c739b8625f395a08165e19a6f09190179579ed527fe306957dbdd4bd02049fa1

Analysis

max time kernel
78s
max time network
77s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
08-04-2024 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

typora-setup-x64.exe
Size

81.3MB
MD5

f184318bad7c03f8258a77d928021a09
SHA1

4699e89a69404ec97a15e8d1b9141af13c94d8a6
SHA256

c739b8625f395a08165e19a6f09190179579ed527fe306957dbdd4bd02049fa1
SHA512

43af1824c18e9b97220c5aa71588d8b5a2f923699eff168e21883203c644eff35adf22c304443f6245b28de9bd0474ba23d82c7f947dc313d6d627295f399a42
SSDEEP

1572864:b0qZjK2MtrsXFqyReFjKsOn8GwBTTQSMIUzLHmBdiN4fbJF6kRDkC6oZ9Qcs+:bBZjBMteFqygF7OnbAoSQzT2i2bD6kLH

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	Typora.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	Typora.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	Typora.exe

Executes dropped EXE 6 IoCs

pid	Process
5096	typora-setup-x64.tmp
5112	Typora.exe
3864	Typora.exe
1464	Typora.exe
1752	Typora.exe
4840	Typora.exe

Loads dropped DLL 12 IoCs

pid	Process
5112	Typora.exe
5112	Typora.exe
3864	Typora.exe
1464	Typora.exe
5112	Typora.exe
3864	Typora.exe
3864	Typora.exe
3864	Typora.exe
3864	Typora.exe
1752	Typora.exe
4840	Typora.exe
4840	Typora.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.text\AppUserModelID = "abnerworks.Typora"	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Applications\Typora.exe\SupportedTypes\.mdown	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.md\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Typora\\Typora.exe\" \"%1\""	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.markdown\shell	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mkd\shell\open	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mkd\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Typora\\Typora.exe\" \"%1\""	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mmd\shell\open	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mmd\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Typora\\Typora.exe\" \"%1\""	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.mmd\OpenWithProgids\Typora.mmd	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.text\OpenWithProgids	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.text\OpenWithProgids\Typora.text	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.text\shell\open\command	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.text\shell\open	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.mdown	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mkd\AppUserModelID = "abnerworks.Typora"	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Applications\Typora.exe\SupportedTypes	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.text\shell	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.md\AppUserModelID = "abnerworks.Typora"	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.markdown\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Typora\\resources\\assets\\file.ico"	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.mdown\OpenWithProgids\Typora.mdown	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mkd	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mmd\ = "Markdown File"	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mmd\shell	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.text\ = "Text File"	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.md\OpenWithProgids	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.md	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.markdown\shell\open\command	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mdown	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.mkd	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.mmd	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.md	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.md\shell\open	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mdown\AppUserModelID = "abnerworks.Typora"	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mkd\shell\open\command	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.md\OpenWithProgids\Typora.md	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.markdown	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mkd\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Typora\\resources\\assets\\file.ico"	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.text	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Applications	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Applications\Typora.exe\SupportedTypes\.mkd	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.text\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Typora\\Typora.exe\" \"%1\""	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.md\shell\open\command	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.markdown\OpenWithProgids\Typora.markdown	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.markdown\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Typora\\Typora.exe\" \"%1\""	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mmd\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Typora\\resources\\assets\\file.ico"	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mmd\shell\open\command	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.text\DefaultIcon	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.md\shell	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.mkd\OpenWithProgids\Typora.mkd	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Applications\Typora.exe	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Applications\Typora.exe\SupportedTypes\.mmd	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.md\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Typora\\resources\\assets\\file.ico"	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mdown\shell	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mdown\shell\open	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.mkd\OpenWithProgids	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.markdown\AppUserModelID = "abnerworks.Typora"	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\.mdown\OpenWithProgids	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mdown\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Typora\\Typora.exe\" \"%1\""	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mkd\ = "Markdown File"	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mkd\DefaultIcon	typora-setup-x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.text\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Typora\\resources\\assets\\file.ico"	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.markdown\shell\open	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mdown\shell\open\command	typora-setup-x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Typora.mmd	typora-setup-x64.tmp

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5096	typora-setup-x64.tmp
5096	typora-setup-x64.tmp
5112	Typora.exe
5112	Typora.exe
5112	Typora.exe
5112	Typora.exe
4840	Typora.exe
4840	Typora.exe
4840	Typora.exe
4840	Typora.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe
Token: SeShutdownPrivilege	5112	Typora.exe
Token: SeCreatePagefilePrivilege	5112	Typora.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
5096	typora-setup-x64.tmp
5112	Typora.exe
5112	Typora.exe
5112	Typora.exe
5112	Typora.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 5096	2920	typora-setup-x64.exe	90
PID 2920 wrote to memory of 5096	2920	typora-setup-x64.exe	90
PID 2920 wrote to memory of 5096	2920	typora-setup-x64.exe	90
PID 5096 wrote to memory of 5112	5096	typora-setup-x64.tmp	99
PID 5096 wrote to memory of 5112	5096	typora-setup-x64.tmp	99
PID 5112 wrote to memory of 3864	5112	Typora.exe	100
PID 5112 wrote to memory of 3864	5112	Typora.exe	100
PID 5112 wrote to memory of 1464	5112	Typora.exe	101
PID 5112 wrote to memory of 1464	5112	Typora.exe	101
PID 5112 wrote to memory of 1752	5112	Typora.exe	102
PID 5112 wrote to memory of 1752	5112	Typora.exe	102
PID 5112 wrote to memory of 4840	5112	Typora.exe	103
PID 5112 wrote to memory of 4840	5112	Typora.exe	103

C:\Users\Admin\AppData\Local\Temp\typora-setup-x64.exe
"C:\Users\Admin\AppData\Local\Temp\typora-setup-x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Users\Admin\AppData\Local\Temp\is-FV81K.tmp\typora-setup-x64.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-FV81K.tmp\typora-setup-x64.tmp" /SL5="$90228,84489305,757248,C:\Users\Admin\AppData\Local\Temp\typora-setup-x64.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5096
- - C:\Users\Admin\AppData\Local\Programs\Typora\Typora.exe
    "C:\Users\Admin\AppData\Local\Programs\Typora\Typora.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:5112
  - - C:\Users\Admin\AppData\Local\Programs\Typora\Typora.exe
      "C:\Users\Admin\AppData\Local\Programs\Typora\Typora.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Typora" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1728 --field-trial-handle=1732,i,1373917706745072112,13964611746902643773,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3864
  - - C:\Users\Admin\AppData\Local\Programs\Typora\Typora.exe
      "C:\Users\Admin\AppData\Local\Programs\Typora\Typora.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Typora" --standard-schemes=typora --secure-schemes=typora --bypasscsp-schemes=typora --cors-schemes=typora --fetch-schemes=typora --service-worker-schemes --streaming-schemes=typora --mojo-platform-channel-handle=1904 --field-trial-handle=1732,i,1373917706745072112,13964611746902643773,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1464
  - - C:\Users\Admin\AppData\Local\Programs\Typora\Typora.exe
      "C:\Users\Admin\AppData\Local\Programs\Typora\Typora.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Typora" --standard-schemes=typora --secure-schemes=typora --bypasscsp-schemes=typora --cors-schemes=typora --fetch-schemes=typora --service-worker-schemes --streaming-schemes=typora --app-path="C:\Users\Admin\AppData\Local\Programs\Typora\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --no-sandbox --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2316 --field-trial-handle=1732,i,1373917706745072112,13964611746902643773,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:1752
  - - C:\Users\Admin\AppData\Local\Programs\Typora\Typora.exe
      "C:\Users\Admin\AppData\Local\Programs\Typora\Typora.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Typora" --standard-schemes=typora --secure-schemes=typora --bypasscsp-schemes=typora --cors-schemes=typora --fetch-schemes=typora --service-worker-schemes --streaming-schemes=typora --app-user-model-id=abnerworks.Typora --app-path="C:\Users\Admin\AppData\Local\Programs\Typora\resources\app.asar" --no-sandbox --no-zygote --node-integration-in-worker --no-sandbox --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3392 --field-trial-handle=1732,i,1373917706745072112,13964611746902643773,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --tyopt="{\"enableInlineMath\":false,\"noAutoLink\":false,\"enableHighlight\":false,\"enableSubscript\":false,\"enableSuperscript\":false,\"enableDiagram\":true,\"enableAlert\":true,\"copyMarkdownByDefault\":true,\"showLineNumbersForFence\":false,\"noPairingMatch\":false,\"autoPairExtendSymbol\":false,\"expandSimpleBlock\":false,\"headingStyle\":0,\"ulStyle\":0,\"olStyle\":0,\"scrollWithCursor\":true,\"useRelativePathForImg\":false,\"relativePathWithDot\":false,\"allowImageUpload\":false,\"defaultImageStorage\":null,\"applyImageMoveForWeb\":false,\"applyImageMoveForLocal\":true,\"preferCRLF\":true,\"sidebarTab\":\"\",\"useTreeStyle\":false,\"strictMarkdown\":true,\"noLineWrapping\":false,\"prettyIndent\":false,\"twoHyphensToEm\":false,\"indentSize\":2,\"codeIndentSize\":4,\"enableAutoSave\":false,\"noRecentFiles\":false,\"saveFileOnSwitch\":false,\"presetSpellCheck\":\"auto\",\"autoCorrectMisspell\":false,\"passiveEvents\":true,\"preLinebreakOnExport\":true,\"ignoreLineBreak\":false,\"sendAnonymousUsage\":true,\"uuid\":\"b2f73da8-e09c-416c-801f-61552ba4dd84\",\"appVersion\":\"1.8.10\",\"instance\":\"599646a7-7b21-4f86-970f-4db141e3d851\",\"hasLicense\":false,\"userLocale\":\"es-ES\",\"appLocale\":\"es\",\"wordCountDelimiter\":0,\"userPath\":\"C:\\Users\\Admin\",\"mainPath\":\"app.asar\",\"userDataPath\":\"C:\\Users\\Admin\\AppData\\Roaming\\Typora\",\"tempPath\":\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Typora\",\"dirname\":\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Typora\\resources\\\\\",\"documentsPath\":\"C:\\Users\\Admin\\Documents\",\"curTheme\":\"github.css\",\"showStatusBar\":true,\"wordsPerMinute\":382,\"maxFetchCountOnFileList\":200,\"autoSaveTimer\":3,\"zoomFactor\":1,\"zoomLevel\":0,\"autoEscapeImageURL\":false,\"moveColLeftKey\":\"alt+left\",\"moveColRightKey\":\"alt+right\",\"moveRowUpKey\":\"alt+up\",\"moveRowDownKey\":\"alt+down\",\"autoIndentKey\":\"\",\"shiftTabAutoIndent\":false,\"keys\":{\"Paste\":\"\",\"Paste as Plain Text\":\"\"},\"mathFormatOnCopy\":\"svg\",\"noWarnigUploadDisabled\":false,\"noWarnigForMoveFile\":false,\"noWarnigForMoveFileToList\":false,\"noWarnigForDeleteFile\":false,\"noWarnigForTypeWriterMode\":false,\"noHintForOpenLink\":false,\"noHintForUnibody\":false,\"noWarnigForFocusMode\":false,\"noWarningForExportOverwrite\":false,\"noWarningForUpdateImageReference\":false,\"hasUpdates\":false,\"pandocPath\":\"\",\"defaultExtension\":\"md\",\"defaultCodeLang\":\"\",\"defaultCodeLangOption\":1,\"buildTime\":1707212175440,\"lineWiseCopyCut\":false,\"initFilePath\":\"\",\"initAnchor\":\"\"}" /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\Typora\D3DCompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\Typora.exe

Filesize
159.1MB

MD5
525046ef7f3dc9985aec812e55bbe8f9

SHA1
92510470bdcf160a38cb8806ee96aaa72f7ba491

SHA256
c3d3e56b5110ea5ba7cb09b8330efe0ce781980b36ceb26856b970271581c74b

SHA512
d24597087b9ffe0e5e136c4b8dfcd3bf23374ed59996d2893efae78c8a26f6eeda594233cb8013d761881d4e21f31770ef00b3d3ce9f8caf646e629159320d33

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\chrome_100_percent.pak

Filesize
132KB

MD5
e4cbb48c438622a4298c7bdd75cc04f6

SHA1
6f756d31ef95fd745ba0e9c22aadb506f3a78471

SHA256
24d92bbeb63d06b01010fe230c1e3a31e667a159be7e570a8efe68f83ed9ad40

SHA512
8d3ea1b5ca74c20a336eaa29630fd76ecd32f5a56bb66e8cef2bce0fa19024ea917562fd31365081f7027dde9c8464742b833d08c8f41fdddc5bd1a74b9bc766

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\chrome_200_percent.pak

Filesize
191KB

MD5
99b95d59d6817b46e9572e3354c97317

SHA1
6809db4ca8e10edd316261a3490d5fc657372c12

SHA256
55d873a9f3ac69bbf6eb6940443df8331ebd7aa57138681d615f3b89902447e7

SHA512
3071cfeb74d5058c4b7c01bfe3c6717d9bb426f3354c4d8a35bd3e16e15cde2f2c48238cb6382b0703b1cc257d87fcecfb84fbf4f597f58e64463ceede4366dd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\ffmpeg.dll

Filesize
2.7MB

MD5
5a1440d4b339572d56f44bcde6aa024b

SHA1
9ec8606de6ba93887670e3f747927e3f6de37634

SHA256
08bf8e22d8d240bfa888bf2e51e545083be60e4817641c08a7d3c915ba08569d

SHA512
e3b42da5c05ddb4b85228fee885215adb8f55da50035122f8317330516d2be851358eb0375832357763539884641220bdbca88bfb5ac5f34cf93dffe8734ec19

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\icudtl.dat

Filesize
10.1MB

MD5
62880b7d351a9f547b62b8da6c97ce25

SHA1
057f11003013cfb3f1c63e6bdd4f2f9949ff0104

SHA256
7c40c811d30d459dbf04a04c141b60eb4247cd58a008fb836605317df665748f

SHA512
0d6f83175a91d90f4cc3ec4d9071b7acd0cd8ebbcc592322e46fde2adb7198e035af62c45a11a622f2a908e26d4dd8b8d1af023e634a74d0824d02c791ba3c1a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\libEGL.dll

Filesize
469KB

MD5
dd827ad7dd7ccd90c2de005d7c6381d4

SHA1
78177b34c76b6d97f40afd416a0c8104ecba7e1c

SHA256
5bad347c20c393fec607ce9c6721ff6c214e607a9afae3662fa78dc42eefd8ba

SHA512
db853bca3e6c193a39a0adb0d00a88d14c6c51a76ad0ae106f9b85be78a2c3799cb18d6c5a6eddd3f513f5387306c406b6441a31297616106754a33bab966cf9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\libGLESv2.dll

Filesize
7.1MB

MD5
899a686e6e9e13252cd1a9241641c5d7

SHA1
8b6056b83d3234407a0e5c1e27883e30f7d3265d

SHA256
e0e07c02de2f6561f04e296871ca06cb2db325a7f0143b3e0d1505a1f68be7d8

SHA512
2e4e5f567e95400f2eb49c11d41e3d8654120011574d94c55c092a437cb7ae8222372ecc639133fc682b3fdb31f394ae96f0626e650c2c38c4eb10c9e7db9f0c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\locales\es.pak

Filesize
473KB

MD5
29cbdcc2168f1bb29532122c39e67a1a

SHA1
f086c79d60daf2b0a7df91916387efa461795dcb

SHA256
232f41ab5996c917687276e82c177de208b36e77aa834bb5d94d6a331f4180fe

SHA512
b603edf2a18f5893ab482b0c34e4126f824fbdd1b669927d7bc30d68e2e5bdf78d7d4b2aabdbe257987e8e19f440d9396a3683340b94c3fd844c70e34e93d8a8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources.pak

Filesize
5.2MB

MD5
6e1fad905fa7f5f18dd5ce2fb95fb502

SHA1
215869f0ec522461305573d9656129c53c2373fd

SHA256
6f7b84f43e96c3e4681d998eb46e5adb5e04005d46d480400dc9314d4a253c43

SHA512
3cce71cdb801f06ae885fe65736f4c9424f4d5d527ca80d5149100f1815df0ea52bcae9e7ce06e5dd6cf67a5214b264ab806fbe770798ccefb2984ed2cba4235

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\Docs\is-I32SN.tmp

Filesize
95B

MD5
49693c6e8608ef9350fa607042bf596a

SHA1
ae2a2eec3e523c792b5af92ed3ee02011c12387c

SHA256
8b82bc04c9303183dbcbe9aa9a4bc661d218f92c3d1e939dbaeeeb6e8af042b2

SHA512
4f5e3be1c680aec6f22d175e625c8c4348b094ea42f6ae99744cdcec510727016f94d69cef25a4507c685625c2a3e0011eace32c776004e36302b39cac2f5f47

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\app.asar

Filesize
183KB

MD5
dbf9dc0f9b33700a449fdc729a18f780

SHA1
55e1b46b28af5bf4b8b2a678bcd8e8aa5edabe0a

SHA256
76e8e3cbca220360fde3ffbafb6bc69e787247277626ad83adaf53aa1240d58b

SHA512
ae14955c1725ea23110154e7afc2084105d630613b0080d93a58e36316714f0756dead42ed1a09b8a8081924f65889285834becd4c38425aaba0ff68666718cc

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\app.asar.unpacked\main.node

Filesize
1.1MB

MD5
c496806689bc0ffb2e530b8aa47f6c8d

SHA1
ebaa548d97736b02167fdf585b4d7c10e8f2a055

SHA256
1a317aaa10162add4faf43a467295437db65f710329a55b0fc72e0695a4d87a7

SHA512
bccabb2f74d647383e536b8d48916bffe89dce6f00496b38b64b047e2bd26ba9f9898ee5fe8dcde508038834218aa8f355b0b9e4ed9ad69e0cd8580cf34e69d4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\conf.default.json

Filesize
1KB

MD5
1806987c74dc3c0871ea1efbff411a66

SHA1
70c67c6cc7b4fa2c941c4290398eb202036f14d3

SHA256
235860fbe1a2becc4c6b5a132219bbd85d2d5fe54a7f5cd62fbb2dab95073695

SHA512
31eecf0e20dc3e938bdd4f690ebd26cccdc5cf14bee6065649ab91e3d7c39d14e899c3f72a5364abffa39602f2c93e2282d85eee490b1400e705863d0d219770

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\locales\el-GR.lproj\is-1O5ON.tmp

Filesize
3KB

MD5
e21940224bb16808715a8be052da2095

SHA1
5ea45cc39bd6f829e9bf2749177d1fac15b88759

SHA256
c9a6b15f2de47193547aeadb590d8c0a1637a19333293e8da17b8596ae989b7e

SHA512
28ff1102dec858c43c167963830cb7bf44c0fcefdea444e3a63273a77aea7ccc8079335fa8d00715925c9a339ff5244605921803469b3b6d254de02f987f9a68

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\locales\es-ES.lproj\Menu.json

Filesize
6KB

MD5
c27854ad121477555d79e66cefa3cc36

SHA1
186732f750d8634441cb04d4fb53c53d6a23e5a2

SHA256
bf934fd777a19d34769211f3ff0fdd8ad6ccbf5d4a08b094377bacd7e5e472a5

SHA512
3a4b8ce086f5f8c5f453f63e1a51c5282fc71f32cef709dfbee58cfb4a13bae33e29967308af4018e1aa77fc6eac8eedb917e75a63e81f3bb9f5cf63e1d6c80e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\locales\es-ES.lproj\Panel.json

Filesize
11KB

MD5
3c71077546f955d048ed22c7e12330b3

SHA1
c9a615b2422b64759b73c3ee18426a0ccd658f3a

SHA256
265e5a61e1ddad762c23c3cd8b712b5661a74f34e907d12c64a729f6892000a7

SHA512
5fc2bc67dfb4fa6299a749c4b1cec6d08a2abf97af4e478b72197214e27f690da6247553c92bf2ba83974f137e98e4438aef43890eebdd1c6098d3a28bfff80e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\node_modules.asar

Filesize
9.5MB

MD5
66cd3d1a9fe0d50c1742820a23417a84

SHA1
846a3637fdb1f1ec2dc79e9cf65069ffb425ed3b

SHA256
c1267076c6062538a98f80461a34d3cb98c13ead80bdb45002b1f2ae9cd9d0f6

SHA512
a0a466a99df0046bfcc19f8da802721cecc18aa9f1ec1897ccb78d03e3f2e81ad02d8bb9e790f4c72333055def2cef06b51bc694c0eb62e756819bf0b0457396

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\node_modules\native-reg\build\Release\reg.node

Filesize
605KB

MD5
9f593aed26f8cb32055e9ec863abcb9d

SHA1
b6df72c98bb0958099a004df312b86df74b89aa8

SHA256
618d2f9ccd10e9da06677d96cd7a16e05fd587cca8998ad006d095adf49eafd5

SHA512
17d3dae9efcc965e277afa53a2c9ef88ad0c85a5ba01f0bbc11dc1f9acd4d93b6f02e997b01a5f5a5afb1e736928b80d20729a8e33eef75119bdaea6005dee5e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\node_modules\spellchecker\vendor\hunspell_dictionaries\en_US.aff

Filesize
11KB

MD5
c440369e0b75fea17c4e065999dcfadd

SHA1
5901d1e1e9c8a7dfa06ee81bea164231f42e8dc3

SHA256
fffae259eedc61d71de53d34f4d57ff95e35353e8c511d8fd58644673edad171

SHA512
c8a19bb7e972f10cb2f3e9192c21015a71976d94672f6b3dad6fb23f3d4e56cd970acabb872b0dbfb2cce9c34fa7a9ccdc1e4838395029041d48cbcc7ef170ed

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\node_modules\spellchecker\vendor\hunspell_dictionaries\en_US.dic

Filesize
679KB

MD5
179bb5b5e15353d92373b6c52c0fee17

SHA1
a33628496c3fa58ea893abf35655e1ab0c824d5d

SHA256
1662c6e517e70bc257b0ce9f0cf36bcf2b7f77a77189f4f0cb619a5264af04f5

SHA512
c77f611c3a61856c652aa0fc90f7a4737073a3683a8ebe0c9b945cff82e9b34ed80923dfd2ed9757007ace7dc413c469f2bb1d0e976c10fa5e519b481b32818e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\page-dist\welcome.html

Filesize
4KB

MD5
3fdd87a1ee2822d8823c942162785214

SHA1
9140570a9c3219e91a0cbb5ef30d3ee117bdff38

SHA256
a53c67f7453b0e81f1a4c69cedd98b9cc1fe40942f839ee945c9b136cd91d635

SHA512
42f146260cf36b95284130fd0622cb813db92f115a8e31f09ce3984a728f67f3f1231b61cfb4ca2589a55ef024be4fef4d57471651c525d642ff98bd607156b6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\Readme.md

Filesize
257B

MD5
f0f046b4f0fd1ca4199e4d22fba5838f

SHA1
928b19ce372e4fc04df423ad075e5f1517feb5d8

SHA256
375d5fd7cfef92224acb76f661948a22be8f4a2e5655c2993442030c8a80633a

SHA512
edbe96396f96debee7e83f3d0983acf5b9bc04e0a7c852af4d6c80d26664d8b38699f22c2d4fd477da706a007786f1d4c85c4034c3c238026cb6979d177fa102

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\github.css

Filesize
8KB

MD5
8463d46c5923653cd171f6e2cdc8d0d7

SHA1
45d1e02709ea109f373d54b6c059ebd05c3690a8

SHA256
899495945a129276b854c335170893eed21c9c4328cd6e833b6cee3fbdaacbbc

SHA512
899a39cb607170ac2fd7c389b7d16f880149f98561bae1b1b2be531645cb3ceb77467fe66093bdaddf77178d0ddcf73d683cb7b35aaa6476dbe5cda8e4a815bd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\github\open-sans-v17-latin-ext_latin-700italic.woff2

Filesize
18KB

MD5
0012478f53f50d71f17b5d86e9a149be

SHA1
c82ea3212ffe73573716500a68fe56834cb8d0ac

SHA256
a250cc9c90a94d628301cbeaca7d8aa6276cda73c8a32af07d3ede513447931a

SHA512
754e0b03aa7e1dc0063eea6947e90f6d9c53769c3215997579d76c6b6882a383b9261c9a6b31b2c302be1ea4562dd97dc49a86383a0e5a0e8f83b3b2643ba99d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\github\open-sans-v17-latin-ext_latin-italic.woff2

Filesize
18KB

MD5
3ac737a839cf8a8f5106a5dad2eecd5f

SHA1
3c589bb9529b06d1a50df4c81ada0376fa600fd9

SHA256
8ddc89881ca5f355826d20b2229266c56a2c8d7be69ff9533b1891b55dc15825

SHA512
2d6220df24aee92ae1a9135c5f172d3f46ada4536d13aa3dbef8df9d89b2e62ecefc0b3b31a24575e5a8295a2ed2374d1a9b12e2e719bbfce5e64cea058841cb

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\github\open-sans-v17-latin-ext_latin-regular.woff2

Filesize
18KB

MD5
be21e759f9abd15b8cef68d92cedc081

SHA1
84a2292a0ae289e26139f38470c50b9fd9ed421f

SHA256
537d46273fe124bbced2f098f26222fa3155741e9d76f906c3c39e7fa09bf6a8

SHA512
5bceea1c31f944d77ac95406a484fdc5bf10a610784dd6568a11fd4bd0ae230d047b58de97195816a222720671d056c3148332ddd6f89966737a2bc6b965c731

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\newsprint.css

Filesize
10KB

MD5
12ded61b0c2f1b1af3d913dfe96dd21f

SHA1
1790cf1e5fa30a7a8ef245074a6d54c5972f0b2a

SHA256
b811a9217e00f0af12ae3034d7190f421d98dd109b34a3c7c5d9a288afa05015

SHA512
88043fc942a2e173fbff80785b68de5bb3ff5e229124eeea1e5567153cd6e6a44d6301a7338766fda23b93334b18ace55273f7a9f270cffce2365dd03ef85600

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\newsprint\pt-serif-v11-latin-700.woff2

Filesize
28KB

MD5
49182afbed72d10e31e144845c200cdc

SHA1
2fd29ba191413dc946ae4b3652bb2628baaa0cee

SHA256
e548abcd8734bfcf8b4ebbbca1af98f9e8ae1e0ff884c0971f29498a4fc108f4

SHA512
4d8440a00d94b9cc4b44eb255c5505dcbdc38e1a124361868d3964b9331adf3bf5c963dae69f31d1caf6f03b49fe4e2f4c92abbfc8971f578a0faaed83cc47de

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\newsprint\pt-serif-v11-latin-700italic.woff2

Filesize
27KB

MD5
c7652c04c56cb9bcdb567f541509e5b0

SHA1
26c2498529eb257ca012ed4afdc6f78768dd025d

SHA256
e1bd3f9f50d4876fc67111ab41b60880f08b2eb89f8a0075c2ad3394a79c4063

SHA512
e352e108cf950b63cf4c2be017d48dc6da7df235cbc3217f03fb5af000f6d0251fba5e739cdbfb403833ee93dbcc08d6e39341e04c0c7b218fab0586192b6822

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\newsprint\pt-serif-v11-latin-italic.woff2

Filesize
33KB

MD5
0c4aa22c1666d8a60e42a1fad03b891a

SHA1
4901985ebb1ed5042be34ca1ddc776d56acab7d9

SHA256
be5daba1b69c2dad0eed50cc17bea9659ab23d79d8d412dc8e5c6013b41f39c3

SHA512
30863df4ff49d066933df986eb354f3473d19721ad637ec84057d0afd142c43728b4865f10cca47d7e9b84aa391d8d5941ae521df6e13936f6e689d161917c04

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\newsprint\pt-serif-v11-latin-regular.woff2

Filesize
32KB

MD5
d099b509e40bccf1a0a7e03b26cc5d50

SHA1
39a6ef9827504a9f62ea17273e41860af1e3ab05

SHA256
ef391572f9fbb7bab7fef6ce2c4fc92ad68a8c148889a79cb9f9b1452d851fab

SHA512
2c29e20e9c8e5a7d4e5b6078bf7a34d90501cc0838cee16f3b6f6c3bc1f9488e607a369bba12ba26b9411cbe076dd8f0abd4fce7028df47cc5f5322a1629a1b0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\night.css

Filesize
17KB

MD5
93b9730bb0789ddf393417895b863416

SHA1
0fb32fa031dfff3a2b478019b6f4eafb3c3e2379

SHA256
fc70c923fa11285a417e5e1d28dafaaa74984d3548ecdb287eac4bebe450f520

SHA512
a85180237aa09decec469f9f46106b6de222158a124c3d6374f68354a4c083d6059cab9a4bbc9877ca95e86c9f8033a37e58e1314fce90c55c75d2c0ac1d9dfa

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\night\codeblock.dark.css

Filesize
1KB

MD5
5883c4488d168d32390d5a8552b60ea9

SHA1
5925055079c3be2c6551e252e110c91359be22f6

SHA256
136773b7911d0447afab1669d78ffd30c7c3d0d17b4e3bfdbb249207338eb7ca

SHA512
3c2e9a7b3a26b0066936b7ddb3c85f0e3b833201d84c7f887406b6d64b5cd9631bd7aea513e1f10ac2bdd545740763f0d3d35959c63260370606d66f13f69801

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\night\credit.html

Filesize
295B

MD5
db4fb85ec360950135cb4bbdded9aed8

SHA1
3a1a8c2251265b49db3e889b0a2ec8503ac627c7

SHA256
c27e4aee3966fb7fd89f87111605e4566151e74500392e7514f38beca416d6de

SHA512
168f839fd857825aebb3a87161d1cf291907b90f6d37d7f7e6b6fc3808d3e91205c0db504395e2c62636340ab34629cb0ec677f50e5e4b8c6f1384722f10e588

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\night\cursor.png

Filesize
372B

MD5
8bb61aab720aa72c1ce4f15e287975ad

SHA1
0d25c8fa71ef57272e4ea1b78c975bb82fd95d82

SHA256
79baa72e496c066efe279d87def13ef0f5be7cb3eef8ba90969182f9ce2127dd

SHA512
1284269031941db00ca49b88947ebe4f2f3c183accb5265211b5b8a58d5612675b25b9552288c1ae632c429b3975726c85ab528b9c5a04451b078ae064a80155

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\night\[email protected]

Filesize
407B

MD5
91f38899fc82a243e1dd929a3faffb77

SHA1
69fc0eb1477b1740fc6aeb7dae7d4dde00d5d2b3

SHA256
9cf5bdaba44275012a0b3966ad2cd3913d5cc0924b97988162a710ab626a9ad5

SHA512
d7558b827a34cba79b30ebb141c00560c7089ac1da50808870fec370c08665a5026e5703ce852f064d5641a8a21b85fc9e5cdee8340a76aa5974be67ce07803d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\night\mermaid.dark.css

Filesize
85B

MD5
44114dc31b8db7de67a8e0e535b52800

SHA1
7c671550f2f472e547505611c95220b7f6e0fb64

SHA256
8bdebab61b593eaf678edcb07f1c792a31021c05a90c38d15cfed419be682af3

SHA512
b75641d20c4842c5288f1becf9acaabc570035910e33893d5347c57c7f9b829f70c927a081b5c93951c9c37a4eb17e80ac5eced6ee85d114fab757e670ea0b60

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\night\sourcemode.dark.css

Filesize
751B

MD5
a7a84303d9697d045be9041354fcda8a

SHA1
1256893eb238c493581b7099f04db03db65542f5

SHA256
3186d99e4832f97677654f7671b05865855644e789fe7ae1ee1a09208f906dc0

SHA512
2e0d81785847bf6362c65a38ec965865fa584808817db68a22e5fd6dfb26e8a8f56b3719ace5ba7dcc410b8ca507e716f2c563228933cecb62404406c6eeb785

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\pixyll.css

Filesize
10KB

MD5
49ba8d0334191b50583d6077162214ef

SHA1
11e994fb814d33ec60dba2334afdcd8c4a6c871c

SHA256
d4150106225277dd167a0aeae615f3bfaac4b7aa2710621e3987863922bfd8b1

SHA512
37a05e57e7b05a67e540d1a0c933948cd15a9c8ba67cf57ef1f857cc003b7bc2a163178057c0be07c8a8f7166077e832e0d8289cc2e526d35548fb0da3aa39c4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\pixyll\lato-v14-latin-300.woff

Filesize
29KB

MD5
ba2452bdc790a4fee05202eac3c092b3

SHA1
6382414b3b2df2fb2946e09d5909e27afdadb7dd

SHA256
8084a57f30a2d3d730b5d25b8d2ccb18369d90d333144231704418d555c20c0f

SHA512
c070f48dbf287e2335e3972ce7e7d0841e06440f1a89ee2f6635fd60ec26cdb46064f9864bd24b8afa5292bd72b70f0a777965ae3a0e1ed6b4bb7e506acf01f5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\pixyll\lato-v14-latin-300italic.woff

Filesize
21KB

MD5
06eb177ee6c1960bcd79f1cf8c812000

SHA1
5f64afc7c9090726cf8544efd564422bb0b17ed8

SHA256
cca6a06b797908e58ca2f61c3572dcc8c38ad954cfd5c4b28f054b5ab5722ff0

SHA512
b048b22c53b7631efa42289bba97784736d5750bdb1f80482c19939fbeb2d9fdd9274b0f2828449044a243dead4ed887441ec45e1a8b28bf0e473bfefe4f3812

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\pixyll\lato-v14-latin-900.woff

Filesize
26KB

MD5
d79dd0661ba130ec7a7e7c060fcb7e09

SHA1
52ab92c293bafb8fbe62b8f17dc40dd90fc3872d

SHA256
2a6deb3135f92894e02fc63f6faa395e639fd44bfb3e7664608746715cd21bb7

SHA512
80e7aa8670d59bbcf9668af1c7cf785c925d99e9938b5bf98211b263a572b248c3456e8d653ce793ffdecbf1c69b0ba15e8b3fb0c2811bbecdbe68c649490882

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\style\themes\whitey.css

Filesize
4KB

MD5
a69e160a1093cf99f2c62ab965d8c5cb

SHA1
5d2a6de67e363ad6dcc64ea2b649bc261cf97a21

SHA256
5264a38c27b18d905db5e9ec257c589a4f73488e3e7fb34aa5a928b958500032

SHA512
450cc5ba2c287ff11d39ab550fdb8c7882d15782bce7e9c4f7125766f2e4b1c2218d346e26470f476baeb13ad557fb7ef97cc617ae6f7ab2e7393ad8a579e4c6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\resources\window.html

Filesize
88KB

MD5
59eff453e9fdd53635c0f900617968c9

SHA1
0818da268ee228d8804e3e81086d96fa9fdcc732

SHA256
12212b6648ff629d6e9a4e9990c7c8a181e5022fa69855c3f4bae958e3b0e9ec

SHA512
6aa017a5be126cd840e518a776e858e5be2df8116168f6e7c1a642fd39d9b9323edde43a276147681982303e933b1ac23ca873a2bb3be8025dbf141ed4dbe1c6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\v8_context_snapshot.bin

Filesize
581KB

MD5
264e3b574e4f86b1fc47b2427402e779

SHA1
4a4f9e7c3da262713e4cf7af6ac51822c56b5ef3

SHA256
ed559c6e81b6003b2057e5c1b0bdb5b28ca094b895ca86c69fe11c5c9e014f06

SHA512
144365d0fb83576aaa02ea6ecea51d7ba2cacb044eea568a08f65b98a83d3e7d7e693738e065e22f94bfd1165d0ea93a749dd1325d829257a9bb6607a9a927db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Typora\vk_swiftshader.dll

Filesize
4.9MB

MD5
32e09c64943e115c05868a451ceebea6

SHA1
496d79a5d9d6ab52c93a1c6747a96c18652ed5c9

SHA256
fac0fb613864b5fcad21b5dabb7162fd3c11fd761c4ddb80ef57d94237342aeb

SHA512
ab82dcbd3bfa4aaee4a9fb9eaee210b221b6fdf96db4a259bac964638a4f8964a927c43d9215d5fe8f0d09f7343efb771eaab5fc36bfdcdec9629b00d231f10b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FV81K.tmp\typora-setup-x64.tmp

Filesize
2.5MB

MD5
e6a03399729cc43c3aa8d2ac61275aba

SHA1
db0f9e7e5d58a8e53c9601bdd0bdf1b0dfe05239

SHA256
2321b0e483d9692098e2df8e5d2227aef57cc48115146122c199f866ca5bc54f

SHA512
a4efa5e64bc0e24be21c1523d990cb8c212b183cad408348de31c350bd36c5c640ef9368760b506799ccd682e36cbb526592963bc4c2b6e52cb229d04aee9c75

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\637bd50442819c2d.customDestinations-ms

Filesize
1KB

MD5
eec01c7fc28c4b6d55ab4b6a52b45098

SHA1
bdc76c905b796cddb7a8761b51f5f1674b70f051

SHA256
3826208e59d660b1ce304e9d928c57fd7ba0a98cd72f81c0536bce5680b77f08

SHA512
6273f20b03935745137fb9cb94201340ca2b334e0711e4825b77fdd734a44fb69d4e781475e26a2746da601eac31daf69ddf069815709e1014fe591386fd560f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\637bd50442819c2d.customDestinations-ms

Filesize
1KB

MD5
4973df6b5f4e25e5e0b39db7cc1a6a55

SHA1
498f569a54e0de6ced66d6fdf19d1525b3c0d106

SHA256
218ef9c77ef55a2a659e4d163e98f293796c1029da23d3284f30089a6b07c9b4

SHA512
cd135b89a84c6b98cada5685c437ea2d3979688cb25c68c20d229a1e41e6b24f30027dac0f74e323c42765af2ebf83161d0d10b872198d0c74739b81088aea38

Download Submit
C:\Users\Admin\AppData\Roaming\Typora\Cache\Cache_Data\f_000001

Filesize
766KB

MD5
471061756215fd1f387f076ac014303c

SHA1
d8397cb5900f52a5cad2416ed8ebf53caa1a3adc

SHA256
e6334dcf080aaeca679db70565762a2c296ff5780c1af263530ac7345736bfa9

SHA512
ba9d0f2deb2fcd77e75bfe8a9c6241da25c7eb9012d0374ccca8e9cd9cd1c9615efd5f3980166b0b3431c7e3e55ef013cbc37f0d53bd1e2411afb9363ceccb05

Download Submit
C:\Users\Admin\AppData\Roaming\Typora\Preferences

Filesize
57B

MD5
217c781be08416f5b6fa33aedf027293

SHA1
0e76955a55f31406fc64e3b136f1bb9214bc2d79

SHA256
3de8ead96083d18355eed62a5b8089a61f6c7f97ba3dba04cbefae364f0455b0

SHA512
964b588d2bb87d3e19924cf8a16f1c35807c45ccb41caa00be9dd4e34b9fdfa0625973828a9df1f5f56354f00bf13939e01798c40a8a7089c9aee4535e45b099

Download Submit
C:\Users\Admin\AppData\Roaming\Typora\Preferences~RFe57c4a8.TMP

Filesize
151B

MD5
f34230919c5f86b632087c59b35c065e

SHA1
93fc276acce28481f362159e042de026d6667f78

SHA256
59d05d79eade0131351d5dd0e5064fba0704b653318da44f0c52f28b858f8f8d

SHA512
4d0e1797d9eee3476d9712c10f6acaa04f50df8815df9f9b9940446624b934243ec0ff13f39069e7be8d58903baf27e8ac736045568f47adc2d5448b87319a11

Download Submit
C:\Users\Admin\AppData\Roaming\Typora\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Typora\themes\github\open-sans-v17-latin-ext_latin-700.woff2

Filesize
19KB

MD5
5717b08cf679657595d0383d291a04c3

SHA1
e54f8981dfe2c7909646716d7f3da669d5df2d15

SHA256
59a3166f7bacce6a65bf901ad20f141b619bca39a1318ea5efbdaa587b48a800

SHA512
a99075d05051d7f10435ecacc2ac64da3c2fe38648adb911bae89e0f0aaaeeac8f19a511e90911c1763148890c63070701129e5b7191b9169e6f06e3cf63081f

Download Submit
memory/2920-0-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2920-1026-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2920-33-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2920-2-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/5096-920-0x0000000000400000-0x0000000000681000-memory.dmp

Filesize
2.5MB

Download
memory/5096-210-0x0000000000400000-0x0000000000681000-memory.dmp

Filesize
2.5MB

Download
memory/5096-6-0x0000000000850000-0x0000000000851000-memory.dmp

Filesize
4KB

Download