF16E560B}\InprocServer32\4.0.0.0\Class = "System.CodeDom.CodeTypeConstructor"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Tommy.TomlInteger\CLSID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{69DCE654-E184-38E5-BFD6-E0EB6F592A11}\ProgID\ = "System.CodeDom.CodeTypeMember"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC8FC89-D640-32FC-9E9F-04410010E5EC}\Implemented Categories	msiexec.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2412	msiexec.exe
2412	msiexec.exe
1400	Metis Mod Launcher.exe
1400	Metis Mod Launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1192	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1192	msiexec.exe
Token: SeSecurityPrivilege	2412	msiexec.exe
Token: SeCreateTokenPrivilege	1192	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1192	msiexec.exe
Token: SeLockMemoryPrivilege	1192	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1192	msiexec.exe
Token: SeMachineAccountPrivilege	1192	msiexec.exe
Token: SeTcbPrivilege	1192	msiexec.exe
Token: SeSecurityPrivilege	1192	msiexec.exe
Token: SeTakeOwnershipPrivilege	1192	msiexec.exe
Token: SeLoadDriverPrivilege	1192	msiexec.exe
Token: SeSystemProfilePrivilege	1192	msiexec.exe
Token: SeSystemtimePrivilege	1192	msiexec.exe
Token: SeProfSingleProcessPrivilege	1192	msiexec.exe
Token: SeIncBasePriorityPrivilege	1192	msiexec.exe
Token: SeCreatePagefilePrivilege	1192	msiexec.exe
Token: SeCreatePermanentPrivilege	1192	msiexec.exe
Token: SeBackupPrivilege	1192	msiexec.exe
Token: SeRestorePrivilege	1192	msiexec.exe
Token: SeShutdownPrivilege	1192	msiexec.exe
Token: SeDebugPrivilege	1192	msiexec.exe
Token: SeAuditPrivilege	1192	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1192	msiexec.exe
Token: SeChangeNotifyPrivilege	1192	msiexec.exe
Token: SeRemoteShutdownPrivilege	1192	msiexec.exe
Token: SeUndockPrivilege	1192	msiexec.exe
Token: SeSyncAgentPrivilege	1192	msiexec.exe
Token: SeEnableDelegationPrivilege	1192	msiexec.exe
Token: SeManageVolumePrivilege	1192	msiexec.exe
Token: SeImpersonatePrivilege	1192	msiexec.exe
Token: SeCreateGlobalPrivilege	1192	msiexec.exe
Token: SeCreateTokenPrivilege	1192	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1192	msiexec.exe
Token: SeLockMemoryPrivilege	1192	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1192	msiexec.exe
Token: SeMachineAccountPrivilege	1192	msiexec.exe
Token: SeTcbPrivilege	1192	msiexec.exe
Token: SeSecurityPrivilege	1192	msiexec.exe
Token: SeTakeOwnershipPrivilege	1192	msiexec.exe
Token: SeLoadDriverPrivilege	1192	msiexec.exe
Token: SeSystemProfilePrivilege	1192	msiexec.exe
Token: SeSystemtimePrivilege	1192	msiexec.exe
Token: SeProfSingleProcessPrivilege	1192	msiexec.exe
Token: SeIncBasePriorityPrivilege	1192	msiexec.exe
Token: SeCreatePagefilePrivilege	1192	msiexec.exe
Token: SeCreatePermanentPrivilege	1192	msiexec.exe
Token: SeBackupPrivilege	1192	msiexec.exe
Token: SeRestorePrivilege	1192	msiexec.exe
Token: SeShutdownPrivilege	1192	msiexec.exe
Token: SeDebugPrivilege	1192	msiexec.exe
Token: SeAuditPrivilege	1192	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1192	msiexec.exe
Token: SeChangeNotifyPrivilege	1192	msiexec.exe
Token: SeRemoteShutdownPrivilege	1192	msiexec.exe
Token: SeUndockPrivilege	1192	msiexec.exe
Token: SeSyncAgentPrivilege	1192	msiexec.exe
Token: SeEnableDelegationPrivilege	1192	msiexec.exe
Token: SeManageVolumePrivilege	1192	msiexec.exe
Token: SeImpersonatePrivilege	1192	msiexec.exe
Token: SeCreateGlobalPrivilege	1192	msiexec.exe
Token: SeCreateTokenPrivilege	1192	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1192	msiexec.exe
Token: SeLockMemoryPrivilege	1192	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1192	msiexec.exe
1192	msiexec.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1400	Metis Mod Launcher.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 5056	2412	msiexec.exe	95
PID 2412 wrote to memory of 5056	2412	msiexec.exe	95
PID 2412 wrote to memory of 5056	2412	msiexec.exe	95
PID 2412 wrote to memory of 3644	2412	msiexec.exe	102
PID 2412 wrote to memory of 3644	2412	msiexec.exe	102

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Metis.Mod.Launcher.Setup.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1192

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B57D686157AD26074250B6699D71BBBD C
  2⤵
  - Loads dropped DLL
  PID:5056
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3644

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:5044

C:\Program Files (x86)\Metis Mod Launcher\win-x86\Metis Mod Launcher.exe
"C:\Program Files (x86)\Metis Mod Launcher\win-x86\Metis Mod Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1400

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5743a1.rbs

Filesize
373KB

MD5
c6ae4ba6bca914737549c61d9c69026e

SHA1
1dbd556f2163d674e9c8039415d2dacdd3ec54be

SHA256
480f2df5eb65c7b78e821375058434cdccc7d020620dd31172de1824771da8f7

SHA512
1d73af57c17132b29b1afb2baac5ea650d2a049ab974301bedf4df4ab89f497b8e3dc2f638de85e4aefc032e098609bc50187959704b8eecd77cb1431760bf96

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Autofac.dll

Filesize
758KB

MD5
f1649cb4f22b2eeb332000fa357d0303

SHA1
0944af1eee2fc813b0ebe440bba545f54682ae4a

SHA256
d25f7dde25cb43a6319d2d1a011e857a7702546d746257a744ed45f7a233d357

SHA512
9fcab4eddec89ee2b1ad4a7aceb93c16033e7251a4ad1c40bedbf8c1967fc70531c5b23c7437a50ed5be74998deebed0e8085691ee81899ff2a5f81bdb508d32

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Autofac.dll

Filesize
758KB

MD5
f1649cb4f22b2eeb332000fa357d0303

SHA1
0944af1eee2fc813b0ebe440bba545f54682ae4a

SHA256
d25f7dde25cb43a6319d2d1a011e857a7702546d746257a744ed45f7a233d357

SHA512
9fcab4eddec89ee2b1ad4a7aceb93c16033e7251a4ad1c40bedbf8c1967fc70531c5b23c7437a50ed5be74998deebed0e8085691ee81899ff2a5f81bdb508d32

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Castle.Core.dll

Filesize
924KB

MD5
f62c7db43eccacebac01aac53099a03b

SHA1
8eba2e12048b42c08c7ca3c48585119538df7bbd

SHA256
5768945efca8e549f0d4104fd533f99c734867bc625a5c9a50eef38212d26ca1

SHA512
d5009ac37d25bbd9988e8783b8c8bb911a5c3a93a86217b97e464eb0aa61dbe764cf6f453d397a4f5e1503d442aad00851dfeeb146440448fa2c3d4d9beb7cfc

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Castle.Core.dll

Filesize
924KB

MD5
f62c7db43eccacebac01aac53099a03b

SHA1
8eba2e12048b42c08c7ca3c48585119538df7bbd

SHA256
5768945efca8e549f0d4104fd533f99c734867bc625a5c9a50eef38212d26ca1

SHA512
d5009ac37d25bbd9988e8783b8c8bb911a5c3a93a86217b97e464eb0aa61dbe764cf6f453d397a4f5e1503d442aad00851dfeeb146440448fa2c3d4d9beb7cfc

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\CommunityToolkit.Mvvm.dll

Filesize
239KB

MD5
648eb99ccbed0be1a731463088ca7b5c

SHA1
b55fbaa8cbb8ce35934db8af7425066d5889c813

SHA256
8fc1d7c4d9f90bbe4bee41cb95386e05c16db9cc0dcf6c9f7f291c7db8cac9ea

SHA512
1b94a7685eaf13f83feb9bbbafea185682aea3da49be6dc6661dab3bf9dc5f0d9e2db7a53af956c2df4d85475a43910de31f6abe0bfe1f54137ba72846ab9994

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\CommunityToolkit.Mvvm.dll

Filesize
239KB

MD5
648eb99ccbed0be1a731463088ca7b5c

SHA1
b55fbaa8cbb8ce35934db8af7425066d5889c813

SHA256
8fc1d7c4d9f90bbe4bee41cb95386e05c16db9cc0dcf6c9f7f291c7db8cac9ea

SHA512
1b94a7685eaf13f83feb9bbbafea185682aea3da49be6dc6661dab3bf9dc5f0d9e2db7a53af956c2df4d85475a43910de31f6abe0bfe1f54137ba72846ab9994

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Config.Net.dll

Filesize
115KB

MD5
9b4d402d08def1d574cd65af507706c4

SHA1
06101ca68d0d8769ceb21f945da5463a0e9878b2

SHA256
7a312ed559dd7a63b6f81240018838369e73037785c32751abed1c529cb3e2b7

SHA512
6ad9ffd58fa84cfdd98cf957eaf89e42d70e9be7dee13f1995d16784eea1fb9d13bd76fee0f270d71726d97a968aa48f2291da0ffeacbac799c0080add1ef512

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Config.Net.dll

Filesize
115KB

MD5
9b4d402d08def1d574cd65af507706c4

SHA1
06101ca68d0d8769ceb21f945da5463a0e9878b2

SHA256
7a312ed559dd7a63b6f81240018838369e73037785c32751abed1c529cb3e2b7

SHA512
6ad9ffd58fa84cfdd98cf957eaf89e42d70e9be7dee13f1995d16784eea1fb9d13bd76fee0f270d71726d97a968aa48f2291da0ffeacbac799c0080add1ef512

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Metis Mod Launcher.deps.json

Filesize
80KB

MD5
dc1106fe41a8c629962ebada88bf9362

SHA1
c4e7dc03a7d499476ad764ac32b8ccd1ad3c0a2a

SHA256
35f8882e0ba5045aed3b6a5d760bb5cf724c6e6e92d2f015aecbc521b3af42a4

SHA512
d3ca322e85207a289e077312b04a37d3d543363b9411130ffc4a723a7d8187ecd8039a68ef1dc8f69449a0baab3c20a79a4f3d0941805cf4054c5f66852eae6f

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Metis Mod Launcher.dll

Filesize
2.6MB

MD5
ea19a1390a853d3a3e0350bc64375e73

SHA1
c6a9aa853662a4714054e793c8d6de4b5f2580e3

SHA256
ed571b2f8a7694ff67deed3bc589390f7429964fed18e837d97774e07782e567

SHA512
d96381385c153be785da8af26eea2e19ee22ed3ce89ce9aea1f09919ca2be6332aafe26a68a43f6bf087070e74b8e837c0a3849f3c4ab566b06db8c312aa7173

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Metis Mod Launcher.dll

Filesize
2.6MB

MD5
ea19a1390a853d3a3e0350bc64375e73

SHA1
c6a9aa853662a4714054e793c8d6de4b5f2580e3

SHA256
ed571b2f8a7694ff67deed3bc589390f7429964fed18e837d97774e07782e567

SHA512
d96381385c153be785da8af26eea2e19ee22ed3ce89ce9aea1f09919ca2be6332aafe26a68a43f6bf087070e74b8e837c0a3849f3c4ab566b06db8c312aa7173

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Metis Mod Launcher.exe

Filesize
268KB

MD5
f89174a85e2f8255cde629ceff3278e2

SHA1
9e93df6d11347ec05336e94c113960b87f3f83dd

SHA256
c0dec2b03c136e17b06fda06264761c8eed757777d1eb3e1c21c1f4996ce93f6

SHA512
ecaf2a342ccb7f4a935aec405aca95efea46958718a592df21af99170903b9a96369bbe292ef5009e6ffc28a6d7e5522f07688784bdb93e0f1b5b67887155d24

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Metis Mod Launcher.exe

Filesize
268KB

MD5
f89174a85e2f8255cde629ceff3278e2

SHA1
9e93df6d11347ec05336e94c113960b87f3f83dd

SHA256
c0dec2b03c136e17b06fda06264761c8eed757777d1eb3e1c21c1f4996ce93f6

SHA512
ecaf2a342ccb7f4a935aec405aca95efea46958718a592df21af99170903b9a96369bbe292ef5009e6ffc28a6d7e5522f07688784bdb93e0f1b5b67887155d24

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Metis Mod Launcher.runtimeconfig.json

Filesize
451B

MD5
750e686d3dd41f783ad24c1287af3562

SHA1
8089bb60bc765ccfeb667d382a2354c1a56a3ad3

SHA256
23da3143c033fa4dd5e71dfa1d6cab5873d703c9ac32f3ba1d662cf4a8e9064a

SHA512
bfc3637a0bbd59dfa7f066e438917fd50a2b3201d48de2d44c08978899c509fdb9f83dce86ec80a583a61cbd0ec4babf3b30a2e60629b68abf012189b2f75668

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Microsoft.Win32.Primitives.dll

Filesize
24KB

MD5
b8ecb05ac25f84f005b8695f34d00090

SHA1
961d360049a4d231b8e6241fb193993d79fcfd5d

SHA256
a250218cef9459b2587e071aac677564955f797f2a5e4b61288ba0ed7f164571

SHA512
749668964760169a4512549dc2438ee4bc702e3dd21469246cc8287a2af094500c094233338c4e71c1287bb2ba13e219886088f5f5d07ebd263e48b1583c21c6

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\Microsoft.Win32.Primitives.dll

Filesize
24KB

MD5
b8ecb05ac25f84f005b8695f34d00090

SHA1
961d360049a4d231b8e6241fb193993d79fcfd5d

SHA256
a250218cef9459b2587e071aac677564955f797f2a5e4b61288ba0ed7f164571

SHA512
749668964760169a4512549dc2438ee4bc702e3dd21469246cc8287a2af094500c094233338c4e71c1287bb2ba13e219886088f5f5d07ebd263e48b1583c21c6

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\PowerArgs.dll

Filesize
762KB

MD5
1b5b876e3ad4631238a2237877d58458

SHA1
51ad56e8ea85d28673be57081e5235351eac5fb0

SHA256
8b1e1c90286cffd80b35b2935b2a32881328e2d751457007013d99208130c71b

SHA512
58286b65738c299e5450b5c1d4133c1ad00e35f11261365b63d38cfe077ce985fb22e1c938b51a956d50e0555044a8dda3100a17f10a097ecd35e9f7dfcc80d3

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\PowerArgs.dll

Filesize
762KB

MD5
1b5b876e3ad4631238a2237877d58458

SHA1
51ad56e8ea85d28673be57081e5235351eac5fb0

SHA256
8b1e1c90286cffd80b35b2935b2a32881328e2d751457007013d99208130c71b

SHA512
58286b65738c299e5450b5c1d4133c1ad00e35f11261365b63d38cfe077ce985fb22e1c938b51a956d50e0555044a8dda3100a17f10a097ecd35e9f7dfcc80d3

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\PresentationFramework.dll

Filesize
14.6MB

MD5
7fd1edeacc217ac9d89c583b36ca26e9

SHA1
9f2f17ec5b64745382bb081d71e9ef213b502e82

SHA256
263629290b0bb8bd1dc51f62ab697e3d93bfa8a9ebe8fde07892e0eae3317519

SHA512
653ec9140e7cb5c189ea34eb1a42b7f2d270af62765ea898c4e9ae9ce0f9da688ae80249336738b61042a23d2bc410feb1c7aadb654c1f77988f1dc0a438a59d

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\PresentationFramework.dll

Filesize
14.6MB

MD5
7fd1edeacc217ac9d89c583b36ca26e9

SHA1
9f2f17ec5b64745382bb081d71e9ef213b502e82

SHA256
263629290b0bb8bd1dc51f62ab697e3d93bfa8a9ebe8fde07892e0eae3317519

SHA512
653ec9140e7cb5c189ea34eb1a42b7f2d270af62765ea898c4e9ae9ce0f9da688ae80249336738b61042a23d2bc410feb1c7aadb654c1f77988f1dc0a438a59d

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Collections.Concurrent.dll

Filesize
219KB

MD5
4cc47fce6561429cb3dfe97152c23916

SHA1
6cae3c8df48472c54204fc327483700b9848c1af

SHA256
5e7bfcd354cd4a46b7a4a4e4b4036335d4e3b8e1f26b5efb8909110555702630

SHA512
96bc623fbec72831509a8967d113f164ceb155bb2c4d7f03fef3f74e07e6b7e21d82b186f71d8928f98e8f7373b1783546024c3c4c7af499f07552a2eb5a6c59

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Collections.Concurrent.dll

Filesize
219KB

MD5
4cc47fce6561429cb3dfe97152c23916

SHA1
6cae3c8df48472c54204fc327483700b9848c1af

SHA256
5e7bfcd354cd4a46b7a4a4e4b4036335d4e3b8e1f26b5efb8909110555702630

SHA512
96bc623fbec72831509a8967d113f164ceb155bb2c4d7f03fef3f74e07e6b7e21d82b186f71d8928f98e8f7373b1783546024c3c4c7af499f07552a2eb5a6c59

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Collections.dll

Filesize
238KB

MD5
8732704758b0fc57983eaf33c53004f5

SHA1
f69c2373ab4779467bddf1e86cb9a038f1eccda0

SHA256
b302f81b6879a84c8761f7915bcca7659f67cdc0a381e1d8ea6c1f4d2605cf69

SHA512
9bab75f7c95733e651b84338e434c4bfacca017407bd7ba39b770ae14ae8f06a3e09ec1ae61f173413a925cbd2aba50c6d03f870a11fdd506fefb5c945c996ff

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Collections.dll

Filesize
238KB

MD5
8732704758b0fc57983eaf33c53004f5

SHA1
f69c2373ab4779467bddf1e86cb9a038f1eccda0

SHA256
b302f81b6879a84c8761f7915bcca7659f67cdc0a381e1d8ea6c1f4d2605cf69

SHA512
9bab75f7c95733e651b84338e434c4bfacca017407bd7ba39b770ae14ae8f06a3e09ec1ae61f173413a925cbd2aba50c6d03f870a11fdd506fefb5c945c996ff

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.ComponentModel.Primitives.dll

Filesize
68KB

MD5
d03732a6c4dc68df7ee79a81ea7d3782

SHA1
6f5b158fdc768904e9fbdd7ef67e62d1318b52ff

SHA256
4c19ef002bf4370381ff45a969553a0513266207aa1b0abeb067a1b712f08877

SHA512
471d16e349c4b7918adc00a4790483cb47a29de00a4738ad71df2dbe2c6f297f83f3c683d8c5890c8658581dad686a087e7d93ed99413435eab6cc83ffb4430c

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.ComponentModel.Primitives.dll

Filesize
68KB

MD5
d03732a6c4dc68df7ee79a81ea7d3782

SHA1
6f5b158fdc768904e9fbdd7ef67e62d1318b52ff

SHA256
4c19ef002bf4370381ff45a969553a0513266207aa1b0abeb067a1b712f08877

SHA512
471d16e349c4b7918adc00a4790483cb47a29de00a4738ad71df2dbe2c6f297f83f3c683d8c5890c8658581dad686a087e7d93ed99413435eab6cc83ffb4430c

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Diagnostics.Process.dll

Filesize
257KB

MD5
37cd5f58f92b1d1abea663ef9447b806

SHA1
bae4068cc06d9345f94ddc50936bb87897701731

SHA256
cb992399413fa44f51d212f2df7c5940991e75e506252df62401ba9755d3b9e6

SHA512
597de24b7d2eb24b1c203e48065c6d745cf1cd2a574d81b2390a9e87cc65655eab2319eacc641310d5e47e7102be9d4b3f60ed95d13004d225813ce190dfeea2

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Diagnostics.Process.dll

Filesize
257KB

MD5
37cd5f58f92b1d1abea663ef9447b806

SHA1
bae4068cc06d9345f94ddc50936bb87897701731

SHA256
cb992399413fa44f51d212f2df7c5940991e75e506252df62401ba9755d3b9e6

SHA512
597de24b7d2eb24b1c203e48065c6d745cf1cd2a574d81b2390a9e87cc65655eab2319eacc641310d5e47e7102be9d4b3f60ed95d13004d225813ce190dfeea2

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Diagnostics.TraceSource.dll

Filesize
112KB

MD5
2d9f895317feeadf87fb955b031b1e84

SHA1
4835321763c5bb9734fe48d9c541940fd77b555f

SHA256
cf9655da22f049c2fac744d87b9dd643569fbd9e77c532f12e7247c182154916

SHA512
465d3d78cb55f0d524ddd4668c3b319c028344b514d24afbec947eb0872b6a50b662cee1b9bf04822a94388211406f6b208c68e44a9ce85f9d846e4a9fd310c3

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Diagnostics.TraceSource.dll

Filesize
112KB

MD5
2d9f895317feeadf87fb955b031b1e84

SHA1
4835321763c5bb9734fe48d9c541940fd77b555f

SHA256
cf9655da22f049c2fac744d87b9dd643569fbd9e77c532f12e7247c182154916

SHA512
465d3d78cb55f0d524ddd4668c3b319c028344b514d24afbec947eb0872b6a50b662cee1b9bf04822a94388211406f6b208c68e44a9ce85f9d846e4a9fd310c3

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Linq.dll

Filesize
471KB

MD5
54afbd767fe07796ea4bee545bfa38c3

SHA1
e2ed4230eec2ed26367eb7366426635eadb31da9

SHA256
6d02ebe45edc283c1fc2f3f6b81893f71492d03459e331c5d3e4b4aa0ecfdfe8

SHA512
26b3de7554bf19dd6d875bb655c53ee4e9a992574a8fe712a21f9eb07f1f6f5f80f1d0985ad0698fdbb2a1e5be7da1239c7597a59cd107dd12dd0006297bf97a

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Linq.dll

Filesize
471KB

MD5
54afbd767fe07796ea4bee545bfa38c3

SHA1
e2ed4230eec2ed26367eb7366426635eadb31da9

SHA256
6d02ebe45edc283c1fc2f3f6b81893f71492d03459e331c5d3e4b4aa0ecfdfe8

SHA512
26b3de7554bf19dd6d875bb655c53ee4e9a992574a8fe712a21f9eb07f1f6f5f80f1d0985ad0698fdbb2a1e5be7da1239c7597a59cd107dd12dd0006297bf97a

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Memory.dll

Filesize
162KB

MD5
5d833237e8257bc7f615af438694418e

SHA1
4186abc241a3d80e1bb3d4531f792def7b2dd190

SHA256
2cee20accfe56c399b37347423e9acd743826e10b3c7676ded837b5a4fe4d11a

SHA512
2384eab97dfaba6e0109331e1802619c0484927487ff78438c5e24ffa2e8b408a642157e41098f2245b643e32bb2756ac7479fe8dfcc1d650e71ebc9330bc7bc

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Memory.dll

Filesize
162KB

MD5
5d833237e8257bc7f615af438694418e

SHA1
4186abc241a3d80e1bb3d4531f792def7b2dd190

SHA256
2cee20accfe56c399b37347423e9acd743826e10b3c7676ded837b5a4fe4d11a

SHA512
2384eab97dfaba6e0109331e1802619c0484927487ff78438c5e24ffa2e8b408a642157e41098f2245b643e32bb2756ac7479fe8dfcc1d650e71ebc9330bc7bc

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Net.Primitives.dll

Filesize
192KB

MD5
a853a8f30a8e8b6bac2f08f272917a02

SHA1
b7f8d6f35b6d5cc0eb4018879daf22a46b24df20

SHA256
c39f196404bd3aa83a71396dacd46286900adfe585fbb68d7727e4994a56e0a4

SHA512
6b8526e656b91ad04f2ec4b7f6f1ca390e824623890e2ee894f23788f81a4750e45dc5829522762bb9c7c6cd8bc7d3b8cde085928acdacae1f207cefc868e7f1

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Net.Primitives.dll

Filesize
192KB

MD5
a853a8f30a8e8b6bac2f08f272917a02

SHA1
b7f8d6f35b6d5cc0eb4018879daf22a46b24df20

SHA256
c39f196404bd3aa83a71396dacd46286900adfe585fbb68d7727e4994a56e0a4

SHA512
6b8526e656b91ad04f2ec4b7f6f1ca390e824623890e2ee894f23788f81a4750e45dc5829522762bb9c7c6cd8bc7d3b8cde085928acdacae1f207cefc868e7f1

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.ObjectModel.dll

Filesize
82KB

MD5
4a2c2aad7797bc6b33f993e602a99d5c

SHA1
8d375ddcd341cbb199154436738a04f72a04dad0

SHA256
c5a1036593cbc72ea2bad33cc69997b7984e6da52f466079a56a2919263d22e3

SHA512
c06f6bd92e25e8b312416528b8a32df8bf11c71744489b20cc4b336c7623056e48c01365ed47d4094c57e3f2db19d45d986cd4469b59e44c6d61681c3ac3b460

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.ObjectModel.dll

Filesize
82KB

MD5
4a2c2aad7797bc6b33f993e602a99d5c

SHA1
8d375ddcd341cbb199154436738a04f72a04dad0

SHA256
c5a1036593cbc72ea2bad33cc69997b7984e6da52f466079a56a2919263d22e3

SHA512
c06f6bd92e25e8b312416528b8a32df8bf11c71744489b20cc4b336c7623056e48c01365ed47d4094c57e3f2db19d45d986cd4469b59e44c6d61681c3ac3b460

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Private.CoreLib.dll

Filesize
9.5MB

MD5
1e537eb4a4e15d6c9574594c65f04535

SHA1
35f86385897055f0663b2643fe919e2de2480230

SHA256
c24c09dd8b230d7aa5649c7244c94b2b832e464aeff430266c2b1e3703b4fa40

SHA512
62f1d1437e5db9fb2840bb404caeda3bb79465855cd03656416f886290570a9cb20f113f600d7b5da6378fae3fb2d80c4d248161730ae7f8c867280e8515ddde

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Private.CoreLib.dll

Filesize
9.5MB

MD5
1e537eb4a4e15d6c9574594c65f04535

SHA1
35f86385897055f0663b2643fe919e2de2480230

SHA256
c24c09dd8b230d7aa5649c7244c94b2b832e464aeff430266c2b1e3703b4fa40

SHA512
62f1d1437e5db9fb2840bb404caeda3bb79465855cd03656416f886290570a9cb20f113f600d7b5da6378fae3fb2d80c4d248161730ae7f8c867280e8515ddde

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Private.Uri.dll

Filesize
241KB

MD5
281f64d78530bc0aca6b31f1fae75618

SHA1
e99a928a5dc51a106f1e945596504da988cbe665

SHA256
9183969e4d79b4b9c65f50143f3b28a461929c92c55cecb06d96a5c338c4a28e

SHA512
6095dcc44d1ab904961ee9d80d5da83c800bac23bcfdf1d3fd455e3474aee959d455cae042aaeefbecfcd344d72d2a46ddb3518cca60184fc3585aae2a8dfcb3

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Private.Uri.dll

Filesize
241KB

MD5
281f64d78530bc0aca6b31f1fae75618

SHA1
e99a928a5dc51a106f1e945596504da988cbe665

SHA256
9183969e4d79b4b9c65f50143f3b28a461929c92c55cecb06d96a5c338c4a28e

SHA512
6095dcc44d1ab904961ee9d80d5da83c800bac23bcfdf1d3fd455e3474aee959d455cae042aaeefbecfcd344d72d2a46ddb3518cca60184fc3585aae2a8dfcb3

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Runtime.dll

Filesize
41KB

MD5
028afa54a7d3fb192c3dc8fdfac95e70

SHA1
255a7d29beccf2e2acf662710914f42910899873

SHA256
eb795776141dcf5b0abd47f746ab56ed754ce2b9644c79f6440a559d9808dace

SHA512
a92210ce1175227d7e674c103fae1f660b02d222288c8c5d46b2432f40cb34dfa5da450e8f7e9b99bd36960883099654344321f09e75a04143adbeb035178f99

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Runtime.dll

Filesize
41KB

MD5
028afa54a7d3fb192c3dc8fdfac95e70

SHA1
255a7d29beccf2e2acf662710914f42910899873

SHA256
eb795776141dcf5b0abd47f746ab56ed754ce2b9644c79f6440a559d9808dace

SHA512
a92210ce1175227d7e674c103fae1f660b02d222288c8c5d46b2432f40cb34dfa5da450e8f7e9b99bd36960883099654344321f09e75a04143adbeb035178f99

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Runtime.dll

Filesize
41KB

MD5
028afa54a7d3fb192c3dc8fdfac95e70

SHA1
255a7d29beccf2e2acf662710914f42910899873

SHA256
eb795776141dcf5b0abd47f746ab56ed754ce2b9644c79f6440a559d9808dace

SHA512
a92210ce1175227d7e674c103fae1f660b02d222288c8c5d46b2432f40cb34dfa5da450e8f7e9b99bd36960883099654344321f09e75a04143adbeb035178f99

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Threading.dll

Filesize
75KB

MD5
e423d2815f082cb81fe1ac977cf424f1

SHA1
9dccddc3f22177a2bc5774ab33c7d3f0baa164f1

SHA256
74fa023e6dc35813ecf19b3ce78cd25b83bedf322d94110081bf1c2cc4e39a6c

SHA512
20322737b3ce1c1be4a63d1d1cc7553c1dd31fb264153ebf9146aaae6fb356f26cd5ee4763aa21fbbcce821c32c6645cfbbfda1ee0e6ee65ea2fd83fab69b2c5

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Threading.dll

Filesize
75KB

MD5
e423d2815f082cb81fe1ac977cf424f1

SHA1
9dccddc3f22177a2bc5774ab33c7d3f0baa164f1

SHA256
74fa023e6dc35813ecf19b3ce78cd25b83bedf322d94110081bf1c2cc4e39a6c

SHA512
20322737b3ce1c1be4a63d1d1cc7553c1dd31fb264153ebf9146aaae6fb356f26cd5ee4763aa21fbbcce821c32c6645cfbbfda1ee0e6ee65ea2fd83fab69b2c5

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Xaml.dll

Filesize
1.2MB

MD5
e8e8f6c2b4da1f46fdfe88a6fb63ad33

SHA1
68522f291375a0ccb6156e10e4a6450210d3d7d3

SHA256
9ed2d3f2565aaae8fef26f8e0b9c3f617d318698aabae0628bbbc82bd420c4e2

SHA512
c3f36efea091065eecea5da132354a356f677c4136dfa12b77afe77bf1810d1d0f4621c7bb1aaa651c001d3ca0e8212b81ef970bdd60219625c62e1e73aebe6f

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\System.Xaml.dll

Filesize
1.2MB

MD5
e8e8f6c2b4da1f46fdfe88a6fb63ad33

SHA1
68522f291375a0ccb6156e10e4a6450210d3d7d3

SHA256
9ed2d3f2565aaae8fef26f8e0b9c3f617d318698aabae0628bbbc82bd420c4e2

SHA512
c3f36efea091065eecea5da132354a356f677c4136dfa12b77afe77bf1810d1d0f4621c7bb1aaa651c001d3ca0e8212b81ef970bdd60219625c62e1e73aebe6f

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\WindowsBase.dll

Filesize
2.0MB

MD5
98c3c3076beba2037fb3fb6efc7afbee

SHA1
3f2eaaf9c2643e04fa244acf427cc0247d0afa14

SHA256
5c23c62cfd706b02bbbad7a69d3abdefcb802f466e0c48aa4d1170935d58b335

SHA512
038853e239a2b7e809eb486c26e1d4a2787d3acfc5605330aef38e45c2135058409923a18f74a9c847625579ee79ee848e85c9112cfaeb73190e2d7b427a617a

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\WindowsBase.dll

Filesize
2.0MB

MD5
98c3c3076beba2037fb3fb6efc7afbee

SHA1
3f2eaaf9c2643e04fa244acf427cc0247d0afa14

SHA256
5c23c62cfd706b02bbbad7a69d3abdefcb802f466e0c48aa4d1170935d58b335

SHA512
038853e239a2b7e809eb486c26e1d4a2787d3acfc5605330aef38e45c2135058409923a18f74a9c847625579ee79ee848e85c9112cfaeb73190e2d7b427a617a

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\clrjit.dll

Filesize
1.2MB

MD5
6c3f3cce4514027f0e07ace6881f586b

SHA1
f847912a2863ccb446d8298e3bcc73eaad1791c8

SHA256
17b8efee641ff1f2c71f2cd1a81d49147b21024da37cbc4ac4d73f4d87565376

SHA512
6cf9f85b2fab40d6b7062a352e02914d8ab153c695992ffc615946aa2580e3250a183ae2e8e1f3fb954c7e34f6652039b11727a949b45677a67e5fec3fedab43

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\clrjit.dll

Filesize
1.2MB

MD5
6c3f3cce4514027f0e07ace6881f586b

SHA1
f847912a2863ccb446d8298e3bcc73eaad1791c8

SHA256
17b8efee641ff1f2c71f2cd1a81d49147b21024da37cbc4ac4d73f4d87565376

SHA512
6cf9f85b2fab40d6b7062a352e02914d8ab153c695992ffc615946aa2580e3250a183ae2e8e1f3fb954c7e34f6652039b11727a949b45677a67e5fec3fedab43

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\coreclr.dll

Filesize
4.1MB

MD5
86a4baaa86b9f2623708c19a0001f405

SHA1
caabece66548b6ddef4b1e711d048fabbe1e8b82

SHA256
32e3f03637d69eb9c7510191de1331a592d6e1b82e847090aa19c55bf9f85ebf

SHA512
59ad38d814104c91e71994b4f8a2112e77910febf045211c1959bcbd812b67d1d006bc6809dfe7fe3f046bdb5bed2a39b75959e9411faa7404ba34bec3287173

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\coreclr.dll

Filesize
4.1MB

MD5
86a4baaa86b9f2623708c19a0001f405

SHA1
caabece66548b6ddef4b1e711d048fabbe1e8b82

SHA256
32e3f03637d69eb9c7510191de1331a592d6e1b82e847090aa19c55bf9f85ebf

SHA512
59ad38d814104c91e71994b4f8a2112e77910febf045211c1959bcbd812b67d1d006bc6809dfe7fe3f046bdb5bed2a39b75959e9411faa7404ba34bec3287173

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\hostfxr.dll

Filesize
303KB

MD5
09f93fa599e90a8a97b5a44a89fb2095

SHA1
cc98292020e3cffad5f2b2c9cd05a0d21e14e172

SHA256
80aa067a03ed0c38788ed9693d654a5b6f9a4d6e85136d2f68104a48d9530cd6

SHA512
4f3fcfb8cfc507adc30c697134c3d6817ae5b4a5ae78378cff195f80970bbe937b0463da5a4ac0fa4dc87c33344c1fe1b9eab9b7b3ff3c875c60ba18f71c0bf8

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\hostfxr.dll

Filesize
303KB

MD5
09f93fa599e90a8a97b5a44a89fb2095

SHA1
cc98292020e3cffad5f2b2c9cd05a0d21e14e172

SHA256
80aa067a03ed0c38788ed9693d654a5b6f9a4d6e85136d2f68104a48d9530cd6

SHA512
4f3fcfb8cfc507adc30c697134c3d6817ae5b4a5ae78378cff195f80970bbe937b0463da5a4ac0fa4dc87c33344c1fe1b9eab9b7b3ff3c875c60ba18f71c0bf8

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\hostpolicy.dll

Filesize
319KB

MD5
863780ab69fce0c619eb82301fce1a20

SHA1
1a3cb2f0ca0a8e8a3665b7e2d5886077506b2cf0

SHA256
794448915c3f47f55cd11d0d9dc34fc505eec16714c398b5896e0f50576a66a9

SHA512
181f3ce2d817b46cb4d779dc245b85967ad2218d41047f2977dab9750ff909395ea84e20a2cc84b06b8caac823ddaf97cee5affa8073ec88435f1af0b873ae2d

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\hostpolicy.dll

Filesize
319KB

MD5
863780ab69fce0c619eb82301fce1a20

SHA1
1a3cb2f0ca0a8e8a3665b7e2d5886077506b2cf0

SHA256
794448915c3f47f55cd11d0d9dc34fc505eec16714c398b5896e0f50576a66a9

SHA512
181f3ce2d817b46cb4d779dc245b85967ad2218d41047f2977dab9750ff909395ea84e20a2cc84b06b8caac823ddaf97cee5affa8073ec88435f1af0b873ae2d

Download Submit
C:\Program Files (x86)\Metis Mod Launcher\win-x86\mscorrc.dll

Filesize
143KB

MD5
37d739af3ec7aef28b01c7a6f8b3ec0e

SHA1
268442a2176d93c2d15886786a08ad2a23936dfa

SHA256
1b7424faa6fa4209d196adda46c92d2c32359e329f0c3f643aa082ace2c14979

SHA512
64d316ed63cbffc35ff344c081c357cab48e6bccf09c6a906478ce97b997856d2a1821ca24cc185a036f853665fd029cf8c481c4e7213c147f16d1e4837c0152

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIF561.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIF561.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Windows\Installer\e5743a0.msi

Filesize
82.5MB

MD5
9a510715bcb6ed15630ed5c40c38cd3b

SHA1
9e5fb5d404c5428cf1c3db2eee9f7f41e3b56e27

SHA256
0ec4fd786822cc3ee0716c3185d65f26974b8bad5ac667c33e7305498c9200de

SHA512
eb03d52dedad348305e5c6fa3afd81144e337c8978c533f1a08c793b266110a115dc1146794f4603584e5d1a06d2bb56fc4daf2957c995f97f93c2ffa3d11bf0

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
11.8MB

MD5
9b333eec25ff54674838eed14f71502d

SHA1
5e6c6025135c337d60a621fb7fc48da46f744fa6

SHA256
4f56ce45d2b3563aada0ee690d2f394f9fdd18c46d8b4c7cbe11b8aeb8c008bf

SHA512
a6b79581863692ea7ca2eaa5fd6e56312ba7c3ad2f1bc9eef0d1e3c29439738a61d9cd99aed7911cf1b237a7d2eb23d008d53f59afe40aee088a0792ffdbd4ae

Download Submit
\??\Volume{6aa5dca8-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{b3ce0b52-29af-42b4-b08a-508b4bfa0e5f}_OnDiskSnapshotProp

Filesize
5KB

MD5
87c83ae89dfcf54e7c16480bdf58c85c

SHA1
240fd5382d74db933abcf62a508b9cf4d81187bd

SHA256
0a7274c3718980deacaf93c0b0335d936d7319c0a2f96260985ca8440451c857

SHA512
6f63d3c09b8d34ad1c038224fa579ecf9099f014a8ce5dcad9ffeedfaba9aa658d177a592403903d2ab029c7fedb243b5d5e905b0fd665cc9d8b9cb8d6c49227

Download Submit