b09e39c2fb59c0fb084895abf11a35a87ced378ae1001fdd6c626110357d9b93

Analysis

max time kernel
151s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2023 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xlabs.exe
Size

1.7MB
MD5

57c1057a55fbfb033050a362392021ff
SHA1

37dd6b2652de1f00b24ccc8677e6b114f147d0ec
SHA256

b09e39c2fb59c0fb084895abf11a35a87ced378ae1001fdd6c626110357d9b93
SHA512

6b02d83d5d40382fa6839fb0d396188e151fad1cb38ab6a3eab6e148e238fd84fb17c6474402b0aba2b77a19cce39ad9fb79af58af16231368cbe7d0aa59274d
SSDEEP

24576:vedP2ynGlLyPoRlgFwRx5sDjyN/FLakDGCo7w/Dh0lhSMXlEw4fo7oUzL4q:vqP2rka58jyNtLDDaj+PELn

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

xlabs.exexlabs.exexlabs.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	xlabs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	xlabs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	xlabs.exe

Loads dropped DLL 17 IoCs

Processes:

xlabs.exexlabs.exexlabs.exexlabs.exexlabs.exexlabs.exe

pid	process
4104	xlabs.exe
4104	xlabs.exe
4104	xlabs.exe
4104	xlabs.exe
4104	xlabs.exe
4104	xlabs.exe
4104	xlabs.exe
4692	xlabs.exe
4692	xlabs.exe
4592	xlabs.exe
4592	xlabs.exe
2624	xlabs.exe
2624	xlabs.exe
4168	xlabs.exe
4168	xlabs.exe
3676	xlabs.exe
3676	xlabs.exe

Drops file in Program Files directory 6 IoCs

Processes:

xlabs.exe

description	ioc	process
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping4104_1387966539\_platform_specific\win_x64\widevinecdm.dll.sig	xlabs.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping4104_1387966539\_platform_specific\win_x64\widevinecdm.dll	xlabs.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping4104_1387966539\LICENSE	xlabs.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping4104_1387966539\manifest.json	xlabs.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping4104_1387966539\_metadata\verified_contents.json	xlabs.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping4104_1387966539\manifest.fingerprint	xlabs.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

xlabs.exexlabs.exexlabs.exexlabs.exexlabs.exe

pid	process
4692	xlabs.exe
4692	xlabs.exe
4592	xlabs.exe
4592	xlabs.exe
4692	xlabs.exe
4692	xlabs.exe
4592	xlabs.exe
4592	xlabs.exe
2624	xlabs.exe
2624	xlabs.exe
2624	xlabs.exe
2624	xlabs.exe
4168	xlabs.exe
4168	xlabs.exe
4168	xlabs.exe
4168	xlabs.exe
3676	xlabs.exe
3676	xlabs.exe
3676	xlabs.exe
3676	xlabs.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

xlabs.exe

description	pid	process
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe
Token: SeShutdownPrivilege	4104	xlabs.exe
Token: SeCreatePagefilePrivilege	4104	xlabs.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

xlabs.exe

pid process

4104 xlabs.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

xlabs.exe

description	pid	process	target process
PID 4104 wrote to memory of 4692	4104	xlabs.exe	xlabs.exe
PID 4104 wrote to memory of 4692	4104	xlabs.exe	xlabs.exe
PID 4104 wrote to memory of 4592	4104	xlabs.exe	xlabs.exe
PID 4104 wrote to memory of 4592	4104	xlabs.exe	xlabs.exe
PID 4104 wrote to memory of 4168	4104	xlabs.exe	xlabs.exe
PID 4104 wrote to memory of 4168	4104	xlabs.exe	xlabs.exe
PID 4104 wrote to memory of 2624	4104	xlabs.exe	xlabs.exe
PID 4104 wrote to memory of 2624	4104	xlabs.exe	xlabs.exe
PID 4104 wrote to memory of 3676	4104	xlabs.exe	xlabs.exe
PID 4104 wrote to memory of 3676	4104	xlabs.exe	xlabs.exe

C:\Users\Admin\AppData\Local\Temp\xlabs.exe
"C:\Users\Admin\AppData\Local\Temp\xlabs.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4104

C:\Users\Admin\AppData\Local\Temp\xlabs.exe
"C:\Users\Admin\AppData\Local\Temp\xlabs.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --enable-experimental-web-platform-features --locales-dir-path="C:\Users\Admin\AppData\Local\xlabs\data\cef\release\locales" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\xlabs\data\cef\release" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\xlabs\user\cef-data\user" --xlabs-subprocess --log-file="C:\Users\Admin\AppData\Local\xlabs\user\cef-data\debug.log" --mojo-platform-channel-handle=2404 --field-trial-handle=2408,i,14739958880996489425,8632192185622927775,262144 --enable-features=BlockInsecurePrivateNetworkRequests,BlockInsecurePrivateNetworkRequestsForNavigations,BlockInsecurePrivateNetworkRequestsFromPrivate,BlockInsecurePrivateNetworkRequestsFromUnknown,ClientHintThirdPartyDelegation,ClientHintsMetaEquivDelegateCH,ClientHintsMetaHTTPEquivAcceptCH,ClipboardCustomFormats,CookieSameSiteConsidersRedirectChain,CreateImageBitmapOrientationNone,CriticalClientHint,DocumentPictureInPictureAPI,DocumentPolicyNegotiation,DocumentReporting,EditContext,EnableCanvas2DLayers,ExperimentalContentSecurityPolicyFeatures,OriginIsolationHeader,PendingBeaconAPI,PrivateNetworkAccessRespectPreflightResults,SchemefulSameSite,StorageAccessAPI,StorageAccessAPIForOriginExtension,ThirdPartyStoragePartitioning,UserAgentClientHint --disable-features=BackForwardCache,CalculateNativeWinOcclusion /prefetch:8
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4692

C:\Users\Admin\AppData\Local\Temp\xlabs.exe
"C:\Users\Admin\AppData\Local\Temp\xlabs.exe" --type=renderer --locales-dir-path="C:\Users\Admin\AppData\Local\xlabs\data\cef\release\locales" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\xlabs\data\cef\release" --user-data-dir="C:\Users\Admin\AppData\Local\xlabs\user\cef-data\user" --xlabs-subprocess --no-sandbox --enable-experimental-web-platform-features --log-file="C:\Users\Admin\AppData\Local\xlabs\user\cef-data\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2828 --field-trial-handle=2408,i,14739958880996489425,8632192185622927775,262144 --enable-features=BlockInsecurePrivateNetworkRequests,BlockInsecurePrivateNetworkRequestsForNavigations,BlockInsecurePrivateNetworkRequestsFromPrivate,BlockInsecurePrivateNetworkRequestsFromUnknown,ClientHintThirdPartyDelegation,ClientHintsMetaEquivDelegateCH,ClientHintsMetaHTTPEquivAcceptCH,ClipboardCustomFormats,CookieSameSiteConsidersRedirectChain,CreateImageBitmapOrientationNone,CriticalClientHint,DocumentPictureInPictureAPI,DocumentPolicyNegotiation,DocumentReporting,EditContext,EnableCanvas2DLayers,ExperimentalContentSecurityPolicyFeatures,OriginIsolationHeader,PendingBeaconAPI,PrivateNetworkAccessRespectPreflightResults,SchemefulSameSite,StorageAccessAPI,StorageAccessAPIForOriginExtension,ThirdPartyStoragePartitioning,UserAgentClientHint --disable-features=BackForwardCache,CalculateNativeWinOcclusion /prefetch:1
2⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2624

C:\Users\Admin\AppData\Local\Temp\xlabs.exe
"C:\Users\Admin\AppData\Local\Temp\xlabs.exe" --type=renderer --locales-dir-path="C:\Users\Admin\AppData\Local\xlabs\data\cef\release\locales" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\xlabs\data\cef\release" --user-data-dir="C:\Users\Admin\AppData\Local\xlabs\user\cef-data\user" --xlabs-subprocess --first-renderer-process --no-sandbox --enable-experimental-web-platform-features --log-file="C:\Users\Admin\AppData\Local\xlabs\user\cef-data\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2820 --field-trial-handle=2408,i,14739958880996489425,8632192185622927775,262144 --enable-features=BlockInsecurePrivateNetworkRequests,BlockInsecurePrivateNetworkRequestsForNavigations,BlockInsecurePrivateNetworkRequestsFromPrivate,BlockInsecurePrivateNetworkRequestsFromUnknown,ClientHintThirdPartyDelegation,ClientHintsMetaEquivDelegateCH,ClientHintsMetaHTTPEquivAcceptCH,ClipboardCustomFormats,CookieSameSiteConsidersRedirectChain,CreateImageBitmapOrientationNone,CriticalClientHint,DocumentPictureInPictureAPI,DocumentPolicyNegotiation,DocumentReporting,EditContext,EnableCanvas2DLayers,ExperimentalContentSecurityPolicyFeatures,OriginIsolationHeader,PendingBeaconAPI,PrivateNetworkAccessRespectPreflightResults,SchemefulSameSite,StorageAccessAPI,StorageAccessAPIForOriginExtension,ThirdPartyStoragePartitioning,UserAgentClientHint --disable-features=BackForwardCache,CalculateNativeWinOcclusion /prefetch:1
2⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4168

C:\Users\Admin\AppData\Local\Temp\xlabs.exe
"C:\Users\Admin\AppData\Local\Temp\xlabs.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --enable-experimental-web-platform-features --locales-dir-path="C:\Users\Admin\AppData\Local\xlabs\data\cef\release\locales" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\xlabs\data\cef\release" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\xlabs\user\cef-data\user" --xlabs-subprocess --log-file="C:\Users\Admin\AppData\Local\xlabs\user\cef-data\debug.log" --mojo-platform-channel-handle=2720 --field-trial-handle=2408,i,14739958880996489425,8632192185622927775,262144 --enable-features=BlockInsecurePrivateNetworkRequests,BlockInsecurePrivateNetworkRequestsForNavigations,BlockInsecurePrivateNetworkRequestsFromPrivate,BlockInsecurePrivateNetworkRequestsFromUnknown,ClientHintThirdPartyDelegation,ClientHintsMetaEquivDelegateCH,ClientHintsMetaHTTPEquivAcceptCH,ClipboardCustomFormats,CookieSameSiteConsidersRedirectChain,CreateImageBitmapOrientationNone,CriticalClientHint,DocumentPictureInPictureAPI,DocumentPolicyNegotiation,DocumentReporting,EditContext,EnableCanvas2DLayers,ExperimentalContentSecurityPolicyFeatures,OriginIsolationHeader,PendingBeaconAPI,PrivateNetworkAccessRespectPreflightResults,SchemefulSameSite,StorageAccessAPI,StorageAccessAPIForOriginExtension,ThirdPartyStoragePartitioning,UserAgentClientHint --disable-features=BackForwardCache,CalculateNativeWinOcclusion /prefetch:8
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4592

C:\Users\Admin\AppData\Local\Temp\xlabs.exe
"C:\Users\Admin\AppData\Local\Temp\xlabs.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --enable-experimental-web-platform-features --locales-dir-path="C:\Users\Admin\AppData\Local\xlabs\data\cef\release\locales" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\xlabs\data\cef\release" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\xlabs\user\cef-data\user" --xlabs-subprocess --log-file="C:\Users\Admin\AppData\Local\xlabs\user\cef-data\debug.log" --mojo-platform-channel-handle=3304 --field-trial-handle=2408,i,14739958880996489425,8632192185622927775,262144 --enable-features=BlockInsecurePrivateNetworkRequests,BlockInsecurePrivateNetworkRequestsForNavigations,BlockInsecurePrivateNetworkRequestsFromPrivate,BlockInsecurePrivateNetworkRequestsFromUnknown,ClientHintThirdPartyDelegation,ClientHintsMetaEquivDelegateCH,ClientHintsMetaHTTPEquivAcceptCH,ClipboardCustomFormats,CookieSameSiteConsidersRedirectChain,CreateImageBitmapOrientationNone,CriticalClientHint,DocumentPictureInPictureAPI,DocumentPolicyNegotiation,DocumentReporting,EditContext,EnableCanvas2DLayers,ExperimentalContentSecurityPolicyFeatures,OriginIsolationHeader,PendingBeaconAPI,PrivateNetworkAccessRespectPreflightResults,SchemefulSameSite,StorageAccessAPI,StorageAccessAPIForOriginExtension,ThirdPartyStoragePartitioning,UserAgentClientHint --disable-features=BackForwardCache,CalculateNativeWinOcclusion /prefetch:8
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3676

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping4104_1387966539\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping4104_1387966539\manifest.json

Filesize
1001B

MD5
301bb14976896b67e278262dd641f9f0

SHA1
ba08828fd1e47750bf4c61b952cf8007a9353a1f

SHA256
ac80f835ec3537918824fe0f464e56d3752de00f6da816fabb401b4fcccef89b

SHA512
7b312b263fc8db6888e9fe530025ae5ec09e3e97c524f2821aa6fab4b1997655d993eaaeeee39b942a43824aa117937fca62cafbfc0158994b31a00dd7d3adf7

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\chrome_100_percent.pak

Filesize
607KB

MD5
eae66715d9a0d3a3574223e130dd3c83

SHA1
8c6d664f736414c9fa75a5eaff2b452a94875a4c

SHA256
80139849d4cf4a9dc8ad429be071229bd7538c41f5af5aed498fd981873bd4cf

SHA512
f7e9a41030452879612a2916c06d514290757d2ba44149973deb45021622520bbe05a338d7d1554e095a48812ded0ee47f40c73ae7b1b988edadda7ef717f3fc

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\chrome_200_percent.pak

Filesize
915KB

MD5
7f25dc4230fbfb1b2ee7a2133f929fe4

SHA1
54b9c0240f18f7f1507ade53cf332b63926a9077

SHA256
f2a2c9dd0ec8baf6820b445a1485787c6651d3f0c8d0ec8f58a808b836fa04d0

SHA512
c8a4cb67ebccf4e5e721e9542a5b4f94db1bd30ddd090f784db5d02b84a22c07aec013c51a5a8e045ca1cb8065d0917313eb39dac39032216091e675f65eb39e

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\chrome_elf.dll

Filesize
1.4MB

MD5
64fe193a87f6038c2680cfd3daff3baf

SHA1
21a16e168c490b557f51409673a0865024586ddd

SHA256
08ab23efb637be966b98a446e7bade2c321c40d276d1bc9b7bf2c2e372773fc1

SHA512
6ce3f469303351ac03374db1dfaf854b6dba24684303bffb913b4611e47e74e9884e43cbf17913b881e272a0d1a2c20f3e6658a37526ae05a461ffa713315e38

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\chrome_elf.dll

Filesize
1.4MB

MD5
64fe193a87f6038c2680cfd3daff3baf

SHA1
21a16e168c490b557f51409673a0865024586ddd

SHA256
08ab23efb637be966b98a446e7bade2c321c40d276d1bc9b7bf2c2e372773fc1

SHA512
6ce3f469303351ac03374db1dfaf854b6dba24684303bffb913b4611e47e74e9884e43cbf17913b881e272a0d1a2c20f3e6658a37526ae05a461ffa713315e38

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\chrome_elf.dll

Filesize
1.4MB

MD5
64fe193a87f6038c2680cfd3daff3baf

SHA1
21a16e168c490b557f51409673a0865024586ddd

SHA256
08ab23efb637be966b98a446e7bade2c321c40d276d1bc9b7bf2c2e372773fc1

SHA512
6ce3f469303351ac03374db1dfaf854b6dba24684303bffb913b4611e47e74e9884e43cbf17913b881e272a0d1a2c20f3e6658a37526ae05a461ffa713315e38

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\chrome_elf.dll

Filesize
1.4MB

MD5
64fe193a87f6038c2680cfd3daff3baf

SHA1
21a16e168c490b557f51409673a0865024586ddd

SHA256
08ab23efb637be966b98a446e7bade2c321c40d276d1bc9b7bf2c2e372773fc1

SHA512
6ce3f469303351ac03374db1dfaf854b6dba24684303bffb913b4611e47e74e9884e43cbf17913b881e272a0d1a2c20f3e6658a37526ae05a461ffa713315e38

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\chrome_elf.dll

Filesize
1.4MB

MD5
64fe193a87f6038c2680cfd3daff3baf

SHA1
21a16e168c490b557f51409673a0865024586ddd

SHA256
08ab23efb637be966b98a446e7bade2c321c40d276d1bc9b7bf2c2e372773fc1

SHA512
6ce3f469303351ac03374db1dfaf854b6dba24684303bffb913b4611e47e74e9884e43cbf17913b881e272a0d1a2c20f3e6658a37526ae05a461ffa713315e38

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\chrome_elf.dll

Filesize
1.4MB

MD5
64fe193a87f6038c2680cfd3daff3baf

SHA1
21a16e168c490b557f51409673a0865024586ddd

SHA256
08ab23efb637be966b98a446e7bade2c321c40d276d1bc9b7bf2c2e372773fc1

SHA512
6ce3f469303351ac03374db1dfaf854b6dba24684303bffb913b4611e47e74e9884e43cbf17913b881e272a0d1a2c20f3e6658a37526ae05a461ffa713315e38

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\chrome_elf.dll

Filesize
1.4MB

MD5
64fe193a87f6038c2680cfd3daff3baf

SHA1
21a16e168c490b557f51409673a0865024586ddd

SHA256
08ab23efb637be966b98a446e7bade2c321c40d276d1bc9b7bf2c2e372773fc1

SHA512
6ce3f469303351ac03374db1dfaf854b6dba24684303bffb913b4611e47e74e9884e43cbf17913b881e272a0d1a2c20f3e6658a37526ae05a461ffa713315e38

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\d3dcompiler_47.dll

Filesize
4.7MB

MD5
abe034c17e745bb9067ba38c18568880

SHA1
7fea3a5664ddb084d42eaaa85fbee2dda18c5c80

SHA256
e4bc3420a28069bd13dc3be725d46676a7c0e99de221026e8c43cd6f7ed45c0b

SHA512
ac08eeeee059c25af5397e2b417a2d92dbd07f0bf86187eff4ee233befe5c8e6386963401e06c981de734eb4e848714892bea0222f3bd0dec4453f79216697c6

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\icudtl.dat

Filesize
10.1MB

MD5
2134e5dbc46fb1c46eac0fe1af710ec3

SHA1
dbecf2d193ae575aba4217194d4136bd9291d4db

SHA256
ee3c8883effd90edfb0ff5b758c560cbca25d1598fcb55b80ef67e990dd19d41

SHA512
b9b50614d9baebf6378e5164d70be7fe7ef3051cfff38733fe3c7448c5de292754bbbb8da833e26115a185945be419be8dd1030fc230ed69f388479853bc0fcb

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\libEGL.dll

Filesize
464KB

MD5
f5dd1930751a60a81daf7fef2c5b64f9

SHA1
566d84445d3bf86b7998cdda4940d150a1e23b7b

SHA256
f7d7ac7f1728e2b9005c018dd3b02e7abbb6e72cc5e6487170f4789370d0d73d

SHA512
139d3633c8592fce287cd7b4b92b31ef9397832c7783d713e6981231e7ed244598ada8369726ec08c5d8d9a9e21150d2e2af8fd8511897812dc99c7c13860f33

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\libGLESv2.dll

Filesize
7.0MB

MD5
a77815f73ecfcbe65b2a7bf4989efd2c

SHA1
4fea955dcbdf265c855b406e9e88ad24845aecfe

SHA256
25c093a77b4a1ea7ed6281b0fea3ff78b65b92943dd428b7b03ca30ba3d18b9f

SHA512
469e7e60bc30d1f05a2b9e66a13b909b7b9484069199b94e223b6629779e702916688e72f959413b512094349aff7182e73960e1e29e066277d583743dbb4e9c

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\libcef.dll

Filesize
188.3MB

MD5
aa94e09482a928c2e8ff2c8a37e55a35

SHA1
04ae40d0272edfff702f530ae4c3a03b1a0d8bbd

SHA256
8bde8c3fcb0dcd9c02804a358348be5998b27fd6befc5e20fe27f7d227a257fe

SHA512
cc351affb70e4b7ef810c9c5604ff0e576c166e7e6a44f7795823ce071bdd8dcb7c56a78406a8c812ab4921c920ec3f2830d748a53eab02b824385bd85ca3a1f

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\libcef.dll

Filesize
188.3MB

MD5
aa94e09482a928c2e8ff2c8a37e55a35

SHA1
04ae40d0272edfff702f530ae4c3a03b1a0d8bbd

SHA256
8bde8c3fcb0dcd9c02804a358348be5998b27fd6befc5e20fe27f7d227a257fe

SHA512
cc351affb70e4b7ef810c9c5604ff0e576c166e7e6a44f7795823ce071bdd8dcb7c56a78406a8c812ab4921c920ec3f2830d748a53eab02b824385bd85ca3a1f

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\libcef.dll

Filesize
188.3MB

MD5
aa94e09482a928c2e8ff2c8a37e55a35

SHA1
04ae40d0272edfff702f530ae4c3a03b1a0d8bbd

SHA256
8bde8c3fcb0dcd9c02804a358348be5998b27fd6befc5e20fe27f7d227a257fe

SHA512
cc351affb70e4b7ef810c9c5604ff0e576c166e7e6a44f7795823ce071bdd8dcb7c56a78406a8c812ab4921c920ec3f2830d748a53eab02b824385bd85ca3a1f

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\libcef.dll

Filesize
188.3MB

MD5
aa94e09482a928c2e8ff2c8a37e55a35

SHA1
04ae40d0272edfff702f530ae4c3a03b1a0d8bbd

SHA256
8bde8c3fcb0dcd9c02804a358348be5998b27fd6befc5e20fe27f7d227a257fe

SHA512
cc351affb70e4b7ef810c9c5604ff0e576c166e7e6a44f7795823ce071bdd8dcb7c56a78406a8c812ab4921c920ec3f2830d748a53eab02b824385bd85ca3a1f

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\libcef.dll

Filesize
188.3MB

MD5
aa94e09482a928c2e8ff2c8a37e55a35

SHA1
04ae40d0272edfff702f530ae4c3a03b1a0d8bbd

SHA256
8bde8c3fcb0dcd9c02804a358348be5998b27fd6befc5e20fe27f7d227a257fe

SHA512
cc351affb70e4b7ef810c9c5604ff0e576c166e7e6a44f7795823ce071bdd8dcb7c56a78406a8c812ab4921c920ec3f2830d748a53eab02b824385bd85ca3a1f

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\libcef.dll

Filesize
188.3MB

MD5
aa94e09482a928c2e8ff2c8a37e55a35

SHA1
04ae40d0272edfff702f530ae4c3a03b1a0d8bbd

SHA256
8bde8c3fcb0dcd9c02804a358348be5998b27fd6befc5e20fe27f7d227a257fe

SHA512
cc351affb70e4b7ef810c9c5604ff0e576c166e7e6a44f7795823ce071bdd8dcb7c56a78406a8c812ab4921c920ec3f2830d748a53eab02b824385bd85ca3a1f

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\libcef.dll

Filesize
188.3MB

MD5
aa94e09482a928c2e8ff2c8a37e55a35

SHA1
04ae40d0272edfff702f530ae4c3a03b1a0d8bbd

SHA256
8bde8c3fcb0dcd9c02804a358348be5998b27fd6befc5e20fe27f7d227a257fe

SHA512
cc351affb70e4b7ef810c9c5604ff0e576c166e7e6a44f7795823ce071bdd8dcb7c56a78406a8c812ab4921c920ec3f2830d748a53eab02b824385bd85ca3a1f

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\libcef.dll

Filesize
188.3MB

MD5
aa94e09482a928c2e8ff2c8a37e55a35

SHA1
04ae40d0272edfff702f530ae4c3a03b1a0d8bbd

SHA256
8bde8c3fcb0dcd9c02804a358348be5998b27fd6befc5e20fe27f7d227a257fe

SHA512
cc351affb70e4b7ef810c9c5604ff0e576c166e7e6a44f7795823ce071bdd8dcb7c56a78406a8c812ab4921c920ec3f2830d748a53eab02b824385bd85ca3a1f

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\locales\en-US.pak

Filesize
384KB

MD5
6252747a75950f7b35dfab8a68b5a2e2

SHA1
9e326b2e19369da8dd964179b5cb6e281200c459

SHA256
18b68d00be426a4f7acd4efc1e45ae296720ade13ca66d3cf768e48d814b6a25

SHA512
d5ce8114e5d25ae0dd6fcaafc760e5e07f16679b9d34783bbeb7cc43f7e1b91c61d9322991893f39de799c332d497c0d787ee64c064cab4b4eab907e9953d140

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\resources.pak

Filesize
7.4MB

MD5
ae257b89b5c4d150463136bfd453d8f1

SHA1
122cd56eef4b50f50a4be1520b765e6142a2cbc1

SHA256
6f9dafb5d3f16b89d13c01bcd52695d0671a66f6719a6bc54a878106903516c0

SHA512
11ad48df3d41a5d2f156108503538494db7a4c86058ae6b9c9cc54ad7eaf565bf371e812f76a0857ce2f0985c13738927f1e75a91fedc0304726d36d568c6bb4

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\v8_context_snapshot.bin

Filesize
661KB

MD5
e5805239e163f6b63de51fd8bc815c03

SHA1
138c7de6ea565012e2911e284bdcb89a396bbe42

SHA256
eb3bb6497db6ed980a1702ef2db9df891ea6327a6498e670d038b41f69c3ff10

SHA512
0a15a807405a89db2a7370f65bd351bea981266dd668b5ce85708aa342b09557b932371cfa34baea893b1e1116a0c7a098ef313c0bb94d8a77a00416cd30ebb7

Download Submit
C:\Users\Admin\AppData\Local\xlabs\data\cef\release\vulkan-1.dll

Filesize
902KB

MD5
0e12ae397d99a654d2d4563e125f4410

SHA1
d31bf003a20c9acb6776ffef91bac6ff28e253a3

SHA256
ae91c4e7548eaf48b1a65c43f518e2c1989b4740efe82726b56b6be31cbfd1c3

SHA512
7f9e3eff523c1975f0ad642be65e49a561052c0a1c7cacb0fb8dd0875207f8339b093e5437437aaae68fccc3bf19dc9474d9187715e77b3b797ed4fac4207f4a

Download Submit
C:\Users\Admin\AppData\Local\xlabs\user\cef-data\cache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
ca23ed13304fcb632120021742ba8018

SHA1
33a81eb340d3f31d9f025a079c26520443ccd808

SHA256
97490345e94c5c524a8082c225e7e3b3ed11dfc7d232b40c80358051c7966ce7

SHA512
104e5ff3de4db08b885fcdb539f07a4b1eedd775fd969164c916810bb97499fdcf476a9296d83374c457b75f32a6426662ce74408727635ea5c37f57df2cf4d8

Download Submit
C:\Users\Admin\AppData\Local\xlabs\user\cef-data\cache\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
e1f1b3a7ee70156d91e9d4e682c68283

SHA1
5d0015d340b7b706113c513bf99fcd05c26a29f5

SHA256
9ff2e942c51ca719219ec4e06bbf773c1aa17a1399e21ea8a852d7620c2ba35d

SHA512
ea5c3dcb28bc878d3b12994c22c08e784e3d32162673727acd15342d0c4b04a532416502c94d3c0fb6f0d9833d3fad269c9957ea17ec0f712addc69fcc286eb0

Download Submit
C:\Users\Admin\AppData\Local\xlabs\user\cef-data\cache\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\xlabs\user\cef-data\cache\LocalPrefs.json

Filesize
798B

MD5
b0af58af7eaf0a8af5aa0a661d22c9f2

SHA1
c6f71e19c08be3ea9279ca5be25a51277a5f9786

SHA256
8fb51e4c4527837b5f61bb1003e07ad6ebb118ac4b654e885ee554ff378feb97

SHA512
957c1edf112a899fe3983a227106f43793d40b36273815690eb9190e637c672ea8f8f51e1dc8bd27f1b67e18af14b89980d2948052b09ed37b3cef0e24aec0bc

Download Submit
C:\Users\Admin\AppData\Local\xlabs\user\cef-data\cache\LocalPrefs.json

Filesize
705B

MD5
5271afd9b648f21e6a1d2b5fb3b29054

SHA1
267edb8b37bc0abdff3a10b28da63f70ea63fe88

SHA256
ac5f9e990f7482eeaebf6a5ee66eedac8fe638f697963a9fb87b04f2cdbd42dc

SHA512
d698d4c30d7359afb83ddae03a07e2cbf7d779fca7e983648fe2aee55a1dc0e2bdced7bda7f5d143d00f51193974257f25cf47b1c331a4302dce2d39678fae3e

Download Submit
C:\Users\Admin\AppData\Local\xlabs\user\cef-data\cache\LocalPrefs.json~RFe583870.TMP

Filesize
508B

MD5
a9d252ce59d81d1ca1569bf95946b4e1

SHA1
09a374402b733b6aadef4a950d5e1df64fe8293b

SHA256
8d8f495283afecb688aa233fb0c339460e8f9675b45cfa5af524615c66cf5644

SHA512
c6c8971dc2b0da7bda4bb52089c390339bee7acdebe0f7d6d1edd5e6d0cb4732dd3f3524e62eb1ff61f8ffd6f1d5b9b7d6dbdc798216bdac4538de6631a1b9ec

Download Submit
C:\Users\Admin\AppData\Local\xlabs\user\cef-data\cache\Network\Network Persistent State

Filesize
300B

MD5
232dd597d01ba6688fdf17217b555b43

SHA1
385c4c60dc3d1038636d91a8cecec1583218a9cd

SHA256
6e4d978c7c888dad4d96f8c5e0e99a1c13b15a9d68ab9182c679dbbb34f6d9cc

SHA512
a88757ded72ebe9a08a7a4dcc2ceeadd507390c02dadb06979ae7a435ec12d20a12d2d856cce9f6a86ef7532cf8a23576741557d6474ea87791834db7372cbd6

Download Submit
C:\Users\Admin\AppData\Local\xlabs\user\cef-data\cache\Network\Network Persistent State~RFe584d6f.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\xlabs\user\cef-data\cache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
memory/4104-221-0x0000000005DF0000-0x0000000006DF0000-memory.dmp

Filesize
16.0MB

Download