f689791a5c1c74cdcf212faa347e8d3f52b22a41b74371bc8c458827af4b4a9d

Analysis

max time kernel
135s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TEMPEST-Setup-3.0.5.exe
Size

86.3MB
MD5

d05924608bf83ed8d0aa4a3f6284cf93
SHA1

b43ff0609c99eb9e95839fcd46e7f4e8d50072a4
SHA256

f689791a5c1c74cdcf212faa347e8d3f52b22a41b74371bc8c458827af4b4a9d
SHA512

2545676c48fe060f05cb6c997797ed088a17080c60e1ad4abeb0d0e636acdfe1ef200e30c1b454829771161acfda2c5c19faa243782555351328d3e0325fe4d2
SSDEEP

1572864:V6+IiPxE13n42BKUvHCG6sY+vWjd6w7Fpu/1HRUxbCe+z:5E1I2DvzYISoN7kbO

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	TEMPEST.exe

Executes dropped EXE 4 IoCs

pid	Process
2680	TEMPEST.exe
4448	TEMPEST.exe
4044	TEMPEST.exe
1728	TEMPEST.exe

Loads dropped DLL 17 IoCs

pid	Process
2772	TEMPEST-Setup-3.0.5.exe
2772	TEMPEST-Setup-3.0.5.exe
2772	TEMPEST-Setup-3.0.5.exe
2772	TEMPEST-Setup-3.0.5.exe
2772	TEMPEST-Setup-3.0.5.exe
2772	TEMPEST-Setup-3.0.5.exe
2772	TEMPEST-Setup-3.0.5.exe
2680	TEMPEST.exe
4448	TEMPEST.exe
4448	TEMPEST.exe
4448	TEMPEST.exe
4448	TEMPEST.exe
4044	TEMPEST.exe
1728	TEMPEST.exe
1728	TEMPEST.exe
1728	TEMPEST.exe
1728	TEMPEST.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{988B299A-046A-4BF5-A1BF-4E54DE398CC0}	TEMPEST.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{11477BA5-152E-43D4-9A53-900479B01680}	TEMPEST.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2772	TEMPEST-Setup-3.0.5.exe
2772	TEMPEST-Setup-3.0.5.exe
2772	TEMPEST-Setup-3.0.5.exe
2772	TEMPEST-Setup-3.0.5.exe
2772	TEMPEST-Setup-3.0.5.exe
2772	TEMPEST-Setup-3.0.5.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2772	TEMPEST-Setup-3.0.5.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2680	TEMPEST.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5032	OpenWith.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 4448	2680	TEMPEST.exe	91
PID 2680 wrote to memory of 4448	2680	TEMPEST.exe	91
PID 2680 wrote to memory of 4044	2680	TEMPEST.exe	92
PID 2680 wrote to memory of 4044	2680	TEMPEST.exe	92
PID 2680 wrote to memory of 1728	2680	TEMPEST.exe	98
PID 2680 wrote to memory of 1728	2680	TEMPEST.exe	98

C:\Users\Admin\AppData\Local\Temp\TEMPEST-Setup-3.0.5.exe
"C:\Users\Admin\AppData\Local\Temp\TEMPEST-Setup-3.0.5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2772

C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe
"C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe
  "C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe" --type=gpu-process --enable-features=SharedArrayBuffer --no-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=694222956601861726 --mojo-platform-channel-handle=1400 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:4448
- C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe
  "C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe" --type=renderer --no-sandbox --enable-features=SharedArrayBuffer --service-pipe-token=5774092510250254800 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\com.app.tempest\resources\app.asar" --node-integration=false --webview-tag=false --no-sandbox --background-color=#fff --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5774092510250254800 --renderer-client-id=4 --mojo-platform-channel-handle=2132 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4044
- C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe
  "C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe" --type=gpu-process --enable-features=SharedArrayBuffer --disable-gpu-sandbox --no-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=2780055122774296928 --mojo-platform-channel-handle=3348 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:1728

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5032

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\com.app.tempest\D3DCompiler_47.dll

Filesize
4.1MB

MD5
222d020bd33c90170a8296adc1b7036a

SHA1
612e6f443d927330b9b8ac13cc4a2a6b959cee48

SHA256
4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3

SHA512
ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe

Filesize
89.4MB

MD5
666ea238e6587365837133721ef5b8e5

SHA1
2ec64a7d8d0511832df6ec894f67d0ab8bd802bc

SHA256
58ad4998fb4471abad0933fc8a31cfc1f3d4f00d1205675da655080847dc497b

SHA512
c7d986a8f7adaf780e7638682ca221064ae5bac89090ae8c09ff245ee0af160fd907fbecfb1439aec75eb54dfd090a62fd97e55d3b33d35151af0d13d3cd4182

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe

Filesize
89.4MB

MD5
666ea238e6587365837133721ef5b8e5

SHA1
2ec64a7d8d0511832df6ec894f67d0ab8bd802bc

SHA256
58ad4998fb4471abad0933fc8a31cfc1f3d4f00d1205675da655080847dc497b

SHA512
c7d986a8f7adaf780e7638682ca221064ae5bac89090ae8c09ff245ee0af160fd907fbecfb1439aec75eb54dfd090a62fd97e55d3b33d35151af0d13d3cd4182

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe

Filesize
89.4MB

MD5
666ea238e6587365837133721ef5b8e5

SHA1
2ec64a7d8d0511832df6ec894f67d0ab8bd802bc

SHA256
58ad4998fb4471abad0933fc8a31cfc1f3d4f00d1205675da655080847dc497b

SHA512
c7d986a8f7adaf780e7638682ca221064ae5bac89090ae8c09ff245ee0af160fd907fbecfb1439aec75eb54dfd090a62fd97e55d3b33d35151af0d13d3cd4182

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe

Filesize
89.4MB

MD5
666ea238e6587365837133721ef5b8e5

SHA1
2ec64a7d8d0511832df6ec894f67d0ab8bd802bc

SHA256
58ad4998fb4471abad0933fc8a31cfc1f3d4f00d1205675da655080847dc497b

SHA512
c7d986a8f7adaf780e7638682ca221064ae5bac89090ae8c09ff245ee0af160fd907fbecfb1439aec75eb54dfd090a62fd97e55d3b33d35151af0d13d3cd4182

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe

Filesize
89.4MB

MD5
666ea238e6587365837133721ef5b8e5

SHA1
2ec64a7d8d0511832df6ec894f67d0ab8bd802bc

SHA256
58ad4998fb4471abad0933fc8a31cfc1f3d4f00d1205675da655080847dc497b

SHA512
c7d986a8f7adaf780e7638682ca221064ae5bac89090ae8c09ff245ee0af160fd907fbecfb1439aec75eb54dfd090a62fd97e55d3b33d35151af0d13d3cd4182

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\TEMPEST.exe

Filesize
89.4MB

MD5
666ea238e6587365837133721ef5b8e5

SHA1
2ec64a7d8d0511832df6ec894f67d0ab8bd802bc

SHA256
58ad4998fb4471abad0933fc8a31cfc1f3d4f00d1205675da655080847dc497b

SHA512
c7d986a8f7adaf780e7638682ca221064ae5bac89090ae8c09ff245ee0af160fd907fbecfb1439aec75eb54dfd090a62fd97e55d3b33d35151af0d13d3cd4182

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\chrome_100_percent.pak

Filesize
163KB

MD5
6b0554d58e8c0cdbf0bb88ee032fdc4b

SHA1
0985707237768abbf89acb3d362c7e62f9ef80bb

SHA256
ebc1a06972979c372fda5711d505a3b5041e6ee448d80de84f9eda84d37e4a86

SHA512
c01af1a038030f0141988cc4c0e6676c50934e705f13046dc57b00b4814abb37c88d623aa1c64ae0740be191bf261e6ce3c1a05100037a9c33eb877b0b8b95ad

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\chrome_200_percent.pak

Filesize
243KB

MD5
8ab92f2b5d78419af2e4e66d4391dfd2

SHA1
220e001d9fac6f01217b6f6d9b167aa5d9654620

SHA256
b2d93b68f9b8e3b6ccfa4d0225af4d6e55e2a47ace53e4e64d105ce7183a04d6

SHA512
afdb8d9345720ac7bcecb376ce21bc07ebed978e8b8c451762b50b1108127b1dbb04a1010cd746cc06084339b2e0dcc38dde16192ae26faa1d5030b87fee729c

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\d3dcompiler_47.dll

Filesize
4.1MB

MD5
222d020bd33c90170a8296adc1b7036a

SHA1
612e6f443d927330b9b8ac13cc4a2a6b959cee48

SHA256
4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3

SHA512
ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\d3dcompiler_47.dll

Filesize
4.1MB

MD5
222d020bd33c90170a8296adc1b7036a

SHA1
612e6f443d927330b9b8ac13cc4a2a6b959cee48

SHA256
4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3

SHA512
ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\ffmpeg.dll

Filesize
2.0MB

MD5
c6545e17cce3c32bd98cb4199a353577

SHA1
c3cf9bbe4fbb5c7b5ad38436ce165735b95f0b84

SHA256
235e29b765dd960577ad1a85b56b2d88a12f5467fd3253d2cc24a3e0964801e0

SHA512
a52ded4ee3e92768a207b1db371f50158afc98d34960111fff5fe93c1207fbbd78f7c3469fd63d75d873ae36afc9fa17924dcdec639721acfc037ba5ab4ae27d

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\ffmpeg.dll

Filesize
2.0MB

MD5
c6545e17cce3c32bd98cb4199a353577

SHA1
c3cf9bbe4fbb5c7b5ad38436ce165735b95f0b84

SHA256
235e29b765dd960577ad1a85b56b2d88a12f5467fd3253d2cc24a3e0964801e0

SHA512
a52ded4ee3e92768a207b1db371f50158afc98d34960111fff5fe93c1207fbbd78f7c3469fd63d75d873ae36afc9fa17924dcdec639721acfc037ba5ab4ae27d

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\ffmpeg.dll

Filesize
2.0MB

MD5
c6545e17cce3c32bd98cb4199a353577

SHA1
c3cf9bbe4fbb5c7b5ad38436ce165735b95f0b84

SHA256
235e29b765dd960577ad1a85b56b2d88a12f5467fd3253d2cc24a3e0964801e0

SHA512
a52ded4ee3e92768a207b1db371f50158afc98d34960111fff5fe93c1207fbbd78f7c3469fd63d75d873ae36afc9fa17924dcdec639721acfc037ba5ab4ae27d

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\ffmpeg.dll

Filesize
2.0MB

MD5
c6545e17cce3c32bd98cb4199a353577

SHA1
c3cf9bbe4fbb5c7b5ad38436ce165735b95f0b84

SHA256
235e29b765dd960577ad1a85b56b2d88a12f5467fd3253d2cc24a3e0964801e0

SHA512
a52ded4ee3e92768a207b1db371f50158afc98d34960111fff5fe93c1207fbbd78f7c3469fd63d75d873ae36afc9fa17924dcdec639721acfc037ba5ab4ae27d

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\ffmpeg.dll

Filesize
2.0MB

MD5
c6545e17cce3c32bd98cb4199a353577

SHA1
c3cf9bbe4fbb5c7b5ad38436ce165735b95f0b84

SHA256
235e29b765dd960577ad1a85b56b2d88a12f5467fd3253d2cc24a3e0964801e0

SHA512
a52ded4ee3e92768a207b1db371f50158afc98d34960111fff5fe93c1207fbbd78f7c3469fd63d75d873ae36afc9fa17924dcdec639721acfc037ba5ab4ae27d

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\icudtl.dat

Filesize
9.7MB

MD5
8cda09112153ff6dc3aded6ffeb6835f

SHA1
bdbbdfd4079b3a418272e8bdf015e1b259aa1333

SHA256
6c98bb4ccc3888ad4f94163d1654578442506f04012d5da819445a80bb85636f

SHA512
65727e37d6802ed42b4be4e4d9a172e0cb28c85dcefd5567888bf2342a58541fcfe0c1248822f17d7641ea40af1262fa6f5733417a62b9e19c8bedd357ad625c

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\locales\en-US.pak

Filesize
58KB

MD5
104437c82defe34717b1dc667d9e28aa

SHA1
844b450de3f12e1c4b76bb32f3513ab3a7331dc8

SHA256
df2f5f3830fc3fdeaf4f941b6b30cf051ab52b592bc6e31ae7176eecfda0c1a7

SHA512
f7d917bc492c8aba74eb2148baf9836bb6cb3ed058c53ae3eac7128f5156da54384d5dac2134b35f6b5ae05bf086fcaf2977e9a4374f14aee64d942329042572

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\natives_blob.bin

Filesize
122KB

MD5
99e9ed492dc4b9318704745f69e3ff43

SHA1
4276e245efeb0256bbbdefa77063d2585712198e

SHA256
ad6654fca057a8b8735c8b5cdba9d322396befe7e706429b8236c234a3941da1

SHA512
5163af106d268ff2a324519eac9a17572191add3a5283496170dcff10f52bd9854e47a00c4fe40d83c01b8cd21eaaa0665647044ddb038cf7191ff19c95af539

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\resources.pak

Filesize
8.3MB

MD5
f7b4b4dc9b26003c835725e4d74bf8ab

SHA1
76909096b2a0a3e0c787afb2b302f80cc1a968c7

SHA256
d7a3fb791f6c94409f967c099b7fbcb8ac2f9f5691526b28f2a62e37c59c2e2e

SHA512
a075b893dc11b54c72a27ac4346bc009346282766f2f31d928fad123471ed5b2c4f971d8a72bdba50838a576ebf1c5be17c456a6e34c6cb172e133a7dc83d811

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\resources\app.asar

Filesize
6.9MB

MD5
06901d71b4069884369fb852bb633f60

SHA1
8e1d77012a89352163db67cf0d64bf70e9a93d42

SHA256
52f801510dac3a6d559967f14f3b469cc08a1151da42800158d196cedeedd78c

SHA512
1cc5548d62b59d79b378bad8c0434ab8b8cbd230e2e56c0e8c39b77410a80bdad012876987a5f42547a2e0efa1bd296932a3e7ec2b25bfb5e389afe2f1578364

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\resources\electron.asar

Filesize
269KB

MD5
d9b05fa8c3112d3a72e4589593a2059c

SHA1
1b6caaf396c329544dbec467f93aa7ce2a703055

SHA256
3b51213647cf488f01717a9f37a82be8431405973cd90188683af04a00690ca0

SHA512
b4bfa16fe4cea9861ebec8d66fa26ad5e46efd093e2753f15539b7677267318289e96398ad8c299089ea8a7d94ad947a3ea9ba0a4e6f70c8f8e4beac33261914

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\swiftshader\libEGL.dll

Filesize
138KB

MD5
da739bfb3b85cd34149da69b4019612b

SHA1
25f8d8d01623ff9c5dbb77c274179aea940a50bb

SHA256
3a878dcbb20e572c046c4d5b837ec97b6eac37503e384aa7aa7a43a09261e5e5

SHA512
5e4b9cfbe1f3cb5bb31070b7c6e91eb796880bca70dc8cb3db9d7b1518a942744588127f616445b30d6874b771346053cae3184f00037ef8b185894852f5b006

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\swiftshader\libEGL.dll

Filesize
138KB

MD5
da739bfb3b85cd34149da69b4019612b

SHA1
25f8d8d01623ff9c5dbb77c274179aea940a50bb

SHA256
3a878dcbb20e572c046c4d5b837ec97b6eac37503e384aa7aa7a43a09261e5e5

SHA512
5e4b9cfbe1f3cb5bb31070b7c6e91eb796880bca70dc8cb3db9d7b1518a942744588127f616445b30d6874b771346053cae3184f00037ef8b185894852f5b006

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\swiftshader\libGLESv2.dll

Filesize
2.5MB

MD5
cde75291d5aff244a8cb03fdaf7ee9e7

SHA1
a0f787dd62b29a6eb7d231cd1a8d060318709ec1

SHA256
74c89f3008b08019630c00b2593807c370a5dd0416e28818c074dec17ae8f8c2

SHA512
a1c2fc585026eb9ffa466041aca9273b83cc264b971a8702aa4f4edc0e792384affeda2eb3b67270836c62378a86568a224abbb501283056ce3e05d42634030f

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\swiftshader\libGLESv2.dll

Filesize
2.5MB

MD5
cde75291d5aff244a8cb03fdaf7ee9e7

SHA1
a0f787dd62b29a6eb7d231cd1a8d060318709ec1

SHA256
74c89f3008b08019630c00b2593807c370a5dd0416e28818c074dec17ae8f8c2

SHA512
a1c2fc585026eb9ffa466041aca9273b83cc264b971a8702aa4f4edc0e792384affeda2eb3b67270836c62378a86568a224abbb501283056ce3e05d42634030f

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\swiftshader\libegl.dll

Filesize
138KB

MD5
da739bfb3b85cd34149da69b4019612b

SHA1
25f8d8d01623ff9c5dbb77c274179aea940a50bb

SHA256
3a878dcbb20e572c046c4d5b837ec97b6eac37503e384aa7aa7a43a09261e5e5

SHA512
5e4b9cfbe1f3cb5bb31070b7c6e91eb796880bca70dc8cb3db9d7b1518a942744588127f616445b30d6874b771346053cae3184f00037ef8b185894852f5b006

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\swiftshader\libglesv2.dll

Filesize
2.5MB

MD5
cde75291d5aff244a8cb03fdaf7ee9e7

SHA1
a0f787dd62b29a6eb7d231cd1a8d060318709ec1

SHA256
74c89f3008b08019630c00b2593807c370a5dd0416e28818c074dec17ae8f8c2

SHA512
a1c2fc585026eb9ffa466041aca9273b83cc264b971a8702aa4f4edc0e792384affeda2eb3b67270836c62378a86568a224abbb501283056ce3e05d42634030f

Download Submit
C:\Users\Admin\AppData\Local\Programs\com.app.tempest\v8_context_snapshot.bin

Filesize
1017KB

MD5
302f044f437493eb613cdd5794c2880e

SHA1
8709230a6b50428892508a670ddf42d491c775a7

SHA256
d867591a0b6a121f8adb2e12a96be4b4d7060596137e69e2c0223294c4183b96

SHA512
65bbd705262088198db0a8fa376f828d217ac1f8c2a7f5fbd58fa7e1af9db4917844d6c1f5c6b6cd0f72ba94cc98e62b5066ce14b9e65da63860432608a2baee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9A80.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9A80.tmp\StdUtils.dll

Filesize
101KB

MD5
33b4e69e7835e18b9437623367dd1787

SHA1
53afa03edaf931abdc2d828e5a2c89ad573d926c

SHA256
72d38ef115e71fc73dc5978987c583fc8c6b50ff12e4a5d30649a4d164a8b6ae

SHA512
ca890e785d1a0a7e0b4a748416fba417826ae66b46e600f407d4e795b444612a8b830f579f2cf5b6e051bea800604f34f8801cc3daf05c8d29ad05bcda454a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9A80.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9A80.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9A80.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9A80.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9A80.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9A80.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9A80.tmp\nsis7z.dll

Filesize
391KB

MD5
c6a070b3e68b292bb0efc9b26e85e9cc

SHA1
5a922b96eda6595a68fd0a9051236162ff2e2ada

SHA256
66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b

SHA512
8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8

Download Submit