66ee3dce4cc9500a0b395f3ae82cf35ba518f575a816b5aaa662ea5cb6dbfc35

Analysis

max time kernel
138s
max time network
143s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
21/05/2023, 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vintage_story_1_18_2-rc_2.torrent.exe
Size

4.0MB
MD5

8b669f61ba9d53afcbd05bfe5d7c14ab
SHA1

a96b6e9973d091b9bbdca2489b19acf9c5eba6b1
SHA256

66ee3dce4cc9500a0b395f3ae82cf35ba518f575a816b5aaa662ea5cb6dbfc35
SHA512

b224d7b99b0d4a09bfa689bf74cf006628727e7ff8bd4210cd35d19739840c2d5bf1e44606ed6dfbcfe2380264b97c8b2c478c989f6a474b68e4c6eb99977531
SSDEEP

98304:sHhCYZT8iGX7vp4THYPihcnBm5Sj4bHgkbA33vc+9:sBCYZT8PXLMHY6IHjGgkU330+9

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
852	kodi-20.0-Nexus_rc2-x64.exe

Loads dropped DLL 42 IoCs

pid	Process
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe

Checks for any installed AV software in registry 1 TTPs 9 IoCs

Security Software Discovery

T1063

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	vintage_story_1_18_2-rc_2.torrent.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	vintage_story_1_18_2-rc_2.torrent.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	vintage_story_1_18_2-rc_2.torrent.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	vintage_story_1_18_2-rc_2.torrent.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	vintage_story_1_18_2-rc_2.torrent.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	vintage_story_1_18_2-rc_2.torrent.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	vintage_story_1_18_2-rc_2.torrent.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	vintage_story_1_18_2-rc_2.torrent.exe
Key opened	\REGISTRY\MACHINE\Software\Avast Software\Avast	vintage_story_1_18_2-rc_2.torrent.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 12 IoCs

installer

resource	yara_rule
behavioral1/files/0x000900000001414c-431.dat	nsis_installer_1
behavioral1/files/0x000900000001414c-431.dat	nsis_installer_2
behavioral1/files/0x000900000001414c-434.dat	nsis_installer_1
behavioral1/files/0x000900000001414c-434.dat	nsis_installer_2
behavioral1/files/0x000900000001414c-437.dat	nsis_installer_1
behavioral1/files/0x000900000001414c-437.dat	nsis_installer_2
behavioral1/files/0x000900000001414c-436.dat	nsis_installer_1
behavioral1/files/0x000900000001414c-436.dat	nsis_installer_2
behavioral1/files/0x000900000001414c-435.dat	nsis_installer_1
behavioral1/files/0x000900000001414c-435.dat	nsis_installer_2
behavioral1/files/0x000900000001414c-439.dat	nsis_installer_1
behavioral1/files/0x000900000001414c-439.dat	nsis_installer_2

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
1764	tasklist.exe

Modifies system certificate store 2 TTPs 12 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	vintage_story_1_18_2-rc_2.torrent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	vintage_story_1_18_2-rc_2.torrent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	vintage_story_1_18_2-rc_2.torrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	vintage_story_1_18_2-rc_2.torrent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	vintage_story_1_18_2-rc_2.torrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	vintage_story_1_18_2-rc_2.torrent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	vintage_story_1_18_2-rc_2.torrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	vintage_story_1_18_2-rc_2.torrent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	vintage_story_1_18_2-rc_2.torrent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	vintage_story_1_18_2-rc_2.torrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	vintage_story_1_18_2-rc_2.torrent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	vintage_story_1_18_2-rc_2.torrent.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe
1228	vintage_story_1_18_2-rc_2.torrent.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1228	vintage_story_1_18_2-rc_2.torrent.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1228	vintage_story_1_18_2-rc_2.torrent.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 852	1228	vintage_story_1_18_2-rc_2.torrent.exe	28
PID 1228 wrote to memory of 852	1228	vintage_story_1_18_2-rc_2.torrent.exe	28
PID 1228 wrote to memory of 852	1228	vintage_story_1_18_2-rc_2.torrent.exe	28
PID 1228 wrote to memory of 852	1228	vintage_story_1_18_2-rc_2.torrent.exe	28
PID 1228 wrote to memory of 852	1228	vintage_story_1_18_2-rc_2.torrent.exe	28
PID 1228 wrote to memory of 852	1228	vintage_story_1_18_2-rc_2.torrent.exe	28
PID 1228 wrote to memory of 852	1228	vintage_story_1_18_2-rc_2.torrent.exe	28

C:\Users\Admin\AppData\Local\Temp\vintage_story_1_18_2-rc_2.torrent.exe
"C:\Users\Admin\AppData\Local\Temp\vintage_story_1_18_2-rc_2.torrent.exe"
1⤵
- Loads dropped DLL
- Checks for any installed AV software in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Users\Admin\Downloads\kodi-20.0-Nexus_rc2-x64.exe
  "C:\Users\Admin\Downloads\kodi-20.0-Nexus_rc2-x64.exe"
  2⤵
  - Executes dropped EXE
  PID:852
- - C:\Windows\SysWOW64\cmd.exe
    cmd /Q /C "%SYSTEMROOT%\System32\wbem\wmic.exe /?"
    3⤵
    PID:552
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
  2⤵
  PID:1532
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "PID eq 1228" /fo csv
    3⤵
    - Enumerates processes with tasklist
    PID:1764
- - C:\Windows\SysWOW64\find.exe
    find /I "1228"
    3⤵
    PID:1640

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
b5fcc55cffd66f38d548e8b63206c5e6

SHA1
79db08ababfa33a4f644fa8fe337195b5aba44c7

SHA256
7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

SHA512
aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OCommonResources.dll

Filesize
5.7MB

MD5
7057b9c92d465cd8582b3af21d44239c

SHA1
fddb6a013467a9973c7eaeb0ceccc94209d5cfdf

SHA256
3a59cf866661a07ea7c2cb88c957a966fc5a24e1f0fb2b764195b79702c18239

SHA512
da80adce2bd141a73caae5bbce7a38751a34534af1fa6e8bf0d6c4456c97f8c0dcf73d231a07e9eff860471785850be4a8f2f243eb04982bd3fe83fa0fc8a7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2ODAL.dll

Filesize
17KB

MD5
d7134e64bdce2ea5fa7504781a57adaa

SHA1
5a72a075736b8ce2c3375a745c8e7cdc4320ed15

SHA256
f28041ab9edb612da9e7c42bb4d940e69fb440d4cb786f969512e0b61e54e637

SHA512
9a108406857af08238d73c56dfa1ea3f42eba40bdd65915aea74c871ba3aa0f75cbf2ad7f5bce2ac40d5efeffd16f3bfeb70f88e88798419a8fdef77ef2fef54

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OModels.dll

Filesize
78KB

MD5
e57646a871a04782fd546583a01d62b4

SHA1
983fad031d66098df6331e0b562d69853ccb37e2

SHA256
f5138fe637e5b1b735fb2e54607147ceb973cc537ad07690ef1bca27ac6da4b5

SHA512
65d4f51417a19d0cc16ec47f21ab3a1d8877864015098a7bdf21286eaf4be05356381e15ba9d7a27baf9567f0fa47f17cfb35e6af6bab495b617dde9d7d89ef0

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OResources.dll

Filesize
20KB

MD5
d2f164645dc4fbff8458306adf7b1870

SHA1
85b787ea895d08925d06ff021eff2412593db40d

SHA256
8881f487bc800630d0292aff9ff8364c228e634710f1e4766616b0ab7f9a724b

SHA512
21c729c85ef36cdda3d1574a9cdf8fc18d7c868ff4072c8e5e8968c57bc6c239ba5d627189ad0ac24d04d9eb5390b090882f8d17da09fac308b81acf4617d4dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OServices.dll

Filesize
168KB

MD5
046edd0ee8296e611920786c4f25cd7a

SHA1
597eb52d27c61dcbb076e03f6a2fa71d6733a61b

SHA256
eed0eabb8ecbf5d30abc0ed992f2ec2f28fa2e7d5588a090d357af424a4ddd84

SHA512
f7a3877aa7d452dc4d7c0b37c1da088d5f211342c934c4419873a0fca267cfd5911e217fb45c0cb10eaa78526733a996b0e2ea2de1c35abe2fc4305a355ed79a

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OUtilities.dll

Filesize
125KB

MD5
de46930143bfc9b30f0f68ef2317a320

SHA1
e6b48151e5f3fcc5d9f300b330e9aeb7602adcf9

SHA256
fe4942cf5b5fdfd04e6af4cdaa128fbadd35b9a4c6d7d6b4407a02ce55131932

SHA512
8e23169277ba0cbc0b8f42db19140d1edf66a9f24f115be19c98f3acf64ea871d8bb8923d709e8b1dbfda0abc0382f5326457c929d422099d8e7a1d26560bea3

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OViewModels.dll

Filesize
9KB

MD5
0ef343471a5777b6f90d9ae85164449e

SHA1
90a754b788f48a1a1e799d77cbd5d84e60bcdae4

SHA256
295b970cd45ca0d9577d5ce875de5cf92367fcb6c7794e525b00090fa1ad62d6

SHA512
d939ccb622f4b519f5aa602f8793ba69492e77b1f73a710997899b9a716f1425044bf8a86b1ad3335eb81339d9cdc3ef7f641eb7d4c1ab29486210fafe76f14c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\OfferSDK.dll

Filesize
178KB

MD5
1105b8b33b0f019651566b87959512e2

SHA1
14d9ee07349bb349c32fc3b0e80087fb75e6bacb

SHA256
9a059883bee5177723b1a971172010a349db64c1dd60fcb3bbf190fe0e78bb07

SHA512
aaca1803c2618cf92306b6dd71b6d8d505c0fe8cd0c6262be268d7097251cd4edcfbeb60be109488958956b570485f2ea94a4ab7cc8e8c149f55759741014010

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Resources\OfferPage.html

Filesize
1KB

MD5
a8f4bb74692bbbcb5c90836e7b933996

SHA1
2d692976bd3451dbf6dfbe73940bbf5aa7b543b3

SHA256
4bacb682e3ed86aaf02d74820b069dd9ed6773ad9ad55e632910da55e0afa60d

SHA512
293168dfbbad0c7d1f7b21962f46d3d16374c86770ea7b4d55bffbc366cd34c8386df2cb33030271990effd8d69f6659cd35a4bded38854765de3f028de9fda4

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Resources\style.css

Filesize
141KB

MD5
5d9b51d75f60d88a326cf6f793bb4fa1

SHA1
3826c2cd89cd6adc3b34e03aa9e8d6fa71cdd8f4

SHA256
b2bd55c2b876df494b7d0a86188cf90de71543351bec65bd84347b0840449ea2

SHA512
b076127056b73161123ee4d2e8c0d520797c81faeaa8248b6a4803f1e00a52ec8f0d0da83bd46150852fec4a114b6acbc21529733beeddb86ac65608f590ff0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Resources\tis\Config.tis

Filesize
291B

MD5
bf5328e51e8ab1211c509b5a65ab9972

SHA1
480dfb920e926d81bce67113576781815fbd1ea4

SHA256
98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b

SHA512
92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Resources\tis\EventHandler.tis

Filesize
10KB

MD5
1116d7747130f4552a91e61a3a6000b1

SHA1
bc36996a664dab24b941ec263679c9d6322e61a2

SHA256
5c09c6784f3fdc4a6b2998c4c9e02e366265ee5314c0f982859825576dc0eafd

SHA512
af34413f242b64737ac9f7076e449b0d0485842d653d1cad12b54b868f09817d3595cd935ad7e03003d536127c173d624dd9a031c079fdb8f897ab0b7b9474e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Resources\tis\Log.tis

Filesize
1014B

MD5
cef7a21acf607d44e160eac5a21bdf67

SHA1
f24f674250a381d6bf09df16d00dbf617354d315

SHA256
73ed0be73f408ab8f15f2da73c839f86fef46d0a269607330b28f9564fae73c7

SHA512
5afb4609ef46f156155f7c1b5fed48fd178d7f3395f80fb3a4fb02f454a3f977d8a15f3ef8541af62df83426a3316d31e1b9e2fd77726cf866c75f6d4e7adc2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Resources\tis\TranslateOfferTemplate.tis

Filesize
2KB

MD5
551029a3e046c5ed6390cc85f632a689

SHA1
b4bd706f753db6ba3c13551099d4eef55f65b057

SHA256
7b8c76a85261c5f9e40e49f97e01a14320e9b224ff3d6af8286632ca94cf96f8

SHA512
22a67a8371d2aa2fdbc840c8e5452c650cb161e71c39b49d868c66db8b4c47d3297cf83c711ec1d002bc3e3ae16b1e0e4faf2761954ce56c495827306bab677e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Resources\tis\ViewStateLoader.tis

Filesize
16KB

MD5
85c33c8207f5fcb2d31c7ce7322771ac

SHA1
6b64f919e6b731447b9add9221b3b7570de25061

SHA256
940ef5e9f28da759fbf3676fba6da5cc4199b78ffc4fefe078ab11d53e70fb0a

SHA512
904188ab57cfb4f3d8c51eb55746ae2589852f271b9fa3840b82bda93f69c9f985e65f67169302d08818b707f36246f83f245470d5175dba5f0ad3a2482740c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\SciterWrapper.dll

Filesize
139KB

MD5
6cbc4475b6af8a6f68ed8696df09ff2d

SHA1
906e0caab3feac88b372c2c25a083c9149e31dc0

SHA256
51e42ff1d66f3042e512be1dd60ac1c7b1a2a5307acd191dffcf24ef106c8970

SHA512
7d5d0fcbfaa218ad95918c421f4cc97e5f98090945c8b4f786ee2d92d0fe44698b580838777cddda34fe1e556eac549168df6eb01a9f9041ad915203e52aa023

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.Net.dll

Filesize
101KB

MD5
fc3be382cc3a7b4fafee4fdd465cab2e

SHA1
334da714147aac5d32116ba1753c88e2d6956705

SHA256
42c2156b7eee3bf8bee8d0c1d3d3f138e059ddda342cf8ee0d723130fb865304

SHA512
2e2d99c93d9f89fca51ae744b9ad0ad6d86dd97cb4a81913e0783984e1d16173eeaf6b3123a4db6241ee0b71b461fb47d297eb20ea501c37c608e15294cf39f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Vestris.ResourceLib.dll

Filesize
76KB

MD5
d39f7ef14893f4d0e909a9ef67d91d7e

SHA1
dfd7519871580b605366a513377db0549bcd5eee

SHA256
d571df8d154118bbbfd16fffb1a4ad642ad854a98ccfb712097633b522ce7aca

SHA512
f15f759ef12970afb8aa46550d5e3491ec771b69c861da3be4a32cb6a6d93eb78b52aa595758277918358961ff99e5ec4fa5f411fe86ca7f87af0fc1a8923b1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\app.ico

Filesize
766B

MD5
4003efa6e7d44e2cbd3d7486e2e0451a

SHA1
a2a9ab4a88cd4732647faa37bbdf726fd885ea1e

SHA256
effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508

SHA512
86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1577.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat

Filesize
304B

MD5
0fb960aef71e81ca15b901982f44dde5

SHA1
3558b236d88bc4884a3d66befb16ad749c58b32e

SHA256
5e88d5508524e449c9629f2c9255002f498355739376c68039db81bb594713c0

SHA512
439ea716a2035d71fdb8f45b5277169dc603fd4e20b48df01d5fa126c7e3e623a12cbd577bd9db6f4e46e80256b1ad5a1a3c7e68a25e4f9888fb809bb787ffb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat

Filesize
304B

MD5
0fb960aef71e81ca15b901982f44dde5

SHA1
3558b236d88bc4884a3d66befb16ad749c58b32e

SHA256
5e88d5508524e449c9629f2c9255002f498355739376c68039db81bb594713c0

SHA512
439ea716a2035d71fdb8f45b5277169dc603fd4e20b48df01d5fa126c7e3e623a12cbd577bd9db6f4e46e80256b1ad5a1a3c7e68a25e4f9888fb809bb787ffb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar15F7.tmp

Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\Downloads\kodi-20.0-Nexus_rc2-x64.exe

Filesize
33.4MB

MD5
67adc9af50f56dae976817a24b569101

SHA1
475f8a2ee9768894e8d734a5ad6b92e718c0e7ec

SHA256
eda2ca0fc601897a410e6bfaa53a2ab1a3b261d04034e72f5633288c133e2acc

SHA512
c3998eaa25806d0d7463f3e4ace20432af9633938ed8c0241b442697d65f7be8b54d6894673099e2b76d7defe5799aa90f01377559a7cc0c85947f35e9535d47

Download Submit
C:\Users\Admin\Downloads\kodi-20.0-Nexus_rc2-x64.exe

Filesize
23.8MB

MD5
9aa12966be5732d635abd497bd9676c4

SHA1
e1d01cbb2e6d562ba15290f8d1c9403816b49fc5

SHA256
331f6d528058045466506fa9ee86690c289d79345c459de5146747cc90457562

SHA512
38128761e0cffc6b114874dc9b868861f5c123d7dd406ff26a0995086323178882ebd68b4416da11007bcb2782616a6a15efaafded1f1e90fd8f5101dd33d637

Download Submit
C:\Users\Admin\Downloads\kodi-20.0-Nexus_rc2-x64.exe

Filesize
22.1MB

MD5
0465afde7d55df2c86815cac86b2a4b3

SHA1
8cba336ba2c55b5a9884ee3c8463efa9222abad6

SHA256
9f4925f49193aca51441ab03ab014d8966868c336baee4786fbc920373a62f7d

SHA512
7429fcf998944694b23bcbd1512af27a70f19c5183b639c7ad527ad0de54e24e9e330fce05ee58f5d199f7dfe5101bef156f5da1dbed2501a063b7707a19cc77

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OCommonResources.dll

Filesize
5.7MB

MD5
7057b9c92d465cd8582b3af21d44239c

SHA1
fddb6a013467a9973c7eaeb0ceccc94209d5cfdf

SHA256
3a59cf866661a07ea7c2cb88c957a966fc5a24e1f0fb2b764195b79702c18239

SHA512
da80adce2bd141a73caae5bbce7a38751a34534af1fa6e8bf0d6c4456c97f8c0dcf73d231a07e9eff860471785850be4a8f2f243eb04982bd3fe83fa0fc8a7c8

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OCommonResources.dll

Filesize
5.7MB

MD5
7057b9c92d465cd8582b3af21d44239c

SHA1
fddb6a013467a9973c7eaeb0ceccc94209d5cfdf

SHA256
3a59cf866661a07ea7c2cb88c957a966fc5a24e1f0fb2b764195b79702c18239

SHA512
da80adce2bd141a73caae5bbce7a38751a34534af1fa6e8bf0d6c4456c97f8c0dcf73d231a07e9eff860471785850be4a8f2f243eb04982bd3fe83fa0fc8a7c8

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2ODAL.dll

Filesize
17KB

MD5
d7134e64bdce2ea5fa7504781a57adaa

SHA1
5a72a075736b8ce2c3375a745c8e7cdc4320ed15

SHA256
f28041ab9edb612da9e7c42bb4d940e69fb440d4cb786f969512e0b61e54e637

SHA512
9a108406857af08238d73c56dfa1ea3f42eba40bdd65915aea74c871ba3aa0f75cbf2ad7f5bce2ac40d5efeffd16f3bfeb70f88e88798419a8fdef77ef2fef54

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2ODAL.dll

Filesize
17KB

MD5
d7134e64bdce2ea5fa7504781a57adaa

SHA1
5a72a075736b8ce2c3375a745c8e7cdc4320ed15

SHA256
f28041ab9edb612da9e7c42bb4d940e69fb440d4cb786f969512e0b61e54e637

SHA512
9a108406857af08238d73c56dfa1ea3f42eba40bdd65915aea74c871ba3aa0f75cbf2ad7f5bce2ac40d5efeffd16f3bfeb70f88e88798419a8fdef77ef2fef54

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OModels.dll

Filesize
78KB

MD5
e57646a871a04782fd546583a01d62b4

SHA1
983fad031d66098df6331e0b562d69853ccb37e2

SHA256
f5138fe637e5b1b735fb2e54607147ceb973cc537ad07690ef1bca27ac6da4b5

SHA512
65d4f51417a19d0cc16ec47f21ab3a1d8877864015098a7bdf21286eaf4be05356381e15ba9d7a27baf9567f0fa47f17cfb35e6af6bab495b617dde9d7d89ef0

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OModels.dll

Filesize
78KB

MD5
e57646a871a04782fd546583a01d62b4

SHA1
983fad031d66098df6331e0b562d69853ccb37e2

SHA256
f5138fe637e5b1b735fb2e54607147ceb973cc537ad07690ef1bca27ac6da4b5

SHA512
65d4f51417a19d0cc16ec47f21ab3a1d8877864015098a7bdf21286eaf4be05356381e15ba9d7a27baf9567f0fa47f17cfb35e6af6bab495b617dde9d7d89ef0

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OResources.dll

Filesize
20KB

MD5
d2f164645dc4fbff8458306adf7b1870

SHA1
85b787ea895d08925d06ff021eff2412593db40d

SHA256
8881f487bc800630d0292aff9ff8364c228e634710f1e4766616b0ab7f9a724b

SHA512
21c729c85ef36cdda3d1574a9cdf8fc18d7c868ff4072c8e5e8968c57bc6c239ba5d627189ad0ac24d04d9eb5390b090882f8d17da09fac308b81acf4617d4dd

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OResources.dll

Filesize
20KB

MD5
d2f164645dc4fbff8458306adf7b1870

SHA1
85b787ea895d08925d06ff021eff2412593db40d

SHA256
8881f487bc800630d0292aff9ff8364c228e634710f1e4766616b0ab7f9a724b

SHA512
21c729c85ef36cdda3d1574a9cdf8fc18d7c868ff4072c8e5e8968c57bc6c239ba5d627189ad0ac24d04d9eb5390b090882f8d17da09fac308b81acf4617d4dd

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OServices.dll

Filesize
168KB

MD5
046edd0ee8296e611920786c4f25cd7a

SHA1
597eb52d27c61dcbb076e03f6a2fa71d6733a61b

SHA256
eed0eabb8ecbf5d30abc0ed992f2ec2f28fa2e7d5588a090d357af424a4ddd84

SHA512
f7a3877aa7d452dc4d7c0b37c1da088d5f211342c934c4419873a0fca267cfd5911e217fb45c0cb10eaa78526733a996b0e2ea2de1c35abe2fc4305a355ed79a

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OServices.dll

Filesize
168KB

MD5
046edd0ee8296e611920786c4f25cd7a

SHA1
597eb52d27c61dcbb076e03f6a2fa71d6733a61b

SHA256
eed0eabb8ecbf5d30abc0ed992f2ec2f28fa2e7d5588a090d357af424a4ddd84

SHA512
f7a3877aa7d452dc4d7c0b37c1da088d5f211342c934c4419873a0fca267cfd5911e217fb45c0cb10eaa78526733a996b0e2ea2de1c35abe2fc4305a355ed79a

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OUtilities.dll

Filesize
125KB

MD5
de46930143bfc9b30f0f68ef2317a320

SHA1
e6b48151e5f3fcc5d9f300b330e9aeb7602adcf9

SHA256
fe4942cf5b5fdfd04e6af4cdaa128fbadd35b9a4c6d7d6b4407a02ce55131932

SHA512
8e23169277ba0cbc0b8f42db19140d1edf66a9f24f115be19c98f3acf64ea871d8bb8923d709e8b1dbfda0abc0382f5326457c929d422099d8e7a1d26560bea3

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OUtilities.dll

Filesize
125KB

MD5
de46930143bfc9b30f0f68ef2317a320

SHA1
e6b48151e5f3fcc5d9f300b330e9aeb7602adcf9

SHA256
fe4942cf5b5fdfd04e6af4cdaa128fbadd35b9a4c6d7d6b4407a02ce55131932

SHA512
8e23169277ba0cbc0b8f42db19140d1edf66a9f24f115be19c98f3acf64ea871d8bb8923d709e8b1dbfda0abc0382f5326457c929d422099d8e7a1d26560bea3

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OViewModels.dll

Filesize
9KB

MD5
0ef343471a5777b6f90d9ae85164449e

SHA1
90a754b788f48a1a1e799d77cbd5d84e60bcdae4

SHA256
295b970cd45ca0d9577d5ce875de5cf92367fcb6c7794e525b00090fa1ad62d6

SHA512
d939ccb622f4b519f5aa602f8793ba69492e77b1f73a710997899b9a716f1425044bf8a86b1ad3335eb81339d9cdc3ef7f641eb7d4c1ab29486210fafe76f14c

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OViewModels.dll

Filesize
9KB

MD5
0ef343471a5777b6f90d9ae85164449e

SHA1
90a754b788f48a1a1e799d77cbd5d84e60bcdae4

SHA256
295b970cd45ca0d9577d5ce875de5cf92367fcb6c7794e525b00090fa1ad62d6

SHA512
d939ccb622f4b519f5aa602f8793ba69492e77b1f73a710997899b9a716f1425044bf8a86b1ad3335eb81339d9cdc3ef7f641eb7d4c1ab29486210fafe76f14c

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\OfferSDK.dll

Filesize
178KB

MD5
1105b8b33b0f019651566b87959512e2

SHA1
14d9ee07349bb349c32fc3b0e80087fb75e6bacb

SHA256
9a059883bee5177723b1a971172010a349db64c1dd60fcb3bbf190fe0e78bb07

SHA512
aaca1803c2618cf92306b6dd71b6d8d505c0fe8cd0c6262be268d7097251cd4edcfbeb60be109488958956b570485f2ea94a4ab7cc8e8c149f55759741014010

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\OfferSDK.dll

Filesize
178KB

MD5
1105b8b33b0f019651566b87959512e2

SHA1
14d9ee07349bb349c32fc3b0e80087fb75e6bacb

SHA256
9a059883bee5177723b1a971172010a349db64c1dd60fcb3bbf190fe0e78bb07

SHA512
aaca1803c2618cf92306b6dd71b6d8d505c0fe8cd0c6262be268d7097251cd4edcfbeb60be109488958956b570485f2ea94a4ab7cc8e8c149f55759741014010

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\SciterWrapper.dll

Filesize
139KB

MD5
6cbc4475b6af8a6f68ed8696df09ff2d

SHA1
906e0caab3feac88b372c2c25a083c9149e31dc0

SHA256
51e42ff1d66f3042e512be1dd60ac1c7b1a2a5307acd191dffcf24ef106c8970

SHA512
7d5d0fcbfaa218ad95918c421f4cc97e5f98090945c8b4f786ee2d92d0fe44698b580838777cddda34fe1e556eac549168df6eb01a9f9041ad915203e52aa023

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\SciterWrapper.dll

Filesize
139KB

MD5
6cbc4475b6af8a6f68ed8696df09ff2d

SHA1
906e0caab3feac88b372c2c25a083c9149e31dc0

SHA256
51e42ff1d66f3042e512be1dd60ac1c7b1a2a5307acd191dffcf24ef106c8970

SHA512
7d5d0fcbfaa218ad95918c421f4cc97e5f98090945c8b4f786ee2d92d0fe44698b580838777cddda34fe1e556eac549168df6eb01a9f9041ad915203e52aa023

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.Net.dll

Filesize
101KB

MD5
fc3be382cc3a7b4fafee4fdd465cab2e

SHA1
334da714147aac5d32116ba1753c88e2d6956705

SHA256
42c2156b7eee3bf8bee8d0c1d3d3f138e059ddda342cf8ee0d723130fb865304

SHA512
2e2d99c93d9f89fca51ae744b9ad0ad6d86dd97cb4a81913e0783984e1d16173eeaf6b3123a4db6241ee0b71b461fb47d297eb20ea501c37c608e15294cf39f4

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.Net.dll

Filesize
101KB

MD5
fc3be382cc3a7b4fafee4fdd465cab2e

SHA1
334da714147aac5d32116ba1753c88e2d6956705

SHA256
42c2156b7eee3bf8bee8d0c1d3d3f138e059ddda342cf8ee0d723130fb865304

SHA512
2e2d99c93d9f89fca51ae744b9ad0ad6d86dd97cb4a81913e0783984e1d16173eeaf6b3123a4db6241ee0b71b461fb47d297eb20ea501c37c608e15294cf39f4

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.Net.dll

Filesize
101KB

MD5
fc3be382cc3a7b4fafee4fdd465cab2e

SHA1
334da714147aac5d32116ba1753c88e2d6956705

SHA256
42c2156b7eee3bf8bee8d0c1d3d3f138e059ddda342cf8ee0d723130fb865304

SHA512
2e2d99c93d9f89fca51ae744b9ad0ad6d86dd97cb4a81913e0783984e1d16173eeaf6b3123a4db6241ee0b71b461fb47d297eb20ea501c37c608e15294cf39f4

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll

Filesize
151KB

MD5
26d7a9a819ad38801857d657da7b43da

SHA1
c234851024d125caae81d759da98789c9dd2501c

SHA256
43bad9c77f861c5ce0f622896a33dbd8c34157c004550cac22cc97d3a4ba3052

SHA512
628299c06673b33566049d70f2f1f1a2a5c769ea5f5a1382b917c3cb11cd6b943005870e536b9e816632f29d1a3dced8eaa81e154b741491d57ef2cd54192190

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Vestris.ResourceLib.dll

Filesize
76KB

MD5
d39f7ef14893f4d0e909a9ef67d91d7e

SHA1
dfd7519871580b605366a513377db0549bcd5eee

SHA256
d571df8d154118bbbfd16fffb1a4ad642ad854a98ccfb712097633b522ce7aca

SHA512
f15f759ef12970afb8aa46550d5e3491ec771b69c861da3be4a32cb6a6d93eb78b52aa595758277918358961ff99e5ec4fa5f411fe86ca7f87af0fc1a8923b1e

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Vestris.ResourceLib.dll

Filesize
76KB

MD5
d39f7ef14893f4d0e909a9ef67d91d7e

SHA1
dfd7519871580b605366a513377db0549bcd5eee

SHA256
d571df8d154118bbbfd16fffb1a4ad642ad854a98ccfb712097633b522ce7aca

SHA512
f15f759ef12970afb8aa46550d5e3491ec771b69c861da3be4a32cb6a6d93eb78b52aa595758277918358961ff99e5ec4fa5f411fe86ca7f87af0fc1a8923b1e

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\sciter32.dll

Filesize
5.6MB

MD5
b431083586e39d018e19880ad1a5ce8f

SHA1
3bbf957ab534d845d485a8698accc0a40b63cedd

SHA256
b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

SHA512
7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

Download Submit
\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
\Users\Admin\AppData\Local\Temp\nsu2A0F.tmp\System.dll

Filesize
11KB

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
\Users\Admin\AppData\Local\Temp\nsu2A0F.tmp\nsExec.dll

Filesize
6KB

MD5
50ba20cad29399e2db9fa75a1324bd1d

SHA1
3850634bb15a112623222972ef554c8d1eca16f4

SHA256
e7b145abc7c519e6bd91dc06b7b83d1e73735ac1ac37d30a7889840a6eed38fc

SHA512
893e053fcb0a2d3742e2b13b869941a3a485b2bda3a92567f84190cb1be170b67d20cc71c6a2cb92f4202140c8afd9c40a358496947d709e0c4b68d43a368754

Download Submit
\Users\Admin\Downloads\kodi-20.0-Nexus_rc2-x64.exe

Filesize
32.7MB

MD5
95f577cacb1861a13f6ab173a34f8821

SHA1
db4b14d1081af891acda3dd1d038ea92c74f050b

SHA256
ed710c6c34c7e45b0df1470242262a1cff461bb32fefc6b9a9873c4d4d338a9c

SHA512
eca89d30a20cf0380dc73a582f767146b67495e02d66b27536991ec9ae76b6a986fedcc4ee5412e9ca24b8f3580b381467d66bfce6d32ea1a3d98b8a91bdaf06

Download Submit
\Users\Admin\Downloads\kodi-20.0-Nexus_rc2-x64.exe

Filesize
23.6MB

MD5
00456db5a1426741e0289e1d14c03eab

SHA1
7499d66ceab02b76180ebbc4c3ec3818e39b0295

SHA256
9671da15a6a1645d369d765c8e19919415a4d0b562af13bcf9553ae97f0aa98d

SHA512
f45f253471b2cbaabab871483b836f38e3407f7555bdec4e52578fb0d25587144882991d880fa9a5ac3b37832e93220265dbc5a5eca26872090a76d57b154462

Download Submit
\Users\Admin\Downloads\kodi-20.0-Nexus_rc2-x64.exe

Filesize
25.4MB

MD5
fb5fae40d490e2220044db327ccc19fa

SHA1
c79d312aee0b32c65a3ad660c169c12d2b2d8a83

SHA256
06665a83567eeac39188de4e11d05d5af323ecabf33902422015307b3242ac95

SHA512
8f61c4240df3cb2f5a568b1933d5d009d36ee967c7f87f5e132de08e1b43776de0102b0df162275798dba46dd855400dd6a4134830ba34130a92c295c9e2b28e

Download Submit
memory/1228-267-0x0000000008050000-0x0000000008604000-memory.dmp

Filesize
5.7MB

Download
memory/1228-425-0x0000000004C20000-0x0000000004C60000-memory.dmp

Filesize
256KB

Download
memory/1228-107-0x0000000000840000-0x0000000000866000-memory.dmp

Filesize
152KB

Download
memory/1228-91-0x0000000000620000-0x0000000000648000-memory.dmp

Filesize
160KB

Download
memory/1228-319-0x0000000004C20000-0x0000000004C60000-memory.dmp

Filesize
256KB

Download
memory/1228-83-0x0000000000520000-0x000000000053A000-memory.dmp

Filesize
104KB

Download
memory/1228-54-0x0000000000F00000-0x0000000001304000-memory.dmp

Filesize
4.0MB

Download
memory/1228-296-0x00000000056B0000-0x00000000056DE000-memory.dmp

Filesize
184KB

Download
memory/1228-388-0x0000000004B90000-0x0000000004BAA000-memory.dmp

Filesize
104KB

Download
memory/1228-75-0x00000000004F0000-0x0000000000520000-memory.dmp

Filesize
192KB

Download
memory/1228-405-0x0000000004C20000-0x0000000004C60000-memory.dmp

Filesize
256KB

Download
memory/1228-99-0x00000000006A0000-0x00000000006D2000-memory.dmp

Filesize
200KB

Download
memory/1228-115-0x0000000000650000-0x000000000065A000-memory.dmp

Filesize
40KB

Download
memory/1228-151-0x0000000000D60000-0x0000000000D7D000-memory.dmp

Filesize
116KB

Download
memory/1228-167-0x0000000004BB0000-0x0000000004BC2000-memory.dmp

Filesize
72KB

Download
memory/1228-123-0x00000000008A0000-0x00000000008A8000-memory.dmp

Filesize
32KB

Download
memory/1228-259-0x0000000005560000-0x000000000556C000-memory.dmp

Filesize
48KB

Download
memory/1228-61-0x0000000004C20000-0x0000000004C60000-memory.dmp

Filesize
256KB

Download
memory/1228-139-0x0000000000EB0000-0x0000000000EDC000-memory.dmp

Filesize
176KB

Download
memory/1228-247-0x00000000063C0000-0x000000000644C000-memory.dmp

Filesize
560KB

Download
memory/1228-131-0x0000000000E80000-0x0000000000EAA000-memory.dmp

Filesize
168KB

Download
memory/1228-55-0x0000000004F40000-0x0000000005324000-memory.dmp

Filesize
3.9MB

Download