093d3e7fb8f15b06d779252a8691f7c5a42beae493ca81965bed50e5f326e869

Resubmissions

20/02/2024, 02:49

240220-da4exahg3v 7

20/02/2024, 02:28

240220-cx45aaaa86 7

20/02/2024, 02:23

240220-ct65gaaa46 4

Analysis

max time kernel
1199s
max time network
1105s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
20/02/2024, 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rp-6
Size

157KB
MD5

69c7f8a0813c792faa53653f3a57ae4d
SHA1

1b9fa85951b857e7f887a62f38688ecf7ed98c68
SHA256

093d3e7fb8f15b06d779252a8691f7c5a42beae493ca81965bed50e5f326e869
SHA512

784948a0a2f7f1e1db9cd1bafec11ec68a56c2d34a15d58b0d5bd240a96fcaa18092e31c303f268851e654fcbeb2b0388b7aab98fd6533282c98455a26ab76f4
SSDEEP

3072:DwfpYYmMByc1zge3ZBOjS+rkPSfgIsqJnZEjc0Xz99DuqJTm2f62NVSgE29xxspa:oDuqJpffNVSgE29xxspm0n1vuz3U9Iv5

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-392952528-2979573054-2586089985-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-392952528-2979573054-2586089985-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-392952528-2979573054-2586089985-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-392952528-2979573054-2586089985-1000\Control Panel\International\Geo\Nation	Launcher.exe

Executes dropped EXE 10 IoCs

pid	Process
4008	Launcher.exe
4436	Launcher.exe
3532	Launcher.exe
1152	Launcher.exe
3056	old-uninstaller.exe
1948	Launcher.exe
4864	Launcher.exe
504	Launcher.exe
4100	Launcher.exe
748	Launcher.exe

Loads dropped DLL 33 IoCs

pid	Process
3184	CheatLoader.exe
3184	CheatLoader.exe
3184	CheatLoader.exe
3184	CheatLoader.exe
3184	CheatLoader.exe
3184	CheatLoader.exe
3184	CheatLoader.exe
4008	Launcher.exe
4436	Launcher.exe
3532	Launcher.exe
4436	Launcher.exe
4436	Launcher.exe
4436	Launcher.exe
4436	Launcher.exe
1152	Launcher.exe
4292	CheatLoader.exe
4292	CheatLoader.exe
4292	CheatLoader.exe
4292	CheatLoader.exe
3056	old-uninstaller.exe
3056	old-uninstaller.exe
3056	old-uninstaller.exe
4292	CheatLoader.exe
1948	Launcher.exe
4864	Launcher.exe
504	Launcher.exe
4864	Launcher.exe
4864	Launcher.exe
4864	Launcher.exe
4864	Launcher.exe
4100	Launcher.exe
748	Launcher.exe
748	Launcher.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\INF\netrasa.PNF	svchost.exe
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	svchost.exe

Enumerates processes with tasklist 1 TTPs 3 IoCs

Process Discovery

T1057

pid	Process
1756	tasklist.exe
4652	tasklist.exe
2952	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528697519035371"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-392952528-2979573054-2586089985-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 9 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Launcher.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
976	chrome.exe
976	chrome.exe
1472	chrome.exe
1472	chrome.exe
3184	CheatLoader.exe
3184	CheatLoader.exe
1756	tasklist.exe
1756	tasklist.exe
4292	CheatLoader.exe
4292	CheatLoader.exe
4652	tasklist.exe
4652	tasklist.exe
3056	old-uninstaller.exe
3056	old-uninstaller.exe
2952	tasklist.exe
2952	tasklist.exe
748	Launcher.exe
748	Launcher.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
628	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
1948	Launcher.exe
1948	Launcher.exe
1948	Launcher.exe
1948	Launcher.exe
1948	Launcher.exe
1948	Launcher.exe
1948	Launcher.exe
1948	Launcher.exe
1948	Launcher.exe
1948	Launcher.exe
1948	Launcher.exe
1948	Launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 4940	976	chrome.exe	77
PID 976 wrote to memory of 4940	976	chrome.exe	77
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 2688	976	chrome.exe	81
PID 976 wrote to memory of 4980	976	chrome.exe	79
PID 976 wrote to memory of 4980	976	chrome.exe	79
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80
PID 976 wrote to memory of 4136	976	chrome.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\rp-6
1⤵
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa44219758,0x7ffa44219768,0x7ffa44219778
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:2
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2728 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4828 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4452 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4604 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3248 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5304 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3164 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1752,i,446525781552492456,1532266411878888527,131072 /prefetch:8
  2⤵
  PID:236

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3376

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\Temp1_CheatLoader.zip\CheatLoader\CheatLoader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_CheatLoader.zip\CheatLoader\CheatLoader.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3184
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Launcher.exe" | %SYSTEMROOT%\System32\find.exe "Launcher.exe"
  2⤵
  PID:2108
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Launcher.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    PID:1756
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "Launcher.exe"
    3⤵
    PID:344

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:4528

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:3912

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:352

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:3364

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
PID:1032

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:2148

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:2320

C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
PID:4008
- C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1556,i,10029425241242458456,11493576086576859239,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4436
- C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --mojo-platform-channel-handle=1812 --field-trial-handle=1556,i,10029425241242458456,11493576086576859239,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3532
- C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --app-path="C:\Users\Admin\AppData\Local\Programs\Launcher\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1984 --field-trial-handle=1556,i,10029425241242458456,11493576086576859239,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1152

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:3664

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\98cbbb0dba4e4e4eae8a971eed95d64c /t 316 /p 4008
1⤵
PID:3524

C:\Users\Admin\Downloads\CheatLoader\CheatLoader\CheatLoader.exe
"C:\Users\Admin\Downloads\CheatLoader\CheatLoader\CheatLoader.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4292
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Launcher.exe" | %SYSTEMROOT%\System32\find.exe "Launcher.exe"
  2⤵
  PID:3024
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Launcher.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    PID:4652
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "Launcher.exe"
    3⤵
    PID:3176
- C:\Users\Admin\AppData\Local\Temp\nsd77D8.tmp\old-uninstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsd77D8.tmp\old-uninstaller.exe" /S /KEEP_APP_DATA /currentuser --keep-shortcuts --updated _?=C:\Users\Admin\AppData\Local\Programs\Launcher
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Launcher.exe" | %SYSTEMROOT%\System32\find.exe "Launcher.exe"
    3⤵
    PID:1620
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Launcher.exe"
      4⤵
      Enumerates processes with tasklist
      Suspicious behavior: EnumeratesProcesses
      PID:2952
  - - C:\Windows\SysWOW64\find.exe
      C:\Windows\System32\find.exe "Launcher.exe"
      4⤵
      PID:504

C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of SendNotifyMessage
PID:1948
- C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1656,i,2891612745709095971,14964982326330330593,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4864
- C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --mojo-platform-channel-handle=1820 --field-trial-handle=1656,i,2891612745709095971,14964982326330330593,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:504
- C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --app-path="C:\Users\Admin\AppData\Local\Programs\Launcher\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2136 --field-trial-handle=1656,i,2891612745709095971,14964982326330330593,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4100
- C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1656,i,2891612745709095971,14964982326330330593,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\298b2297-48e1-47cd-9bb5-8175dda790af.tmp

Filesize
5KB

MD5
7da4b088040a7c9f0cee79db76c2845e

SHA1
3703693ec87e1d94c86032739041374a4f3a5508

SHA256
04f9c107434f3e3aa6d34b72e579ac0fafbbd7b1d8712138babbd705a47df002

SHA512
1431f29f66047ddf0cdc2ae7e62c5b35fd1ad3fd703cd9853098585abb225cb4f34fe7e6590a898f33306eb94113a46f8d78ca5d45ed16665b313d9bebfe5d4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
966KB

MD5
ae8bad6883e9c5adabdf7b87d63936df

SHA1
e94fee1ae60c0cf012606618468b7ae656101d95

SHA256
7171b4ab030310abe93effea9060d0b74d5a58c382e432a51ce205f19550eb91

SHA512
f2ecceb68abed2ee35b3c0c5efe8337ed10e0a8df4210e3c3c0aedef2c75f128df305718fed8dea5184dedbefb8a6f4ce63dda2f0c9bc614fafc9238bd5c70eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
77a3ead31cb307b3167bcd27f5b643ce

SHA1
5b382409236cdf81217aa0e6ca9b45656b70af2e

SHA256
801d8b08ae55d183442a1ea73558b4604c062067506676468f22d3d3513075cc

SHA512
1354a3e73c2839f646b25e0dc7f510038d17242a5ecb566a1f47f569efa93c2d3db7452081a436d7d5e0cd06be1c7efff2c808bc515ca20c170548664a934392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
33e6f472dadd8647c7ea9ab030c231ef

SHA1
3454e4262635884a55257c22e64a752405157a08

SHA256
0d79808aad178835c784a094b988d97838c8c3d694d5329028875fb0f4397371

SHA512
a66147a68429d8df3a6dbf2422e1623d442ddc453aa5ba918ee955db6d781bac2856c6d8644c79412702a1ad84a74f68e7be5965f9a81aa305d2c0ea2f87ea39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e92df2595af427c3d24ba1b3e071cf24

SHA1
36025ea61e00edb443763ec00e3a09adf87e0e3b

SHA256
be90a296d0e6a1c9a6dd07fd8baa8485d98e88324996494127b7109c49d58031

SHA512
76b8fb330e7738914ca3f114707f15b9e933528479e02072e51bacf539a6d5c36501fd73720e46fd854494903affe15a2171c13ca3ce27dd16fabb8859cd6fdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\924910c4-521d-4aef-b5ba-06c34f2ab5db.tmp

Filesize
371B

MD5
2da0da6db4ef1a8794191203e38f5298

SHA1
a48adbf691cc0004f50e9b342f71a456e539b84d

SHA256
921d288916be0569f56a0d024c8ea1f810267c5a1361f88957d01beae78ef62c

SHA512
8a364ac91b28b78ef360e9c71a71e7e61fdf09f3a31bf19912cd50c897b0392d0fdafc01e8a9eb0578465b52563be3c43f9b2cb41075cc08e7226523fd81e27d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
448cb5d7327089c01eb789f9cbc68d48

SHA1
faf324da18f1ec4c90289f85a30b73d6b2a6cb29

SHA256
6d8f1124b1dbd81845806e7e3d668a54f54d52e75b770fb85adb4f400e4d6baa

SHA512
7e70e3e9a265512e5b56e8f63718be2e4dc0225cc83cb0e44c4548e4619d8db72e470b47d5cb93c8d216d902aef88b802ea7016001e4a37b033de68163bc7d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9382eb03aa9c7aff0a4b35be5697f8b8

SHA1
ae958d7fb2713db932b72cde100e6d24d1bf80b1

SHA256
7c618db9960646bf2a79a2c1a6462676cb5d91aaaa3a2c7d1bb8cf3dd432fafe

SHA512
08072a649c416334f02e8bdfe302cb4cbe273251c2d4a472f5272d10144773f17ab4cb69dbbc8bb8ced30a1fb8476aada6b09494fd1bf61b34f9550020bbb1de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a7740fa484694a9da1878bef6f24b143

SHA1
ff6a68b3dd071d206fb9674503ab29a105b143c2

SHA256
bcfd3b977050fdb7d90e74963ccf485bf2a0c7c216b594bf0ee0951c7a9695e0

SHA512
abfa8d524289bb7e41307b3a758060b118bb61bb703235c19048d61ba3b3bb10325e3d31e9c37c4f8c5874eecbd77b1f553715fcaf36be6df37851dcd4b67919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e21d8583baa91c7a11f459f2c779b3a6

SHA1
2073d2697b5daadba07fb6c08671f3c7f3c0bd18

SHA256
51189b4a71c690b439934b5a2eb832f7588c0803d64d497a43b79dc05e090112

SHA512
a631d2bda591bf25bd5c0c70c161d30b955ba7d972f1d6a8aa576343df253f4cdc6616648360a65092e7cd43af0ef4b8e85af30d9d424ec9394db5d5ef3a23d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
207c9b3eb234eef4f6de4b4461685c27

SHA1
1e4ff6a70646c713fded6113318af9c210b9313d

SHA256
e40581e20d336451d984f7290d9e77b07456e53d98d5d70e0ee8d789eee4c4ce

SHA512
834465e987b69a9777101cebd1c4cc7746b4313c99e9297b17e028e40f9fa29f8498361c4e37d7174f4f61593c174855cc4751586073206bace84d0ea81e1a76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
865ec265ad111c9f0af2f32460b89b47

SHA1
2148d0e672f86278ca6e7cb9d9acc7ca62884be1

SHA256
fe432f8b39be99b9bfdc89b85c403c56b6f787fecd072135703a9a251b1a4cc1

SHA512
7ff2b91c3a3a7fdf97e1100243e17a3f0dbddf2a8d2089b30ca6e833504bc774ecab6377b2d2d5b7c2c766502f443d9e4904f0186015b7e4b3b2f9fc22804017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
804e1533708b96c7ba8722759830c343

SHA1
db01fb2bf627ce977fb066a23e356acc0f3540df

SHA256
2d9dc4a8883ae8dd64de9508aa1555e99396de6161c1cb59a8d54e3b79f144f5

SHA512
2ae46da9c9d0970f217c412c9b45a6718b76150b5c95571697ff659c8ca89304b9ec582a9fc8431c772bf01ba09f5bfe9be2a5437bee51902f323f927e1dbbcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
90b1689109232fd49d39f43d86684fe6

SHA1
cacd7d103ffb3ac41944afdf611cf4bcc27e4896

SHA256
8d88a9d64541310734735f7deaa140b91ba0d224bdec60143a2171ad56469dc6

SHA512
1b60dcb296353c534a8955b3e76c49681c340330f9f164bf919d6cad0ee9912047eac7b37d40b096dc66f0a6f529dc78e92cb38ccbb9c525389b5ef73fba455b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8d84ee9c0747f245c61c1ab87ea88a78

SHA1
f852fd3908a7db0895d1ea51dba04b82bfaabba2

SHA256
2fbdd361ffa08dcc790c22f88c109c4d728fa5e95bf470f580c03a220d793d8a

SHA512
ca333b048aba8549325075d480f42665f5a6f10ed5f853697c5d18871233570b94f4d3b53ffbb12be09cfa9deafc9f4dca87bc791aec0648e3761e8fc343fc71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
000cf62bb67d4ea2b296d2c2a38f45c4

SHA1
2be13a22fe6c3b45cb2ca1f71dc1b2db6fd7ff8f

SHA256
4be82faf1a41b0f81ede2a599a30aaf6bfe5a99ae1525539715a2ff497b45467

SHA512
28631612e8a42cc6a852e94dc84d07db2022615f7a54725214bec7c74dc82b1817dc731bed227f3b8ada189b3e47ece246ee8d9512f8b28b0b1be864e8fae88e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6d94d0446c4b9670fe7b546dd8a6692d

SHA1
5f9c0c91210d924cf95f4aa4e0bd0d364c016f1a

SHA256
86e64ddab5bd9a14014ee21464f3673badbdcd925a08d36eff8f614e9fff1bcb

SHA512
53d7b434e90c03acec7c1427ba7bf999a0bd1538594fa3414cdb7a53eadb2ab2b376e1967e69e0177b6c77160316ff03c83de35463730653055152f05fcfc215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c94c527b4903967652980e2e4b998436

SHA1
c95677970a2e2b443505b4c7a672223b26794c7e

SHA256
86eea44264e3ebcc539c2ea92074abe0ca4e9ba929d5c3f57ccd45ca19bd08e4

SHA512
9babbf947c7a6ae939539bfcee845526c93e6bc53a7357036d1104aabef8727a58ad9f66205c9d6df1d949a34d403b635dec331239d27d350e84a23963565eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9dcf54441fee7f33d8d98a3439c2e59f

SHA1
248b44f9b30c921c23bc80035917afcafd4a088e

SHA256
355cdfc8104f5f55983518e125e0617c6d7cfe120b2c7f33072fac246c04dde2

SHA512
73216e8bb084be2a989f09c19fd82047aa01232cb6e7caf9c5c7a0c1b31f25562041e7912764692edd12fec446ef1e9459f0441ab5123d2634ebc680bd6b1e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0da09385726a6341615f2115613f46e7

SHA1
f64956fb3b1895b12d4f0da01ee1eab1c98feea5

SHA256
4fb2958318677143ff804f86cd05141304e28c015b62b36e5f9d8ff51b73c48a

SHA512
429704c432f1bf749e9a9e97f36fe64193d3883774033a3dc0c4b8a8f0102df581eb4a2741fee6fa9c7296d0c3577b0f39529295a1a7b60d75f193258c4e20f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c414b16872eef75992613b7017c21d22

SHA1
5ab448444434a65db328252884b46e398f093eac

SHA256
2bdc1db9307e4363331875adfa7a13156ff076d3dfd21695c59f07c57d3d5019

SHA512
b7d16c243f7b378402df3f89148aa5c12f021e6716c74a079866fccd954297b7d056747647b76b15cb4228c04001ef7766907591ce2a4ba9e0f41b75e8cd6426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
86e1f2282d1078ba8ab1c06a7b60d131

SHA1
0e28cb242f94c51e21d5cfd049ab97cd533a0d46

SHA256
875ca9e4dd493129088fd8cb26c9d049c2b0eb47cab7780fbf112d23617bd820

SHA512
06571b3488bfac86f39d732f54f2f9e6778f63adf1a62ae023f6af782567738d4012effc47bef7e0d5181bc2f66cb05ed2c96925d9401854de4a4e3b370606e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
a0994a79ed4f7d29e65a65e5da972420

SHA1
68ab3985f2e7b619e9eac83d338bbf48229d0843

SHA256
dfaf20e289854c29924f4777916d59503f61f43527db32e5b59d5b87383dcd1e

SHA512
365b17231224e696c63defe204afbce31337d86b0495f7939a4c04fb8b23af7fca274ebf27edd741fd9d457ac283cd96c65fe26a40b784827e498862f9082cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
9c07a5235a8d3be483dc91f848a6eb28

SHA1
915494595bd393c5f32733beebd6afe4adbdf65f

SHA256
6114baaea129951b9a24f224e7b8e7f4a3cd66fb0862b18e21014a383a08c3bb

SHA512
5b920a39280a863d712635475625bbd3bec047a972ade846597ad4e0b69a306979232f6f29b2d5e1135446076182a1fbddfa2f9081ad6aa3b24398e7f340aab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
d0ce6b91b7e531b74e731e956aef7a60

SHA1
08bcad790575758bb418574ef524d3e0ec33bfae

SHA256
06a28e622ecc9577b5a92e299af62011ba10c98aa457f1350919a1f20c22beed

SHA512
ffa1bac53f127a5894a33242488823d4d98eea2827393eecace544377f947dba5c3ca56649856ac42ee70612bebf1b20bc3f4fdbdc20662a7f83071815105ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59c21d.TMP

Filesize
92KB

MD5
2e54be0acbbe606907a14ad7305c427b

SHA1
544b1ee4542a46b5ce734f9d3b85f98ecc3c293d

SHA256
e574bc74d9f3cf5ec7885d8d688fe924c832e15e6793e51b56e55a3bd8b655b0

SHA512
f445603d3cd2853dcefdab90d0358f20de0a2e8d3ffcae271b7de56a6a9489a9dc1c58b34a97c8c051c16a7ab81ae1034509d43958e6b673afdcd409bb7378c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\D3DCompiler_47.dll

Filesize
832KB

MD5
3fa568fb8420aa4d5ad3d8bfbc8cde2f

SHA1
a3ce7c9106b36933da4a92360c663601af45aa9e

SHA256
99998889fd6843a4fd0ed960a54e38f2b31a983753cdbae774ce1929ca2c68dc

SHA512
94e00d43228f8aaeea2b93212b6093f2987ec960fae5a410ec8c8b42e1dd1285e8e9e8794548d2dad7f5742f53c276977ef09e1c33feb07da4f06d21b6ddf197

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\LICENSES.chromium.html

Filesize
6.5MB

MD5
d18c09a075cb6531d7ffd7c3da77bd4e

SHA1
571f29b6004007111782bf5727c4bc9510cca286

SHA256
86f5222580a4ab03dad8ea62e6cea22b23454dccf1c77e74ae0e0410a13b16fc

SHA512
091cd68e12633919fc6100b606f3002b16f4b9c7c6d7c820ff20e31a3b9ea690c8a1fc90529ff3e5c21e8d778e254743a8708049830c3bb046eda8f2653000b7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe

Filesize
2.5MB

MD5
f77c2ae34397589ef76c6f60eb0220fe

SHA1
432ad2a8b3601511272c0d3483a60c37dd2fb8a0

SHA256
0d59f23c8e75a147c6921430a415ee4d197d8a3346592898d6f7a86b7e13baf5

SHA512
1cc891177b333201fe6d915eacec7b7c8b298caac7bb04e8f5e83848d82f60fc94fca1031af847581230f7e3e72a9bf634cfa93f510401332714730ceb410c1f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe

Filesize
1.2MB

MD5
4e8d23f408d30e0ad10c2c8e713a5a6e

SHA1
896babf115e933348056fef45d7382f737a572ac

SHA256
5bb8c811ac491fc5a8687e064740d0e40f9d69ea213393fb3ecfffa965db6574

SHA512
b1b01675c24106fd47dbd6bec772e4d77a88be2f162aa74189a938070c88cb5d46cfa6242d06a487ffadf374c3cbb0011c709f67bf2512a9d7d3e8e9cca93be5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe

Filesize
896KB

MD5
c5c9b391e2abbca03b3cf10639bf1538

SHA1
e9d671968a8782ef232b4f9640db33217bd8c7b0

SHA256
47debc8f9d0962cbc6e598c6fb64073b3d8a0689e3cb4cefb8d5f7fc3bb9734e

SHA512
4f654f387404c4afd52bcbc1209a1dc8683091881e68f75ed0146d29ff680551a0e2cc5e3c63b038f465cfdd4e6dd879ea3db857f02e6a9150ed80acf9618564

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe

Filesize
768KB

MD5
fae1998cbeab345bd6a4c156ddbd8da0

SHA1
3b07d3410078948db5f11b311ef9f189a10abe60

SHA256
2704ab9b52a1dbaf21f3766f41e65a2ba52f95bed8a2ee5e28a805ac0fb7f52a

SHA512
7fb5a97ae4bd9228a6d5807deeb040f498f888368a90b3b9f427d09fc243eec005ae9ac85563accf5317ef85783e3fabe9d56042e40a302b13096c3a73c2a25f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe

Filesize
1.1MB

MD5
d44e35a9016ad515b855f42bbef010cc

SHA1
c67aae458252362ea3774031bbd17ae191fe201e

SHA256
021a0ca0324c184061b3aba22e429ae2542d1ea42390a808d530ab14070f34f1

SHA512
527eca44befd51e395b677dbd71cbcbea86a69ed65bac7f25643dd6930a5a4f245ee5dd541c2b080489beb16aaa3e9f1ec47d0c29efd17ba2e2624f9c0e59519

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\Uninstall Launcher.exe

Filesize
145KB

MD5
dfe40b9f50284c4c5f67328d0796997a

SHA1
c4fdac74e58988bc21b3a4f1d4c4727e4b09d06b

SHA256
0ad88c8b074b8a2450d68603744ec2837d8ec882010d7090b5c49df446dfeb62

SHA512
2a88b7bea2d404c4adfb59da78143d7f9d2c7b87d232f5902df43902604ceab91eb3324f4a61d82849f1d6165a2659ddf442034f654b152c960f2f054f1b9443

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\ffmpeg.dll

Filesize
1.8MB

MD5
f83b9a94b59b07b83d8eeab4876f6457

SHA1
c0842e10f938ccddcd869b30d512aed3236d1156

SHA256
df959e682a8921d0d15cb792fa3e2e41cd35d6055858ad78994479d611549cd3

SHA512
98ba25ece4e2089260dc1d53c0b313ea3bb1d5f48ddcb37cab579982560b93e09131a4fb88bd85b46e1d5c103ba2ffdbf0b17d8a88728ef881957b5f20f66f61

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\resources.pak

Filesize
1.1MB

MD5
c8800782f183632a9f20f436ffa23c67

SHA1
7c4b06933f0bad8e84893de22a2a9e80e9a0d46b

SHA256
3f5a5c0b15cbd1ef9d11c2bc86fd2266e6def8e4474159a01460ba1c7f56f2f0

SHA512
71e23686715d5090e85a7b9832c98518f768f12e770447b20e4e665fc265d026ab76887061d86c2e124029b140e88083573d0a624710d8c73b28467f6bbaf982

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\resources\app.asar

Filesize
9.3MB

MD5
71abfab83b1f5269d4cdccddf50b73af

SHA1
5e9cd37b7e92dd63ae1c56feebbae43580705638

SHA256
54940fd020b2dab911c7e09172794cc239700a630e42d266f99ec036ac531fb3

SHA512
ea4a205995118ba4d1f0486e6e0f0304fcb9d0971ba7357f460af549159a1f9caafe62ab5f169aebca81e970b1baa5d4f0b9c055e85922432d676363ae0aa9a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\resources\app.asar

Filesize
3.1MB

MD5
2db95e8a83efe84965de9e44d2afd196

SHA1
0078a273300892ddad0650ab335c2bce185aab5b

SHA256
ed8393a7cc292597804125a630dace125ba5cf184ebe56e5d50dd74d5893fd8e

SHA512
c06eebee9da2caf6791917bbfe2a90e403eaf337106dc4cc6e93239fd63842469ea61c8283735c4f015c63bcf4a476d67ad64c7e04222cda3ba210869c75ebc8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\vk_swiftshader.dll

Filesize
768KB

MD5
24b809f29fe3f919a35a3d8ea785bd94

SHA1
d3a80338b27923909f47d152929f0a7e1295f8cf

SHA256
fdbf880ccda8893cbd6cf8e5bbabc881c19add0810128d31f3b7c14967225b69

SHA512
f6767d9f7eafb40f6523585ea746ab98f4cf7c52274f4017c3981d3871bec4ec7bb0b14f58bbf95b0b19c061e0274b9e5ac097c7e12ddc73c82ed4d364063a85

Download Submit
C:\Users\Admin\AppData\Local\Temp\d5a53898-b51e-4ec5-ab91-103fdebf910e.tmp.ico

Filesize
23KB

MD5
c6336059a143241935e629b63782297d

SHA1
e9ff66f309de70aa7118c3fdd09d9b99474a3cbd

SHA256
d7806422a8edefa3b66637911358edb7c96102eca5bbb1b3ad2f0454fe6bf7d8

SHA512
4bed43d32670b526be01879537a7e6dbadcc2368d5fd28568a9b87fc3a3b63c66007009a80b9c1a5dc21cc8e4f26a6065cc9aafd6c7d92dba33d063e45f2ae3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd77D8.tmp\app-64.7z

Filesize
23.6MB

MD5
9366db5da2e5659847a20bf57dfb2365

SHA1
699273c3ad25652125d16cd45cb763c3e6bf3580

SHA256
7f86a9b8102a4c44d21fda897464c410ac48ca88ba8aaff6de61a3f7355628ec

SHA512
61ae0bde444c901b5219942669a7cf6c8f9b1076a43e48c90b2cd6d354d379a6b155709c1bb7b7cd3d6652ebf0cb0a0bba29b9f6581e96e9352a71ea5d21eb45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\LICENSES.chromium.html

Filesize
14KB

MD5
bbe2757abfadcc10b2cf52a329ee01ed

SHA1
e28cfec220c411569d989c282fc312c0bae75db8

SHA256
26982a942656ab7c1b6bbe1404026d01ca3a9eecfbedf96fbdcdaeb251cec674

SHA512
ae5125ea81a332ed55152fb1ff79bb3b0f2452a051f3e33eb6a11e48dd56e311c1a88466f76c96a06262fbc4ed5453dc08b2828bd8addad1ae1accd74329a546

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\Launcher.exe

Filesize
5.5MB

MD5
b148c028c4db072a7a58cea1b83bb070

SHA1
06a29fa15aa354386f5dc51bde509247c81d7f8c

SHA256
d249851a39a4e403c78238d1a3e7810741d712d7b2dbeaa26b9884e05683f740

SHA512
2a0e7267b8e1e7da1509fe26cb4f91dd9e046ae503a81b8284e0126db81781f7d9a1d22a1e440a5f60f13cdfe33006a4c90ee005abcedde562c75d9b0a3eea1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\d3dcompiler_47.dll

Filesize
2.3MB

MD5
8c46f7ef7b31b0648ae4179eea4390d5

SHA1
2bdaf0ca631fd4fa63e03bac8b854a28c0616ff7

SHA256
7caf10fd1fcbf9e99d41d666f6967f4d57a82928f29748b027a0af4a12c74812

SHA512
9a82b571efcc24630953b46552ea5b8cbd1c825d740a47fbd4fbf6b207a9671713ca59e69a97335d9c17d41573d9ca8b21dc93043cbdf1279b25f9b1c4de1692

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\ffmpeg.dll

Filesize
2.6MB

MD5
b0ec936bdee48bb42c1a795721c45711

SHA1
688026c9af526a8e62813f3d58e0553a68cfca49

SHA256
45c4c7e7fb00c03eec95bd12a838838403fd527b369c1e9e5e24c55b89f14a89

SHA512
4d467031579fdc96f858040f5d2afb65c43112412367a1d4d1197f210b74b56767c79ebc1b118109a944e7bbf18753143506cff1a2a4a490588b712eafb6e0e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\icudtl.dat

Filesize
534KB

MD5
0221f50f7e099022af327f8b55ba5bd2

SHA1
a2867f79e2671c8500b227500f8b5ab63e887829

SHA256
0fb66bdd0fecc1e72f8b10e56ba9c3917a5812df2775a5105f8fe839f9f1ceaa

SHA512
7622f73335076025952855a567e5dda8fdc47551fcee85ea4cae173c669911d59f5c5a0f1db48f12f78e27d71e5b2cb635217e6dbdaa1f8ffb573848182f3cc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\libEGL.dll

Filesize
473KB

MD5
637eeb39ddbeb3ff518ff1988604505f

SHA1
8b3d9a0d542718fb906f8fafb2583d7bb53176ef

SHA256
3c51a8e53ef7473e9a335673e909dc9c67bf962997e6e2a319c3bd70fd52b4ed

SHA512
3257f9c96665f1bc8bb39acd0d98015b7d5e32f3cf3f84e795df4d19f6bd3bcc14a4e89759cc0de83289b79cd290fd5f4b176c3e9a4cb2eca3acfba0c9e232df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\libGLESv2.dll

Filesize
3.3MB

MD5
b5e8a97c5153bbd4022f6b83539758b5

SHA1
0ae723f8b7f8b5a1a1125ebc43fbddbfdc8107fe

SHA256
c783b2604d28b0a49dcebe1980d5c6b52a78275c4ecc5eba36c41d68ec37476b

SHA512
d5448c88c5f88251f61e2211015d2a1ae5abd7af83a3beb1b9dfcd28ecabd4c101512b5481a8884b23a49c0fd671c5bb601406832e6223d14069b652e7562999

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\af.pak

Filesize
340KB

MD5
198092a7a82efced4d59715bd3e41703

SHA1
ac3cdfba133330fce825816b2f9579ac240dc176

SHA256
d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba

SHA512
590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\am.pak

Filesize
551KB

MD5
a2a17bdd83467a027505bc817d1ac028

SHA1
cc1266a22606a1055db9653b82e90c9d1f551d44

SHA256
f92b0299185d963337e96df1016e1cf5ca335e22ff86568c1a6507c3fea29094

SHA512
193c5db0a30a3c8ef5e8c821cafb9d0b5671b7e7821748c7b432e927bd4638ecf5bfc1d99721ce89fb3df4f6f23b5e55d753430e8ef2bedd1e1633e613321028

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\ar.pak

Filesize
602KB

MD5
b2a23f285858db5e3e53d6a5d5291623

SHA1
674adfeb57075f86f40ff4b14916c3af29695813

SHA256
7ab39416b60ee342ff2874aaa7b9b95b290828807b1395192cdbd29ee1be15e8

SHA512
92c9b31f82f62b15eed3edaf437412cb630e8deb2226ad162d7cb4c252d8cb7f0453b3121a846ffcb1547570e2eadb04cfd3877ab120496a7fefb47a6d96cba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\bg.pak

Filesize
631KB

MD5
9dc95c3b9b47cc9fe5a34b2aab2d4d01

SHA1
bc19494d160e4af6abd0a10c5adbc8114d50a714

SHA256
fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e

SHA512
a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\bn.pak

Filesize
812KB

MD5
fac2c752c57175a4b1f4630e3667123e

SHA1
a2dbcf1dd7b3cac499b9f782c7393ab438039584

SHA256
71f99a67bb310fab8068eeed7ce24ea7624a66051ba4e719d051cc7e67e78001

SHA512
4820704bd92dfb60736da5b84c8bc9135fca484c678585ec9d26dcb90632e382f354d03b539599f4816feb027dd285ff06ed8a520bede56d7a1c590d942e4250

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\ca.pak

Filesize
384KB

MD5
0312c87b6436e733a037bfb3084f7550

SHA1
e3f30b8f3bfc8ddbf4b8f85f845733ed5ac8c632

SHA256
b6c895fbca90c36ae2cfefefda989922162a2cc259603fbca066f0cfbf43c4ff

SHA512
24b7780211b9dcaf7cbe3915851c7b873562e0cff022c29ca1b4e159b9da152b517305f81dd33712a0224fc3b77e594405e432fe5eecf29b7a4f83f441d6905e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\cs.pak

Filesize
393KB

MD5
ff919631102a3a9ec635b3080b63e305

SHA1
e43b117ad5b2d5b373321ab0ae63dd4bc1352a89

SHA256
1b8c3add009028eb567b0094759daff29b7861e11d5a9d864071012200e9735a

SHA512
21833774413cc71ba9c0c592504ae6288e3c8ac4e5d1d62768f4b3eca09e90009abec5e8fadcb4e7d63b99a522ae48fd608aad432eb4165ec7021c8888ad7df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\da.pak

Filesize
356KB

MD5
4bccba46add5ebaf6efd4ade3c42aed9

SHA1
e48dcc2de930bbf0ea8ee7b735ead321dadb5be8

SHA256
2497368658a988e4eb3f64cd17423ea04e7555b104d43c8996c0ecbbfed5f74d

SHA512
e2059e2a7f80353981eef6982a7da006fa3753aeba9aca5279eef71aa2fa4b7adbf9cbb17c85b8060359f9e871b1a5c665226f8d3b8a6fe49f908fd44e1b46bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\de.pak

Filesize
381KB

MD5
8569900305a5661573f7766b93909f16

SHA1
3529376f54e32c17447b065d08c77314c4db2ec8

SHA256
068ba3e34e7f253fad7dc526b1078aaa969bea044d48171925534598aa8becb3

SHA512
d544febbe20a9bc5cf31f79f7ef74c1a742cccc99136e9828187c9a643bd0317c7cc48706346ee1a3c9eda8984be9c8606e9dfa7a6ce2cff49db2d785c2aa1c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\el.pak

Filesize
691KB

MD5
8025eb8756d4bf3126d83c9078935520

SHA1
78895218a90680fe223af0b003c195da84902e1f

SHA256
e42aeaea80dabe82657983a462e4cd3ec74f71d4f08a689f5825f55fc02f3141

SHA512
f99f47e54583b60857a31648b985216713725496d8653ca04eb1d6634f2b7f7a1f9f70b8a7938529bfc6c8665360da5e6bfb6b68c314c011fef4a9817010c42b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\en-GB.pak

Filesize
310KB

MD5
502260e74b65b96cd93f5e7bf0391157

SHA1
b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7

SHA256
463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b

SHA512
0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\es-419.pak

Filesize
380KB

MD5
02452424bb0cf6ab832808d04883f147

SHA1
a8e97ee52f3d97c1a4c678f7578808416e9fac65

SHA256
1b23cda69927c77764bda121ee398ffefcf5edcb5866432aa3526c378553c9b5

SHA512
9e750b26ab40b5f1c075acbdeb15a57cda9e6bd8049488cfaf368b5cbe8cd9b6e5dc96130e4137370c90bb0777b97515ea2be0787e255cff750fb7e188e22ab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\es.pak

Filesize
380KB

MD5
4ca91891b2d4670d02931f0ca84e4744

SHA1
85f6559b09c80af2575e3b7626842c10081e188e

SHA256
85fff1ca6bd2527073de03fa77dd013db2557a57cce1fd370caa2b185abb9336

SHA512
83eae7ab2f03598c657786bff6171803b6bbe2128d1a5b8a01d9a13337113632279712dd8ffcd3b707fa6052a936d92a57cb67d848c77ee291e75700e29f2bf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\et.pak

Filesize
342KB

MD5
74eda453b23793ced4480ea7a595fe44

SHA1
76964af9c8024bd84fa1d89f60784e7ee6569350

SHA256
e2d38131a5ef4b0e8438f45e8c74c56bcf666760d4682120c8071c9220230555

SHA512
e9928cfac01f10b040c74e63242ffa1f7f616d8598f49f0aa7ddad063e18666cf5649cc65d00b3526526af8a7b46ee3b3655da22adf46aa44c0c6a1c2ac4dc7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\fa.pak

Filesize
557KB

MD5
99de8cfda36ab9ab3342889fb6da393d

SHA1
6bdd3d627d4b6702f43725039089562af58898c0

SHA256
b93145f30e25122015373a248d6ea22a539c7d0d58c8aa853ac35cc80dc06bfe

SHA512
aa20793f9ece5823cb9e74a4a3ff97d7a1860a593f427fb5eacb0390569a48122589610fe5a02577577f3a30f981c5e3da97cf73bdfe158a6bb845586c5b19d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\fi.pak

Filesize
351KB

MD5
fa7dbd2ee35587ff31fde3c7107e4603

SHA1
baaa093dcb7eccf77ce599c8ff09df203e434b60

SHA256
5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c

SHA512
587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\fil.pak

Filesize
394KB

MD5
0b7d25d70a2d94a032b7ff7faea45a75

SHA1
d9d473b2ea936ffea4f751d8716cb03407a95785

SHA256
a737a14f84b10b2e3c9ad4d147b430fd30c5ac0e125d5aaaf1ea19b0507de5af

SHA512
e4dbef6fae4cb56c3cd7bd5dbb239b5136eb2534a17cacbf628f5e5d77bfca924580ad4e4d0ec580ffaf94d6e1fafad58e9c5f472c3a3ff782702ea5eae2aea3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\fr.pak

Filesize
410KB

MD5
a7c88eda9e12b6dbd432c544767acbe2

SHA1
81f1abe537870f7888431e820b636b17b5213835

SHA256
a4d0e5a39241a6326143afa4c8ec881d6edb0382c66425411881946f98e053e0

SHA512
88ca203256aaaaa26afd4a0aacb6fba2eb41618d09df6fc6aaa80ab8d699b30e73c373fa75098b1ec4912c042341dd1c79ee3d04f98b4bd59a44481d350a7988

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\gu.pak

Filesize
787KB

MD5
3268b8d9b4d4db87ec627b09f1c55a6d

SHA1
683ba367e40abb2fefd4548805e845fc1b452855

SHA256
dee5ef4f4b36fc5fe0f3b5e10c7cc3a7edc14bf948317b31a3287a95bfe0afa4

SHA512
59cff62843d35f790092f42b611e9bcd80d948c0ef27a770b2d7af859997f40c320d67df3c5a9420d28d5c8f1678df4677e01cb99b729664d198b3b95b5fbd20

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\he.pak

Filesize
488KB

MD5
6376d0a5f4273b76b1f4aabade194e0c

SHA1
337ba39f09454c0779ab64872b9fa11f866d6adc

SHA256
875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45

SHA512
00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\hi.pak

Filesize
821KB

MD5
9b5d94450fb03c34759653deb0551441

SHA1
b9134fbc75304ca73b156e77425505ed6dc6d629

SHA256
5e8f2593dbea5a57c3a974558a3fc91b6087329a1e7b11622a6eac120a973718

SHA512
caed9535d487833bdde51e82b76d3b8d2e6ea18ec0b4b7a98552be9266ff0728bb1133d8f9cbd169345aa08b0073f04d649baa71bb487483951cfa1a92080d63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\hr.pak

Filesize
381KB

MD5
7dbd4a9de6e30de028c97a7d39f8038a

SHA1
18d68f37b3c5eea3a2fe42c4ab1694a439a189c0

SHA256
e1c793e08e062043cc65271718d9b21d5742729dfa2e076ab012e8a008d06c04

SHA512
a18c43257d26380ec14ae0259cf192257fee0c6895b82240c3b41c5d6e8bd6f8023cb39dc2da0701bbcf05e8eb2cd13c84af971c28c94099a6d0ea02ce745ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\hu.pak

Filesize
411KB

MD5
d6904e7d1b6750d43a6478877c42618d

SHA1
919f090a6a3aa1112916f5bb0d5b73a62be43c1e

SHA256
3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f

SHA512
d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\id.pak

Filesize
336KB

MD5
881ff04e220aa8c6ed9d0d76bfa07cb8

SHA1
cacf3620d1bf85648329902216e6cdc6f588a5ba

SHA256
9210c4c4c33e7ceb5f70005a92a4fd36ca4facdd41701fdc1d2ce638db8adf22

SHA512
9134102928aa80c49bbf2b862e8079b2ee23636ce63412a4c3813f234d623ff563f5ca1ac407ddb77cecf1224896ed59ae979dcf63435d35a4f13de9c22755d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\it.pak

Filesize
373KB

MD5
6629c344b6e5ee8fb476522627b34221

SHA1
28335e3c96a68a560c68756860394a0a86c21870

SHA256
e76c3f15529fa7cc088dc32903c6885f4cfa170a1e0144710b05965f3210c31c

SHA512
78ca2ebf40d6cc3eb7035cca78364be63b8eb69e27caf2cae57e3489b39a9e443409e800fd95e1b646d37655c37ee8a9ae1ab344b506cf65f8603a6a3ad892ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\ja.pak

Filesize
456KB

MD5
c294012268f9e611fdc2904be57e45d8

SHA1
9ba4bd190ced7ffe053fa74071fc5836bdebea53

SHA256
21cd7ae581f6d0c19e90ac7df03d7dd5305b882776a1f091573f824bd28514da

SHA512
d16653f30617e52a040c5e033896a71055fee9992e54ffca5029601bb62a41b9685a68655b9c8bf7a7ba54a914836a0f7a49cccacae0eda180a6b68c0471a268

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\kn.pak

Filesize
910KB

MD5
01e8dc084d07743fbda50d54d86ee3bd

SHA1
e0709217e1a6785706b7d14037b1478ee2a3a59d

SHA256
ae4e003458f1a8bd3652e61241e11ff91bd887f6b95c1fe2700e76a117ba2119

SHA512
7d8db84f975d778bde21253f43d174921c2c71111644a953ad8671754e5d656f72bcabf62f4b960cbf4ca0ccc5f67d1558ed250b568c1f2308a31970e380654d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\ko.pak

Filesize
383KB

MD5
ce19dea7b7d0b9472f99427de2b307f0

SHA1
9c84dbff9927c052dcb9818ed73bb272abf9054a

SHA256
586f34de2c7bb0e92fc376f3ad962bf9bae1a768398459d39f8ed06b59d8ccbb

SHA512
9a6c84ef9bb03be9ce96948bea94ec0ba83ecbd06ed648acab9d6fd27c1ab85f011a5670591da6256781dc147fc234d627cfc4bf5eb29bc2c8bfc84aaf89085f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\lt.pak

Filesize
412KB

MD5
7b6bf901352885c0699db71239b7cf24

SHA1
9e3ec5f327c0d0e54a449332061e60a8c79243cf

SHA256
9200a9509bd77834d9912f4ba8f4219d2b9bd2cdad49a11873db30e99b9d1350

SHA512
79ebef723fb4c17581eb869b4b4e1a364a3d28df0e168e7e1a3583e0c1ec5b9716dd270925c0545b8247421a64b03705f10910fe3416900de9258840c470d580

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\lv.pak

Filesize
410KB

MD5
cccbd7f8a0c34c7094ce4d7b8e7e0588

SHA1
1a08401e2dc8c59200c4ecaa1886b43b6faa6979

SHA256
7467360f9addd4d8694e1508a6ab3a3e00dce57e5897d5376ad27d8e651b23d4

SHA512
2cc43437f1cd8d5fda0e95e7dd117c9b82e90cfed58ad8f492f46b4634aa01cd1b0ebe39377231a0828fc1ccd39641e4efc2f1210d629f9aba12ea9048accd95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\ml.pak

Filesize
948KB

MD5
00292b0801e0dd0a74091bf53f1574c9

SHA1
63a002e7a8796bc4b4459a19c95ce426fbd1ec7f

SHA256
61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6

SHA512
e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\mr.pak

Filesize
772KB

MD5
b9a2aa88c69c42ebcc41fef00c980a38

SHA1
9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8

SHA256
481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09

SHA512
5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\ms.pak

Filesize
351KB

MD5
6de7b004a86967a3433545b3b38bf89d

SHA1
113bd5b28dda669b27c798e0b46fd680f3a04956

SHA256
ead5a37549b98d55839ffcf0dc8f8201d37d71968ec9138fdea79d7c9b79549d

SHA512
239c4acd2c0b6c08fb92fd95b89a302ddefc01ea843950a0247b7310c2b024383ae98286c2d4b83b99833452c41b386e047b2ef33610ef122fcf2f439ef43726

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\nb.pak

Filesize
344KB

MD5
bbae0915edec081b04bb903b689bc40b

SHA1
6a0fc635ce1c431e512b8b3b8448176aa4025556

SHA256
d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8

SHA512
573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\nl.pak

Filesize
356KB

MD5
9fdf47fef5b549497005ef8efd2a2c59

SHA1
3449de72bfc2be537f4b007c81e5bc5de6ff3d0a

SHA256
65a9c1efcdd451504e2e9b44b0c8fafd2c3c1445d760fd6c435305e2f8534f59

SHA512
3e77178dcd9e8894847039a997c87d5d04eef8a1ace1846132fde229285da08ffc8d3ba697226130bd07ab122a868cc53693981a21f8211c839ccdaba77207cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\pl.pak

Filesize
396KB

MD5
c9da926441d438b952149650c86a033e

SHA1
74ee60342bda33048570dd3c03f897668cdfc971

SHA256
ce96fd415ffcda01345146faac716e2d45e2c556e5c6c38e9a1ea5ac19dafe84

SHA512
3e718e8df695cbd80146c3e911de9b235ccc06f574739e5720d47952f69eab089b56451cdc321174da9b239c0a71a720baf9d68b46046efa0edcb2a3f1804ea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\pt-BR.pak

Filesize
374KB

MD5
c68170e4948cf3ae6910364c1e68ce90

SHA1
420f3a392db28b6fd6be44fd702b455518b67bbd

SHA256
b26499a256d66feed42b372ea2eaceb75c279694b40a7b5d0f8c1a5c24cf381c

SHA512
29482ced2091873a8c6242a608ed641b3a4d72fb93ccc2eb58d2769c446195f717b438d5633522f457234f3d209029936e9ea4ccd65d45ba8ae0c2df71043797

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\pt-PT.pak

Filesize
376KB

MD5
9b04c89c2d17c7c00a6a4342f0771fec

SHA1
a0886040fd5f870023cc3038f5722f4ba6d7c8b6

SHA256
abb012215610178b7f8203f61f41103546d3949ac3df4acb3a622b01663f39cc

SHA512
7c4cf5e7bfad4709db49779c1e3e762b8d0bac6cd736c511711ddca7682e08bc6b3274c9872d88db78bc36b0456b29680d3c4e518d4a401830cfb37b48567bb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\ro.pak

Filesize
387KB

MD5
9b9c22a12ddce43a4a3c0c047a16a5c3

SHA1
901e072d644a79e0b18be2f4a81e6842b070485d

SHA256
3e89d43b86b2582fd7db236659af47ff459a44c5b5ebcbb0bcc9eda244c8e501

SHA512
196a5bb1b0b5093d4a18279037ef7993525c36c136d4560b7e902c815687f7992ecd2b64d96422911a3468cf3f1478b21df6465d3b31486466cbb5573ff0e7e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\ru.pak

Filesize
634KB

MD5
aa75c21bfe54bb70e7abd9fce1347a8f

SHA1
3492307cec15b367274c948beb76598f72347846

SHA256
bd981aa65536b544228ed1d60a552ff4c7800b46f815177b33b3e628b97d77e4

SHA512
0e77f1c7e4b5410e9eaed875f5dae6485d8de5b650ec44133b1634645cc3055fa7bea316e843b491f29d9c137b20623b120e014b1c74bbf4e8d1f08dbeaf5bb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\sk.pak

Filesize
399KB

MD5
72946b939f7bcaa98ab314cfba634e0b

SHA1
71c79a61712c8c5d3dac07a65d4c727e3b80ab17

SHA256
75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7

SHA512
2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\sl.pak

Filesize
385KB

MD5
6a2efcb886dd33a5d05a112c141c520d

SHA1
ba89d9ef7ce1862d1e9933e910529ec5a3e2a933

SHA256
4fa004d80c7e89e38cdfed3a652003787fa810256d294c16aab0bca815eb7c02

SHA512
0475df28a602ec90c4331da4e7d742eded2cb3264b41924628bfc45e2662f2ceb7b9518ac88a231da1c3caf18d176ff3a4931c2b1751f3b74bce3af73d0088cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\sr.pak

Filesize
595KB

MD5
fca817ed4b839b976ebcbf59cac66d68

SHA1
413efa65470319999032b6a25b3b2ee33b8cd047

SHA256
524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb

SHA512
cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\sv.pak

Filesize
347KB

MD5
14ecf7684d7987950a9655258d3a72be

SHA1
b1506b3b4be332081dde72bf54a197b1ee0bde66

SHA256
690a83bbefe1e97de5d2c1c0791707e8ddc3414a12cf30b79329fa5d21840d6e

SHA512
fd9d36c63b00bb1caf6a25f2c797f3a844395f16016a9010819462d647e8e759fd8887e5eae3ef300871f4abef05f4ceca9edb5b30ffdd56efeede9c75f56e30

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\sw.pak

Filesize
365KB

MD5
9632dd7d883fa4deb3963ea663e0ffd4

SHA1
0db135be4b3a7c54c39e9df5034d5576b68ea92e

SHA256
690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e

SHA512
3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\ta.pak

Filesize
936KB

MD5
714ef30e819d791b41ab093d515e1704

SHA1
5410b58dcaa0bc82146655ed56493581d18d5c04

SHA256
9be97a18356b05ac4c3aa2b7e719eb29b47d8ad406aa50cf0f24bdde1d613083

SHA512
a35074a54dc12a68301553345c69f02ad31bc010690d5f4c4fad5d65b3fd9c3f7c3ec7e3637673d250cb33496b93a9582e28b5210d11137bc0bd5b2e219c0aab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\te.pak

Filesize
869KB

MD5
28f500e12a7b91d91d8f99395fce8332

SHA1
885fd6c78259ae38f7dba3887f7fee783c1766bc

SHA256
06dd7ae122d6f1f394aeb85089a9c837ec05dad627b0bcc92863ab2830e971c9

SHA512
6f0fe4a527e9c53a41d20f95cafda7a2488bab310eecf68c98271a2db6f3efe5d2180e158b5018a9c56a0580b0735146f0ae07d884f564de1e8780956a10d190

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\th.pak

Filesize
731KB

MD5
d34a2993eaf0ee6bf65c3729baee426d

SHA1
d796911e57c89b11a603c645dd0e32aad7819d75

SHA256
7870b92c64f7776c469b4d19be8881ce30a5263cc8287c3d7de573aed43c7dba

SHA512
eb2f4b3cb7741c996acbd121d0c69eda6cfac6bdbd7b8036dc6394ed7e49c9a45641c7983431b5f8c5db685fc7ce958e7c9f5e79837b381caeecf009f79ca4c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\tr.pak

Filesize
371KB

MD5
0662e2b67524444e843d0104adab0b7e

SHA1
ec39112f57e28010295398c24c6a17e60a88fd47

SHA256
e8f86dc87dbf11935863efb3a5af8213a97123889019e98a7ef313b488088790

SHA512
6529083d04e777be3cdaa14f06bb6b3a3d26006ed9d067f7a1bdfcf669856cc6340bf0caf90bbceb75666062fac1bc02ca2d2cff94c6ca5627ccaece6f973a65

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\uk.pak

Filesize
634KB

MD5
0d9b7f3ce815f7bcfd63ee3492350d52

SHA1
6138b5dc296cf406b2314b8b797f9f96de2b40fb

SHA256
b86358579a9cec015c996c6ae862ddcb8cb558f30eedd0d0b9ef3cb18c3cc130

SHA512
17d874849e5eb17bff2ac98c8191f9f38a07a66eccc502122c0ed2bdd6af94eb17db1b0a2477a75c1fd4f3ed00c76b1818eac5bc4093d92eca0d0a5323718cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\ur.pak

Filesize
552KB

MD5
6733dba4f3f0afeffc40bd87300b9d6e

SHA1
610aab026d25f2cec6c636fbaee922c099d26ef2

SHA256
d0c8ae8f4f60f04d4eee8cc639ee3b52ad073f5c9ee6fb84c774eb855fd51e9c

SHA512
40c1cb7be3709bb6ef01a4e66bfd85e20641020a800292a2a14f4cf188242aa0b8d42cabd0f323acd3d2f257243c7dc04b346a39475343c761af7a1833c3366a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\vi.pak

Filesize
439KB

MD5
5b8fc875f0b57ac7793e19e0ac6f4899

SHA1
b8ec064365fc29a70bc3a8d3df0ef222ed244fa8

SHA256
ff3cdd834569cf9f957a444ab8a51ebe673bd26d7c907a907aedfeed248d4890

SHA512
f3a9ad912823aaae0d089cf53151cfba0b6fbc2cebf826b1b7c70fec03bf3f967e440558fef94c990c87349b82c36379bf645b828ab6b69eb9f396165dd6178d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\zh-CN.pak

Filesize
223KB

MD5
51cf7d93f8bf8b401bccc0861ab09c44

SHA1
1cff1af0ad6ea3a4fc7a21ef06ccf4f91e0ee5ed

SHA256
1973160e25e3ec78d4791685ebd35d8b509f43d4d8a4ce4ba6f97c5b2fce5753

SHA512
959ed8fd1b025cac31647ace491ec750a05a128039638ebf43f5b7baaf3c2029811a305fe30e5f279f69f64ca29cd9405ba583032e8633842b80fd56ab15f878

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\locales\zh-TW.pak

Filesize
192KB

MD5
540d831e4a7fbe25ba4ed14c40eb3faf

SHA1
92bce5f107cf607572e9cc14dc0a3c1ddaf93822

SHA256
c3322ca2802e7023fc07785ebd9bc7b6d93b26516058ff2c7a9cc7c6197475fb

SHA512
5fde0c110e5d977279eabcf7746470a2261b846063bd2241da5ca0198d9dfc4e21c9f94fee8d7f46bf5262c228bf29d1ea0e1d890e4f49493aa821a19722d931

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\resources.pak

Filesize
1.4MB

MD5
7d36760c88e895564d4df812ea2e3f15

SHA1
4f903282ed066fb2ae58f8cecf60e6f3de645983

SHA256
a4eccf2eaa53b2f0735d8986d14bc73209916b4617ccf4f0a34b6c133dd6819e

SHA512
bc7b175724ee947e139d0a2acc997c052dda50a60fb37d0bf470944845b8de9ea6eeb9e1a46bc3e1e22f64f10a6c7cc09755666778b7d8da07b7ed746a5a0840

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\snapshot_blob.bin

Filesize
168KB

MD5
b82ff216a0babf602940759b9a3af870

SHA1
07e8a22dcf8d7be04a6ddbcab3098e040494bb0e

SHA256
943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5

SHA512
da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\v8_context_snapshot.bin

Filesize
471KB

MD5
031ea03da08fe1247280cfe781658791

SHA1
e91db50ad16b5a5fbbaf4118672d60b347ea6161

SHA256
c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c

SHA512
b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\vk_swiftshader.dll

Filesize
1.2MB

MD5
da520e0eb314c35aba4ec4aa31b56b86

SHA1
735770ce65149cb2291ba0bddbd635240aa864fd

SHA256
48cd512fbee071021970972579990d41ae971036ea95c7a9feaa93a09a261ebd

SHA512
5d7101b209ee8ba245628229adf3bdb471f80323975df0bfffc6e673dca6dd6218d9b7c348dd759ae214e20e18718e066cb4ab85b3ed7d2b1a35a6003b25ad74

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\7z-out\vulkan-1.dll

Filesize
894KB

MD5
c286e1191c5b91130b6d16e23cbd44f3

SHA1
8231664efdf30b07ff0dbc6b6f4e4d46ec574de0

SHA256
8d4b92d08f42bfe9d30362b9cf671fd6ae3166ade44f94de17dfc531393b66cd

SHA512
5cd07f2edec7bbe8684ea291a9d1dd3709f6a25c55fda3d92938eaf9c3b047ec481e3e7f3fc64973f6833422ab5880f1318a15afa666e2dd207763c7d3822bbd

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Network\Network Persistent State

Filesize
495B

MD5
2044b0254e6d02d43bbe0544cec5b623

SHA1
acbfd2d383deac802543a26709ac67fb1cff3f78

SHA256
791a894d3977a4c83db64d0c56a94daf235902b6e429fc8b084cc6c66a6f6571

SHA512
9b718a5c1968565556747829dac6d1589883f417878dd3738283f8565c42f4eda1d0548c7ee5db4e07a346499ab78d9f9e83946cfbbd1a8da2e70a95ce642a55

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Network\Network Persistent State

Filesize
617B

MD5
a5a11a1f3b4ccd01e873344e9f5ec6a8

SHA1
34a4a64269a9a8cb7d49de23fe5b718ffe14bd97

SHA256
924d5ee9511455f1f77e3d827069be9ec9ae829d0dc9a826b64252361dc358f8

SHA512
653d6c31e5d4d6ee186cf7bd228f9d64022f389f6a2b5108c82df55cd9b47f5a0cbe0db605b43c72956f3581bb9c28a2d004092ecce621d4ee0a24a3929659e9

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Network\Network Persistent State~RFe5bfd39.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Network\TransportSecurity

Filesize
203B

MD5
2e95491e8543f05c4c40dc5c7d747d2e

SHA1
866a31712f87823ac97ca9d25cd2cf0e0a34ae3e

SHA256
b790bcb6124937908ead4383323195a654b50fd7fc3f29059f604d012e7efc28

SHA512
31c6c0dc503dcabbc4395913b2d5fdf6ca49b2b066f9cbfbf4ea26922589c2169d81aa38f5953cda9d6ba8e8d01c682dc4a51bd83ab8b44b1225ee829e1cf87d

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Preferences

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\Downloads\CheatLoader.zip

Filesize
610KB

MD5
a49230fafde798b32af54a20cba02ef4

SHA1
03d0a7a111ebc865e113f9f99420798942d22c7f

SHA256
6868b9df2df99a606d0d7f6aa98923442a478b2eebd3eb0dc39f108bd293d6ce

SHA512
bc07945b129e61b2988b31b2061613f80b0a02dc07218875a816f97b12084eca8673a77a9018e6c2a772b2502a7ba99f9a027e93ea656d7b59f40cfc2740357b

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
80648b43d233468718d717d10187b68d

SHA1
a1736e8f0e408ce705722ce097d1adb24ebffc45

SHA256
8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

SHA512
eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

Download Submit
C:\Windows\INF\netsstpa.PNF

Filesize
6KB

MD5
a464ab7c6f7f8698dfac3d37c13f5044

SHA1
2fb0bd32be45e528e02f8d449e0b571599ec2f58

SHA256
5830d89eeeaf6448ea132da8b07ccff5ebe9bf0a60a5c9f82e5d8ca2c783bece

SHA512
ad178e6c2bc6359df21a9b9b90d456552151057a1e7e0133b0dcb768a31da6998e061db50e24eac2c418f0a6717e1d4287c76755d895a0fa84faecc734780bdb

Download Submit
\Users\Admin\AppData\Local\Programs\Launcher\d3dcompiler_47.dll

Filesize
768KB

MD5
500399d61514588bd13244246068934f

SHA1
368a90cef453c36d6450b0937cadc3a0fb64dcc9

SHA256
e30740b794342f978f94edc1abfbb0614228c5e0eb13903cb911af36c52e5caa

SHA512
053e7a8da18e98722b23f8281b20160b5dd5b5b9f35313ac1180a440e46656b000e8c9aea1ad318cfc8ad07d6976de4bdeec376686aff35e96874770a8a04008

Download Submit
\Users\Admin\AppData\Local\Programs\Launcher\ffmpeg.dll

Filesize
2.6MB

MD5
e3ab6f226a9189a456d53dd700f5d503

SHA1
0d3f467e9f36a404eb10b318c758edaf02305e26

SHA256
16070fc0fc3ae0d3d5872e5bd2194d883a1d91cf021e1fcb708c785a348c1a80

SHA512
b1d5b362489b5d26037c035c8b1e9bac24a4555b64371b41f8549ab70d5d591589ba154e163ec84d4b4b4435903db32f7ffe0f720f5e6d01b7656ed03f6757d0

Download Submit
\Users\Admin\AppData\Local\Programs\Launcher\ffmpeg.dll

Filesize
1.1MB

MD5
85d263b38618c8edb07acd55b07125db

SHA1
cec6023ce6c26885a2e394a5a37f4bac8bba4ac5

SHA256
05c8131d96341996962ff598e1745979358a3cc57a89f46e3a94f249744b4dfe

SHA512
78a4636348ca313c57370befa4af65b74a293858fe7464b195d58d85f1b4a2de7c0221918d29fa0d7d6d112172bc512e4b854e7894ce06dbd208acee45df293b

Download Submit
\Users\Admin\AppData\Local\Programs\Launcher\ffmpeg.dll

Filesize
768KB

MD5
a88d9106d4ed4dbf12fe948b28cf3ae4

SHA1
f297e25ea899b9df321f5680456c3d22cc0f7f3b

SHA256
0175b750dd707b92a86c7ca3e8c619263864932c9bea2a0d8d721ce6301a2b14

SHA512
1bce7d878d650a2777ef73d2ea1a3fb8423e54f64e8553475db9de99b79ec6ff6c2fc5de9dd7662d5a6b7c46306b74083d2bd4b51d2857ca3824631b3d4091e0

Download Submit
\Users\Admin\AppData\Local\Programs\Launcher\ffmpeg.dll

Filesize
618KB

MD5
c0b0a2a2c80d5500da75a9070e06fa01

SHA1
bb6da8a97722753d1056ab31aff867aba6480865

SHA256
d756984fd7c1e386da753e8b2939ed1a1826584366495987b211a4070cdee1cb

SHA512
36df9d6a90de99dd12743e1f5bb0db68525db000638e82941e6b4b154176b6197935604fe558209c4e5292b2b514e3e7a23e9a265e5cc66cd5db96e556bee6f7

Download Submit
\Users\Admin\AppData\Local\Programs\Launcher\libGLESv2.dll

Filesize
768KB

MD5
6655b76770c97eab4f5283559c6f20d7

SHA1
f4d561235eb3195333b08d12b5a139300d597b31

SHA256
1874ecbbdfdf5bc9ac279f0ebc641716201d81d0618acab0605ca2f0592fa895

SHA512
51698474e36313dd6cea3e3d5f9c1652fa50b07d93e9c86c1468dd2335571d815aa2132318b9dc0a4a3c576b9adc27e97a323da200e4ccf83b45f59fee8c6402

Download Submit
\Users\Admin\AppData\Local\Programs\Launcher\vk_swiftshader.dll

Filesize
640KB

MD5
8359bcc101ff83a0fad881fbbeb379ec

SHA1
695a193aca9f7cb03b494faf792e167f81a7ca63

SHA256
7a63fb2fbe3bdce5080517f50a8213c9cf6d66f7e3059bead3c247fdf4226242

SHA512
a1df9941a01f485ac534f5568deb15444e96566549bb84087ce497eb3f03c785229d9df511d95256a6e71b30dc0ada7fcf3ef8e8eb04c1be80d8bf3e9498e3cb

Download Submit
\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsp4CDA.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/4436-1385-0x0000018A801E0000-0x0000018A8020D000-memory.dmp

Filesize
180KB

Download
memory/4436-1333-0x00007FFA4DA20000-0x00007FFA4DA21000-memory.dmp

Filesize
4KB

Download
memory/4864-1982-0x00007FFA4DA20000-0x00007FFA4DA21000-memory.dmp

Filesize
4KB

Download
memory/4864-2193-0x0000027968E40000-0x0000027968E6D000-memory.dmp

Filesize
180KB

Download