meduza | f6de40a0e0c5b51daa70456189d10f7fc1e7dcd36168cf8afcb17035efda6686

Analysis

max time kernel
160s
max time network
378s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WeChat.exe
Size

644KB
MD5

66eb21741ecfc2a8a53a24d65ec7a40a
SHA1

6d70532a0b9a1012da004bb78461fff8d9845253
SHA256

64cd27f902fdf3e74c2ed74f7640ec000441ef46daffa20416da582e751b18a8
SHA512

47289021ab9543a30a2ab647f42619cba048be9c03f4b8c6fbc888bb7167c0cd8868e482114874c0b6c8f02dc48b6e87d22b1c4f04e53a0d20b62897199955be
SSDEEP

6144:GYEMF2LJ65kzLpKhlD24mjLrTeXivA29PR7YK:GYEtLJ65kzLpA1VOr9J/N

Score

10^/10

meduza evasion stealer

Malware Config

Signatures

Meduza
Meduza is a crypto wallet and info stealer written in C++.
stealer meduza

Meduza Stealer payload 5 IoCs

resource	yara_rule
behavioral20/files/0x00070000000232db-109.dat	family_meduza
behavioral20/files/0x00070000000232db-144.dat	family_meduza
behavioral20/files/0x00070000000232db-258.dat	family_meduza
behavioral20/files/0x00070000000232db-228.dat	family_meduza
behavioral20/files/0x00070000000232db-210.dat	family_meduza

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	WeChat.exe

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	WeChat.exe

Executes dropped EXE 4 IoCs

pid	Process
4320	WeChatAppEx.exe
560	WechatAppEx.exe
4400	WeChatAppEx.exe
1324	WeChatAppEx.exe

Loads dropped DLL 29 IoCs

pid	Process
1108	WeChat.exe
4320	WeChatAppEx.exe
4320	WeChatAppEx.exe
4320	WeChatAppEx.exe
4320	WeChatAppEx.exe
4320	WeChatAppEx.exe
4320	WeChatAppEx.exe
560	WechatAppEx.exe
560	WechatAppEx.exe
560	WechatAppEx.exe
560	WechatAppEx.exe
560	WechatAppEx.exe
560	WechatAppEx.exe
4400	WeChatAppEx.exe
4400	WeChatAppEx.exe
4400	WeChatAppEx.exe
4400	WeChatAppEx.exe
4400	WeChatAppEx.exe
4400	WeChatAppEx.exe
1324	WeChatAppEx.exe
1324	WeChatAppEx.exe
1324	WeChatAppEx.exe
1324	WeChatAppEx.exe
1324	WeChatAppEx.exe
1324	WeChatAppEx.exe
1324	WeChatAppEx.exe
1324	WeChatAppEx.exe
1324	WeChatAppEx.exe
1324	WeChatAppEx.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WechatAppEx.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WeChatAppEx.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WeChatAppEx.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WeChatAppEx.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WeChatAppEx.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WeChatAppEx.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WeChatAppEx.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WechatAppEx.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	WeChat.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	WeChat.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	WeChat.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	WeChat.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\weixin\DefaultIcon	WeChat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\weixin\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WeChat.exe,1"	WeChat.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\weixin\shell\open\command	WeChat.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\weixin\shell	WeChat.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\weixin\shell\open	WeChat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\weixin\ = "weixinProtocol"	WeChat.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\weixin	WeChat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\weixin\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WeChat.exe\" \"%1\""	WeChat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\weixin\URL Protocol = "weixinProtocol"	WeChat.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1108	WeChat.exe
1108	WeChat.exe
4320	WeChatAppEx.exe
4320	WeChatAppEx.exe
1108	WeChat.exe
1108	WeChat.exe
1108	WeChat.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe
Token: SeShutdownPrivilege	4320	WeChatAppEx.exe
Token: SeCreatePagefilePrivilege	4320	WeChatAppEx.exe

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 4380	1108	WeChat.exe	85
PID 1108 wrote to memory of 4380	1108	WeChat.exe	85
PID 1108 wrote to memory of 4320	1108	WeChat.exe	90
PID 1108 wrote to memory of 4320	1108	WeChat.exe	90
PID 4320 wrote to memory of 560	4320	WeChatAppEx.exe	94
PID 4320 wrote to memory of 560	4320	WeChatAppEx.exe	94
PID 4320 wrote to memory of 4400	4320	WeChatAppEx.exe	96
PID 4320 wrote to memory of 4400	4320	WeChatAppEx.exe	96
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97
PID 4320 wrote to memory of 1324	4320	WeChatAppEx.exe	97

C:\Users\Admin\AppData\Local\Temp\WeChat.exe
"C:\Users\Admin\AppData\Local\Temp\WeChat.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Users\Admin\AppData\Local\Temp\[3.9.9.43]\mmcrashpad_handler64.exe
  C:\Users\Admin\AppData\Local\Temp\[3.9.9.43]\mmcrashpad_handler64.exe --no-rate-limit --database=C:\Users\Admin\AppData\Roaming\Tencent\WeChat\crash --annotation=crash_notify=1 "--annotation=ext_info={\"app_call_name\":\"微信\",\"app_name\":\"WechatWindows\",\"app_path\":\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WeChat.exe\",\"dwbuild\":\"43\",\"log_path\":\"C:\\Users\\Admin\\AppData\\Roaming\\Tencent\\WeChat\\crash\",\"major_ver\":\"3\",\"minor_ver\":\"0\",\"module_name\":\"Wechat_Windows\",\"modules_dir\":\"C:\\Users\\Admin\\AppData\\Local\\Temp\\[3.9.9.43]\",\"product\":\"WECHAT\",\"report_type\":\"9999\",\"restart_app_cmd\":\"\",\"upload_choice\":\"3\",\"version\":\"1661536555\"}" --annotation=log_path=C:\Users\Admin\AppData\Roaming\Tencent\WeChat\crash --annotation=product=WECHAT --initial-client-data=0x490,0x494,0x498,0x49c,0x48c,0x4a0,0x7ffba854e3f8,0x7ffba854e438,0x7ffba854e468
  2⤵
  PID:4380
- C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WeChatAppEx.exe
  "C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WeChatAppEx.exe" --log-level=2 --helper-handle-value=2109566579 --wechat-files-path="C:\Users\Admin\Documents\WeChat Files\\" --product-id=1000 --wechat-sub-user-agent="MicroMessenger/7.0.20.1781(0x6700143B) WindowsWechat(0x6309092b)" --wmpf_extra_config="{ \"reportId\":-1, \"version\":8555 }" --web-translate --client_version=1661536555 --wmpf-mojo-handle=2900
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4320
- - C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WechatAppEx.exe
    C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WechatAppEx.exe --type=crashpad-handler --no-rate-limit --database=C:\Users\Admin\AppData\Roaming\Tencent\WeChat\radium\web\crash --annotation=crash_notify=0 "--annotation=ext_info={\"app_call_name\":\"\",\"app_path\":\"\",\"ext_param1\":\"2.1.0.8555\",\"log_path\":\"C:\\Users\\Admin\\AppData\\Roaming\\Tencent\\WeChat\\radium\\web\\crash\",\"module_name\":\"XWeb_Windows\",\"modules_dir\":\"C:\\Users\\Admin\\AppData\\Roaming\\Tencent\\WeChat\\XPlugin\\Plugins\\RadiumWMPF\\8555\\extracted\\runtime\",\"product\":\"browser\",\"report_type\":\"9999\",\"restart_app_cmd\":\"\",\"upload_choice\":\"1\",\"version\":\"1661536555\"}" --annotation=log_path=C:\Users\Admin\AppData\Roaming\Tencent\WeChat\radium\web\crash --annotation=product=browser --initial-client-data=0x4d8,0x574,0x58c,0x588,0x6a8,0x538,0x7ff792f33d68,0x7ff792f33da8,0x7ff792f33dd8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    PID:560
- - C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WeChatAppEx.exe
    "C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WeChatAppEx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=zh-CN --service-sandbox-type=none --log-level=2 --enable-crash-reporter --client_version=1661536555 --product-id=1000 --log-level=2 --mojo-platform-channel-handle=2276 --field-trial-handle=2508,i,15815865155632730053,3144756514820279090,131072 --enable-features=NetworkServiceMemoryCache,OverlayScrollbar,WebPredictor,kXWorker --disable-features=AnonymousIframeOriginTrial,AudioServiceOutOfProcess,AutoupgradeMixedContent,BackForwardCache,DigitalGoodsApi,NotificationTriggers,PeriodicBackgroundSync,Portals,TFLiteLanguageDetectionEnabled,Vulkan,WebOTP /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    PID:4400
- - C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WeChatAppEx.exe
    "C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WeChatAppEx.exe" --type=gpu-process --log-level=2 --enable-crash-reporter --client_version=1661536555 --product-id=1000 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-level=2 --mojo-platform-channel-handle=2316 --field-trial-handle=2508,i,15815865155632730053,3144756514820279090,131072 --enable-features=NetworkServiceMemoryCache,OverlayScrollbar,WebPredictor,kXWorker --disable-features=AnonymousIframeOriginTrial,AudioServiceOutOfProcess,AutoupgradeMixedContent,BackForwardCache,DigitalGoodsApi,NotificationTriggers,PeriodicBackgroundSync,Portals,TFLiteLanguageDetectionEnabled,Vulkan,WebOTP /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    PID:1324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

Filesize
471B

MD5
3b00b30ce16b953272e3d451dd198729

SHA1
117abe6b4dffb654aed01fc7df7a871f35ca9950

SHA256
b8c082c7ada4284086aa433b253cc65e73f6ff239ae7fd6a71d253e34ae44f66

SHA512
499d52e792f2ceb07d3255e9bb63aca77425adcbcfe490f63b0f5e4c8c139fc3c0afd5cf3c2ec9ccf3f7d7fd31734117a68a8bf63bac052c939afb1c03157835

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_36069BBD3EB05D23DD60E5E55173537C

Filesize
471B

MD5
0d89c33441120f87b1a90b9d0559e66e

SHA1
3ae6661ff57ce532fb2889bdc526e08e8637b1ff

SHA256
cc6e28544f288f33241fb5e89293e793e60a9a674c7c747654b842c116e5c27f

SHA512
2b916785308a4822e948f03144a05662fddbaabc39bdc2ce131aea9938cbbe6c63711e2c3df1419385a9bf8feb4a7c359b5f4ed8ac8038c7cb520f4f4d7dbabb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA4458E7366E94A3C3A9C1FE548B6D21_4B8278BA8F55C23F8BC7CF648BA27BCC

Filesize
471B

MD5
5d35d2adccef6c14039478c0ad34ef4e

SHA1
65c142d4f49336c35204b9c5526da0b9720e639e

SHA256
8f435c8d26b7c40b5d9c620496545b3f50b5bbaeb8cc4cd5a4854f98e6c26c86

SHA512
97b8b445d1693ca76dd3186a3411b1aca056c49c35f3c1ab0009410e35bb8563178536edc363a798c38489705137bac68b52e4ade26732af74a8ebbb7914c3ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9

Filesize
471B

MD5
f159f9e7b10d12df0b0affb8816fca9b

SHA1
d1eca47979b7753b23bbfca78c23100de02b3cd4

SHA256
9af89954cead6b36c020aeb01a5ab140c74da5afba7603911f31747aa1db04d1

SHA512
e4717a3b6db666248c1da159ea1cc3f45bfaa5052dc812e5a58051fb8678a433ad53d2051c0528fd1096757497c4f789fb111571256eacc6ff480d6a218bedcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

Filesize
404B

MD5
e55b73d8bea654a3c9dfe9a2ce862c51

SHA1
ee4338b9b824409f508a35e6fa63726e5d73396c

SHA256
993d76fd3da6cd48edb3d673b4d87bd9c925851fdc385c1dd3248a6515cc7a59

SHA512
74f5701efd1c594b409f6ff99ce76fbe8913f033f5d166f28c3925d45b1ceeb40a14f8d8af5d618934c1c6e419ffb244a5ab82b82c03439d9a160aeac00fc707

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_36069BBD3EB05D23DD60E5E55173537C

Filesize
400B

MD5
e73c4c4ac8c53c5ae6b3727e58bcf905

SHA1
b80ed64e5fd8046953afd5b716d38a1d3a6fb56e

SHA256
48da560306257cce0c191cd4dc6ffb98c5b6c858359694f07b984fa5bc41b7d6

SHA512
9c5e50ca011ccc3ed7ee339ae4edc960ea9ee7737e770b2d687ab8bf2f25184c75d64c612717f90e91a8b80580035a168f90eb20688b2c8079715c62ba06d395

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA4458E7366E94A3C3A9C1FE548B6D21_4B8278BA8F55C23F8BC7CF648BA27BCC

Filesize
400B

MD5
907fd23f85443dcefd10ad9021e8b8f5

SHA1
d872166e07884159d26d522c0a1f42032396430d

SHA256
eb821f0dd0ae28f17b86f6f53c8256794f7256d5c8a1ea159f97b21fe8b0b6e9

SHA512
a3fe214e962173ac67b54935d579fadd6c8da9d62796dfa01065f39d0db0786038191255129d4308fe3f1f7eb95791749b6f6f791dcc19b37cb1a24d5628d21b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9

Filesize
408B

MD5
086690d973ca6c337847e08fc9b2a532

SHA1
3564e8ca2290e1e02d3894766647f27e4f4a5d46

SHA256
04433d0086b8417a2014b88e52d3f593a61699b317f6a4cf16c7f0603794e5cf

SHA512
ccfda61dc4ed0e333e2f5ba464c1785444e18cd14eb27ac66eeab8fc3751a9350c45d872aeef5d83c8131968e5d439bfd2c9e3a67b9d935966956c3a5fec5b9c

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\file_component.xml

Filesize
3KB

MD5
3a379b929bc1fa72bdfb26209868243f

SHA1
5dbc2a0ed608bcfbbec137fcc3d35bc4fbb13ab5

SHA256
22961f3dcb551ee914a6d8561e0f1ed382219f21f4d9df136065c8cea404eccb

SHA512
740a7570991cbdd22a967120431e794f6eddc2a06379f80a1836d3b35e2e7254aa7f71fd937abe25dcdeae287322c4738f7fe344bef602a8b3ce649a9b68d60f

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\host\wmpf_host_export.dll

Filesize
1.8MB

MD5
557263e28dc6c1416cea8b43a9a47282

SHA1
bb2306ef4e99dc0b10aa8ab51bb2872ed2a5d45a

SHA256
d40ebacc2c08b72aa48dbe613ef2bc4cfe65bf0fcd63254239308fc4ae0eb226

SHA512
b8fd24c566d770a452ecb5d227ccfe2ae8afc37d1c797d064adda63ec34a606c3ac882b2a366e4828c5c4869e249e2cf9dd9852185d63da9ff4bfc6c71c3d686

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\host\wmpf_host_export_x64.dll

Filesize
2.2MB

MD5
e479c9b7f445f62e512dca0b671fddba

SHA1
20a0df44d91a5e3b9bb8e422946f343d4f82df61

SHA256
c9c85a4136cfd3a06cf15d1fa59e0ae0343cab03986bec5cf4456402d8eb3b3c

SHA512
0a1606ec5a794f1c1b4b28e3161cc142999d09f4bc8ffbd241b4c42bba562048a0653857ae1b2f70cde6691e7ce4b78a2201fbf540c3ca4c64a4f64d7887b1fe

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\ComponentVerification.dll

Filesize
179KB

MD5
2d39b287fc2e07a9f26620c5173b41b8

SHA1
5cb471dea1a7087f5b6735ff8f43f9f27d32a061

SHA256
28e883c76d68de23f0a2aaaaf8458e490c54d6874e33594b8fbf7e44f099270b

SHA512
6e37dfa78c40ce8fd58edf237cf26c4d100f19970fdda8c0cb2cb95718ebba284c1e1ea481335f8270b9ecf015757f206b74de6c83a5c7e409e89b214abb064c

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\ConfSdk.dll

Filesize
1.2MB

MD5
c21a0198c2c75b325b8fd1233ba6984e

SHA1
fc0442083b7c165b97efb8018cffa0c78ac50a8c

SHA256
f9c904746a447a25f2e7815448e69a5c29dd2c207962df208916d3e52e2ae888

SHA512
d34a74715ef8c86b05b8802882a77265d71249f00fa4e9b850322465747fda2fce8e6a56bd1aed3ec99ef5957cb192e487f51fb0c575bc07fc7b532e783be0e3

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\VoipEngine.dll

Filesize
832KB

MD5
6113a9f6a73b92592f80ff9c85b84c65

SHA1
8691d5470d17c481e1cba6845800becd9fee65db

SHA256
a05d26807e553c952e8283e0144d717811a80d521b31cd98c78640fdf31d0d30

SHA512
fbb9fa2291f9a276874ad43e4681a4f4fa81a3646673d0721f10fdf3ad8b5f76a3c784a3038d614b90771bc2d364056621bb374eda793979d1f729625e762617

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WXAMSDK.dll

Filesize
4.0MB

MD5
8cd73542e41661db4b3f6942a5017b43

SHA1
bf14e23bfe3e33358f16e7617e59b88296e9b67b

SHA256
cf33313b9db882a5a39c9dc4624f24346d75a21e69d540f3e263a0c204b113e5

SHA512
71ea1571b9f3c0896ef5b9868f7b108c8719dc8006adb7d781762eca1d055c49add4b0b6a6f2fd2cb2b33eadd8ee0d1b5e88ee325a4353d582482a4f1e8a96e3

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WXAMSDK.dll

Filesize
5.6MB

MD5
bfb2782529b05bce190404476ec41556

SHA1
64a86530f88e8eafb0077f82aa581414fad38717

SHA256
c13c40fd77af97cea5d733a44cd0888b8dcf4769f98fce354f4f461215c8713e

SHA512
d536f84e31c1e7b633b809bcf7e6a9f4baa338c70a38c4f44e55465a4e4ac37e5b0380c005fe7f8c31c94dd244eaeb35bd847784a62b5a6067b8a24474b3b096

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WXAMSDK.dll

Filesize
1.6MB

MD5
5b1b3d1a07f22684c4136c65128cc2c4

SHA1
7aa264369cbbb72f5fcdea258a4570857238d675

SHA256
d1d97c8c81bf1dd79192bce405952eb1f5d1628a04334ff6909901f04b1123b0

SHA512
9c9d473ceca28a583bc55fdb05712266e0feffe79d2da93a8035ad1bde8e280e6a6ca8c9d93c728ea52fcf7d734137fa326ee80cfcb88354973f315cee15b9ee

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WXAMSDK.dll

Filesize
960KB

MD5
4afd4d8455644c263e539cb060e5ed5a

SHA1
b579839594167341ba082f749060bf57e507785a

SHA256
43e3a5ba98850ff02220191e4688ee2e7897fb313bbfd7c6a88c4037e47e96f2

SHA512
89ba75787205ed7fd7ffb05425675e0e29e8f77fbe92ac5c235278b2f7da6fff5c5de66b988b5027faa125d6f24dee4b40933446934afacbbaae1837f574fe72

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WeChatAppEx.exe

Filesize
7.6MB

MD5
b1a4d16e694731b5c6e54f98557aaea1

SHA1
ef5723b4c63f377370c22c11c60ca8dba9dda3b9

SHA256
96df2a9b1dbe720668fe88a2dca8d63e0573c547cca5173ca114cbba01e5a2c9

SHA512
29a4d8101680a15c616fafdddd1523a785c1fef1070734f1910108c84b72c58a885643638d656ef29e4534b0045e69422397303cb02115f1a22371d4233d034b

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WeChatAppEx.exe

Filesize
5.8MB

MD5
76dcb8f0150cbcee1de09cf6fea2326b

SHA1
3879c8c286987d8d21bad00b664f1931b565a17c

SHA256
5e50f7bea3f742a3400b7108fe6c63c7b91af736167bef964211ae86ef623c6e

SHA512
910f7ba7af6c7e3662db8519339b91639b867942ea83c583591d4e7f40c458f4287be7b59bffcb24639cb4a4ca0e6f2028d2d82c644df97531d2b1f34c728086

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WeChatAppEx.exe

Filesize
3.4MB

MD5
f26573e95d557be906fd407394d4094a

SHA1
5076d228c2239c18d7ee1af5b6c721b67713a1ae

SHA256
c1caa55c20141672b9d99c43d69897ae0c242e7414f76d63dda83cbf0e71d0a8

SHA512
e81561b74b188ab5f4e3a63a2bb710b8608c08f15b181f1cca120ed845d7b9784f796eb68746c5577ac28495d43fdbf4434ab8443b1e7c0dac244261a27da895

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WeChatAppEx.exe

Filesize
1.1MB

MD5
b9f67f6e8998b4895c2f2deb5816dce9

SHA1
98fbfd0cdec81a682a200f3880a806697b87fb69

SHA256
ba4ca25f1267ee7d81fa53c241659f6cc67e38ff2b20bf51103dc6df8a086200

SHA512
0cee3ec8818f2fa7dcfff5b6a925d5a3bbf6dc4174c3f6b197a96748965b18c98a744c5f5fe4ff3b8380ac517cc17d5be91bcfdf53bc7a728609492450f6208f

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\WeChatAppEx.exe

Filesize
704KB

MD5
63fc41bc924e7c11486d278904f88284

SHA1
7c4ef7e3778e39ac14ff08e9b05f0ac8205dfe24

SHA256
0e07f4157d97ade53930d4c1ccce26d3b27695a182a8f29925f95662ecec4ad0

SHA512
b2015e30c22271196ad93f484baf5630ba9cb726e58992efb44dba5287113d2f57702ef560ff0f36888cebd5a87cd5c1faf49b1943c3391c5c43b52bec03ae0e

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\d3dcompiler_47.dll

Filesize
4.6MB

MD5
56b2ce6eb830e31818de197b9b61c3a5

SHA1
e2dd40b4a063936acd2464069e9ecf957f0e7c17

SHA256
f061e3403c01bdb7b9f149bd5c7c32ca4a099337198eb269af80dc0c89e8a63c

SHA512
d4d03b088d23429018ece1e6780415b5207b536bb61c7ea4219c3674dab35f97970c192360b4ad8a3ee7a754568694f9f4825d0199172b927666e29df2252bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\ffmpeg.dll

Filesize
3.6MB

MD5
7a557f3eea823f6801aee7a28a8fa370

SHA1
a59f091f475b882f1ec698ceb1a45a1a7f07da02

SHA256
e48277eea6a1ec54b4e63d2b501d53729d91586dda4374d57dfafdff9258422a

SHA512
23429aa245f78fe0eb7b6a87034170dd11a6cbfd25a26f19838c8f8a07d59c94d0e6f223dff266034289f9cc16255a2d498432ca91d70c163f09a249c1a95150

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\ffmpeg.dll

Filesize
1.6MB

MD5
4e99e6c85a8ba8eb0de8d875609abce9

SHA1
336e6c8029767e8ebb11e91717298e8b742faf0a

SHA256
44e9bff1fa9132559b9d44cc859d14eaddf52d3c4068ea32284ec974cb774d33

SHA512
6ee08f37d43a9d6337c1c4cc57d2275f0376bf50b63da0085f72429f9a3feef0cf1ad8e838432974a98d78e83bcaeb185409e06bbf52e2a66c59d59383e134cd

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\ffmpeg.dll

Filesize
1024KB

MD5
769fd2f01cfce16eb5abc84745a9f2d1

SHA1
4109ae8c4c7f23328ec6d755885f45b839d87284

SHA256
3d0e142fefe27ff859d2e61b5d4a63fa6823ae45cd994c29a6354d6fd936bda7

SHA512
e94bcc03355900fa488c784131f2d62fbda6d823360c74cc93ea0d87a282134eb2032c6be56872bc35a29471587a1198779ed821e420d0c50860de85526f8512

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\icudtl.dat

Filesize
4.5MB

MD5
055ee5092dfa81563751eb2917008be0

SHA1
08ae86a5b8e066cece02445be00a39356e469b6f

SHA256
f3c1cce4d2735f9bb74f912eb906c7d112f4ef0c56119293cd2cfc5a7ba9df3f

SHA512
396a33117f807f122f44b9b933f7876dfc63ef72411488783aa45e3adbed7a307fb525556dedd0f915ffe3237f1b6ed8cde19686cea43dd933ba5cc5a3c54655

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\ilink2.dll

Filesize
4.9MB

MD5
9a105f2d249e0154974580cfb54fb992

SHA1
e2ba89683cc08bbfdc5c7d6edd1991dbe2cb864d

SHA256
058a94599577bbb0738fbe77cea11f767fabda35ad2487ec5c7051d3237af83a

SHA512
0628176f3f3e803692aa30d8a8d14bde5b44f0d31c23f13f992ca7359b5844fb267660ed3ed709497d45fbbf2c5fa01b9a697783033e90c60c7a8a4965ada18b

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\ilink2.dll

Filesize
4.3MB

MD5
27ce20c7905eb06523f77899dbe208c0

SHA1
5d1580a762a39e6444aecf10560b7cb6150e8a87

SHA256
f062305cc272b6adcd861f879a829e9e447863dbe711047495afc9b168cd6eff

SHA512
ec7a24b3e1d6785b68e649af4191313a880948d13b10c4f56c85f1529d63faac397da4b22ecb4743804b24e95003c2a55f626fb951f874337133c9676a488fd9

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\ilink2.dll

Filesize
384KB

MD5
4da981e98be1195da3c9b41c9c3ac986

SHA1
5700d3dbf0efc3b9f7931dbc87ac3083b025c8ee

SHA256
88cd972b8d7d730bfb6251798f845732ecd5d00d3473e0efdd25576055b7f6e9

SHA512
235f277c751470f5cfd64dfa454defb49bb508bbaa02e41f8387dd1405f7e17af6b772857d6a672965e15e0b6ac697a1d3180e650e8c9eb4d054de984a588644

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\ilink2.dll

Filesize
960KB

MD5
1e925777f5bff038b8a21b67fa839b7d

SHA1
ccc24764a875961edeeadb83ae6b174237ee2b36

SHA256
495d4c0a08fcda309fffbfbc9dea99f623304172f9e65280318a689cf6b1a89c

SHA512
e3705b2b80357280b3ed5346c2989679f18496a8acc83ee539a97e1157bd5c4c02c7c0dc26d579a51919fd32fc9d648997e8d9a30d565d658626b41e33a15f41

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\ilink_network.dll

Filesize
4.3MB

MD5
660bbec5418458bfb231915a3f89b7f3

SHA1
0bdc33069826f10b26e898e785ee1cb4fbda1cdf

SHA256
45ac4260dbb50dbcaa3a782219ad1dae08b3bb99a2fbb4f08c0ad9565882b357

SHA512
2d0fb9e205fa53e293225af6669bdfdc30965264f46a5b573f0c4a2e3e4dfaf3ad263adfc39c43fdcd125a2a0cd7a0a4ada29239963a4862fb385413ce5ec330

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\libEGL.dll

Filesize
455KB

MD5
9b9728cd955f5b8794f1e36f8acd896f

SHA1
9aa0d34ad7dd878fa515f1d438d4bec682408451

SHA256
a41d39af4a544b68590e42d2880c65360893e3552a4262fa6648833b65674c05

SHA512
cdb77bd5f1e10e3178a7facd07a40e227a5d4dd6f3966002f6944e13da5ca58c5761ba29e4ab0521f2e2825da601307d84139845ce444a61ecaa11bda8c23cc7

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\libGLESv2.dll

Filesize
4.1MB

MD5
c8189a7e08f4a0d3fe8e3895b94ec0bf

SHA1
4005c1f5b32ab9cf859bd1c323b090f131ef14e5

SHA256
57080b5f0628df62a43416f21334340b72a319894be4ea523ff9de28e3c1a936

SHA512
c56d31e1aae00375fd8725691598ceae843f609b096d53afd18f989bad42df654fa541a22ed8c3c35bbcca02b116451afe2c25a9cfe538ca362028edfe6cead7

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\liteav.dll

Filesize
4.2MB

MD5
455805786daca1bc73d6cf1583533297

SHA1
47699a8753a90e93c1ca5f9e22196615ce37a61c

SHA256
27553e3b0d03cca05d98735f3642d5eaedca83324ad800f71216aab5498873f2

SHA512
239d518760c7d5a7559b675050fa0cbfa522ae40eb38a04b57ca23c89bea2fde04458f5bf0a136300131364f629809339c052be014856d743c1a2d1e54b45829

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\locales\en-US.pak

Filesize
146KB

MD5
1a2b147bba7f311d6306d1ec57be08d2

SHA1
6df45b6374f56259cbaeac058019771401ce73a7

SHA256
8c43aef9d28b6444a2c89eeea5a4b34f0c081c9f2df13c62dd083b6e5a6f4dff

SHA512
e384de31d453072683e7f694f921df72fd2b182b825aeaaef8604d4a6deadbef57793d73a57812c37dcc1ec46691df8d8f0f765ab36194c609bffd58285ff229

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\locales\zh-CN.pak

Filesize
145KB

MD5
7ebf36270f4d0787c6f0dae9fda6a56b

SHA1
ff90c3665728664d2f7b97f6351b2f07c1893a9c

SHA256
3abb82e958d76e767dfe2ba3ca1b8ee2c4d7de4d347f24ecb3c13f3935203830

SHA512
fbc48c571ebe6ccf68a2a2de1654c0c83e07c46f92e6b28896b9b4e25a451901ac9627546df97716dfb2824673083833d22aa9465290a1126470a9dd0deea928

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\owl.dll

Filesize
1.1MB

MD5
d353168c039c511e68371cbf169b8e68

SHA1
7df9f380696fc53dfcfe48a2075eda2a09bdcf10

SHA256
2cba0285a261ee54beba45e00c4494117d675c72f79a6b2757b1be040a3dc58f

SHA512
6ad5f63e3bb6743982868d50c6b91220c30df990a5e10cef03dc33ac97301b17b06a2f43e77999cdb34b71f15884290cdea99b5bfd6950a06ced2bbb69b6ab0a

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\owl.dll

Filesize
512KB

MD5
283365f81c789e4888acf556c20aa6b3

SHA1
f88efee5e144bbbde99f36acfbc19052e716d89c

SHA256
0298c063d58ced42a907595661f50c755bfc0b02fc1d781de3ac9876e2fb129a

SHA512
8f2fe2ac26e1d7c5d80082c630260ebc505ed3b3ddde5689799e478174c4c0c0dcdcf255d7d0f8de94d71f1fde623fab7150904aa3bd80746a05c866d011e592

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\owl.dll

Filesize
960KB

MD5
1017af8ec0340ce39b4f93e2b6e3e484

SHA1
2e3ed6aef832fb04f8a86c7d547e168664809aa7

SHA256
8b03f35550d2741c693e589cb6a3be59bc5c1e3fccb90d6254c70ac4023f9a48

SHA512
8a2fca34255718c09837b2abd3a1f76d5d40e7089fc7baf62b23fc0cb9b4bbb31437b41e27ca124bda4e46901fe7a54e5015ba47fb8141d5dd0c5f7e96c8bbc8

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\snapshot_blob.bin

Filesize
167KB

MD5
f722bfcc530b9090a146e41c59e3b9db

SHA1
72b3d63050282df94f704b618fa860b70f01531a

SHA256
dc97d457538d9d65576165417926331d2a86cf740f496bef861a34eec2093b6d

SHA512
d70f4855cc01f28e5154b21d04079f7d3d8e91165e05606f1354d943e2c58abf7ae2a6f2cce18286054e6f68adb10cc54973da8a7d959f029dd7917021ee3671

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\txffmpeg.dll

Filesize
4.0MB

MD5
4aeae7458ea5e56446eaf9591d03e7f8

SHA1
52241fa9e0f0aaf300da32e9e9b97f707e46406a

SHA256
eaf0bc8047cac14260db6f573a6335d1990f2c6f2a282e83c5eac910254630cc

SHA512
35c267ab968d9ada20a7a392dfd9d62daf256ebfb0c3ba50bf1b16274beab6f99f82608b45efdff407b04e865ac1a6c3780c305ff803f637a986765dd971e36e

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\txsoundtouch.dll

Filesize
138KB

MD5
a1f0e350719a002b8a2f6350ae503d74

SHA1
dcdc0b799380c2e52dd9cf59b7791f09e77a4326

SHA256
f08e874ae350f129e089638b26ebe833fbd492817e2317d0510d7b020be45622

SHA512
999b36abc126602f130457ff908155af696b6a6ba5406f06500eb19765a0e18538bd30409c8d30e5a5445c16781be94199905a263dfe0bd88be1ee4c53344f20

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\v8_context_snapshot.bin

Filesize
471KB

MD5
a2754ed8547785fb7886ad5ec39f03a5

SHA1
027615a1c8d6e79d487420fbaad5b222e333f6a5

SHA256
1760125a008dfcce4a21529c584aaf537b8284c1633a17d4bb8c5439106182eb

SHA512
cac0263eae2f38659f123c31c600dc9899d7ef3e778dea0d944322fddd3f53d153e87a9869e507a1b1e420305db699167753e72117a637fced5e85abdd38e805

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\vk_swiftshader.dll

Filesize
832KB

MD5
2487e2cb140963d180d2326c5fd637f1

SHA1
02690e12f0c2cb9b1d206a246b546f786ee34ad8

SHA256
7d71041660c5bd4092e76af7d8cddb990a6e1d761dd37c772eb163e3292c56c3

SHA512
567078e5dccf93a1d41a5b18ebd0383a406663c80f5aa8078c9c5e88f3daf42435e3544b69322c089c05c679921e7bba9628e2d4982546ecf8313dc71eab855d

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\vulkan-1.dll

Filesize
850KB

MD5
be5323d374ad59d357b71aa4e91226c8

SHA1
8cef31155e62a725eb4dfadbedd0716ef8368315

SHA256
92ffc96640a5194fc5e3daae4ae21236bf4bf597cd396412e21c9d273593bd28

SHA512
8a601d04ea5ee7251f4706c2fdc6de2db2946570a31f8848c90a2ce06a4edd96d2abc55cfe00cf85d93acabb7ad6618f8bd60c560bf932e6d4f99eac2aa9c286

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\wmpf_100_percent.pak

Filesize
896KB

MD5
5c93e752a91a6f7637faf77065ba7319

SHA1
f147043991b5cfdf688ef1242bdfa2d09b1f23d9

SHA256
2494555dd3b5803d79495ee064cd7b0d5f661442b7ba6c82836f79a8aa926e3f

SHA512
343b0043c0d947984e2fe53b0c02935cfcc190a3749bb368f03f7963a607f5bd3fc3a66c8094e3ba12474b036cd75adcab1fb2c1a72c99694b06b23f05453796

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\wmpf_200_percent.pak

Filesize
896KB

MD5
b87a2da4402aaf611f882521a642ceb9

SHA1
dba54575ed8f11caecd1d91f3f381e495e912936

SHA256
d0caa80b56755a8e67365aceb19d8356b54be6e1fe0907fc267a66c3633952f5

SHA512
fb5b356625710c93e056d9b4774cf7a743016f6e39a46a2e9466dd660ccba9fdf4928557de205583a2ebc9cdba22a0e2d864208b931aecb06b37ee0e20f55bc3

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\wmpf_resources.pak

Filesize
896KB

MD5
13d4988386d741589f598168534e940b

SHA1
12b11e2bd99b7417f69f9a60be29d2a3ce27c15b

SHA256
d73d6571530711051f97325ee58f99b602e01313322cd3f85df31ead42e9b69f

SHA512
b9fcdc8ad232a83760c478ffc9f74ddb1950d37450383e1c0fc0cedc81d0c7f353be4e901c9d49f2e2632ce4d51960f3b8971afef34fcc1536c00e039a0a9aaf

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\xweb_elf.dll

Filesize
1.2MB

MD5
1ad43e2f2fead1fbdc1d970f620a65da

SHA1
35b53f4386f823a4afa85b74a8dd9c1af4b5a121

SHA256
dc72df3028edef535744a851fa8f46f868df88932d5374215e34eddce4bc86c9

SHA512
83cf82d4d6a7b2770048240052899a29b1b9907457a16ededb2a7e4266ac8d8e72538fd7a77e2cb0d0bb4d10d20094158e08b80b8e7ded0aad21c3548e639ce8

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\xweb_elf.dll

Filesize
1.1MB

MD5
3fb9fb68de6135a166497e53928f474d

SHA1
1d4c5e6c04eefc62a9b2e817787d2540b3e8f327

SHA256
18c349c78229af5e7361d4ee73185312780769dea35dab25b492665467d83f19

SHA512
f56acf956ca3c83f30101d9cc44069c96a4477be5a3288a83ff2d60d82d3bd09bd615689ec1381ddae0a22c6d4dab49b4f18d96bf37bb2bdb78ef72d71fc8a3e

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\runtime\xweb_elf.dll

Filesize
640KB

MD5
f23d35fed34e7ca845f638c1b7b6e5ef

SHA1
f847431bf832d6ab03957143ffd5d62c1cb0fa47

SHA256
2e1faf1780e906072b36ffcd95d6349f95ef61fd92937a9263a70a4848b709e8

SHA512
53466f3b64c16a038a5240f65d03221cd171fc31d31b7e88de89468b910b6faa6e6fdb896842e3eecdc16ff69a9cae15e9f5c17dc32e6d7f849bf1adb3931178

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\8555\extracted\x64.config

Filesize
3B

MD5
9c16d991c79c6330e655aa29ea623492

SHA1
fba3e0dfa6c8985b41bcbe3594ee941ce98b740c

SHA256
5609f728403e197bb255ef50c62aeabb1f93b09f7b7c379903440b65cd4319cb

SHA512
6079dac4c3998723dd7b73c6af882b8d0a8341212e1165b96e0b425df8965fa0cd600941aa000e232ac71bf16c058312d29c831853d38bca508b79b5a9249d44

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\crash\settings.dat

Filesize
40B

MD5
0cb8b8c5260084347303da8699bbc08d

SHA1
917c18df7e4bd559b67a3f80573284dfffa2fed5

SHA256
b45ad79be15f9508d69c151a0da0f7ea7b987c094d60806d81634b5abfe22978

SHA512
7122af2a8baaef1c3886719e5681023a979991d2acdec33adabbb9c95749d5f20aad8b8bbba738837593aad67de3ba86931095162236d2161e33163690d631bc

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\log\MM_20240316.xlog

Filesize
58KB

MD5
3552d666ada8996544c51d7cb31c4af8

SHA1
d4d43706eeae14b3d45ed057fded0d6cfbb2bace

SHA256
748cec9774806f66fdd219f44b64785c43ca40a39fba8b6984da967120f280d6

SHA512
2160ce80eff367829e41210230a84a67993ec7eb264bf9591536784de33e584571c7d7a3c0dcb25b31d961df96c86655d771451e47f347fe1bde71fea21513dc

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\radium\web\Local State

Filesize
97B

MD5
18d10321ecf0307e71cf5d3ccfd30107

SHA1
cdc536b9a239998d6c4111e24ee8ccbd051d14db

SHA256
63361b96fe9aac0d46305abc32a4ac6f270d873ef43b6e699f1a4c002b43dcd6

SHA512
adb81715b790f999e0656b7b2c6a57c8c5abd8a8f3b9c21eb42e3cad006e340d201070a2dec242b539e7883333cd09082a3902f4a2e8780e52739938ceb18eca

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\WeChat\radium\web\Local State~RFe5c4379.TMP

Filesize
81B

MD5
01b417b14fd399f74a6d74b1598f9c8f

SHA1
54189ff5740d4c3adaae6e1042f3354ecece187d

SHA256
b355efaed74d6d119e3a11b41db8fdf5fc92d5fde77807ffa4a4c241a52cf175

SHA512
48a51fa98f67ec47e006794e7c9914e529dd95bbefdee41f7950cba36218b599a9b26fc9319409932d820280fd4be6178a3789e8faeac6cac88f126f3523b44c

Download Submit
memory/1108-42-0x00000139142C0000-0x00000139142F9000-memory.dmp

Filesize
228KB

Download
memory/1324-259-0x00007FFBCA4C0000-0x00007FFBCA4C1000-memory.dmp

Filesize
4KB

Download
memory/1324-279-0x00000221261E0000-0x000002212630A000-memory.dmp

Filesize
1.2MB

Download
memory/1324-291-0x00000221261E0000-0x000002212630A000-memory.dmp

Filesize
1.2MB

Download
memory/4320-177-0x00007FFB89B60000-0x00007FFB89B70000-memory.dmp

Filesize
64KB

Download