79ce201dd4134cd866038cbc78f9a5758e2f3fcc672b915dd50028ac4e1d3b77

Analysis

max time kernel
85s
max time network
83s
platform
windows10-1703_x64
resource
win10-20231020-es
resource tags

arch:x64arch:x86image:win10-20231020-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
05/11/2023, 09:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mechvibes.Setup.2.3.0.exe
Size

61.7MB
MD5

4a43aeaa5396c88362598883879ba083
SHA1

d17edb9a8d878c517923bcb9385c3c79dbae4823
SHA256

79ce201dd4134cd866038cbc78f9a5758e2f3fcc672b915dd50028ac4e1d3b77
SHA512

59a544304e1027eb1eb16284c6a58d1431720d306f25b2c39ffb406cbd9c2404878b08ce33d56463d0e5fc40b3c998d5d0db241875652c1fb071376ca721fe32
SSDEEP

1572864:1ab4n3FgfVf8VEx66sM9lqbtReXUq4ndx+55D+UVdH:1N3FceEQ6s+QReXUHdx+5xZH

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000\Control Panel\International\Geo\Nation	Mechvibes.exe

Executes dropped EXE 5 IoCs

pid	Process
3284	Mechvibes.exe
1332	Mechvibes.exe
2696	Mechvibes.exe
848	Mechvibes.exe
2380	Mechvibes.exe

Loads dropped DLL 19 IoCs

pid	Process
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
3284	Mechvibes.exe
1332	Mechvibes.exe
848	Mechvibes.exe
2696	Mechvibes.exe
2696	Mechvibes.exe
2696	Mechvibes.exe
2696	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
2380	Mechvibes.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
1444	Mechvibes.Setup.2.3.0.exe
848	Mechvibes.exe
848	Mechvibes.exe
2380	Mechvibes.exe
2380	Mechvibes.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1444	Mechvibes.Setup.2.3.0.exe
Token: 33	2480	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2480	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3284	Mechvibes.exe
3284	Mechvibes.exe
3284	Mechvibes.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3284	Mechvibes.exe
3284	Mechvibes.exe
3284	Mechvibes.exe

Suspicious use of SetWindowsHookEx 36 IoCs

pid	Process
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe
848	Mechvibes.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 2696	3284	Mechvibes.exe	74
PID 3284 wrote to memory of 848	3284	Mechvibes.exe	75
PID 3284 wrote to memory of 848	3284	Mechvibes.exe	75
PID 3284 wrote to memory of 2380	3284	Mechvibes.exe	77
PID 3284 wrote to memory of 2380	3284	Mechvibes.exe	77

C:\Users\Admin\AppData\Local\Temp\Mechvibes.Setup.2.3.0.exe
"C:\Users\Admin\AppData\Local\Temp\Mechvibes.Setup.2.3.0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1444

C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
"C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3284
- C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
  "C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe" --type=gpu-process --field-trial-handle=1688,3106043448464222465,7597519164176723274,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=8055465208508965014 --mojo-platform-channel-handle=1692 --ignored=" --type=renderer " /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2696
- C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
  "C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe" --type=renderer --autoplay-policy=no-user-gesture-required --field-trial-handle=1688,3106043448464222465,7597519164176723274,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=es --app-path="C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar\src\app.js" --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=7567335385956277922 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:848
- C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
  "C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe" --type=gpu-process --field-trial-handle=1688,3106043448464222465,7597519164176723274,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=13184782391610237717 --mojo-platform-channel-handle=2472 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2380

C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe
"C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3bc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\mechvibes\D3DCompiler_47.dll

Filesize
4.3MB

MD5
57d829f7d174d1a8067612c09cf6566b

SHA1
79ed06500dcee028885b00301f7a9a9155c69b62

SHA256
dca0cd7272a56801dd74d0b253df33a8829bee61f5fa0c6d8e2ed5b62f440dff

SHA512
16936ce02b7445b56d67adf43d896d2dd9bf1f713d5a765fe97c73c72f22ef8915372dd7b04cfdcfad72447924b6e03d8ae0e0565927a2f862433b2860bcfd64

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe

Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe

Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe

Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe

Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe

Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe

Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\Mechvibes.exe

Filesize
95.3MB

MD5
db06bf20025ac8c63c0e409bf2fd8ff1

SHA1
09864aca632b78726f6d671618ee570a3ac979e7

SHA256
38c3411c2210790f0767e02b113f58df4bf8989830b1b920c7b18d7b060adf45

SHA512
fce8c84fb873d118a36924c940c900a03f00729f3ac29f6e3e8ce341d066fd3048d69e943f173055cf6c43845606d710a17174c83c7c9a7aa35a96cc731cd26c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\chrome_100_percent.pak

Filesize
142KB

MD5
8d56d44c318d122f7931d03ba435f00b

SHA1
387f530e06f79a2a9f7fbf4446c71c31db08e7e0

SHA256
fcb4faaa82d13d90c42dfa0669f67391b3124d30310d0f4c510f31412974cab2

SHA512
03bd2f56f73ad06fe22ebd94fb0de4e37d1771f8a9d82a47ea93002ba4696d906b59d0e25db63e98af10a169a8c3dc9d047cfcbca01030924bf93abe7bce1590

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\chrome_200_percent.pak

Filesize
204KB

MD5
879f88cafa5714994744bde20e7bd2c2

SHA1
d63b55f9f7c0e40f9585cac8a5cb28c0ea9f32ee

SHA256
76126341d0dc2b4b6ddccf30559709e6a856cd47148107808bd18ceb16ed1df3

SHA512
4d70ae16c2656cf3a8aaad00e2ce0ddcc030bf1ad29bbb1d0e90c03f866c413f893b273b8b03aa12c9ea5ae01537ad1d2d1b2c52b35bf7773278121a09a3af9c

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\ffmpeg.dll

Filesize
2.0MB

MD5
757f0b76df3bb477e27aedf5a40d9441

SHA1
4c73d78cfd3c46823ce78c09d3b44ef1ce38b9ea

SHA256
a7edad43f8bb9550f8d45d3079439c2888bd6b49fc92aadc6d24e5ba1d5cd6c8

SHA512
93dcb3caff8e21aed731c28933f46ef717be6c88151fdf7b3e6f884ddb8f799f686c8a9f72c8ae7272186070e0f168f67659f2e921d8ae34f1c7197df4d5db20

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\icudtl.dat

Filesize
9.9MB

MD5
4c8a9e9c260dc5a6fee2a3c37520f5bf

SHA1
5a9883dbeb5314a98e7ab5326f9868e78ba387dc

SHA256
8c2df1f6e2ea8df2e5fc5e4b016b0cddd64a7ce6985189ca45be3c0ec99472c2

SHA512
c0da0b08a0b0eaa898f96c6e6c6fb65bc7f773f5814fc0d612a40e2fcaea4049c67cd2812716a564dbc16d609677ee62eaa9f9747d2a7bc5c9bce43cd2208aa7

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\locales\es.pak

Filesize
81KB

MD5
92de3007bbfb457d64c9be1997c55303

SHA1
bafc28f004e9a4a545b14bf025b46fb0a52d82a9

SHA256
0329753e45d1b2fa403556049421073dbc74833ce9694069bad0dcde80ef3be7

SHA512
a04551d88d5bd9167cf8efa5142e7fa8dc6cf233bbf5a4ebf02fd5ccaa382728f333808a1fb73d334da7ed7da336e1d2cd000ee23f672d4ba30032d5f419beb2

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\natives_blob.bin

Filesize
81KB

MD5
f8ac49858ca8739658ff44c296f8aba6

SHA1
427b4da3bd619d85381c36d61daf2ce392e07909

SHA256
354ff502a0e1ed73df4e5c7b52970356b04777461f6e169f72a8567ab5f4c317

SHA512
52e875aedbdc5dad21e01a42e333ff5aefed9ae6468a00e80f2bb373b871196f9a82bc3f43a6c72c9dd6be0e4fbc591d3ede41ca47b23a806b788db5aa9bf313

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources.pak

Filesize
8.1MB

MD5
978e8122033961585e14c65949d15e11

SHA1
3097d04bbcdfc6ff9e0bb52c2d38f6395e4bb631

SHA256
a435fa0e07a9124b0d457811de5e2245aeb225ad55ab99186cb665c6ec6e30ef

SHA512
5f6706116b7eaec70213f7343cac44eea2dc735de6262524b5508a659b150d8a5ad7f449fec984b45a2e5c170e1cb4feb927a19530c94841f3e6429a2fcaa1c0

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar

Filesize
26.9MB

MD5
69d777181bf8b47b45f15733dcf05a68

SHA1
29222b9860990ec71004da31cda95a4202dabece

SHA256
e154bd4b4d08ad0a9a352c0623824c6be328483586a21fe2cfa65203275daa47

SHA512
ba53d59013855c5d1a4d08cef1082b90adcbb5b558a3f50a625ee8c8e7b1031baed5cce5f419b00895fd6cd021a3a246b9a032e07f64009e8dc51b4e3c8b4b46

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\iohook.node

Filesize
38KB

MD5
0ce491c1884b0cca8d40fe2e71a83eb1

SHA1
475e749aa2987f28d160945fd929b326ed1e0993

SHA256
6776940aa9653ed8bd693561dca745f200d946b5e1eeeadfa7174228f3d30dd5

SHA512
e22a489de51baace728baf35a1b10c0f29274a47bb37e089c559d75fbc9e16c710720acbff576af134acc0c722b565a6944c8afdd2a5f88b3909a0610f3e31ee

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\uiohook.dll

Filesize
29KB

MD5
03c8f03de92c2881525c8ae112496c8a

SHA1
44e39d48f41ec2a6100e7e984cb5652ac1d9e3b4

SHA256
f496f9a661a8e309f99aa5b428e2557425d8c3f1d4a37fb16b26438ef1c8da66

SHA512
264a3fd839e168f84fe00d4dfd84454322a27e6586de74846e74b30ad46d55f6d430daced2a522ba6fd7f6ad1c5913e604b8eacb59f766e9d33a5322ba5b9773

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar.unpacked\node_modules\iohook\index.js

Filesize
10KB

MD5
89384c3324c85788affd0642719576e0

SHA1
9636b3a71caaedd387e0655c2df0be8f0db4ecc9

SHA256
0dffeffba538fc5ab561afaab47b858c2031f750e65e6ad40e0cc39853884afe

SHA512
f5a7cc0834b41d1c7d0ae03b0d5c6305b5589016d7dd1bae51606c871e6ab2ae4a06a32ad3d39850ab241cabfbd667564cbd686cdc435c63dfc6cca72750faca

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar.unpacked\node_modules\iohook\package.json

Filesize
1KB

MD5
bee089d992bdd9edb325b5bef939130b

SHA1
b8cf85b76963105207184e443d5ecd055c94fac9

SHA256
3482535e9b9b6d441e9184b8f2d2ad828aa86f2d2705366b5bfe16a03a6edb4c

SHA512
103c03362151fba6f7a08a1cdd2302cd86e8a01e85739ce971c6d373b96e041a48e60ed4fb1edca1aa688b0c6483ad9b7acaa19d76124f1c991f8a91fbe16501

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\resources\electron.asar

Filesize
347KB

MD5
1362f92031875676f4b082ff249abe1f

SHA1
bc9a9b6b08e28d8a33c5d388662b0fb3535af8ef

SHA256
5acf0deb20455487cb0f39cc4c752e7740137ab6adf8c049e62f092174310ca9

SHA512
2fc75d23c61b18b0537c0b5d889766fc51ad37b3a283f64c5edfc0c6abeff21123c055410c15f5d9c5945cba204937983409c865816669442ad8b165ab185d90

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\swiftshader\libegl.dll

Filesize
333KB

MD5
9232de137c209d803ab5aee9f9b54d97

SHA1
614bfbf9583d61801785f64886a88aac2d3b5dd2

SHA256
4d752716e4837aa50f538f2d05bd79edcf829340adadfe1bda7337c0e7dec504

SHA512
58b73c6a93f1d2389ba53c33ca7dc801ef74f27a38bcb65d95de31c6125b70a879e02e3553998ffc9f0152fa4b67b24e34bfbb8864b33c4d41bb5e9218a902b7

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\swiftshader\libglesv2.dll

Filesize
3.7MB

MD5
71f7d33b4c9d5e4260d041f0e0fd724e

SHA1
e671ed5ad823f798e792094e7ffa413549c52208

SHA256
8897c0001374eeec95a38f3e8915c652852f7d5f33151b6bda2a9584c9c2158c

SHA512
4c5d3d251d6956d8813c870f8900242318037de09335cdd2382a1c3fd9b2909da8f113394d8fdc71166c0673366c8c8dae4c5d0efb1eeaf26b0fb07bb98256b5

Download Submit
C:\Users\Admin\AppData\Local\Programs\mechvibes\v8_context_snapshot.bin

Filesize
685KB

MD5
25bee133a55efa9756b25ba25ba3cfa7

SHA1
6980de30de3d8e6ae81b4b3a14954ca67f58f9de

SHA256
156f90f0a8c6748716428786dca9cb53d1275f4510ebae2be5502f3fd94b7dc1

SHA512
c80232eda1bc9a7dc52fac538b99cc9a9805c00b455661bd493c12e620286e1983afe37814b0941d90c9e4be970b63108e1f9428c1a7d6fc5ab083acc0ee2aa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgFAFB.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgFAFB.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgFAFB.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mechvibes\config.json

Filesize
51B

MD5
fa46b6e5691be0b33fd17af52919272d

SHA1
155bdf65b9e446454d18dc81c19277dcb09b8e29

SHA256
84813c2e0548d4a5ee13f1808d420eaf1cef63803d7af7aeeee756b496e00d55

SHA512
e57d71f7fe6f6b0e8756b3520cdc0f01f85c603bed298929bc3386ac8e6f908631db6fa49a70036036b6924b40bf7926c86ad4a65f26d756aa8f9e309c1c26e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mechvibes\config.json

Filesize
78B

MD5
3bba2139a91278883a5d9115aa504387

SHA1
7f83dc39211ad4258b936a47c51a657af5380822

SHA256
655be95368e3861374bcd921aa6ad66fc605d914ecb0800d067f4e42826a12f0

SHA512
bf6582f8beb5eb3ad5334f96c3cb7a5a2544024a8b195768e6965a680f7eba38a958e0f5c5d0ea34cd353f3a719bedc88762be673afdd84ecdd290eac0dede27

Download Submit
C:\Users\Admin\AppData\Roaming\Mechvibes\config.json

Filesize
78B

MD5
dfcd9bdf535de56784cdc3a1bc7b1615

SHA1
017bc7f9fd5ee13af80bf2fa5dd367983d4473b6

SHA256
a8d395ce736ac84156f22561140ca23e5ee4c5ba38637b6545d97a8ef082a3ec

SHA512
edfa0a1384a86811a6274cffabf44c4a86c792b47baaa935d3bd35a3e4b858f92a9cbaa6836cad866680764cb1668b9dcaf7484ca2616099e370426580083069

Download Submit
C:\Users\Admin\AppData\Roaming\Mechvibes\config.json

Filesize
78B

MD5
6b5c328018adaabecd262138b6e5f250

SHA1
bbdc3df814b65f4d5593ef95e837a4c755dd9f5d

SHA256
54308d4f8f8d46fce1de86aa2b7a9bafd0214db30c3f5730a6787a409d66f134

SHA512
8541c590716c791c0d7fec396a1151d17155f04eaf923be4e00c4a30ae091d702b8b116ef70f2656e16bf44044f58a8ee906682074079973bb6ea41feed378fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mechvibes\config.json

Filesize
78B

MD5
f089213ca714776df98b878976439b27

SHA1
f67869c8cc8febb074a4831121c5fa1fbc0d7289

SHA256
296e5f39ffc208cf633cb9dad043623279a92cb68bb179e5938b07e7cc85696c

SHA512
c65fd3cbe55366461d56b3449acf11d5d2f87ac7e45da0de3f16d65c537a56dd9aed9a52921964d1e0ce9b43afafb3d30199cabd3995e1a42c6dbe3b7d59817a

Download Submit
\Users\Admin\AppData\Local\Programs\mechvibes\d3dcompiler_47.dll

Filesize
4.3MB

MD5
57d829f7d174d1a8067612c09cf6566b

SHA1
79ed06500dcee028885b00301f7a9a9155c69b62

SHA256
dca0cd7272a56801dd74d0b253df33a8829bee61f5fa0c6d8e2ed5b62f440dff

SHA512
16936ce02b7445b56d67adf43d896d2dd9bf1f713d5a765fe97c73c72f22ef8915372dd7b04cfdcfad72447924b6e03d8ae0e0565927a2f862433b2860bcfd64

Download Submit
\Users\Admin\AppData\Local\Programs\mechvibes\ffmpeg.dll

Filesize
2.0MB

MD5
757f0b76df3bb477e27aedf5a40d9441

SHA1
4c73d78cfd3c46823ce78c09d3b44ef1ce38b9ea

SHA256
a7edad43f8bb9550f8d45d3079439c2888bd6b49fc92aadc6d24e5ba1d5cd6c8

SHA512
93dcb3caff8e21aed731c28933f46ef717be6c88151fdf7b3e6f884ddb8f799f686c8a9f72c8ae7272186070e0f168f67659f2e921d8ae34f1c7197df4d5db20

Download Submit
\Users\Admin\AppData\Local\Programs\mechvibes\ffmpeg.dll

Filesize
2.0MB

MD5
757f0b76df3bb477e27aedf5a40d9441

SHA1
4c73d78cfd3c46823ce78c09d3b44ef1ce38b9ea

SHA256
a7edad43f8bb9550f8d45d3079439c2888bd6b49fc92aadc6d24e5ba1d5cd6c8

SHA512
93dcb3caff8e21aed731c28933f46ef717be6c88151fdf7b3e6f884ddb8f799f686c8a9f72c8ae7272186070e0f168f67659f2e921d8ae34f1c7197df4d5db20

Download Submit
\Users\Admin\AppData\Local\Programs\mechvibes\ffmpeg.dll

Filesize
2.0MB

MD5
757f0b76df3bb477e27aedf5a40d9441

SHA1
4c73d78cfd3c46823ce78c09d3b44ef1ce38b9ea

SHA256
a7edad43f8bb9550f8d45d3079439c2888bd6b49fc92aadc6d24e5ba1d5cd6c8

SHA512
93dcb3caff8e21aed731c28933f46ef717be6c88151fdf7b3e6f884ddb8f799f686c8a9f72c8ae7272186070e0f168f67659f2e921d8ae34f1c7197df4d5db20

Download Submit
\Users\Admin\AppData\Local\Programs\mechvibes\ffmpeg.dll

Filesize
2.0MB

MD5
757f0b76df3bb477e27aedf5a40d9441

SHA1
4c73d78cfd3c46823ce78c09d3b44ef1ce38b9ea

SHA256
a7edad43f8bb9550f8d45d3079439c2888bd6b49fc92aadc6d24e5ba1d5cd6c8

SHA512
93dcb3caff8e21aed731c28933f46ef717be6c88151fdf7b3e6f884ddb8f799f686c8a9f72c8ae7272186070e0f168f67659f2e921d8ae34f1c7197df4d5db20

Download Submit
\Users\Admin\AppData\Local\Programs\mechvibes\ffmpeg.dll

Filesize
2.0MB

MD5
757f0b76df3bb477e27aedf5a40d9441

SHA1
4c73d78cfd3c46823ce78c09d3b44ef1ce38b9ea

SHA256
a7edad43f8bb9550f8d45d3079439c2888bd6b49fc92aadc6d24e5ba1d5cd6c8

SHA512
93dcb3caff8e21aed731c28933f46ef717be6c88151fdf7b3e6f884ddb8f799f686c8a9f72c8ae7272186070e0f168f67659f2e921d8ae34f1c7197df4d5db20

Download Submit
\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\iohook.node

Filesize
38KB

MD5
0ce491c1884b0cca8d40fe2e71a83eb1

SHA1
475e749aa2987f28d160945fd929b326ed1e0993

SHA256
6776940aa9653ed8bd693561dca745f200d946b5e1eeeadfa7174228f3d30dd5

SHA512
e22a489de51baace728baf35a1b10c0f29274a47bb37e089c559d75fbc9e16c710720acbff576af134acc0c722b565a6944c8afdd2a5f88b3909a0610f3e31ee

Download Submit
\Users\Admin\AppData\Local\Programs\mechvibes\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\uiohook.dll

Filesize
29KB

MD5
03c8f03de92c2881525c8ae112496c8a

SHA1
44e39d48f41ec2a6100e7e984cb5652ac1d9e3b4

SHA256
f496f9a661a8e309f99aa5b428e2557425d8c3f1d4a37fb16b26438ef1c8da66

SHA512
264a3fd839e168f84fe00d4dfd84454322a27e6586de74846e74b30ad46d55f6d430daced2a522ba6fd7f6ad1c5913e604b8eacb59f766e9d33a5322ba5b9773

Download Submit
\Users\Admin\AppData\Local\Programs\mechvibes\swiftshader\libEGL.dll

Filesize
333KB

MD5
9232de137c209d803ab5aee9f9b54d97

SHA1
614bfbf9583d61801785f64886a88aac2d3b5dd2

SHA256
4d752716e4837aa50f538f2d05bd79edcf829340adadfe1bda7337c0e7dec504

SHA512
58b73c6a93f1d2389ba53c33ca7dc801ef74f27a38bcb65d95de31c6125b70a879e02e3553998ffc9f0152fa4b67b24e34bfbb8864b33c4d41bb5e9218a902b7

Download Submit
\Users\Admin\AppData\Local\Programs\mechvibes\swiftshader\libGLESv2.dll

Filesize
3.7MB

MD5
71f7d33b4c9d5e4260d041f0e0fd724e

SHA1
e671ed5ad823f798e792094e7ffa413549c52208

SHA256
8897c0001374eeec95a38f3e8915c652852f7d5f33151b6bda2a9584c9c2158c

SHA512
4c5d3d251d6956d8813c870f8900242318037de09335cdd2382a1c3fd9b2909da8f113394d8fdc71166c0673366c8c8dae4c5d0efb1eeaf26b0fb07bb98256b5

Download Submit
\Users\Admin\AppData\Local\Temp\nsgFAFB.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsgFAFB.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsgFAFB.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
\Users\Admin\AppData\Local\Temp\nsgFAFB.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsgFAFB.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsgFAFB.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsgFAFB.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsgFAFB.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsgFAFB.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/2696-323-0x000001BB5DAB0000-0x000001BB5DEEB000-memory.dmp

Filesize
4.2MB

Download
memory/2696-293-0x00007FFD4DE20000-0x00007FFD4DE21000-memory.dmp

Filesize
4KB

Download