aurora | 832654398d6aaecf7213b9b15c7c527054dd8d2a4ff14d368a657a5a1c53b2c3

Analysis

max time kernel
141s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2023 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aurora.exe
Size

25.2MB
MD5

1504c863a05885816d2c8874137ae7a7
SHA1

5b16d440a7e9b5887886549f016f252900b5c0ac
SHA256

33fc61e81efa609df51277aef261623bb291e2dd5359362d50070f7a441df0ad
SHA512

055d2650ac996443130c05a742bcaabc576dbde29cc21ea956f66132f7e6da8a5771beb9cd51ff2384b2230ebe68990b35d8b14611613db2b8d2764846a487f9
SSDEEP

196608:olxc7zJltMVP1nQf6CmuZdgh7vq5esz6xSle:WqzFANQf6CmuEh7vqvz6xSs

Score

10^/10

aurora shurk infostealer stealer

Malware Config

Signatures

Aurora
Aurora is a crypto wallet stealer written in Golang.
stealer aurora
Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
infostealer shurk

Shurk Stealer payload 9 IoCs

resource	yara_rule
behavioral1/memory/1748-133-0x00007FF769070000-0x00007FF76A93F000-memory.dmp	shurk_stealer
behavioral1/memory/1748-145-0x00007FF769070000-0x00007FF76A93F000-memory.dmp	shurk_stealer
behavioral1/memory/1748-227-0x00007FF769070000-0x00007FF76A93F000-memory.dmp	shurk_stealer
behavioral1/memory/1748-316-0x00007FF769070000-0x00007FF76A93F000-memory.dmp	shurk_stealer
behavioral1/memory/1748-326-0x00007FF769070000-0x00007FF76A93F000-memory.dmp	shurk_stealer
behavioral1/memory/1748-330-0x00007FF769070000-0x00007FF76A93F000-memory.dmp	shurk_stealer
behavioral1/memory/1748-332-0x00007FF769070000-0x00007FF76A93F000-memory.dmp	shurk_stealer
behavioral1/memory/1748-340-0x00007FF769070000-0x00007FF76A93F000-memory.dmp	shurk_stealer
behavioral1/memory/1748-351-0x00007FF769070000-0x00007FF76A93F000-memory.dmp	shurk_stealer

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	electron.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	electron.exe

Executes dropped EXE 4 IoCs

pid	Process
4604	electron.exe
3884	electron.exe
3200	electron.exe
2416	electron.exe

Loads dropped DLL 7 IoCs

pid	Process
4604	electron.exe
3884	electron.exe
3200	electron.exe
2416	electron.exe
3884	electron.exe
3884	electron.exe
3884	electron.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3200	electron.exe
3200	electron.exe
2416	electron.exe
2416	electron.exe

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 4604	1748	Aurora.exe	83
PID 1748 wrote to memory of 4604	1748	Aurora.exe	83
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3884	4604	electron.exe	87
PID 4604 wrote to memory of 3200	4604	electron.exe	88
PID 4604 wrote to memory of 3200	4604	electron.exe	88
PID 4604 wrote to memory of 2416	4604	electron.exe	89
PID 4604 wrote to memory of 2416	4604	electron.exe	89

C:\Users\Admin\AppData\Local\Temp\Aurora.exe
"C:\Users\Admin\AppData\Local\Temp\Aurora.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe
  C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe C:\Users\Admin\AppData\Roaming\Aurora\vendor\astilectron\main.js 127.0.0.1:49847 false
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4604
- - C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe
    "C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe" --type=gpu-process --field-trial-handle=1608,17070001066387655413,11077692399837671701,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1612 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3884
- - C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe
    "C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1608,17070001066387655413,11077692399837671701,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2168 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:3200
- - C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe
    "C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe" --type=renderer --field-trial-handle=1608,17070001066387655413,11077692399837671701,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=electron.app.Electron --app-path="C:\Users\Admin\AppData\Roaming\Aurora\vendor\astilectron" --node-integration --no-sandbox --no-zygote --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4180

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Aurora\vendor\astilectron\index.js

Filesize
28KB

MD5
7a1b9fadbb6684407f674bab429446a0

SHA1
58ae43daf1e87440984bbf392d4d1165113af22e

SHA256
35f8881bca3165559b38cf9467af4ee3f77b37e414c67862a87cb4b05d4b677a

SHA512
9cce7731de8cb4d285921fc192fb2f34e1a2799fcb421c21f2831510ad31c21b0dfc46278e352c98356a3ee013f159096dbcdc1db1530115a963947cea9ef50a

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\astilectron\main.js

Filesize
1KB

MD5
7e2b884e5467c63f06960939ca860f7f

SHA1
475933cff8525463ef2a140bc085e5730d9a696e

SHA256
e944a8adddfd05327a6a76ff863c13dff79f73f444f4fc3c31a09452df2a632d

SHA512
84eb87c03950c8f8da8cc1d26915679e3224717870c7c16759ad8c775a826a8e656f65f786015a73510b0bec1e8b7b3ecffc4b2c9b5f558f9f8f3b462f1b8cb3

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\astilectron\package.json

Filesize
610B

MD5
f6feaaae3fdfb3839df655f7a10f3e96

SHA1
1bfae8d8f85870116faaf1d475346f3aa0b3fe28

SHA256
27c7f23600154b141240b296336b7a738f01a328507b88a113d3f9acedc2c0d3

SHA512
32cc0e7f644806a2c44b03000eab60f1d0a1f41a950d5ecc418ed34f239397073a0acf1f681806e1285772be060519da4da330131d3aac6279e32ad798a3a530

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\astilectron\src\client.js

Filesize
905B

MD5
6de951ff2d0e3e5c86cb0a7765a99b37

SHA1
ddb676f65c1aed1975535ceb17bd016b067a70f3

SHA256
8357cb1b31c736d96f150e7f6654cd7731a6d90b7994afb47fc2407598b8925e

SHA512
401ca46872c5cf72baa3cc7cedbf82b200032b97a0a320e76bddfb22444b1a19eceee3e07097bac1a25f4e719cee2874d9ae3ae19da50c1a8d377ca54f9199cf

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\astilectron\src\consts.js

Filesize
7KB

MD5
dc561fcafdd902451363951d33ca1c30

SHA1
8863187746b2ad3daec0b3eb1d94590ffadece86

SHA256
a4496709a64abf3d7b0ac7a3684b159d270c78367f91d9f2558666668d13a69f

SHA512
0976c801359cceb64d08249ca970d9fc5f909fbbf33bc6a593979a476d240256482be2e79fea33803c493fad00ade5583fc86367120da1d36dce52bb492d85b7

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\chrome_100_percent.pak

Filesize
121KB

MD5
06baf0ad34e0231bd76651203dba8326

SHA1
a5f99ecdcc06dec9d7f9ce0a8c66e46969117391

SHA256
5ae14147992a92548bcad76867dd88cdfcdb69d951c8720920cce6fb135e3189

SHA512
aff6616e56781ebb925a0ca146245ad3b2827250b32261c0c7c0d5b10b20a343a17fc3761c95d93104163e77b2eae3f1f9cbd3cb2b377f49b42bea39bdd09b91

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\chrome_200_percent.pak

Filesize
181KB

MD5
57c27201e7cd33471da7ec205fe9973c

SHA1
a8e7bce09c4cbdae2797611b2be8aeb5491036f9

SHA256
dd8146b2ee289e4d54a4a0f1fd3b2f61b979c6a2baaba96a406d96c3f4fdb33b

SHA512
57258aa169bec66abf0f45a3e026bb68751fb970b74bd0cb465607fa3b2a89967e832d92d8f675f0449bb6662fcb7786d05f0597124cc8e18bb99a47245779b4

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe

Filesize
120.4MB

MD5
c76ce1b16b3402f40739a85f2a72405b

SHA1
e3926b28c6c907d4ac0c09d1d8cd816c3fc0cb8d

SHA256
3795e2992a135b3179eb4b8d77e1fe2694008c65b6c608ae3b4ae053fd52ae86

SHA512
3e8a874a33e613d4d82c2bde4fd5e69860b3e9234bdc7ea8b6c0c8e50d376d4b76070585bba562dfdaab66ce62574bcdf5f2bba9412cb475dafc562c8c86484f

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe

Filesize
120.4MB

MD5
c76ce1b16b3402f40739a85f2a72405b

SHA1
e3926b28c6c907d4ac0c09d1d8cd816c3fc0cb8d

SHA256
3795e2992a135b3179eb4b8d77e1fe2694008c65b6c608ae3b4ae053fd52ae86

SHA512
3e8a874a33e613d4d82c2bde4fd5e69860b3e9234bdc7ea8b6c0c8e50d376d4b76070585bba562dfdaab66ce62574bcdf5f2bba9412cb475dafc562c8c86484f

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe

Filesize
120.4MB

MD5
c76ce1b16b3402f40739a85f2a72405b

SHA1
e3926b28c6c907d4ac0c09d1d8cd816c3fc0cb8d

SHA256
3795e2992a135b3179eb4b8d77e1fe2694008c65b6c608ae3b4ae053fd52ae86

SHA512
3e8a874a33e613d4d82c2bde4fd5e69860b3e9234bdc7ea8b6c0c8e50d376d4b76070585bba562dfdaab66ce62574bcdf5f2bba9412cb475dafc562c8c86484f

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe

Filesize
120.4MB

MD5
c76ce1b16b3402f40739a85f2a72405b

SHA1
e3926b28c6c907d4ac0c09d1d8cd816c3fc0cb8d

SHA256
3795e2992a135b3179eb4b8d77e1fe2694008c65b6c608ae3b4ae053fd52ae86

SHA512
3e8a874a33e613d4d82c2bde4fd5e69860b3e9234bdc7ea8b6c0c8e50d376d4b76070585bba562dfdaab66ce62574bcdf5f2bba9412cb475dafc562c8c86484f

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\electron.exe

Filesize
120.4MB

MD5
c76ce1b16b3402f40739a85f2a72405b

SHA1
e3926b28c6c907d4ac0c09d1d8cd816c3fc0cb8d

SHA256
3795e2992a135b3179eb4b8d77e1fe2694008c65b6c608ae3b4ae053fd52ae86

SHA512
3e8a874a33e613d4d82c2bde4fd5e69860b3e9234bdc7ea8b6c0c8e50d376d4b76070585bba562dfdaab66ce62574bcdf5f2bba9412cb475dafc562c8c86484f

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\ffmpeg.dll

Filesize
2.7MB

MD5
9753450af3141c1a213836f402e89fdf

SHA1
7c2c0e3edd1a17cc2f4b01d3ac0fdde32a9fdaef

SHA256
f91350c71864cbbb7cfbbd538f293176565431f52557c921b94361142e7bdfe6

SHA512
55689b09f07a284b0d217becad3ad8bdc2d18f0e721cb75dc42cd5f6e09061af304198ce95ba2f622751c5d2b57227862a887a08eee5f382a4271b1c55faf9da

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\ffmpeg.dll

Filesize
2.7MB

MD5
9753450af3141c1a213836f402e89fdf

SHA1
7c2c0e3edd1a17cc2f4b01d3ac0fdde32a9fdaef

SHA256
f91350c71864cbbb7cfbbd538f293176565431f52557c921b94361142e7bdfe6

SHA512
55689b09f07a284b0d217becad3ad8bdc2d18f0e721cb75dc42cd5f6e09061af304198ce95ba2f622751c5d2b57227862a887a08eee5f382a4271b1c55faf9da

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\ffmpeg.dll

Filesize
2.7MB

MD5
9753450af3141c1a213836f402e89fdf

SHA1
7c2c0e3edd1a17cc2f4b01d3ac0fdde32a9fdaef

SHA256
f91350c71864cbbb7cfbbd538f293176565431f52557c921b94361142e7bdfe6

SHA512
55689b09f07a284b0d217becad3ad8bdc2d18f0e721cb75dc42cd5f6e09061af304198ce95ba2f622751c5d2b57227862a887a08eee5f382a4271b1c55faf9da

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\ffmpeg.dll

Filesize
2.7MB

MD5
9753450af3141c1a213836f402e89fdf

SHA1
7c2c0e3edd1a17cc2f4b01d3ac0fdde32a9fdaef

SHA256
f91350c71864cbbb7cfbbd538f293176565431f52557c921b94361142e7bdfe6

SHA512
55689b09f07a284b0d217becad3ad8bdc2d18f0e721cb75dc42cd5f6e09061af304198ce95ba2f622751c5d2b57227862a887a08eee5f382a4271b1c55faf9da

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\ffmpeg.dll

Filesize
2.7MB

MD5
9753450af3141c1a213836f402e89fdf

SHA1
7c2c0e3edd1a17cc2f4b01d3ac0fdde32a9fdaef

SHA256
f91350c71864cbbb7cfbbd538f293176565431f52557c921b94361142e7bdfe6

SHA512
55689b09f07a284b0d217becad3ad8bdc2d18f0e721cb75dc42cd5f6e09061af304198ce95ba2f622751c5d2b57227862a887a08eee5f382a4271b1c55faf9da

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\icudtl.dat

Filesize
10.0MB

MD5
ad2988770b8cb3281a28783ad833a201

SHA1
94b7586ee187d9b58405485f4c551b55615f11b5

SHA256
df876c7af43ed93eec6aea4d2d55c805009c219653cdeb368f1d048f4922b108

SHA512
f27e542a9c6c60fa28c5b7cc2818079341ef93aef3bbcadecad2dc11aff5b1592b19c7ebfa543ea42a3cbfec26a668641b255545fb0912056e25e852c2dedd01

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\locales\en-US.pak

Filesize
83KB

MD5
bd8f7b719110342b7cefb16ddd05ec55

SHA1
82a79aeaa1dd4b1464b67053ba1766a4498c13e7

SHA256
d1d3f892be16329c79f9a8ee8c5fa1c9fb46d17edfeb56a3d9407f9d7587a0de

SHA512
7cd1493e59e87c70927e66769eb200f79a57e1eb1223af4eb4064088571893d3e32cbc4b5ece568fd308992aad65684aa280dc9834f2b5d327bdee514b046e5e

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\resources.pak

Filesize
4.8MB

MD5
d13873f6fb051266deb3599b14535806

SHA1
143782c0ce5a5773ae0aae7a22377c8a6d18a5b2

SHA256
7b953443e3cd54a0a4775528b52fbfe5ebecbc2c71731600ed0999d227969506

SHA512
1ab38fcb70d1958c74da2493459532b52a04b884009509a1ac8dd39f6e9e670658a52f4d19ef57f1bc71dccfdd6ceedbc18034bbcad0b500d75a97c74aac6939

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\resources\default_app.asar

Filesize
103KB

MD5
66edd71d92a50049e720426cba500b9d

SHA1
9f9a54b662e10017b8396c1cad9678c210addf85

SHA256
94657e6bfad3ead2265366876a3089a217f6a3fba3713558d645fbe6b3c16eb4

SHA512
b5e980d98553bf197c7287c9c46ef715e400791de7bb21e66394f2e2d096deb6c53577319521b296db15a4b05739c5dd12bd23c0770da1bd9667f08ce0c95109

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\swiftshader\libEGL.dll

Filesize
460KB

MD5
93cc46883438cc03b07a79b7feb18897

SHA1
292c719281aed682de5b67d82412e3028857351d

SHA256
bc373113024f34ecd00fb01dea69c4d3bc7026996f685b143794cf01576b6b56

SHA512
98db3714b41bf1dc963f2abb0abc6e3e7d781c9487c7ea28f9e9fec8ce278689f855dd855f8696227596cabf8c6a8fad56033a23d1cb774376285e7b0ae3a7ca

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
14832225e4e49ed1636624cc1eea0ab5

SHA1
6d4cc0673e129e6b8271d179018bb170f5aea88b

SHA256
cd92f6c1c6e36ff3072a21d5786ff769fe12c0003f38f3228faef98466868289

SHA512
b44e6918978499e0582d92421cfc84182e685f507111797803d48acaf1b805b4d80c225d1d387025701c5d08a9112c39a034c108333f44f005c6221e34841eba

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\swiftshader\libegl.dll

Filesize
460KB

MD5
93cc46883438cc03b07a79b7feb18897

SHA1
292c719281aed682de5b67d82412e3028857351d

SHA256
bc373113024f34ecd00fb01dea69c4d3bc7026996f685b143794cf01576b6b56

SHA512
98db3714b41bf1dc963f2abb0abc6e3e7d781c9487c7ea28f9e9fec8ce278689f855dd855f8696227596cabf8c6a8fad56033a23d1cb774376285e7b0ae3a7ca

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\swiftshader\libglesv2.dll

Filesize
3.1MB

MD5
14832225e4e49ed1636624cc1eea0ab5

SHA1
6d4cc0673e129e6b8271d179018bb170f5aea88b

SHA256
cd92f6c1c6e36ff3072a21d5786ff769fe12c0003f38f3228faef98466868289

SHA512
b44e6918978499e0582d92421cfc84182e685f507111797803d48acaf1b805b4d80c225d1d387025701c5d08a9112c39a034c108333f44f005c6221e34841eba

Download Submit
C:\Users\Admin\AppData\Roaming\Aurora\vendor\electron-windows-amd64\v8_context_snapshot.bin

Filesize
168KB

MD5
c2208c06c8ff81bca3c092cc42b8df1b

SHA1
f7b9faa9ba0e72d062f68642a02cc8f3fed49910

SHA256
4a67de195878d290f49b503b83e415917b8bbcbd9936b07a5d33b48e9bc6e0a3

SHA512
6c3c370dd086a976c44d4059a315bd3bcbb50961aa34734e65a40d861cffca9090d47cec74575afe23952e394e4845bda2d8798eebe01fb54a7a6288bce238f5

Download Submit
C:\Users\Admin\AppData\Roaming\Electron\Network Persistent State

Filesize
188B

MD5
c5aaf170523a6627a889bb1e69137e67

SHA1
6b2fc79d37ee85634b00c52ecd795e9d1ee2bdf3

SHA256
32db68227150f833e41cd5907195c1f05637cac33fdfbf3fd8f9acbfb94dfe5a

SHA512
3712cdd5ba18a101810b6e6b24a300b0c13400315cfead2569660f4bfc977d2e8be9db6a6109ef9812043b549ff06c3f4aadfd71e5d65d21819ad7e05590fdc3

Download Submit
C:\Users\Admin\AppData\Roaming\Electron\Network Persistent State~RFe58f8e2.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1748-227-0x00007FF769070000-0x00007FF76A93F000-memory.dmp

Filesize
24.8MB

Download
memory/1748-145-0x00007FF769070000-0x00007FF76A93F000-memory.dmp

Filesize
24.8MB

Download
memory/1748-316-0x00007FF769070000-0x00007FF76A93F000-memory.dmp

Filesize
24.8MB

Download
memory/1748-326-0x00007FF769070000-0x00007FF76A93F000-memory.dmp

Filesize
24.8MB

Download
memory/1748-330-0x00007FF769070000-0x00007FF76A93F000-memory.dmp

Filesize
24.8MB

Download
memory/1748-332-0x00007FF769070000-0x00007FF76A93F000-memory.dmp

Filesize
24.8MB

Download
memory/1748-340-0x00007FF769070000-0x00007FF76A93F000-memory.dmp

Filesize
24.8MB

Download
memory/1748-133-0x00007FF769070000-0x00007FF76A93F000-memory.dmp

Filesize
24.8MB

Download
memory/1748-351-0x00007FF769070000-0x00007FF76A93F000-memory.dmp

Filesize
24.8MB

Download
memory/3884-323-0x000001E927030000-0x000001E92705B000-memory.dmp

Filesize
172KB

Download
memory/3884-244-0x00007FFF41870000-0x00007FFF41871000-memory.dmp

Filesize
4KB

Download