c7d83e8c88be8dd154100fcfed065d4c46bbc5bfbf505349e7a973baa10da040

Analysis

max time kernel
171s
max time network
165s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
04/06/2024, 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LiberaInstaller.exe
Size

91.1MB
MD5

95bf59fd959116ebafdb8523e5612b3b
SHA1

964acaf059c16fdf68ee755ab987675687fa7b2c
SHA256

c7d83e8c88be8dd154100fcfed065d4c46bbc5bfbf505349e7a973baa10da040
SHA512

2d72b7c622791b451582e189da7ef3d9f9a1f0d57eb3c3d5512689f9ba3431f25733f226addc1da8b32fc036bf484f9b86f2c8e7f8e5b5ef93a9512949eb30c6
SSDEEP

1572864:HaMToSe1wON7NyJqRy3i59LylJv9wxTc3ug0AS892SzRmkirdwsMfMjd7rMoQUfh:3s1y4Ry3a83adj02+eLbd7nZ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
3564	LiberaInstaller.tmp
2336	Libera.exe
4080	CefSharp.BrowserSubprocess.exe
2172	CefSharp.BrowserSubprocess.exe
1836	CefSharp.BrowserSubprocess.exe
2960	CefSharp.BrowserSubprocess.exe
1500	CefSharp.BrowserSubprocess.exe
3332	CefSharp.BrowserSubprocess.exe
4480	unins000.exe
3352	_unins.tmp

Loads dropped DLL 41 IoCs

pid	Process
2336	Libera.exe
2336	Libera.exe
2336	Libera.exe
2336	Libera.exe
2336	Libera.exe
2172	CefSharp.BrowserSubprocess.exe
2172	CefSharp.BrowserSubprocess.exe
2172	CefSharp.BrowserSubprocess.exe
2172	CefSharp.BrowserSubprocess.exe
2172	CefSharp.BrowserSubprocess.exe
1836	CefSharp.BrowserSubprocess.exe
1836	CefSharp.BrowserSubprocess.exe
1836	CefSharp.BrowserSubprocess.exe
1836	CefSharp.BrowserSubprocess.exe
1836	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
2960	CefSharp.BrowserSubprocess.exe
2960	CefSharp.BrowserSubprocess.exe
2960	CefSharp.BrowserSubprocess.exe
2960	CefSharp.BrowserSubprocess.exe
2960	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
1500	CefSharp.BrowserSubprocess.exe
1500	CefSharp.BrowserSubprocess.exe
1500	CefSharp.BrowserSubprocess.exe
1500	CefSharp.BrowserSubprocess.exe
1500	CefSharp.BrowserSubprocess.exe
3332	CefSharp.BrowserSubprocess.exe
3332	CefSharp.BrowserSubprocess.exe
3332	CefSharp.BrowserSubprocess.exe
3332	CefSharp.BrowserSubprocess.exe
3332	CefSharp.BrowserSubprocess.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 49 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Libera\CefSharp.dll	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\libGLESv2.dll	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-35TUP.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-KA27O.tmp	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.Core.dll	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-GKSBL.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-65R0G.tmp	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\vulkan-1.dll	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-68240.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-QKJNG.tmp	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\unins000.dat	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\debug.log	Libera.exe
File created	C:\Program Files (x86)\Libera\is-N6THL.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-1G139.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-HHOH1.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-RKMQ8.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-VRDG9.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-21FPH.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-8A9VN.tmp	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\CefSharp.Core.dll	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\libEGL.dll	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\unins000.dat	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\unins000.dat	_unins.tmp
File created	C:\Program Files (x86)\Libera\is-EALJO.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-GDUKQ.tmp	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\chrome_elf.dll	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-SPI81.tmp	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\dxil.dll	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-E79EV.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-OI7BK.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-AF3FF.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-RJ4LV.tmp	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\vk_swiftshader.dll	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-9EFI3.tmp	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\d3dcompiler_47.dll	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\dxcompiler.dll	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-AEGN1.tmp	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\CefSharp.Core.Runtime.dll	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\libcef.dll	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-9V6M4.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-ACEOF.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-RGIOI.tmp	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\Libera.exe	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-F00BP.tmp	LiberaInstaller.tmp
File opened for modification	C:\Program Files (x86)\Libera\CefSharp.WinForms.dll	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-5SEE9.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-Q8EPV.tmp	LiberaInstaller.tmp
File created	C:\Program Files (x86)\Libera\is-9TO4C.tmp	LiberaInstaller.tmp

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	Libera.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	_unins.tmp

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3564	LiberaInstaller.tmp
3564	LiberaInstaller.tmp
2172	CefSharp.BrowserSubprocess.exe
2172	CefSharp.BrowserSubprocess.exe
1836	CefSharp.BrowserSubprocess.exe
1836	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
4080	CefSharp.BrowserSubprocess.exe
2960	CefSharp.BrowserSubprocess.exe
2960	CefSharp.BrowserSubprocess.exe
1500	CefSharp.BrowserSubprocess.exe
1500	CefSharp.BrowserSubprocess.exe
3332	CefSharp.BrowserSubprocess.exe
3332	CefSharp.BrowserSubprocess.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

description	pid	Process
Token: SeDebugPrivilege	2172	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	1836	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	4080	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	2960	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	1500	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeDebugPrivilege	2336	Libera.exe
Token: SeDebugPrivilege	3332	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe
Token: SeShutdownPrivilege	2336	Libera.exe
Token: SeCreatePagefilePrivilege	2336	Libera.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3564	LiberaInstaller.tmp
3352	_unins.tmp

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 3564	1252	LiberaInstaller.exe	78
PID 1252 wrote to memory of 3564	1252	LiberaInstaller.exe	78
PID 1252 wrote to memory of 3564	1252	LiberaInstaller.exe	78
PID 3564 wrote to memory of 2336	3564	LiberaInstaller.tmp	80
PID 3564 wrote to memory of 2336	3564	LiberaInstaller.tmp	80
PID 2336 wrote to memory of 4080	2336	Libera.exe	81
PID 2336 wrote to memory of 4080	2336	Libera.exe	81
PID 2336 wrote to memory of 2172	2336	Libera.exe	82
PID 2336 wrote to memory of 2172	2336	Libera.exe	82
PID 2336 wrote to memory of 1836	2336	Libera.exe	83
PID 2336 wrote to memory of 1836	2336	Libera.exe	83
PID 2336 wrote to memory of 1500	2336	Libera.exe	84
PID 2336 wrote to memory of 1500	2336	Libera.exe	84
PID 2336 wrote to memory of 2960	2336	Libera.exe	85
PID 2336 wrote to memory of 2960	2336	Libera.exe	85
PID 2336 wrote to memory of 3332	2336	Libera.exe	86
PID 2336 wrote to memory of 3332	2336	Libera.exe	86
PID 4480 wrote to memory of 3352	4480	unins000.exe	92
PID 4480 wrote to memory of 3352	4480	unins000.exe	92
PID 4480 wrote to memory of 3352	4480	unins000.exe	92

C:\Users\Admin\AppData\Local\Temp\LiberaInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\LiberaInstaller.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Users\Admin\AppData\Local\Temp\is-K99FE.tmp\LiberaInstaller.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-K99FE.tmp\LiberaInstaller.tmp" /SL5="$4023C,94712840,832512,C:\Users\Admin\AppData\Local\Temp\LiberaInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3564
- - C:\Program Files (x86)\Libera\Libera.exe
    "C:\Program Files (x86)\Libera\Libera.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2336
  - - C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe
      "C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\LiberaBrowser\Cache" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,6527213089884828258,10299964576105332883,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=2004 --mojo-platform-channel-handle=1960 /prefetch:2 --host-process-id=2336
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4080
  - - C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe
      "C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\LiberaBrowser\Cache" --cefsharpexitsub --field-trial-handle=2520,i,6527213089884828258,10299964576105332883,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=2524 --mojo-platform-channel-handle=2516 /prefetch:8 --host-process-id=2336
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2172
  - - C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe
      "C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\LiberaBrowser\Cache" --cefsharpexitsub --field-trial-handle=2568,i,6527213089884828258,10299964576105332883,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=2572 --mojo-platform-channel-handle=2564 /prefetch:3 --host-process-id=2336
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1836
  - - C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe
      "C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\LiberaBrowser\Cache" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2796,i,6527213089884828258,10299964576105332883,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=2800 --mojo-platform-channel-handle=2756 --host-process-id=2336 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1500
  - - C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe
      "C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\LiberaBrowser\Cache" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2840,i,6527213089884828258,10299964576105332883,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=2848 --mojo-platform-channel-handle=2832 --host-process-id=2336 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2960
  - - C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe
      "C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\LiberaBrowser\Cache" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3584,i,6527213089884828258,10299964576105332883,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=3588 --mojo-platform-channel-handle=3580 --host-process-id=2336 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3332

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4836

C:\Program Files (x86)\Libera\unins000.exe
"C:\Program Files (x86)\Libera\unins000.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp
  "C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp" /SECONDPHASE="C:\Program Files (x86)\Libera\unins000.exe" /FIRSTPHASEWND=$20260
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  PID:3352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.Core.dll

Filesize
1.1MB

MD5
b15cf4c98ec9821d461223188355984e

SHA1
d6343bba44b32c75396a2ccd7f9bf60c6dcb90e0

SHA256
299a966779fd7248aea3adb3cba1a0fb6d2fca6a36cce8b2b897286a85609dae

SHA512
9751ee164f6d94a3ec5bf3c4daeb613623703377caeb3b8bc823ae203c6124f19e02d5c7a8f9a85ce91371c2197e507ba282f729839d59f30fb8c85f437d216f

Download Submit
C:\Program Files (x86)\Libera\CefSharp.BrowserSubprocess.exe

Filesize
6KB

MD5
1951870e337dd30281900119ea7563da

SHA1
d8a4cfc3ba6facf1f3b9af480b7bc40c388855cc

SHA256
32e2dc7532614a85403d693e42367f8ce147f17734817cca8bf71e516e35e152

SHA512
de32988e2cc4fe4154559839ce2380acdeb12d8fc51141917be68e8fefca8058f1e7405da5c5cd7bfc557ad3b96568fbb261a908618fab443fee970d85b4952b

Download Submit
C:\Program Files (x86)\Libera\CefSharp.Core.Runtime.dll

Filesize
1.7MB

MD5
42ba7c73355c75388aed01ac4452c920

SHA1
59fe051551354eb6ae1d603faa011e700b321108

SHA256
fe6ccf8dabf42a3e666fc101539f5a1c05682517e2f45cf4f997bd9ace1fb5b4

SHA512
914dac0d74a6c35a00263425e56fce7d95f2acbecdedb62e13db83f96de0124142347930cc336b611216c5803f35e26188fcac0df15a1f7f49e7eaaca006fece

Download Submit
C:\Program Files (x86)\Libera\CefSharp.Core.dll

Filesize
898KB

MD5
1bb24b22d9bd996c038d26b600ed18a8

SHA1
c2629a8a26c9c0969501923f84874838087cca2b

SHA256
944b987a0b677d354e24ee15bba65f73b0f051338f576234a975a49493399873

SHA512
38578e0d1a39ccc9851ff80d3a0f5342a34303229e2898c3ca32dad11017d4277720f54b472c2f1a0b73f47d5ba6352aa7be8ae2ed72b3b25a01dd8292591421

Download Submit
C:\Program Files (x86)\Libera\CefSharp.WinForms.dll

Filesize
52KB

MD5
949cb6bc737e0b25b2320091a975402d

SHA1
f57b01024b0cc420c868141535f5df7632c44490

SHA256
11e30e156afce1de69ff096d126d07062ba3e14acafe07e4df7d759849987b1c

SHA512
3b5f395adfa8a6c68a7d9bf67e98933a6ea15e8851cbb6821b2367f52933b29af7933d701010ec95fc72ed0ec625d51e6192a16477199e3c97eb85e23a87a5d4

Download Submit
C:\Program Files (x86)\Libera\CefSharp.dll

Filesize
272KB

MD5
9ca06a8f9e5f7239ca225ab810274023

SHA1
e1a219f567a7b7d3af9386df51b14c76e769c044

SHA256
5fd00ae3e83e6ca156647ff6df87b49ffc7cad47c23fe3ae07c067c5adf6f74a

SHA512
430c9bceed5439b987d5bd4840cfe32411ca61594f18597aca1948aa39a22c9d70beadf3bb9b1dd0373f81a94a25dcba17fa8e8c73abf06cba28d0971d5614c5

Download Submit
C:\Program Files (x86)\Libera\Libera.exe

Filesize
300KB

MD5
0804fffbc57745491d1b72bfa9b38962

SHA1
ce4f0e2b1cb5c794893d202d393c5d3008010132

SHA256
37ea2f80c48888ee722baa385133bdb1f050fa30fbb5dce7f8b7f88aab4363be

SHA512
d7a10ef62a48111295316a17948a28c4c86f86b4e8adb436e260068fddae73ad0b8bc97960419f4eefb668fab2baf93d7f46218622f106933c1350cbea9e8de5

Download Submit
C:\Program Files (x86)\Libera\Libera.exe.config

Filesize
189B

MD5
9dbad5517b46f41dbb0d8780b20ab87e

SHA1
ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

SHA256
47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

SHA512
43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

Download Submit
C:\Program Files (x86)\Libera\chrome_100_percent.pak

Filesize
667KB

MD5
ae195e80859781a20414cf5faa52db06

SHA1
b18ecb5ec141415e3a210880e2b3d37470636485

SHA256
9957802c0792e621f76bbdb1c630fbad519922743b5d193294804164babda552

SHA512
c6fef84615fe20d1760ca496c98629feb4e533556724e9631d4282622748e7601225cf19dfb8351f4b540ae3f83785c1bcea6fe8c246cf70388e527654097c1c

Download Submit
C:\Program Files (x86)\Libera\chrome_200_percent.pak

Filesize
1.0MB

MD5
1abf6bad0c39d59e541f04162e744224

SHA1
db93c38253338a0b85e431bd4194d9e7bddb22c6

SHA256
01cb663a75f18bb2d0d800640a114f153a34bd8a5f2aa0ed7daa9b32967dc29e

SHA512
945d519221d626421094316f13b818766826b3bedddab0165c041540dddadc93136e32784c0562d26a420cb29479d04d2aa317b8d605cd242e5152bf05af197e

Download Submit
C:\Program Files (x86)\Libera\chrome_elf.dll

Filesize
1.3MB

MD5
ce1dc52bffdaf683809551fb83ef3349

SHA1
1b7a742549ec9fac79d591da0dd23522b31b695a

SHA256
bab5b393359276ebeb12d19762c10f2b88858a248f107d9a84cedd675dd3d68f

SHA512
4bda39c681d783355b65704f94eb03d5d37b09dfd641ddbe0c12f3c2818f62965d03163444ca8a02144d06ecf58cefb0eef9f7f2ba5daf60b05b5894caa3fe85

Download Submit
C:\Program Files (x86)\Libera\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Program Files (x86)\Libera\dxcompiler.dll

Filesize
20.9MB

MD5
581c57c197393f56dabb6b3bf57d8d62

SHA1
d5f8a4cd7bd010d0bbe84453454921c30bcd9d1f

SHA256
9ac6b644c58816a81db132db9f6e2cbaf2087567423fb980ad24a9a056e62dc1

SHA512
75cfcc3e2732cc34db3c4da7026133fc380afe5e9c3b2b3871562ce5e2e51b575b1e5e86c46899747ed4a80170ce57de671448ffe2e51c8126d4660575ac7be4

Download Submit
C:\Program Files (x86)\Libera\dxil.dll

Filesize
1.4MB

MD5
cb72bef6ce55aa7c9e3a09bd105dca33

SHA1
d48336e1c8215ccf71a758f2ff7e5913342ea229

SHA256
47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

SHA512
c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

Download Submit
C:\Program Files (x86)\Libera\icudtl.dat

Filesize
10.2MB

MD5
74bded81ce10a426df54da39cfa132ff

SHA1
eb26bcc7d24be42bd8cfbded53bd62d605989bbf

SHA256
7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9

SHA512
bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a

Download Submit
C:\Program Files (x86)\Libera\libEGL.dll

Filesize
457KB

MD5
d63484c6d32ad4a34cba26fb8ed44f2b

SHA1
d646c0233f1c5e88f49024d6f8e4acc3e6bf63e5

SHA256
c018a9708c8f8d9c291a47293a5f88f20af354b08cf48b3c0f57957d66c48b29

SHA512
85bec8eb39718ca95ec8f6ef6973adec84678527e6be58d7353216e2d727be54b679b8be80957a78825b7120e11a630021154ef3b6ad0c19600ce86840452aed

Download Submit
C:\Program Files (x86)\Libera\libGLESv2.dll

Filesize
7.6MB

MD5
e3894ddad0218fec1017356d472b862a

SHA1
588a1ab502853107a71aea1bf72da3d82385101a

SHA256
d3606a796c76cee3ab0e9db2bad1138bf0bedb17b0fbd990adb352226d9180e4

SHA512
0dae713baaa19ddcc3c2ca55c247fd5cc1678a2b3c3a84a5bd662d6a657bc08b9da862e4bb0b43ea4c87a97c565b1453d68b7a2c4a1c0f5e749c3b6062cb7022

Download Submit
C:\Program Files (x86)\Libera\resources.pak

Filesize
8.0MB

MD5
4933d92c99afa246fc59eef010d5c858

SHA1
98d443654e93c73dd317f9f847f71fba3d5b3135

SHA256
62f4674daa15245ee081920b8ee191e72f36ca8fe24f6b986a832f45676915b2

SHA512
a3a69523c8e7310716daeebc06c2ba4fce673eccd1958e824ff179b82f4502d0ec095190179bbb387342e4150f952ea7533182fb6ba90377d17dafba8f4da623

Download Submit
C:\Program Files (x86)\Libera\v8_context_snapshot.bin

Filesize
649KB

MD5
89a6f6c39095dceab69a037c8d38f841

SHA1
b75e3b8c5b5031e5ea932b8384fe6dec3268078c

SHA256
492f369863d7c5904d74b7c9d48a4d77969aa0eb3e040a18344bf400579ca298

SHA512
5290eb6a053dcb4886da0a75ae7542aa483b6a879bf50bb4ebdf3b187d1002402ffbc02e00e7f0b7c96dd479aa9bb6d426d68ad2121e2c74dc48da571b1e9aaf

Download Submit
C:\Program Files (x86)\Libera\vk_swiftshader.dll

Filesize
5.0MB

MD5
6a4b3c620661e672c88c759814bd4770

SHA1
c575161e65f826f2bbb4c2fc2b6b5a1cf56fe00f

SHA256
911d416fea037c541fd3ebc464e5f3b4f36ae9f69c887a0238d4210b7af6f56e

SHA512
b17e226ab8cd99e3ed2d63c2f7edd5a988959bf74ed670ca755685ea3a91c6ae54ad4b7e4234fe7cc87018e5aebcaa3433db188848ba2d45d7862f4e6ef4b6e3

Download Submit
C:\Users\Admin\AppData\Local\LiberaBrowser\Cache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
eab5584b8c07e3cfe40e7e78414f7847

SHA1
586b7202aad4a4223d9474c1066ec66d1b1308a0

SHA256
4a9d0f7cc24187c6929461d2b12bbeb45049694ed18341ea188d698bc9cc8d5c

SHA512
4fbdad7c556e41c8b2314f5da2fb8f9b17ad74a0e209b4994e0d4789f77d30e7b65793210079844dd77783224aeebd044fb2d2e3190f9aa80bc8d910175064d0

Download Submit
C:\Users\Admin\AppData\Local\LiberaBrowser\Cache\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e01fbc63fb4064564b66a62865365976

SHA1
dad79df3cb76895d9fae404bb62ee3c3b25c7e5e

SHA256
451b515c2d70ca3d9ed8bba54ef799a20063faa593d6b28c0a0fa23f91291c4b

SHA512
5cd0a4698076ebd68949639aed5917bec06ae02d17ebef56a69951df2ebf5df03ebd80e150babaf652a508d36c31b9086d570b0be2198b48bb81e9beb9acad02

Download Submit
C:\Users\Admin\AppData\Local\LiberaBrowser\Cache\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\LiberaBrowser\Cache\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\LiberaBrowser\Cache\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\LiberaBrowser\Cache\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\LiberaBrowser\Cache\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\LiberaBrowser\Cache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\LiberaBrowser\Cache\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\LiberaBrowser\Cache\Network\Network Persistent State

Filesize
1KB

MD5
229a59615751e3a9b860cc33ac09465a

SHA1
bef463f16648510a60e2ade6b99d2a96a25bfac8

SHA256
7a73cf8fe6d781e305d770dfafd4d86d6876bc7ff02e79d65ab65e82a54f1957

SHA512
1a5efbdb0ca67a36a5a555085aa9a9842c1d38c808419a4d0c34a1e8213737c49d02679cf64b1f7daf07209c5f3c4c73a282a0c5155aa79b15f48235359f68b7

Download Submit
C:\Users\Admin\AppData\Local\LiberaBrowser\Cache\Network\Network Persistent State~RFe59bd0d.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K99FE.tmp\LiberaInstaller.tmp

Filesize
3.1MB

MD5
df15a3dc7e8ac6bb1c3a289d2334ab54

SHA1
6095c40a843ee7f6a5648b6b857bc92de1f3aa34

SHA256
270a77139e694a8566ffe529ebe692665f977a69a451f2062a4f3eb34e366048

SHA512
421f3fdaaf6f459c1473b8d156c5ee62554f29d2977033c1b232c667d93129be3936e5ebe9eb9e7ffb0c0b92dd93ebf69c8ea146ca755a0cda9c32fe4ca95d7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp

Filesize
3.1MB

MD5
1b1e7636fd7c10f410f2753c33c8a18c

SHA1
289bf30c09add852b0d573aec993a35196b09bf4

SHA256
419bd2db0a575809c54fb334a0e7c1cd2c0f64173d51a40901c80109f1825699

SHA512
24170209bf7ea707735ebe6096815fc3a6d3482865bbfd16344a40a8dcbe4e0af9cd074fe949efc2aec2db2cc2018a7a67fb151b80a27edc824920da45c5d48a

Download Submit
memory/1252-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1252-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1252-124-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1252-7-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1252-28-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2172-156-0x000001E16B660000-0x000001E16B77F000-memory.dmp

Filesize
1.1MB

Download
memory/2336-107-0x0000024B418E0000-0x0000024B4192A000-memory.dmp

Filesize
296KB

Download
memory/2336-105-0x0000024B41770000-0x0000024B41784000-memory.dmp

Filesize
80KB

Download
memory/2336-110-0x0000024B43F00000-0x0000024B43FE6000-memory.dmp

Filesize
920KB

Download
memory/2336-117-0x00007FFD70350000-0x00007FFD70E12000-memory.dmp

Filesize
10.8MB

Download
memory/2336-101-0x00007FFD70353000-0x00007FFD70355000-memory.dmp

Filesize
8KB

Download
memory/2336-103-0x0000024B272C0000-0x0000024B2730E000-memory.dmp

Filesize
312KB

Download
memory/2336-114-0x0000024B43FF0000-0x0000024B441B2000-memory.dmp

Filesize
1.8MB

Download
memory/2336-415-0x00007FFD70350000-0x00007FFD70E12000-memory.dmp

Filesize
10.8MB

Download
memory/2336-108-0x00007FFD70350000-0x00007FFD70E12000-memory.dmp

Filesize
10.8MB

Download
memory/3352-424-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3564-29-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3564-97-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3564-6-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3564-123-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4080-144-0x0000016733310000-0x0000016733316000-memory.dmp

Filesize
24KB

Download
memory/4480-422-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download