e724ecee7dad100d9881d548f363753b95683379d422f9afd2f99298fdb19485

Analysis

max time kernel
133s
max time network
190s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bin_Weevils_Rewritten_Setup_1.0.3.exe
Size

73.0MB
MD5

c93453843bf69951d5ae8adead594e44
SHA1

6fff42ec9ff6683518784b776ab3b3b6161322b3
SHA256

e724ecee7dad100d9881d548f363753b95683379d422f9afd2f99298fdb19485
SHA512

7bfa9f35f477521429308853257aa8407e51e983520b1c45e9cb4316cafbbc4e3fdc0573af6216dec7b38da8629f4b9af2aab1b47a3ce1369fcf8beb8e1d8554
SSDEEP

1572864:iGb4n3FWdADZl+z0tnt6vtnvmJC8HL4+s8Jc38i7Pw3mgaR4NGzzzL:ip3FWdKZEgtM1nwBs80lwmgi/bL

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Control Panel\International\Geo\Nation	Bin Weevils Rewritten.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Control Panel\International\Geo\Nation	Bin Weevils Rewritten.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Control Panel\International\Geo\Nation	Bin Weevils Rewritten.exe

Executes dropped EXE 6 IoCs

pid	Process
1980	Bin Weevils Rewritten.exe
1164	Bin Weevils Rewritten.exe
2696	Bin Weevils Rewritten.exe
2076	Bin Weevils Rewritten.exe
1804	Bin Weevils Rewritten.exe
1764	Bin Weevils Rewritten.exe

Loads dropped DLL 25 IoCs

pid	Process
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
1308	Process not Found
1308	Process not Found
1308	Process not Found
1308	Process not Found
1980	Bin Weevils Rewritten.exe
1308	Process not Found
2696	Bin Weevils Rewritten.exe
1164	Bin Weevils Rewritten.exe
1164	Bin Weevils Rewritten.exe
1164	Bin Weevils Rewritten.exe
1164	Bin Weevils Rewritten.exe
2076	Bin Weevils Rewritten.exe
1804	Bin Weevils Rewritten.exe
1764	Bin Weevils Rewritten.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000_CLASSES\discord-904829685064663090\ = "URL:discord-904829685064663090"	Bin Weevils Rewritten.exe
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000_CLASSES\discord-904829685064663090\shell\open\command	Bin Weevils Rewritten.exe
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000_CLASSES\discord-904829685064663090\shell	Bin Weevils Rewritten.exe
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000_CLASSES\discord-904829685064663090\shell\open	Bin Weevils Rewritten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000_CLASSES\discord-904829685064663090\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bwrewritten\\Bin Weevils Rewritten.exe\" \"%1\""	Bin Weevils Rewritten.exe
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000_CLASSES\discord-904829685064663090	Bin Weevils Rewritten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000_CLASSES\discord-904829685064663090\URL Protocol	Bin Weevils Rewritten.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	Bin Weevils Rewritten.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	Bin Weevils Rewritten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	Bin Weevils Rewritten.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Bin Weevils Rewritten.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Bin Weevils Rewritten.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Bin Weevils Rewritten.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe
2696	Bin Weevils Rewritten.exe
2076	Bin Weevils Rewritten.exe
1804	Bin Weevils Rewritten.exe
1764	Bin Weevils Rewritten.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2904	Bin_Weevils_Rewritten_Setup_1.0.3.exe

Suspicious use of WriteProcessMemory 53 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 1164	1980	Bin Weevils Rewritten.exe	32
PID 1980 wrote to memory of 2696	1980	Bin Weevils Rewritten.exe	33
PID 1980 wrote to memory of 2696	1980	Bin Weevils Rewritten.exe	33
PID 1980 wrote to memory of 2696	1980	Bin Weevils Rewritten.exe	33
PID 1980 wrote to memory of 2076	1980	Bin Weevils Rewritten.exe	34
PID 1980 wrote to memory of 2076	1980	Bin Weevils Rewritten.exe	34
PID 1980 wrote to memory of 2076	1980	Bin Weevils Rewritten.exe	34
PID 1980 wrote to memory of 1804	1980	Bin Weevils Rewritten.exe	35
PID 1980 wrote to memory of 1804	1980	Bin Weevils Rewritten.exe	35
PID 1980 wrote to memory of 1804	1980	Bin Weevils Rewritten.exe	35
PID 1980 wrote to memory of 1764	1980	Bin Weevils Rewritten.exe	36
PID 1980 wrote to memory of 1764	1980	Bin Weevils Rewritten.exe	36
PID 1980 wrote to memory of 1764	1980	Bin Weevils Rewritten.exe	36

C:\Users\Admin\AppData\Local\Temp\Bin_Weevils_Rewritten_Setup_1.0.3.exe
"C:\Users\Admin\AppData\Local\Temp\Bin_Weevils_Rewritten_Setup_1.0.3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2904

C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe
"C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe
  "C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe" --type=gpu-process --field-trial-handle=1032,15667478016888370061,3575561223031279142,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=11871763513927301648 --mojo-platform-channel-handle=1040 --ignored=" --type=renderer " /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1164
- C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe
  "C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe" --type=renderer --field-trial-handle=1032,15667478016888370061,3575561223031279142,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app" --enable-plugins --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\preload.js" --background-color=#6BC414 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=16770252062992727297 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1456 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2696
- C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe
  "C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe" --type=renderer --field-trial-handle=1032,15667478016888370061,3575561223031279142,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app" --enable-plugins --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\preload.js" --background-color=#6BC414 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=17340909028377812658 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe
  "C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe" --type=gpu-process --field-trial-handle=1032,15667478016888370061,3575561223031279142,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=10921877081583607573 --mojo-platform-channel-handle=2644 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe
  "C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe" --type=renderer --field-trial-handle=1032,15667478016888370061,3575561223031279142,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app" --enable-plugins --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\preload.js" --background-color=#6BC414 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=10718782870158595664 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1516 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe

Filesize
95.4MB

MD5
1f4f0abcee015817f3f9a6b3b2c6ae68

SHA1
a7fffedb4c5ed3d70db05c9d1958f3541a6acffc

SHA256
02ad827821c0494eae2a1ef2beeb1f19ecbbf918889e6828dcac8b86bb77db50

SHA512
9f1f182f77f96fce072d6acd03111c603f40817ec1cb6ea12053691ec4f69a59b403328d1acc9925aadbbdb5f615ae0d457fc21e99e6897e4f13bfa66d7549cf

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe

Filesize
95.4MB

MD5
1f4f0abcee015817f3f9a6b3b2c6ae68

SHA1
a7fffedb4c5ed3d70db05c9d1958f3541a6acffc

SHA256
02ad827821c0494eae2a1ef2beeb1f19ecbbf918889e6828dcac8b86bb77db50

SHA512
9f1f182f77f96fce072d6acd03111c603f40817ec1cb6ea12053691ec4f69a59b403328d1acc9925aadbbdb5f615ae0d457fc21e99e6897e4f13bfa66d7549cf

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe

Filesize
95.4MB

MD5
1f4f0abcee015817f3f9a6b3b2c6ae68

SHA1
a7fffedb4c5ed3d70db05c9d1958f3541a6acffc

SHA256
02ad827821c0494eae2a1ef2beeb1f19ecbbf918889e6828dcac8b86bb77db50

SHA512
9f1f182f77f96fce072d6acd03111c603f40817ec1cb6ea12053691ec4f69a59b403328d1acc9925aadbbdb5f615ae0d457fc21e99e6897e4f13bfa66d7549cf

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\chrome_100_percent.pak

Filesize
142KB

MD5
8d56d44c318d122f7931d03ba435f00b

SHA1
387f530e06f79a2a9f7fbf4446c71c31db08e7e0

SHA256
fcb4faaa82d13d90c42dfa0669f67391b3124d30310d0f4c510f31412974cab2

SHA512
03bd2f56f73ad06fe22ebd94fb0de4e37d1771f8a9d82a47ea93002ba4696d906b59d0e25db63e98af10a169a8c3dc9d047cfcbca01030924bf93abe7bce1590

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\chrome_200_percent.pak

Filesize
204KB

MD5
879f88cafa5714994744bde20e7bd2c2

SHA1
d63b55f9f7c0e40f9585cac8a5cb28c0ea9f32ee

SHA256
76126341d0dc2b4b6ddccf30559709e6a856cd47148107808bd18ceb16ed1df3

SHA512
4d70ae16c2656cf3a8aaad00e2ce0ddcc030bf1ad29bbb1d0e90c03f866c413f893b273b8b03aa12c9ea5ae01537ad1d2d1b2c52b35bf7773278121a09a3af9c

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\ffmpeg.dll

Filesize
2.0MB

MD5
bdf01d0d81d10ade4846e2fbc3c5532e

SHA1
3baab6b740218bf745967062f40d9a94d7685e49

SHA256
ef8b04d6d62be0a6578f9acea78971de1ecfccec06cae0753e6405ee32de304a

SHA512
b1261fd15582486a5cc6b224a4e93914560bc47286f2d5615c59078c1867f6b03de2e45c8944bc129f521e184220e1720014b9c5d67d0edfc000c294ebd9cbb6

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\icudtl.dat

Filesize
9.9MB

MD5
4c8a9e9c260dc5a6fee2a3c37520f5bf

SHA1
5a9883dbeb5314a98e7ab5326f9868e78ba387dc

SHA256
8c2df1f6e2ea8df2e5fc5e4b016b0cddd64a7ce6985189ca45be3c0ec99472c2

SHA512
c0da0b08a0b0eaa898f96c6e6c6fb65bc7f773f5814fc0d612a40e2fcaea4049c67cd2812716a564dbc16d609677ee62eaa9f9747d2a7bc5c9bce43cd2208aa7

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\locales\en-US.pak

Filesize
69KB

MD5
15e8556f737d17bd4d645513ee190990

SHA1
a24844d68fe3e9f4c57d14e6091a06f5e6b5f327

SHA256
12e4fd083a49e038578ea2993e6c88239083c8d098231527eee861299a4e1c99

SHA512
4e5c423b2b14def0e6ebb9c7844bdc050198064c9db69d3a880c1444314211995b1f0dec6fcbb12c6d5e59f690c3ffc893c2265bf7168d1ecbc8d83dfa5e1465

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\natives_blob.bin

Filesize
81KB

MD5
f8ac49858ca8739658ff44c296f8aba6

SHA1
427b4da3bd619d85381c36d61daf2ce392e07909

SHA256
354ff502a0e1ed73df4e5c7b52970356b04777461f6e169f72a8567ab5f4c317

SHA512
52e875aedbdc5dad21e01a42e333ff5aefed9ae6468a00e80f2bb373b871196f9a82bc3f43a6c72c9dd6be0e4fbc591d3ede41ca47b23a806b788db5aa9bf313

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources.pak

Filesize
8.1MB

MD5
978e8122033961585e14c65949d15e11

SHA1
3097d04bbcdfc6ff9e0bb52c2d38f6395e4bb631

SHA256
a435fa0e07a9124b0d457811de5e2245aeb225ad55ab99186cb665c6ec6e30ef

SHA512
5f6706116b7eaec70213f7343cac44eea2dc735de6262524b5508a659b150d8a5ad7f449fec984b45a2e5c170e1cb4feb927a19530c94841f3e6429a2fcaa1c0

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\main.js

Filesize
6KB

MD5
78afb6237e555c7c25c81c69262a2b2a

SHA1
c788697841daf168a38b353a332c9ddb8091fcb1

SHA256
67b6167d7a69b94fb66c173572656171217b339516ea60996f03841a8b335fb9

SHA512
8acc76a4a1bead58b6afe84b36be0ed9351c88d51fda3e8b192f4881b5e84de4c3b9224f6e34721204ea4d6bb71ed77a12c68438dd0fcd2909fe5c7d50b2f8aa

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\discord-rpc\package.json

Filesize
1KB

MD5
bb6da5fd6228e297f23bda825d4fad35

SHA1
d3ac11d483e70031133190ae97658623e6aac6bd

SHA256
d944c18c87c8cebeadd4ad332c57ea4eaebb4b1ef0b1222267197458dbd40737

SHA512
413cdab0d2b7f1b9aa8060facc9d475b16254787c68b58bd08d1faead2cfc3669846770e1575a13801390d56ba9dff5f5dd2eed3c3d93631dd6b41fd77d3cbab

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\discord-rpc\src\client.js

Filesize
18KB

MD5
e801592a9164b88322909fccddfb54b6

SHA1
87e039fc73fa130c48ca3e0603ac67de6d918014

SHA256
eaff1c043bf0c996d7a53a578011e38a78e301e422490585907bdabddec2326f

SHA512
12ee358e99f81c0ce36ebe4e15f96786a8d9d9de5b5225dff5e03e3c8acf70ae4b349f56c2cec97fa9a56211152fad560abe2f0e9c92064f13561c03464bec06

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\discord-rpc\src\index.js

Filesize
166B

MD5
79e518ef097f0dfdbf03a08a400bf0e7

SHA1
7785a8b24a9f18fc3185e7b72cbea11b1e4f8a2f

SHA256
807f3c2a7d1b380cb73d423f325978a7b33b0730efc7e0885813bef0bc032713

SHA512
c5a5121b54046495e6d6113d3a51090690eedd5f6d23fc7fe5d930e5af3d3413f77cb547f86e5374e32513e1f8d9bfbc25ba338f9181bf46fcb75632f2130111

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\discord-rpc\src\util.js

Filesize
889B

MD5
e44af3edd2906a749be96eb568157084

SHA1
d9756726c78a396bdd8a3c837573e33b3bc904fb

SHA256
c52042a1ac2ab16f7e318673b85f195e85f078b3056d0993b97bc92748696719

SHA512
74f549d03737de277fa21f0f59e6cd6794ca909125af1122471213efcf6c01ea0400805a4f7d623c55927715e2d7e5668cb817ae79d50b1b2880664cebf76a4d

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-is-dev\index.js

Filesize
281B

MD5
84402fab5f78e8252656ae68cb5a1616

SHA1
98fff1a8568fc3d1a3bca237609d9083c3f0135e

SHA256
4b04baa5ad869bdf03929616d60259976bebfc910e01bb086cec729ab6dcf694

SHA512
9c55142890367fc4e9578494437604a553af73cbe47752e49328820fb573320efa0686337c9f717a381cf730f7d28aeb3f6228232b6b70a6e16b071b3846e961

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-is-dev\package.json

Filesize
557B

MD5
279bbba9029f432a655e953f3d8a4242

SHA1
82476bfe74b4b2bfa526bed6dc7edbc877b8f6e5

SHA256
ad79d71ad3c76f690432a99f408e97e4a1e04997943984939d2e12efe8b14b39

SHA512
6f6b366b4281b03995512ec81cfe8cc9bec251bb1ae0a7bfdc15f4f9ac297b4875276e59eb9a7ea67c95947176e72c07f9169cf71270cbe309b26a556cdb14c2

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\node_modules\builder-util-runtime\out\httpExecutor.js

Filesize
15KB

MD5
0feccbe2800f4be003b7ea6f766ee47e

SHA1
9cc6b298c599a7aceee6ba812d0cd9244591aff1

SHA256
8600fbabca7a114f9132f2395d10d73f45df9c66e50ca5a7d025231d15bb4f32

SHA512
a86527ad1e5363188cf12d124c88001e9829754fc10066b3648f3f6e3d5781aa2bd1ba72a0d8ff641f9bbd852d21c8be7a11bc29460da14de9348878531d062b

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\node_modules\builder-util-runtime\out\index.js

Filesize
4KB

MD5
212da5cd57a00151f3272bbd4e7beb64

SHA1
a6860e4d1eae689ef4b89af19df805175bde2cc5

SHA256
8bae3e6591d3abcf3eb404187da7a55a17d14d4f78a13bba57a84e8942c6062b

SHA512
19992db5fb379b2bcf70aa68526496dd09495e01c869f649ac1b04718f00ddace0a4229c9b02fc2eb7cc981640147b29f8173cdb296a199ac05a21229c22d662

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\node_modules\builder-util-runtime\package.json

Filesize
633B

MD5
e3f49d28bee0673177b3dfbb4c15d1ac

SHA1
f5cb76bf6a4b79298a6d1ed4b65a5eb7162d26b1

SHA256
6745dd9a249baadd6748eaa23e9bcc4353084a7a637eea2db91301ac63cfcfcd

SHA512
7be9d4b8ecd4c2be8945bcf90a6f1452721446b50e04968945c454e888b3f13129a33e6b2c2f0d85c136ce5ed051c34acd623a555e59c21569413904c481947b

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\node_modules\debug\package.json

Filesize
1KB

MD5
41d9734932b7d37133d1ded6b46c5a9d

SHA1
071cb8af7c3c0653587fac3727f050e438ee1570

SHA256
61e819b8fefab519cd0aaf72e8507b7ee93d382d7dc3139dc623f69d0784d5da

SHA512
6af177103736421dd6b533d66a62928b1bd2ee50658a22804822409e8f1bd01d182e04e589d11f9b0c4f504148c38150e9d77a6288e8e9b832436fcef1670280

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\node_modules\debug\src\common.js

Filesize
5KB

MD5
28cf1b65565c110e527238b9072dd100

SHA1
ce462ffa64f18fb0c0a85226df52deb95ccf1d7d

SHA256
eecaed82cfb4506f0cb2c140ea500d818603ba2b116f4043728b461de648160c

SHA512
f67d79d57c4f9ec99fca5f44e21a8ae6228486a87733894a223394c34be2776c76d838c0a6fafbaae10274e985093234ec2252ed69619c6a08779cc5b0e48abb

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\node_modules\debug\src\index.js

Filesize
314B

MD5
d6c53f5a0dd8f256d91210ad530a2f3e

SHA1
0f4ce3b10eff761f099ac75593f7e05b149ae695

SHA256
aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3

SHA512
4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\node_modules\debug\src\node.js

Filesize
4KB

MD5
022881df4a2d137c0f0fb83e84592155

SHA1
659316f1d1ef8539fa6023fb9cf5e8160b6159ea

SHA256
325ef853b9b77da990ee685a6cf915a03c8db652eb863e777f273654bd5e56d5

SHA512
834074b374733233f8818e8789fb3e1fb2758fc2202afab914cd913e22c5802a1aece2558227bae0dfd72b502cc231ae0c88bcd5d82c9ea2a1df6c4844d814ee

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\node_modules\semver\package.json

Filesize
404B

MD5
b9c0951257ba58ccf72732f22aa378b5

SHA1
a11fb2c147003227c66c97478376e9347633c7cb

SHA256
a486c0f9fdf0add140b891a6d1a18295a719e28f6633136a2b10b2177fc46a15

SHA512
b36fb1b5711b091504909366724c49dcacc3678edefb637331ca981af828fa66235df92055f48144df395339269dc23c7f56a2047706fe6fd31fa9fc04f7701a

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\node_modules\semver\semver.js

Filesize
41KB

MD5
f2b931cdc91f14b2f7fd0ec204d2ad44

SHA1
06e82a822515f98b740553b8d8b268af7ea4abf5

SHA256
acfcb006e8cbfa5ec841829d60ecc5adb9c1012e39df0b7d2d29e44116001850

SHA512
3c139fc63478190949f26c4e82968c0ac7896f0c5025302999e16d7e57bd9aea71ad6b1508d63ad4505de5c54bfa5d5b7d24a9bf05dab72a3a26e1f828f60e72

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\out\AppUpdater.js

Filesize
22KB

MD5
ab1ca6c06cf896a6589db871dae69479

SHA1
405d4dfdcfacdd0658c798e85a46754529cd3abd

SHA256
b663ca6a3cd7f5f7c3c631af63fd0be119832f260a2ac5004bca23c2740766ec

SHA512
283f61a0a55f1d792602a0076ec3015108b9c3728005de1f946a42f04b183ce89160476a8344d2045ea4b5b16be9e3b2150df27030a1152be7613ddb0f7aaac4

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\out\BaseUpdater.js

Filesize
2KB

MD5
4d407589c37f951b8f895c026b0edefc

SHA1
7aa93482e136d02db069325d4a7ae72da66756ca

SHA256
780a734a53dc22bc795f24c005a1a8d41ed7908e595257eee03d440d64d669d2

SHA512
5cb4ab12b0247ba007ce2777967bdb1a21afd470284fa3fc203e5c72b37a8e48ab234d94781906ca4c7a25278e9069c6c77772a904dc8f9e24233430d26f4dc3

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\out\ElectronAppAdapter.js

Filesize
2KB

MD5
ece01de9c5b060509a534e3a9b738f7e

SHA1
17fab21be27906aac2129928e85e69b686dda3b0

SHA256
72c247cd2f86748cbe6a2c7237495ab1364493f5dc964e7070ad556e56466aa6

SHA512
0438291587a3e2f9221e053ff07aac47f0863af8afc0060d447244b7407472b830c0a00e149f576527bb4812074b5d67e4f687b7476fb2badcf3ee3b9599f211

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\out\NsisUpdater.js

Filesize
10KB

MD5
1a61199802ab9bf5044f4d4878b6343d

SHA1
99eac3180c5766f6e7c66904739c2a946b462ee6

SHA256
1e401479dd62a4957eebba56c325ec778d712545bd4ad873b862a26ad6e920b2

SHA512
1150f437b7dceec4ef1137a6bb89d5640a82c09bb935e8a1bf106bc31f3d307031c785f69deb8d7323e89b925fd81a808a00d0350436b2fbebe6407ae039d0e1

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\out\electronHttpExecutor.js

Filesize
2KB

MD5
5b194c22d99fd5503103ad881a1c41b7

SHA1
164215684187f53355962bae2dd84d742932fa7d

SHA256
18d756fbf91b8efd09a82725769d94232f0dc36124046cbf611343e5228ca528

SHA512
3b55080f82bd9a41f0af40090558efa143915ec9e4522e8bfde76baab297c580b2b82c6dcade7629266fe78bfd9e5201759652c0ddc897edcc01519ba1d4b808

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\out\main.js

Filesize
4KB

MD5
7fd2ec1ec399dcaf69ebc11f25baf575

SHA1
10e3a183d08538ff2ac666feaabdf1a9aa6e370d

SHA256
d39428463ae8ee5d819ef0ca212a1ab5aec80281c77d0d1373de4e11eb03b32a

SHA512
3991909ec04dd490c48bc34918c6c2ff53fcc87c3e44387137fa604b6a0c5bf8f46cb5cf71601b4cfebb193f48714a09ae0a2f9708eb4a3044321f95d2293bc9

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\electron-updater\package.json

Filesize
762B

MD5
f29eea5419d793d362a5c09b2bd1a822

SHA1
aa204c30f5238178389f6d85c6487c102f8c8424

SHA256
407f3d074e5ebeee2a528de88d20251d3dcab6c49c577b9fd00d277a26628dc6

SHA512
983e828ec6a3b628dc944be15cfe252a3c9369eef666b0208e6f3114c94a0ceb62aa218df0899afc0de611c9214720e1209a6d1c986d9601a8f18b9d325527d1

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\lazy-val\out\main.js

Filesize
572B

MD5
5c541dbf5fbc763a5637342ee1cd5166

SHA1
9c93e9b54d940473ac5caf76bdcd5e69f13d5df5

SHA256
b90a6539596f756ae2e885fd7d629e15a69cf092244b155e93c054faac53bc80

SHA512
08bfbb83b5e4b37a1a03874183182e27f34d14e8f6de32e698d93c97bd82b1398e10afa728b3d772f8fa88f4101a655347dc7885906856888e48b4130f0273b2

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\lazy-val\package.json

Filesize
600B

MD5
2e73d4bf14f31028eb9bb930ffbed5a7

SHA1
4b8970036f0856f0f3d9c474611627306d594fce

SHA256
850c45c2386d1a2d0eb62404a72b1a86ee728c0d18754b0d18de72157111a14c

SHA512
3dcc6c4ebe69a779b6b5d3b545ae89879fa03faea16e44bf179fb0ddb3417bb065faf157fe661012ec9f7b6fb837030d2c9edf856c88652bd98c62e1dd0cb61e

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\ms\index.js

Filesize
2KB

MD5
fddcc2097091479666d0865c176d6615

SHA1
55f9b3a7d4cfbf68b19ccd0d698aa86483dd4694

SHA256
55986972f5f3c9446f876c576e1cd30fd4f04cd26527efbb5ad834637c740e4c

SHA512
252644169a9398527927b69a2f19c6578bd62dcd180b94984d991939f53bf4e77ca687e840db42f7dba3b37124a5e3f3eda83535e75491bbe6ca440a7149913f

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\ms\package.json

Filesize
584B

MD5
6d1a91e3b4481b49526691670eb03134

SHA1
19a1e8bba588bbfdd3fe6ac332e3c7757d67b043

SHA256
7facc3283b9bdc72541307299a20e163cbbb60a27d573de8287c1257d5e847f5

SHA512
966a0c42bd36094d2a7fb357e284f9bb7409639a57b9fee9ddd8f460aaaf543f5d0dba83dfa840f81a7c2a0f230244fd1629a93fc25cc53f871d8ee06ff3e5a1

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\node-fetch\lib\index.js

Filesize
41KB

MD5
a7abb87dd90f23c2c09db69c05afbe24

SHA1
f3ba0523f4daee7b1d67cdfb3943986cad521509

SHA256
7e47945bf42530793f44d389073ea13d002442955f833e87160c21e77c9c085e

SHA512
e7c1b76d4096489560d27b9d06c412f1747425dceaf194f098ef5762fc4b60d27d1b01f152ddb3318107aaa002059e7592db90a968bb0ed868f52299abfd319f

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\node-fetch\package.json

Filesize
1KB

MD5
0abe7fe52e3138d6121ff049d2a398f4

SHA1
b52963370f4895484bf319a5b0c35cca505c04e6

SHA256
abc1513db56658173b8034fdab9bad7e77dbd69aa32cbff5d5dea16eec3f4690

SHA512
cb52b2900378cacff66322b8971b4d6959005306e9b864e21b378f667ba311ce35ce179bf180fad13a77c7c8b66102c6967b5d0935bb3bf97d1628e946cb7b7e

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\proto-list\LICENSE

Filesize
765B

MD5
82703a69f6d7411dde679954c2fd9dca

SHA1
bb408e929caeb1731945b2ba54bc337edb87cc66

SHA256
4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b

SHA512
3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\webidl-conversions\lib\index.js

Filesize
4KB

MD5
5239589917db7d80f8a54e00bf57287c

SHA1
32a7715cbd092327cb6b40a1ceb0f768c006cfbc

SHA256
0b29621626c38ddda2a8e20787c32d09db10dd031ea743c5e270b59d46754a84

SHA512
74f08425d277fdf08927457983057c75399aef175c829e55ce4feb424704cbcda250ce82ade03b06f435012418f409759ef36c79595316be492a8708eae90601

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\webidl-conversions\package.json

Filesize
600B

MD5
e7acc0b6335be246326bc43687e17acf

SHA1
3067434f51e2ad45996c44349552d9aae2912666

SHA256
fe802effaa5385f56afea37ac23075ec42f48ca9584bd2582eb55a05de7d5bf6

SHA512
8ec1f1626c6f18202403ec1aade6c922833ded17a46ea463771382bd6e3423cb5c1822ee722ec0ec2693da6abf69ee8706939a22c9d6e9a9e63cf784b49bb350

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\whatwg-url\lib\URL-impl.js

Filesize
3KB

MD5
895986b201034a8813d7032201d08d48

SHA1
c59fc2cbaff55db3419a0f3fc3274cb6215555cb

SHA256
e60103ff74b8bfc4001f5c05eea482f554de610cb5fc4e7ccbfc5aef9e443706

SHA512
fd9a756c5554c6f75f09c4704100bd795ed877ba9ea401262021d23315070005f0271e406cbe4f18f1163887caacb77ae74797eaaa770a7e89ae3ec271c4bee3

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\whatwg-url\lib\URL.js

Filesize
4KB

MD5
b0d61d137a04b123d028dc0560e4019b

SHA1
849eac5a0d7fd731acf0948d18a9ef6cebf10047

SHA256
3bd67335fc72b50924fa35523c2b0b73dce9cb814f6bae82644ccb1f22560706

SHA512
f5947e7b10031344b752486fc8fa3b7a33b9b00c7a5226d9581dbb1b63794ef3a62ee119d2847618b7129744e3b5adf81da2f8ba8565581005f0971928839127

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\whatwg-url\lib\public-api.js

Filesize
625B

MD5
702794a0ee114b49df06995222248103

SHA1
ff500ab0bc64cc68b8925cd6b9d13b5b6240d951

SHA256
0cbda6401c6179c4fb2ef0cebeccfb127485fee6f0ed5c129a8a539d4cd29018

SHA512
c5cecc2817a8708e3f1720b70e8dfc3aa29ecbe71ccdccd8b5bc1f217ff75420892692c32693cbb3e7286ae85261a1c07cee8bf00ee454046eecd6a735d81113

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\whatwg-url\lib\utils.js

Filesize
562B

MD5
3bd95c789a767f0ea79e6a20c43f692e

SHA1
e531f22976a3b992693f328ed7bdd4103d87c08e

SHA256
96b941934b9050815f9397bc6796ea8611bfa00c5886587d81da64a23841e3b9

SHA512
2fe3b7f9d083d8e7edf717f94fac9af9d7265318432a10779253af9829b28f5b7ef7814234d34d67323ec0fcd2af6efbebf7301a0f6ad158601783154e487f0d

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\node_modules\whatwg-url\package.json

Filesize
750B

MD5
4a4e7cab3c42dd6fc248546bccfa085e

SHA1
627a7d5b4119b1ee2b7d55843d5927f2b085f9cd

SHA256
88d96d2ee13166af465bb513010f7da710c99b5d64b610eadd8ed03cf7e590c0

SHA512
0b09188a1d17bec81e64d2cbf8de7b8ad6f18c40fda8b2ed7dd6dc61cb9dc7b9f78db3af983bc3a0000ee96912c08efc86ff0d07bd9d68129fb9035cd5530fbe

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\app\package.json

Filesize
593B

MD5
ddadc868434e48c9484078d3de9c800a

SHA1
041ff822ab11b53657aa381fd19082b9ddac2c7d

SHA256
597ce87db95d4c4523db5ea3a339f8cf7bce76e2a2d7de75705980d9534747c3

SHA512
b2f5faff98edcd755aec3efe88a8146cc3371b68a5837e5d78a6ef3cff1ea09bbf3bbe3b3384e5c6e1d52980f2104f2f75452f1921d885909410465899ef60a4

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\resources\electron.asar

Filesize
346KB

MD5
e7403d0eef4fca74b51d6797ff5a8fdc

SHA1
4567783342b20f19e69c56d2eb6a18d30793af39

SHA256
b272d41372e571d4131642f2824fe8581b9132feefdf98dd6e7cd5d2c58728af

SHA512
9460158981cd84846b170612950963b8157126e7129da0e819ae1648aae8be577583250f110ba24aac8bb6a735cdae71a6d458a2be261caff3e472262639e8a4

Download Submit
C:\Users\Admin\AppData\Local\Programs\bwrewritten\v8_context_snapshot.bin

Filesize
685KB

MD5
ca7cd9e8812bf3d3af627e2ce32ac9be

SHA1
ae584ef401ec7684128517812e9eebc824098151

SHA256
15135d0f1bf67e01601a01dac865ae49d59eae99bc8967da1b8f0d5c7ada7d84

SHA512
f15ce97f2fe8d1e2230c7754449313f8c5b9a850a1bf2700adf47e95fd93a27c6d41a3435a1cbaf76b99a4ed2465ff5c8c39138239bda07e97b25e4bf377a310

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA0B4.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA27C.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\bwrewritten\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f9d5fec393e20a25ac03e317b277b7d3

SHA1
3e42c57c565205f4fc61a0d5054d7575958fe0e0

SHA256
f4142588cfe7bbea0749c29560b8f178119396b4df8008fcf7aaf78d54e5799a

SHA512
54e9b43eaaaac62943b790508e8b9e28202cf4ee9ed3d97153b171711ce9574bba235fff3ae76877a4894bb84688b07192e634325537382b2a6d0751cdc49ba6

Download Submit
C:\Users\Admin\AppData\Roaming\bwrewritten\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\bwrewritten\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\bwrewritten\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\bwrewritten\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\bwrewritten\Network Persistent State

Filesize
544B

MD5
fa8723ccd2a01ce41144f83566a0d40d

SHA1
a4add0ab25c47e17da0d5c4cd2626eebc8d98ebc

SHA256
34580f84333a36cc5b1a01d7e56b48c10b583b67cf0ca4257777eb0de530d3fe

SHA512
19045ab8123cb211247148c6a49c2c4e393c370421ea7f1091f579e7c4e1f2a11a6f6f02f0b98a319faa90f0b22ce398c70eacef30d0304cae97e6400c2eea4c

Download Submit
C:\Users\Admin\AppData\Roaming\bwrewritten\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\bwrewritten\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe

Filesize
95.4MB

MD5
1f4f0abcee015817f3f9a6b3b2c6ae68

SHA1
a7fffedb4c5ed3d70db05c9d1958f3541a6acffc

SHA256
02ad827821c0494eae2a1ef2beeb1f19ecbbf918889e6828dcac8b86bb77db50

SHA512
9f1f182f77f96fce072d6acd03111c603f40817ec1cb6ea12053691ec4f69a59b403328d1acc9925aadbbdb5f615ae0d457fc21e99e6897e4f13bfa66d7549cf

Download Submit
\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe

Filesize
95.4MB

MD5
1f4f0abcee015817f3f9a6b3b2c6ae68

SHA1
a7fffedb4c5ed3d70db05c9d1958f3541a6acffc

SHA256
02ad827821c0494eae2a1ef2beeb1f19ecbbf918889e6828dcac8b86bb77db50

SHA512
9f1f182f77f96fce072d6acd03111c603f40817ec1cb6ea12053691ec4f69a59b403328d1acc9925aadbbdb5f615ae0d457fc21e99e6897e4f13bfa66d7549cf

Download Submit
\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe

Filesize
95.4MB

MD5
1f4f0abcee015817f3f9a6b3b2c6ae68

SHA1
a7fffedb4c5ed3d70db05c9d1958f3541a6acffc

SHA256
02ad827821c0494eae2a1ef2beeb1f19ecbbf918889e6828dcac8b86bb77db50

SHA512
9f1f182f77f96fce072d6acd03111c603f40817ec1cb6ea12053691ec4f69a59b403328d1acc9925aadbbdb5f615ae0d457fc21e99e6897e4f13bfa66d7549cf

Download Submit
\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe

Filesize
95.4MB

MD5
1f4f0abcee015817f3f9a6b3b2c6ae68

SHA1
a7fffedb4c5ed3d70db05c9d1958f3541a6acffc

SHA256
02ad827821c0494eae2a1ef2beeb1f19ecbbf918889e6828dcac8b86bb77db50

SHA512
9f1f182f77f96fce072d6acd03111c603f40817ec1cb6ea12053691ec4f69a59b403328d1acc9925aadbbdb5f615ae0d457fc21e99e6897e4f13bfa66d7549cf

Download Submit
\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe

Filesize
95.4MB

MD5
1f4f0abcee015817f3f9a6b3b2c6ae68

SHA1
a7fffedb4c5ed3d70db05c9d1958f3541a6acffc

SHA256
02ad827821c0494eae2a1ef2beeb1f19ecbbf918889e6828dcac8b86bb77db50

SHA512
9f1f182f77f96fce072d6acd03111c603f40817ec1cb6ea12053691ec4f69a59b403328d1acc9925aadbbdb5f615ae0d457fc21e99e6897e4f13bfa66d7549cf

Download Submit
\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe

Filesize
95.4MB

MD5
1f4f0abcee015817f3f9a6b3b2c6ae68

SHA1
a7fffedb4c5ed3d70db05c9d1958f3541a6acffc

SHA256
02ad827821c0494eae2a1ef2beeb1f19ecbbf918889e6828dcac8b86bb77db50

SHA512
9f1f182f77f96fce072d6acd03111c603f40817ec1cb6ea12053691ec4f69a59b403328d1acc9925aadbbdb5f615ae0d457fc21e99e6897e4f13bfa66d7549cf

Download Submit
\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe

Filesize
95.4MB

MD5
1f4f0abcee015817f3f9a6b3b2c6ae68

SHA1
a7fffedb4c5ed3d70db05c9d1958f3541a6acffc

SHA256
02ad827821c0494eae2a1ef2beeb1f19ecbbf918889e6828dcac8b86bb77db50

SHA512
9f1f182f77f96fce072d6acd03111c603f40817ec1cb6ea12053691ec4f69a59b403328d1acc9925aadbbdb5f615ae0d457fc21e99e6897e4f13bfa66d7549cf

Download Submit
\Users\Admin\AppData\Local\Programs\bwrewritten\Bin Weevils Rewritten.exe

Filesize
95.4MB

MD5
1f4f0abcee015817f3f9a6b3b2c6ae68

SHA1
a7fffedb4c5ed3d70db05c9d1958f3541a6acffc

SHA256
02ad827821c0494eae2a1ef2beeb1f19ecbbf918889e6828dcac8b86bb77db50

SHA512
9f1f182f77f96fce072d6acd03111c603f40817ec1cb6ea12053691ec4f69a59b403328d1acc9925aadbbdb5f615ae0d457fc21e99e6897e4f13bfa66d7549cf

Download Submit
\Users\Admin\AppData\Local\Programs\bwrewritten\ffmpeg.dll

Filesize
2.0MB

MD5
bdf01d0d81d10ade4846e2fbc3c5532e

SHA1
3baab6b740218bf745967062f40d9a94d7685e49

SHA256
ef8b04d6d62be0a6578f9acea78971de1ecfccec06cae0753e6405ee32de304a

SHA512
b1261fd15582486a5cc6b224a4e93914560bc47286f2d5615c59078c1867f6b03de2e45c8944bc129f521e184220e1720014b9c5d67d0edfc000c294ebd9cbb6

Download Submit
\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsyD4CD.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1164-1054-0x0000000077020000-0x0000000077021000-memory.dmp

Filesize
4KB

Download
memory/1164-996-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/1980-1005-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2904-941-0x00000000028A0000-0x00000000028A2000-memory.dmp

Filesize
8KB

Download