79ce201dd4134cd866038cbc78f9a5758e2f3fcc672b915dd50028ac4e1d3b77

Analysis

max time kernel
158s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mechvibes.Setup.2.3.0.exe
Size

61.7MB
MD5

4a43aeaa5396c88362598883879ba083
SHA1

d17edb9a8d878c517923bcb9385c3c79dbae4823
SHA256

79ce201dd4134cd866038cbc78f9a5758e2f3fcc672b915dd50028ac4e1d3b77
SHA512

59a544304e1027eb1eb16284c6a58d1431720d306f25b2c39ffb406cbd9c2404878b08ce33d56463d0e5fc40b3c998d5d0db241875652c1fb071376ca721fe32
SSDEEP

1572864:1ab4n3FgfVf8VEx66sM9lqbtReXUq4ndx+55D+UVdH:1N3FceEQ6s+QReXUHdx+5xZH

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Mechvibes.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Mechvibes.exe

Executes dropped EXE 4 IoCs

Processes:

Mechvibes.exeMechvibes.exeMechvibes.exeMechvibes.exe

pid process

4388 Mechvibes.exe
3592 Mechvibes.exe
2484 Mechvibes.exe
224 Mechvibes.exe

pid	process
4388	Mechvibes.exe
3592	Mechvibes.exe
2484	Mechvibes.exe
224	Mechvibes.exe

Loads dropped DLL 18 IoCs

Processes:

Mechvibes.Setup.2.3.0.exeMechvibes.exeMechvibes.exeMechvibes.exeMechvibes.exe

pid	process
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
4388	Mechvibes.exe
2484	Mechvibes.exe
3592	Mechvibes.exe
3592	Mechvibes.exe
3592	Mechvibes.exe
3592	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
224	Mechvibes.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Mechvibes.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Windows\CurrentVersion\Run	Mechvibes.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

Mechvibes.Setup.2.3.0.exeMechvibes.exeMechvibes.exe

pid	process
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
2040	Mechvibes.Setup.2.3.0.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
224	Mechvibes.exe
224	Mechvibes.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

Mechvibes.Setup.2.3.0.exeAUDIODG.EXE

description pid process

Token: SeSecurityPrivilege 2040 Mechvibes.Setup.2.3.0.exe
Token: 33 472 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 472 AUDIODG.EXE
Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

Mechvibes.exe

pid process

4388 Mechvibes.exe
4388 Mechvibes.exe
4388 Mechvibes.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

Mechvibes.exe

pid process

4388 Mechvibes.exe
4388 Mechvibes.exe
4388 Mechvibes.exe

description	pid	process
Token: SeSecurityPrivilege	2040	Mechvibes.Setup.2.3.0.exe
Token: 33	472	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	472	AUDIODG.EXE

pid	process
4388	Mechvibes.exe
4388	Mechvibes.exe
4388	Mechvibes.exe

pid	process
4388	Mechvibes.exe
4388	Mechvibes.exe
4388	Mechvibes.exe

Suspicious use of SetWindowsHookEx 20 IoCs

Processes:

Mechvibes.exe

pid	process
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe
2484	Mechvibes.exe

Suspicious use of WriteProcessMemory 44 IoCs

Processes:

Mechvibes.exe

description	pid	process	target process
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 3592	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 2484	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 2484	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 224	4388	Mechvibes.exe	Mechvibes.exe
PID 4388 wrote to memory of 224	4388	Mechvibes.exe	Mechvibes.exe

C:\Users\Admin\AppData\Local\Temp\Mechvibes.Setup.2.3.0.exe
"C:\Users\Admin\AppData\Local\Temp\Mechvibes.Setup.2.3.0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2040

C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
"C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388

C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
"C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe" --type=gpu-process --field-trial-handle=1728,8029698164471654972,12784456547027264557,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=6213064184822398058 --mojo-platform-channel-handle=1736 --ignored=" --type=renderer " /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3592

C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
"C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe" --type=renderer --autoplay-policy=no-user-gesture-required --field-trial-handle=1728,8029698164471654972,12784456547027264557,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar\src\app.js" --background-color=#fff --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16240332640853719236 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2396 /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
"C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe" --type=gpu-process --field-trial-handle=1728,8029698164471654972,12784456547027264557,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=11029788192231806726 --mojo-platform-channel-handle=2536 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:472

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\mechvibes\D3DCompiler_47.dll
Filesize
4.3MB

MD5
57d829f7d174d1a8067612c09cf6566b

SHA1
79ed06500dcee028885b00301f7a9a9155c69b62

SHA256
dca0cd7272a56801dd74d0b253df33a8829bee61f5fa0c6d8e2ed5b62f440dff

SHA512
16936ce02b7445b56d67adf43d896d2dd9bf1f713d5a765fe97c73c72f22ef8915372dd7b04cfdcfad72447924b6e03d8ae0e0565927a2f862433b2860bcfd64

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\chrome_100_percent.pak
Filesize
142KB

MD5
8d56d44c318d122f7931d03ba435f00b

SHA1
387f530e06f79a2a9f7fbf4446c71c31db08e7e0

SHA256
fcb4faaa82d13d90c42dfa0669f67391b3124d30310d0f4c510f31412974cab2

SHA512
03bd2f56f73ad06fe22ebd94fb0de4e37d1771f8a9d82a47ea93002ba4696d906b59d0e25db63e98af10a169a8c3dc9d047cfcbca01030924bf93abe7bce1590

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\chrome_200_percent.pak
Filesize
204KB

MD5
879f88cafa5714994744bde20e7bd2c2

SHA1
d63b55f9f7c0e40f9585cac8a5cb28c0ea9f32ee

SHA256
76126341d0dc2b4b6ddccf30559709e6a856cd47148107808bd18ceb16ed1df3

SHA512
4d70ae16c2656cf3a8aaad00e2ce0ddcc030bf1ad29bbb1d0e90c03f866c413f893b273b8b03aa12c9ea5ae01537ad1d2d1b2c52b35bf7773278121a09a3af9c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\d3dcompiler_47.dll
Filesize
4.3MB

MD5
57d829f7d174d1a8067612c09cf6566b

SHA1
79ed06500dcee028885b00301f7a9a9155c69b62

SHA256
dca0cd7272a56801dd74d0b253df33a8829bee61f5fa0c6d8e2ed5b62f440dff

SHA512
16936ce02b7445b56d67adf43d896d2dd9bf1f713d5a765fe97c73c72f22ef8915372dd7b04cfdcfad72447924b6e03d8ae0e0565927a2f862433b2860bcfd64

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\ffmpeg.dll
Filesize
2.0MB

MD5
757f0b76df3bb477e27aedf5a40d9441

SHA1
4c73d78cfd3c46823ce78c09d3b44ef1ce38b9ea

SHA256
a7edad43f8bb9550f8d45d3079439c2888bd6b49fc92aadc6d24e5ba1d5cd6c8

SHA512
93dcb3caff8e21aed731c28933f46ef717be6c88151fdf7b3e6f884ddb8f799f686c8a9f72c8ae7272186070e0f168f67659f2e921d8ae34f1c7197df4d5db20

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\ffmpeg.dll
Filesize
2.0MB

MD5
757f0b76df3bb477e27aedf5a40d9441

SHA1
4c73d78cfd3c46823ce78c09d3b44ef1ce38b9ea

SHA256
a7edad43f8bb9550f8d45d3079439c2888bd6b49fc92aadc6d24e5ba1d5cd6c8

SHA512
93dcb3caff8e21aed731c28933f46ef717be6c88151fdf7b3e6f884ddb8f799f686c8a9f72c8ae7272186070e0f168f67659f2e921d8ae34f1c7197df4d5db20

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\ffmpeg.dll
Filesize
2.0MB

MD5
757f0b76df3bb477e27aedf5a40d9441

SHA1
4c73d78cfd3c46823ce78c09d3b44ef1ce38b9ea

SHA256
a7edad43f8bb9550f8d45d3079439c2888bd6b49fc92aadc6d24e5ba1d5cd6c8

SHA512
93dcb3caff8e21aed731c28933f46ef717be6c88151fdf7b3e6f884ddb8f799f686c8a9f72c8ae7272186070e0f168f67659f2e921d8ae34f1c7197df4d5db20

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\ffmpeg.dll
Filesize
2.0MB

MD5
757f0b76df3bb477e27aedf5a40d9441

SHA1
4c73d78cfd3c46823ce78c09d3b44ef1ce38b9ea

SHA256
a7edad43f8bb9550f8d45d3079439c2888bd6b49fc92aadc6d24e5ba1d5cd6c8

SHA512
93dcb3caff8e21aed731c28933f46ef717be6c88151fdf7b3e6f884ddb8f799f686c8a9f72c8ae7272186070e0f168f67659f2e921d8ae34f1c7197df4d5db20

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\ffmpeg.dll
Filesize
2.0MB

MD5
757f0b76df3bb477e27aedf5a40d9441

SHA1
4c73d78cfd3c46823ce78c09d3b44ef1ce38b9ea

SHA256
a7edad43f8bb9550f8d45d3079439c2888bd6b49fc92aadc6d24e5ba1d5cd6c8

SHA512
93dcb3caff8e21aed731c28933f46ef717be6c88151fdf7b3e6f884ddb8f799f686c8a9f72c8ae7272186070e0f168f67659f2e921d8ae34f1c7197df4d5db20

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\icudtl.dat
Filesize
9.9MB

MD5
4c8a9e9c260dc5a6fee2a3c37520f5bf

SHA1
5a9883dbeb5314a98e7ab5326f9868e78ba387dc

SHA256
8c2df1f6e2ea8df2e5fc5e4b016b0cddd64a7ce6985189ca45be3c0ec99472c2

SHA512
c0da0b08a0b0eaa898f96c6e6c6fb65bc7f773f5814fc0d612a40e2fcaea4049c67cd2812716a564dbc16d609677ee62eaa9f9747d2a7bc5c9bce43cd2208aa7

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\locales\en-US.pak
Filesize
69KB

MD5
15e8556f737d17bd4d645513ee190990

SHA1
a24844d68fe3e9f4c57d14e6091a06f5e6b5f327

SHA256
12e4fd083a49e038578ea2993e6c88239083c8d098231527eee861299a4e1c99

SHA512
4e5c423b2b14def0e6ebb9c7844bdc050198064c9db69d3a880c1444314211995b1f0dec6fcbb12c6d5e59f690c3ffc893c2265bf7168d1ecbc8d83dfa5e1465

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\natives_blob.bin
Filesize
81KB

MD5
f8ac49858ca8739658ff44c296f8aba6

SHA1
427b4da3bd619d85381c36d61daf2ce392e07909

SHA256
354ff502a0e1ed73df4e5c7b52970356b04777461f6e169f72a8567ab5f4c317

SHA512
52e875aedbdc5dad21e01a42e333ff5aefed9ae6468a00e80f2bb373b871196f9a82bc3f43a6c72c9dd6be0e4fbc591d3ede41ca47b23a806b788db5aa9bf313

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources.pak
Filesize
8.1MB

MD5
978e8122033961585e14c65949d15e11

SHA1
3097d04bbcdfc6ff9e0bb52c2d38f6395e4bb631

SHA256
a435fa0e07a9124b0d457811de5e2245aeb225ad55ab99186cb665c6ec6e30ef

SHA512
5f6706116b7eaec70213f7343cac44eea2dc735de6262524b5508a659b150d8a5ad7f449fec984b45a2e5c170e1cb4feb927a19530c94841f3e6429a2fcaa1c0

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar
Filesize
26.9MB

MD5
69d777181bf8b47b45f15733dcf05a68

SHA1
29222b9860990ec71004da31cda95a4202dabece

SHA256
e154bd4b4d08ad0a9a352c0623824c6be328483586a21fe2cfa65203275daa47

SHA512
ba53d59013855c5d1a4d08cef1082b90adcbb5b558a3f50a625ee8c8e7b1031baed5cce5f419b00895fd6cd021a3a246b9a032e07f64009e8dc51b4e3c8b4b46

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\iohook.node
Filesize
38KB

MD5
0ce491c1884b0cca8d40fe2e71a83eb1

SHA1
475e749aa2987f28d160945fd929b326ed1e0993

SHA256
6776940aa9653ed8bd693561dca745f200d946b5e1eeeadfa7174228f3d30dd5

SHA512
e22a489de51baace728baf35a1b10c0f29274a47bb37e089c559d75fbc9e16c710720acbff576af134acc0c722b565a6944c8afdd2a5f88b3909a0610f3e31ee

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\iohook.node
Filesize
38KB

MD5
0ce491c1884b0cca8d40fe2e71a83eb1

SHA1
475e749aa2987f28d160945fd929b326ed1e0993

SHA256
6776940aa9653ed8bd693561dca745f200d946b5e1eeeadfa7174228f3d30dd5

SHA512
e22a489de51baace728baf35a1b10c0f29274a47bb37e089c559d75fbc9e16c710720acbff576af134acc0c722b565a6944c8afdd2a5f88b3909a0610f3e31ee

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\uiohook.dll
Filesize
29KB

MD5
03c8f03de92c2881525c8ae112496c8a

SHA1
44e39d48f41ec2a6100e7e984cb5652ac1d9e3b4

SHA256
f496f9a661a8e309f99aa5b428e2557425d8c3f1d4a37fb16b26438ef1c8da66

SHA512
264a3fd839e168f84fe00d4dfd84454322a27e6586de74846e74b30ad46d55f6d430daced2a522ba6fd7f6ad1c5913e604b8eacb59f766e9d33a5322ba5b9773

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\uiohook.dll
Filesize
29KB

MD5
03c8f03de92c2881525c8ae112496c8a

SHA1
44e39d48f41ec2a6100e7e984cb5652ac1d9e3b4

SHA256
f496f9a661a8e309f99aa5b428e2557425d8c3f1d4a37fb16b26438ef1c8da66

SHA512
264a3fd839e168f84fe00d4dfd84454322a27e6586de74846e74b30ad46d55f6d430daced2a522ba6fd7f6ad1c5913e604b8eacb59f766e9d33a5322ba5b9773

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar.unpacked\node_modules\iohook\index.js
Filesize
10KB

MD5
89384c3324c85788affd0642719576e0

SHA1
9636b3a71caaedd387e0655c2df0be8f0db4ecc9

SHA256
0dffeffba538fc5ab561afaab47b858c2031f750e65e6ad40e0cc39853884afe

SHA512
f5a7cc0834b41d1c7d0ae03b0d5c6305b5589016d7dd1bae51606c871e6ab2ae4a06a32ad3d39850ab241cabfbd667564cbd686cdc435c63dfc6cca72750faca

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar.unpacked\node_modules\iohook\package.json
Filesize
1KB

MD5
bee089d992bdd9edb325b5bef939130b

SHA1
b8cf85b76963105207184e443d5ecd055c94fac9

SHA256
3482535e9b9b6d441e9184b8f2d2ad828aa86f2d2705366b5bfe16a03a6edb4c

SHA512
103c03362151fba6f7a08a1cdd2302cd86e8a01e85739ce971c6d373b96e041a48e60ed4fb1edca1aa688b0c6483ad9b7acaa19d76124f1c991f8a91fbe16501

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\electron.asar
Filesize
347KB

MD5
1362f92031875676f4b082ff249abe1f

SHA1
bc9a9b6b08e28d8a33c5d388662b0fb3535af8ef

SHA256
5acf0deb20455487cb0f39cc4c752e7740137ab6adf8c049e62f092174310ca9

SHA512
2fc75d23c61b18b0537c0b5d889766fc51ad37b3a283f64c5edfc0c6abeff21123c055410c15f5d9c5945cba204937983409c865816669442ad8b165ab185d90

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\swiftshader\libEGL.dll
Filesize
333KB

MD5
9232de137c209d803ab5aee9f9b54d97

SHA1
614bfbf9583d61801785f64886a88aac2d3b5dd2

SHA256
4d752716e4837aa50f538f2d05bd79edcf829340adadfe1bda7337c0e7dec504

SHA512
58b73c6a93f1d2389ba53c33ca7dc801ef74f27a38bcb65d95de31c6125b70a879e02e3553998ffc9f0152fa4b67b24e34bfbb8864b33c4d41bb5e9218a902b7

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\swiftshader\libGLESv2.dll
Filesize
3.7MB

MD5
71f7d33b4c9d5e4260d041f0e0fd724e

SHA1
e671ed5ad823f798e792094e7ffa413549c52208

SHA256
8897c0001374eeec95a38f3e8915c652852f7d5f33151b6bda2a9584c9c2158c

SHA512
4c5d3d251d6956d8813c870f8900242318037de09335cdd2382a1c3fd9b2909da8f113394d8fdc71166c0673366c8c8dae4c5d0efb1eeaf26b0fb07bb98256b5

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\swiftshader\libegl.dll
Filesize
333KB

MD5
9232de137c209d803ab5aee9f9b54d97

SHA1
614bfbf9583d61801785f64886a88aac2d3b5dd2

SHA256
4d752716e4837aa50f538f2d05bd79edcf829340adadfe1bda7337c0e7dec504

SHA512
58b73c6a93f1d2389ba53c33ca7dc801ef74f27a38bcb65d95de31c6125b70a879e02e3553998ffc9f0152fa4b67b24e34bfbb8864b33c4d41bb5e9218a902b7

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\swiftshader\libglesv2.dll
Filesize
3.7MB

MD5
71f7d33b4c9d5e4260d041f0e0fd724e

SHA1
e671ed5ad823f798e792094e7ffa413549c52208

SHA256
8897c0001374eeec95a38f3e8915c652852f7d5f33151b6bda2a9584c9c2158c

SHA512
4c5d3d251d6956d8813c870f8900242318037de09335cdd2382a1c3fd9b2909da8f113394d8fdc71166c0673366c8c8dae4c5d0efb1eeaf26b0fb07bb98256b5

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\v8_context_snapshot.bin
Filesize
685KB

MD5
25bee133a55efa9756b25ba25ba3cfa7

SHA1
6980de30de3d8e6ae81b4b3a14954ca67f58f9de

SHA256
156f90f0a8c6748716428786dca9cb53d1275f4510ebae2be5502f3fd94b7dc1

SHA512
c80232eda1bc9a7dc52fac538b99cc9a9805c00b455661bd493c12e620286e1983afe37814b0941d90c9e4be970b63108e1f9428c1a7d6fc5ab083acc0ee2aa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9F72.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9F72.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9F72.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9F72.tmp\System.dll
Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9F72.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9F72.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9F72.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9F72.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9F72.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9F72.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9F72.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9F72.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Mechvibes\Network Persistent State~RFe583880.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Mechvibes\ff89e720-c87b-46b1-9293-f613ad5eef76.tmp
Filesize
160B

MD5
918d8a47c337b71516ff56de3b0ec306

SHA1
a5fa7a891440e6c5115f447f1809f8c1703dad13

SHA256
0e96ee778046578f90bdd722f36eb4c578a50e916d5f2fc63149aec743914fe6

SHA512
a3433d0be715c206e8328591720cf2f168bb12012c4d014eaeb13d22da9d38f3119cb2adb5db0839bef18f011bbe8af35f87770a16458d156ce2c4908701da19

Download Submit
memory/3592-454-0x000002527C470000-0x000002527C611000-memory.dmp

Filesize
1.6MB

Download
memory/3592-455-0x000002527EDD0000-0x000002527F1CD000-memory.dmp

Filesize
4.0MB

Download
memory/3592-422-0x00007FF90D990000-0x00007FF90D991000-memory.dmp

Filesize
4KB

Download