c954ba4d9f8e230d8fd42b5fa0bd25bd978725b78b9473e23da4740cda0606c1

Analysis

max time kernel
134s
max time network
165s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13-06-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FluffyPenguin-Setup-1.5.9.exe
Size

120.5MB
MD5

3c41fbcf23dea667c04b68cb9b0486e1
SHA1

17fcf5893324b704776c630393be95932fe37133
SHA256

c954ba4d9f8e230d8fd42b5fa0bd25bd978725b78b9473e23da4740cda0606c1
SHA512

dc0ff877ff5f1c6c5054c2bae42f42bd334ecfe28de1de38a8b8745b5478d7b33f5758fa323e32de577de8f731846fbc93e97f4a28e7714f71db651657bfe07d
SSDEEP

3145728:hnzB6iffRSR53WSlImQ5eCryMzBSDzNcfQnfcJso8oHyK4:L6iffA/3WrrS3N1nfKs/oHy/

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

FluffyPenguin.exeFluffyPenguin.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Control Panel\International\Geo\Nation	FluffyPenguin.exe
Key value queried	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Control Panel\International\Geo\Nation	FluffyPenguin.exe

Executes dropped EXE 7 IoCs

Processes:

FluffyPenguin.exeFluffyPenguin.exeFluffyPenguin.exeFluffyPenguin.exeFluffyPenguin.exeFluffyPenguin.exeFluffyPenguin.exe

pid	process
2468	FluffyPenguin.exe
1956	FluffyPenguin.exe
688	FluffyPenguin.exe
2384	FluffyPenguin.exe
2696	FluffyPenguin.exe
2868	FluffyPenguin.exe
2672	FluffyPenguin.exe

Loads dropped DLL 31 IoCs

Processes:

FluffyPenguin-Setup-1.5.9.exeFluffyPenguin.exeFluffyPenguin.exeFluffyPenguin.exeFluffyPenguin.exeFluffyPenguin.exeFluffyPenguin.exeFluffyPenguin.exe

pid	process
2248	FluffyPenguin-Setup-1.5.9.exe
2248	FluffyPenguin-Setup-1.5.9.exe
2248	FluffyPenguin-Setup-1.5.9.exe
2248	FluffyPenguin-Setup-1.5.9.exe
2248	FluffyPenguin-Setup-1.5.9.exe
2248	FluffyPenguin-Setup-1.5.9.exe
2248	FluffyPenguin-Setup-1.5.9.exe
2248	FluffyPenguin-Setup-1.5.9.exe
2248	FluffyPenguin-Setup-1.5.9.exe
2248	FluffyPenguin-Setup-1.5.9.exe
2248	FluffyPenguin-Setup-1.5.9.exe
1216
2468	FluffyPenguin.exe
1216
1216
1216
1216
1956	FluffyPenguin.exe
688	FluffyPenguin.exe
2384	FluffyPenguin.exe
688	FluffyPenguin.exe
688	FluffyPenguin.exe
688	FluffyPenguin.exe
2696	FluffyPenguin.exe
2696	FluffyPenguin.exe
2696	FluffyPenguin.exe
2696	FluffyPenguin.exe
1216
2868	FluffyPenguin.exe
2868	FluffyPenguin.exe
2672	FluffyPenguin.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

FluffyPenguin.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	FluffyPenguin.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FluffyPenguin.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FluffyPenguin.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FluffyPenguin.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

FluffyPenguin-Setup-1.5.9.exeFluffyPenguin.exeFluffyPenguin.exeFluffyPenguin.exe

pid process

2248 FluffyPenguin-Setup-1.5.9.exe
1956 FluffyPenguin.exe
2384 FluffyPenguin.exe
2468 FluffyPenguin.exe
2468 FluffyPenguin.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

FluffyPenguin-Setup-1.5.9.exe

description pid process

Token: SeSecurityPrivilege 2248 FluffyPenguin-Setup-1.5.9.exe

description	pid	process
Token: SeSecurityPrivilege	2248	FluffyPenguin-Setup-1.5.9.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

FluffyPenguin.exe

description	pid	process	target process
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 688	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 1956	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 1956	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 1956	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2384	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2384	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2384	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe
PID 2468 wrote to memory of 2696	2468	FluffyPenguin.exe	FluffyPenguin.exe

C:\Users\Admin\AppData\Local\Temp\FluffyPenguin-Setup-1.5.9.exe
"C:\Users\Admin\AppData\Local\Temp\FluffyPenguin-Setup-1.5.9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2248

C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe
"C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2468

C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe
"C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe" --type=gpu-process --field-trial-handle=984,4562582147435178693,12997179047012488167,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=992 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:688

C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe
"C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=984,4562582147435178693,12997179047012488167,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1128 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:1956

C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe
"C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe" --type=renderer --field-trial-handle=984,4562582147435178693,12997179047012488167,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\resources\app.asar" --enable-plugins --no-sandbox --no-zygote --context-isolation --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1504 /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2384

C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe
"C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe" --type=gpu-process --field-trial-handle=984,4562582147435178693,12997179047012488167,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=992 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2696

C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe
"C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe" --type=ppapi --field-trial-handle=984,4562582147435178693,12997179047012488167,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --ppapi-flash-args --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=1624 /prefetch:3
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2868

C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe
"C:\Users\Admin\AppData\Local\Programs\ffpenguin-app\FluffyPenguin.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=984,4562582147435178693,12997179047012488167,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2060 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CabED9C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEDFC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
45574510c534a8195f53b30e3810239e

SHA1
10bfa95a2f25df14dfe6a55a9e73d9fa5becdb60

SHA256
c44607a865e7a6db05552baa0ef71f9887d96acd00d123854b44996bc27c0e33

SHA512
b59d4c8e07748b68da51b2163a2ebafd51cdc546a1776a1105c19f6727dad697692d4fcb137578bb43dc615342a08c2e9e103384b80fc81c3c669aecc9c443c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\LICENSES.chromium.html

Filesize
4.5MB

MD5
d4a79b5d46f0931b9eb7125fd40baff0

SHA1
3a38fb263dde2251b9fe157b5fddec7acb07c53e

SHA256
03f1d245e6a2facca9edbdaad108169e0765dd9101875bc2d123797994b9e80f

SHA512
17cf94805f11d499ff12d8e42cb262ceecbeb265f56338e0837d291f6a7ed7f8135a025dbe99fdb2e2bb299f2267bed9365976ea51269aafd4c3220cffef9339

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\chrome_100_percent.pak

Filesize
121KB

MD5
06baf0ad34e0231bd76651203dba8326

SHA1
a5f99ecdcc06dec9d7f9ce0a8c66e46969117391

SHA256
5ae14147992a92548bcad76867dd88cdfcdb69d951c8720920cce6fb135e3189

SHA512
aff6616e56781ebb925a0ca146245ad3b2827250b32261c0c7c0d5b10b20a343a17fc3761c95d93104163e77b2eae3f1f9cbd3cb2b377f49b42bea39bdd09b91

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\chrome_200_percent.pak

Filesize
181KB

MD5
57c27201e7cd33471da7ec205fe9973c

SHA1
a8e7bce09c4cbdae2797611b2be8aeb5491036f9

SHA256
dd8146b2ee289e4d54a4a0f1fd3b2f61b979c6a2baaba96a406d96c3f4fdb33b

SHA512
57258aa169bec66abf0f45a3e026bb68751fb970b74bd0cb465607fa3b2a89967e832d92d8f675f0449bb6662fcb7786d05f0597124cc8e18bb99a47245779b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
eabfc10d56cb44a86493cb2f8ca7aab2

SHA1
09d7e87f43527333cd021329d6c2f4e8bd8ddab5

SHA256
42a2a996ac433ac33a22776b8418a82753557093d90147b7951138b5c83924b6

SHA512
ee31e3539fba9e5969a9f38c428f586de2dd7630cb5d8c5e3c2c934b5881f8176b8ab6ef6397c1ce4fa6ccf3ee9615225c7afa0e0b28c6fc23974e8b96625dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
ad2988770b8cb3281a28783ad833a201

SHA1
94b7586ee187d9b58405485f4c551b55615f11b5

SHA256
df876c7af43ed93eec6aea4d2d55c805009c219653cdeb368f1d048f4922b108

SHA512
f27e542a9c6c60fa28c5b7cc2818079341ef93aef3bbcadecad2dc11aff5b1592b19c7ebfa543ea42a3cbfec26a668641b255545fb0912056e25e852c2dedd01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\libEGL.dll

Filesize
438KB

MD5
660a9ae1282e6205fc0a51e64470eb5b

SHA1
f91a9c9559f51a8f33a552f0145ed9e706909de8

SHA256
f2a841b6ef320f226965c7cb01fbc4709fc31425e490a3edfa20147ce3656c85

SHA512
20bed2bed042033e3d8b077f9d66bce67922aaec180cc3777f20560219226b7efc73932bb87445afda4e3877472ddcd307215d23954cd082051437e5f2224263

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\libGLESv2.dll

Filesize
7.3MB

MD5
bc45db0195aa369cc3c572e4e9eefc7e

SHA1
b880ca4933656be52f027028af5ef8a3b7e07e97

SHA256
a81729fd6ee2d64dfc47501a1d53794cdeee5c1daa3751f7554aea2503686d10

SHA512
dd8c39947e7d767fbdccf90c5b3eaedf3937b43c55200d2199107333b63ac09e5356c286618874fac841e1357dd927e0c70b5066c1feeedd8cc6c0fba605ee5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\am.pak

Filesize
142KB

MD5
e1b02b36ce38a843a12867d2700a1bee

SHA1
4e165fd9290921b9acbec8ff24e6987f36a2f3c3

SHA256
e9c78c2410d5c81e0cd5d122462e852143eea15ca69cd01b85322cede1e10806

SHA512
46ce9cc38ab338187fbf0c07a8a9fc1a96bb1d9181fb3b26741ecdc5e1b9fd2ac91b3b9e33d149bf07e6ef5879f72a589954e9314b47fd7b833677384d8b1933

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\ar.pak

Filesize
144KB

MD5
985efad36a2c07c95fc304319d6cd1f1

SHA1
6bd0adbb16ca511850df5132d78322bd7c525a6c

SHA256
1cdef40ba8343e7f826c2020906915efaac5e56f543cd2ed6ebf704882525d8c

SHA512
7176d5254dad1ef91a428087099b1729285c5a58bd2f0b20e51b340d298973be2e36ee32128f71948bff3b013f42fcba01f37eff8f80bb2926695bfb65a02316

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\bg.pak

Filesize
154KB

MD5
26a0431ff9f22716c55f68f7e164c595

SHA1
9e9924ad447907031bc9d1cb753e0d0f66125b19

SHA256
1bb8c5ce9215d42ba9ceec52f86fbff46df668ce48ff56bd1cbe96adadf4922c

SHA512
486ab8c00646afc60193f97583324778c9010e0cc3b4c2f74554c25515c1edba92d83c44bfc6b364b388621c1631f2f51de19a325382ca5e668dac3a75bc85a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\bn.pak

Filesize
203KB

MD5
5d7894bc1947927acac8491e1036d44e

SHA1
273b9438740d379d1a20a7c5ed4275940405a44b

SHA256
f7d704207cb3340f1ace2f2e5af031e816bb86e4bf3f665907d837d094bba37a

SHA512
6179ce46ba48fdd110a8c7d2ae17b43b064b45d147b18e9f20223c845382dc01e0e4f3fbe549ce3a23b6f46e59050f9337465d73e748003a1e650bbfdfd21b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\ca.pak

Filesize
99KB

MD5
d92f01e66dbefbe28d9ddc0a0b318258

SHA1
8c2b07df543e7b523ee6a682450eb96ace988c46

SHA256
14e99f4d94868a454f40ee8e0f62d056e0abb303caf6e184a9a61bdec18ac271

SHA512
0a27d8533128cf03568e8b1e8223188415429a8be8919cf3f81bc041ee93fb530d465d1a8313876c3db9c83b9dc04cb4ea0d9bab0dcbb3373813aedb5803725c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\cs.pak

Filesize
101KB

MD5
b7ed7dd838c0c0980d7c011a3cef03b5

SHA1
d752b7e7098e5cb2c894ac35591db2852946d497

SHA256
9651b8f3304c70d96dcca76cfffad90ce8afcab6231ffd8e4e9beade3d510841

SHA512
23a6de6b8093c8f87e84ab7cbad1910a96f228900967b16cec9852fe88f756be7d5fd45b45b4f0b4caa4db05aa315f21c73b2c1c6c32e11d55ae6b810dfed49a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\da.pak

Filesize
92KB

MD5
55a82964b36308b838d627e7ce708078

SHA1
c685eeae43f85346fc984d02c9fe4120f8b5467f

SHA256
1d1a3e38ddf282969bca2a5d893b3db4a0aed10b53eab37bb2dad7d2d18c94de

SHA512
57f7a23db6ffeb0be0b90005fa8c4ca22294b27da7a14e6afd70ac417b05122bd3ebacc41a168e28586a157521ca0e3093cb18d4bd7df71cdbc0f95b2925ece8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\de.pak

Filesize
98KB

MD5
9b1f23b3e07d947c0227f640560bc0a6

SHA1
17908d26037c885655a40e470fdf004a3367ebed

SHA256
e71f4320553f65cfd0356a4b30f3aec2eec7b4fd327866d528917b9909cfa761

SHA512
72de618027466a819692425fa028d65d432e825f6eb9a3bc100dac808c4e8acaec7c515a7d7674f04f0343edff731ea07381a5159b817b86d07359e324bd829b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\el.pak

Filesize
172KB

MD5
5949036e7e364f5c97fec60c80a4740c

SHA1
6380125302942906a7ffac45c724c9a1c392a50b

SHA256
a3431d3ac720f871c33d7e522cf506b2fa8ea1872bac02a4b4b427a6d063af38

SHA512
017fd71ba9ca2718e138fd1baf8893bf0e6ae86d947774671a72ffba6bcf330d039e313a949ca3c869186155c7243059885931a7de0804ed9ce4faf0989de94a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\en-GB.pak

Filesize
82KB

MD5
32f8d0492b73ce67df70c2f6b65a9db6

SHA1
eb7cb21681e65869a931f50d83b19d06f60d28b5

SHA256
c4fdfa9c6f30ad657bf12ccb95f70542a0fade45d8490259a4507629f4b33299

SHA512
04d80661d37c5c99657f9ac268674c058fec4a25fd9aa30c0a2113558e51aab4cb2f01baea3d8625d744df29575944a19f8575579f872c0716876819e933d693

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\en-US.pak

Filesize
83KB

MD5
bd8f7b719110342b7cefb16ddd05ec55

SHA1
82a79aeaa1dd4b1464b67053ba1766a4498c13e7

SHA256
d1d3f892be16329c79f9a8ee8c5fa1c9fb46d17edfeb56a3d9407f9d7587a0de

SHA512
7cd1493e59e87c70927e66769eb200f79a57e1eb1223af4eb4064088571893d3e32cbc4b5ece568fd308992aad65684aa280dc9834f2b5d327bdee514b046e5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\es-419.pak

Filesize
97KB

MD5
a6de020b1ec17664d99aa372dfc3aeef

SHA1
b7c2e6af4854252df86ea49c625f15ee094c891b

SHA256
64df687bbb37bcd92e609f7e3bf950ee5629b693ff8636607285f5753b1bdaae

SHA512
6af0488ea1632e6aad16b149166319dd9039f00da56c740c196dbcfc5265a0c225581450efe616e0d9a82e6d6a5bb50f2e0ee90f095628dfc5acb9f2d160193b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\es.pak

Filesize
99KB

MD5
06a2c6940def84d9327083aee446f446

SHA1
a542fd511568ae5f90e86259d427b7792ec52d03

SHA256
eb22282dbf211f64142ef4dfac2c1d811d65decd617c4a3d1c892967dc72ac07

SHA512
23d0547ca962419bd6013f094de67a6f20779440674fef3bd38ae613c72daef6072a217d7832e1c62dd68bdfdb1eeba241ac302f72cb710015d8924f8e6797c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\et.pak

Filesize
88KB

MD5
ac38b14b7663b5e4e98baa6bc47143a1

SHA1
d41c2be94d6b5aaeb23c17b9a6c453a5ac9dceba

SHA256
b3baf825f9b237565260ba2935fe9acf2ae381e3bfc6fbf837dbfe6fb83314b5

SHA512
930a9ef5b3cfabec18b18b52d6b3da8f91e6c4d4b03e311ff34eb8f5af85c6b91077c7cc1bda609f114935d6b287a503f5e1ee792548cef0a5686bf4a3c433d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\fa.pak

Filesize
138KB

MD5
a6c8f787f9f3ef00bc38673f806e69f3

SHA1
6be8d4a7afc97748b1bf619d10086a6d27c1a519

SHA256
8ea08e9874892edefcbdc55c393dc00fe451f3c7f29b57d7105377349eb4bfc4

SHA512
64668ae3d459c95f22e580c2f637c8b739ecd7c177243d505544b4b55f0c70710cd99ac71215412d04845e170d47e7ef69e9cde1e698c8898692a950619388db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\fi.pak

Filesize
91KB

MD5
8cb6cf7f173c2deac78fa136c8eb94c6

SHA1
c873e1cd9a2db4997683574f1a6fa2f6c53143e4

SHA256
bfc24d41ea8e362bb1a18c11860d2217fc100b1a422cf54629c7d0c6640d5ed7

SHA512
e8600b3fdca4c0c0f27d3959087616235c537b8ba6cbc85177cf96f2a9b50add40989d56c9ed92c5793fd3b55515ff611a6e273d622a1c25a301d35cb52d2d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\fil.pak

Filesize
101KB

MD5
91e33c418c453abcbb8ea4fc89d4b673

SHA1
11a4293e6a1e1a9dba94b80ab812f305bf70abd9

SHA256
75d473ffd351a828bd7854067ad986908efefdfb75800650587b8bef09f9ff2a

SHA512
b77b1533fb26832f9de21dc361ad58088d7aedf26bfb1111872cbb1b0da8b8f9061b8ea9c561fd645b8d683110998c71acbfedc02d9399e4f4aedb8c717cf97c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\fr.pak

Filesize
107KB

MD5
5d2e3041fb2154b01cfc628935aeb183

SHA1
620a2aaba08d430251e408cf99186ae0439f8a60

SHA256
b387afb8c8ae3c3ce90728fb7eb39a39ec789c6e7bfe4dbd2b5d49e72434db1f

SHA512
8709fbc3e63e94f61918872128134bd3636ce69765437272c99f1529801b97283d4baa4b3e61f2dea73cfdecae0321ba30c903d6055068d62d024843d6213974

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\gu.pak

Filesize
194KB

MD5
7e5416a501994ffbebab3edc57756b3b

SHA1
c350fd10c8d7584f6d92612d9afce4c62e0e54ea

SHA256
a49597e67fcf93448c89e07f9cc3519b3b1b77505bc30adf3f25c250718eec0c

SHA512
611276c8d8a42c4258c9ae33f3e95b9b44932aa04c27d985dc70893cad75135b9d4ee74c1bb7c96449053debf5e0cc2e261ae1909b0b13126193b955069382bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\he.pak

Filesize
122KB

MD5
b73d141efba773482bcc09853c4598cb

SHA1
b1768edbe4c2efdb39a3d5629999bb9f9280e595

SHA256
7420e94f19bd61f33950e120f29c9783305f218d089f0a7d3ea3451655cdda1f

SHA512
f61e2d92dd77a24301d9c658560fcc9ceeb59a7ddf3eebf1872aaef2de5f8607b95bfef61ad386d5705c796b032f0471a85d43dd2a5e6d9da3725e466382b3d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\hi.pak

Filesize
201KB

MD5
262a8aef9a1160a55b193c4a0caf0e73

SHA1
5ce45534b4d133c7f65ee03b8c2e14f3a7afc209

SHA256
acc53ca41a9a04a57c1f18fea58cc4329b8add0ded37f9f7d7a73584a910d6c9

SHA512
6b8b910588607bb080e66384c10e8d72803fdac3b2acbc65dff54ba32563a0768dc11af6806fabb82f7bf877333f6dd30d61a6630ef5b2ae291fcc59f3246fbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\hr.pak

Filesize
96KB

MD5
0b263bb9ce59ac162811f06f441f5944

SHA1
073d6a9de44affc840c68a0e8c5562c922ba1582

SHA256
e55d011ac0cc50d33bf22d43a9c5a6b59f5c31bd2884789efee124929be9a7fa

SHA512
64d69dcf063e4328ea3874ea0d3c29d2387117cd3927096dd6ce12624f802ccac4cdb8157757d70be8656c5a9757538f84d946eff48878c4763cd2bfae274d87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\hu.pak

Filesize
103KB

MD5
0b3b9d23034926aab2e6a2f9795ea640

SHA1
01ead327ee1a66e0c741e411c4ba0185951c36c5

SHA256
030cbf833a350946959afa0d2b699512c0b715ff7b38b613bcd16b15282b940a

SHA512
15ba2136cfb870dac7bd39f287b35a756817d05003d545063b4e8f8e99698f528ccc652be83c45f6dd8b125f9f5eb7ff8bff8e95d4569542954d47b38774f3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\id.pak

Filesize
89KB

MD5
978465f6021894f8f1eb0db3719cc720

SHA1
da37cc7d02a2ec1ef136127314a994316f1b9c62

SHA256
d12d87d003bda037b411daab09d1698671f8284e4297ffc08b0558749df6495b

SHA512
6383ea1e0c731ca93a9a121e4ea919b4be9aa48ba3e288ab511dc8ab873a3099f683c9c665c3dded79ee74bfd9729623d9a8fe323d2085f4d81dcbe6cf104dfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\it.pak

Filesize
96KB

MD5
f89173cbd42ec09af2fb0a86aa5395b2

SHA1
3dc7ac0c537e2ae37c579ac7352330bd3bccab3f

SHA256
266f501703d3899000d5eb60d55ccc8f59f186e862a4a9a34910e81699ea289e

SHA512
41cf233eacb47680f3d8a17b9cad17ce872c6a9c443929de776a315c0436568e8150ca75e7bcd46ff1a4814517a8c78d7694dffab00509977ac7f45676d54dcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\ja.pak

Filesize
116KB

MD5
25eebd1c10519b8c1c01d05c5a9c75af

SHA1
aa06f180ea9a48c7e032e52614bcf405c4dbdce9

SHA256
4d0910d196b6b5652e3e5d677ddb048b8dae1ec974593484df2838093c96fed7

SHA512
d278e262df63b2f816013449870f096796ec70eb0acfdc5d0700be07dd70fa87fd8c1f08fe112a919904d77bafcab0519ac13da82de1c10a03745c59a2c0bcf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\kn.pak

Filesize
223KB

MD5
f83907e5b38876e6c50480f727fc2497

SHA1
517f0d01d47c6838e008dec87f089ebfa1b036b0

SHA256
f25c8b41249c8f54224702795644c80bb5a7eaaeb6f0af5b6a1048960a27c827

SHA512
e4c1c23cd72197616e3e7a9fea5924b4ddb01d717810bd69937de49526fab9f3f368df896771eca697de77cdafa2207992cbc77a448082d65ae25894484131a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\ko.pak

Filesize
98KB

MD5
7f61b6f66e6d22083bf0b2ca8b64309d

SHA1
748a0198780c238346781a0c1df3d84963591877

SHA256
99addd110ae7ba9fb37daf5c32ad2815172840764da0c71d0304dc9562951d61

SHA512
3945e3821cd2f4a420770182ac29cc2e2db72335d934ade001c196357dcbecd33428689a7588f62e7b845f63765fa102ddb6aca07ac7e7b7104a9633015126da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\lt.pak

Filesize
105KB

MD5
99e0e932b751c50565af36025523fbb8

SHA1
1e5d3b2f722efe60d4d4f2d81cc5183309313547

SHA256
9124dc353864cf6570580ae3afa0a7f09f5e3d32a61e71a64ff4cf824ad4fb29

SHA512
a94b4565acd04ddd9265de072fb2e1887c21dfa251afbf76b30824cf9de84791ed3658c6f71be17366cbc0b7f73921e045ecc125c42bad3004d189c7943c7f3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\lv.pak

Filesize
104KB

MD5
05a27f135f550fcce9c1359730aa334f

SHA1
1e23b09f0f7aec17a64c9f09de1955ee6bc5112c

SHA256
6861e9a4e8a9f2493f0103afa0f860c280478a64293a6de883ba9cb6a45776f6

SHA512
980c32e547fae231db2758978811d49a9a631ec95a3e47f257e1387f276d94005925ec432551368eaf3dcd310cd6219902dd360aff8a67033797ed3e7fb519c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\ml.pak

Filesize
235KB

MD5
7fdcd82db37be12740f93b8511055703

SHA1
606547e1cf56a68df1299bb962fef86cc6e99e20

SHA256
cc9fd4f2d44df646c6117465f820ad390efbc9cb64eb4ff898a50cdfef8f324c

SHA512
f92b42994639f48e5bf949efd6b483b1502c6204d15cd32ad6fd53f0f76886d10caa802fba7317421225a214c479fbb1509a03b7f4092b0b2c47f68ab7615848

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\mr.pak

Filesize
191KB

MD5
be54eb7b1f16378e07d88072912e0119

SHA1
d54ccc3aabcdf06968f6cbbd61bee3b316d062f9

SHA256
5f1ffe801f3701434a73d3ad3d04e9fcb6238f0f3b14e9325413910799954543

SHA512
07fbe367d6caa27e24b66551f1d6fedc17702a39121c48e33d2bb6547214aa7480ac8ec8500f1f3da7c064d1174270056d6f49757e9f4d67fc44ea5b9eae993e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\ms.pak

Filesize
91KB

MD5
08d7bd42520462f677a3b8204feb1777

SHA1
0dfcab20465137c4ee25f285f82a499b9aa3205c

SHA256
f4f6362d9963b7d244e29e85c7ecda552ff7756621f6efc9f3b6f12940896a81

SHA512
f48373053bc7bb197308fcc3133dda664a7d1babe5e188c7498be3396ee94e43d27fd2ef233318271cf11e1ffb75dae3d0ee83f78b590690fdb84e1d0cc832ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\nb.pak

Filesize
90KB

MD5
fcbf5dc281a9ab77d7bb03751b9563e4

SHA1
e4c4e499431a3e693bc262a25ac444cbb9ef1ba9

SHA256
efc934122d4232276f9f2317e5906517bd91ec2a6d76995fe8aae04eff866a50

SHA512
502eb74466ed1efeb61688e7b5f6904014e72be9f701f18ed49dec1547fcb6303fe816e4340b97b410cc1f76bc715cd836c3adbc84cda1c8ebeecc64a0f477be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\nl.pak

Filesize
93KB

MD5
e3fc5005e01568eb856d1edcccc200e0

SHA1
b105b8d844cb2ef868d56057cde0e491b9b077db

SHA256
4669c10a7fcc8a150a641e73320547ed1b966a92fe78041a860ce4892f79b0cd

SHA512
288cc9c97e781d2ae4a95e2fef230f3c04b8419b87840c4ede04b3d8a7798e78bbd69be37b374b179e9f10b50c8c997834cf9d8a79266c16b3dafac83ad8e9e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\pl.pak

Filesize
101KB

MD5
7a4ef59181d02e62cc295b676d479d7f

SHA1
84fe4e425f1684f5d3efefb7e571ae8853ef68bd

SHA256
ce84676f37bf97078b3d087d913a874d3c092f76b729f43d3e9553d3c9754f03

SHA512
53c8c9526f3a655af2251fd599f130606eae88692a726ba25e2b09c129ad89f00f833e6e4e1b6d82200cc110b8988b61c0a2d678c712d7c0f1b2e67b1aae1e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\pt-BR.pak

Filesize
96KB

MD5
5beaa2cb0bea5d59f461c8c076236201

SHA1
65228896fe64734a7b56a735e5b5fed8e4b85d57

SHA256
7cca8f6ee8b2a19c8ea53b3a2bb2af4ebbb2b8612caba87f581938e7d6aa9f18

SHA512
39ad2f8d072469843b939e69dc7e4dc408b366a07168234d2c45a32d6100e904646e66a966e457aacb65a2b07ec5f51dbba71fcfa3c9e4afe1684f42db01bb6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\pt-PT.pak

Filesize
97KB

MD5
2ae2e6ebb6ecdc5dab094ca28167a27e

SHA1
499c9a7169ddf760d9395b5801aa90632ea6323e

SHA256
7f0b86e4f6391e48fd045c8b967a1ad33d9c54f5a6ceda98d800c254dd2ec059

SHA512
9b3f6df3d9d2dfbb5f7319c41ccaeb66ec4d30b0c0c505ecf6031abb5e36f95e0435d91d0913def09d13abf38488a9285e170d502e3e3ab2cb44effbffee3f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\ro.pak

Filesize
99KB

MD5
84d177ee0f1409e8d69b9a559fb176d0

SHA1
f22ae3c93347b0947e7d440a311f3856dc1f913a

SHA256
60859215a025b95a1ac06333a66d14e1698b28ae31451c999e8adc072401a86a

SHA512
85fec9c41cae2191650654addeb6639c8ce09198a023e8548cbefc7778d1a0ec27214b7c755c10ff403b6435260537b9644dabb0c37d01b297323152ade5bddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\ru.pak

Filesize
157KB

MD5
bfc17d03eec2df2985249a96e4476a11

SHA1
5399b5054515bdb48942ac7d662d936eaf65e253

SHA256
5c93984215f69bc6c7a1430fedbdc619ee6ccc9e491354e3541fdc8ed1947f8b

SHA512
faa2f3f0176cb8b1484e4e8fad6a019a4198f549991f4aba52453c077156e5cc00009a9c1c08cff999deaa87d2c8bc31c385b22bd10e8818e68d3fe61f07db60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\sk.pak

Filesize
103KB

MD5
800dc45f273a82862fc0b0aae4f3e908

SHA1
8cd818ee32f9ec697226659b3b86df2ba35d019f

SHA256
4a09c8f22d1fe71cdfd0149599c59ec3059cd35f7dc8f33f22f967a237f7def1

SHA512
6fb7674ddb299efe896f3c0f2255295d0489d86f1bc492fb95d7e9eabd63847d2cf162f008e7e715a6fd3a409a1a3d6675e095ef910f52dcd28e302627f09ea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\sl.pak

Filesize
98KB

MD5
fd9efa0cde455dafa0905dc1b06cd02e

SHA1
9371bea539436ac65dc13ea475d6ca852f236caf

SHA256
1ed9fc4abb8bef48e0fd5e10a107fb456dcb0c7a275bb789cb0728cfadfdcc42

SHA512
888b83e1d111ade5b2260ef2b7458928594d8bb0dba9722d4a1e343f58ee0a668a6731a99f84601149ed4e56db39073f562255850a9cdfa406c7b8236c5943ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\sr.pak

Filesize
148KB

MD5
e64fbe3d0a19f6c48bd7f81a093900db

SHA1
a63d6e8c469dac2bb68f1ccdb43bbb78a769f210

SHA256
362a50ec28da0af4c6b8e282ad64d45298b939a03883de22c5a33adfa919bc74

SHA512
390690233c9b89eb9fc962e95066fee0e8b2356bd9816025f7f3218e442324edeec5d1e4990c073e965c66dc6126136d975aa3deeeb65b090ae6bb0b89415617

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\sv.pak

Filesize
89KB

MD5
f03c7cdb6921e881c788ecb10b8ba710

SHA1
e40e1b540be2eff535e62e44931ac5bafb21e524

SHA256
cfe9ad173d516a3e1855f00f53fcb20a53ade93fef6256e909b0f0da12723cc2

SHA512
7de1c83fbe86d552044e8663969b5c49aabdb762ef73788e6082aaa2117bf1f2788df6b8a28d65cb3be51a9c6bf7afadcecce716bfe7fc6dcdd646730897cdfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\sw.pak

Filesize
91KB

MD5
59e99f7b257d5f0d0575038c8332138c

SHA1
0deff978d72e4b6eb2ad0534be5cb573b3a662c1

SHA256
26fbb15e26f5a4c44bc0e86326fbff28686c771edd11bda6bfea178364299eaa

SHA512
fd0f603d73a96fe1b40030067e6eaeeb4c6ef18bab57288a4a049ed2c687c85836d10c1b652d7d1ff2030903dd5e3fd4c222b987b87464b5aaa916a9f12d0f22

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\ta.pak

Filesize
230KB

MD5
1518a611019dbb88dbf9af005d31cc2e

SHA1
6ac31736c93779f279bf893f869f6e0a251d9766

SHA256
2363b6a8cce7868830915303dc2825351e7ea9dfd98568e448cd8b71c7ceef90

SHA512
341fd001613772a495909420bfae00439bd0320a27d7ed10b7e76f64634ee7f9a36751b24388853723f41850d125060f7c0ca6aaf6ff0f768c5fadb7f5f42b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\te.pak

Filesize
213KB

MD5
15d65c33aeab73a95a183643b57f5fd0

SHA1
66037e1366e4631a412fb5caa0a18efd1fb0411a

SHA256
c9f427a4efa5d9835432e3a190e26d684c18c26e13fcda1b7e73d6a7527cfd4f

SHA512
9e99a60110126ae311e2a428ae121d4671db202c2cfae96317119f3ae67520af50a06d0ea58477a199aa39c3eb0f4f5d14954a7b7c6a9aeae8582a457cd07ab7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\th.pak

Filesize
183KB

MD5
d2ffd3529b4880f2e8a8d0f01ae69395

SHA1
451ebcf352234a4b343d30a172054558c259ec83

SHA256
301966a229a09b37e5b2bf12c89522a33144c977411099b81502261c4ca554ad

SHA512
c4d3f5c3e7b307caf6a51fd74e828fcf8eaf41a07dd198ed5844893e3b27af20cdbc7b33d58fe2ca0e487ea546a4d1fc58d99faa9e14ed0a55bfa43265211256

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\tr.pak

Filesize
94KB

MD5
7c897de0ad3c9d9da88ffd01cc7a6e99

SHA1
4864bf127f5de75c9f3a2cd4b13b6cb56c3c0a14

SHA256
81694a8258624f82dfbe0af43aa0ce5fdf1304c25a2f6735b972a2a29beb8e15

SHA512
2578bce090dc69d9743684671bf6ea68efff7db900128ee0703f4eb3c34db2a92f0c805c6febc8a978d1488511250e9f133d500c551cea22d091a9150f0dd88e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\uk.pak

Filesize
158KB

MD5
026ef6b51c0b2fc92211aa0a6a1ddbcf

SHA1
d1a5eb09b90d04fe02560b33acbb55ea4f6352c8

SHA256
27d3c996804b4f4c106f12becdaeeb1ce65df53abe12658574852ab7b6643bc1

SHA512
b8efeeb10841dae8c23e1c8d2e939b809d4f0aaba56521e037ce5d1ab6748a119a6d064f767dfd209415b4f6ed94527132696fe8c12a71c0c5b61637414c23c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\vi.pak

Filesize
111KB

MD5
b7dd26646a77979ee0c4776ba0b1a52a

SHA1
4b9ba889a4aeba5b162dada01982420527a76007

SHA256
7f94586012c85732d23b05dbdde2c497326d5fcab87de83aafa3594b614dbd36

SHA512
a8f4f2decf5367c02c8847bb6873a44a3389f4b3e637ab54197df5c56cef70c293a849ed260bde922b4d6a4bda4c95ec03c9d94a837028e21f74df699c434c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\zh-CN.pak

Filesize
83KB

MD5
dc160104962893fe87f3a5088a78926c

SHA1
775945e0c70ab40d2b7ba10e58e7e0f857a95021

SHA256
44a9dd0a830ce2feeb81523cce7fae8a0a553f05921b34d34c7826d50ac3a1b7

SHA512
4b6bebf59513c27d5e022ae01f15fb0ecec0be4b547a1231eaa79555948c7ce92f08a7b6ddc6cea7484f945afd2eed5a29acb98afc568d21ec656b076912171a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\locales\zh-TW.pak

Filesize
83KB

MD5
4bc50b6f5c29ea7cb60d5b79147326e7

SHA1
c22a956b438fe25987ffb4654321dababd49d1ae

SHA256
268041a1a95dd540cf7e92a01802b65df8c8d1c80726007da1bb8a9cba6e5414

SHA512
4c65d6d3b3db84412a589ea5c9a19e609d4b47e37b752d4231dd5ce02d5ed8a9ad4eecf23e321e4f48eb96c1e14f2da2a38057e6ca4079d0b025a2266783fd85

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\resources.pak

Filesize
4.8MB

MD5
d13873f6fb051266deb3599b14535806

SHA1
143782c0ce5a5773ae0aae7a22377c8a6d18a5b2

SHA256
7b953443e3cd54a0a4775528b52fbfe5ebecbc2c71731600ed0999d227969506

SHA512
1ab38fcb70d1958c74da2493459532b52a04b884009509a1ac8dd39f6e9e670658a52f4d19ef57f1bc71dccfdd6ceedbc18034bbcad0b500d75a97c74aac6939

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\resources\app-update.yml

Filesize
102B

MD5
dca56a6939dd191bbeea865728f99994

SHA1
daf731bfb00fffe2246dde23881f1afcc7f88706

SHA256
ba15a1c70afa9d26e16b617787f16fd0e74d98c7a1615981e5ffb894c434cbe6

SHA512
b69be0a924f832f80b78bcafc4d1d6d2066dab05e45bb5cf52981380f992a7f9bc49cd20c426064b1ad39990020b44790c757d3c2affb5b5af84547875e25166

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\resources\app.asar

Filesize
2.1MB

MD5
bcea02a437626fa2068bf08dcb11a514

SHA1
488fcfcc8e429c3dc431e4f633dbaaf96a16c36a

SHA256
cb60b4f2c655467c1c91c6955252e4adda03e0bdacc1e7abcd191ebbc6f91b3d

SHA512
25e9258362985ceead019c4e1d3a9f94cfa93d24a5b96fe0056fbafcbdc1fb221a34fce1ef2683eeee7c1ffb76d531d48181f2dd707e15ff39c772b10598e584

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\resources\plugins\pepflashplayer.dll

Filesize
30.5MB

MD5
84059d284e2f03f128bf5d3007b6a099

SHA1
12050964ce01073d00ea13e664bc5c31ec999dec

SHA256
9e8b355d3ed26d8a55fd7788ba58853b3be9629493c5995484264613aeb94d72

SHA512
449ae8b2c55bb3515c3a604de0c36b18fed00bfca96e3ae42701375d1cfd4493dad8ba17e5414763854bb25d3c6956742b9ec614a15c84b2c25d7a7f4f988f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\snapshot_blob.bin

Filesize
50KB

MD5
db29bb80c7dd644cf9a48f8086dbcc90

SHA1
51d55dcde1bb3aed9f4f130e00020f614f2a8fbf

SHA256
6cc3d838a2b7cf5957802d378ba353b502e8a80b39648213285496a83825a702

SHA512
62e477809c7e4c202d99d1a05c6b6d9e89a307298d783a161bdae1af6f999aa4a26b24de63e94fcecd050aa4fda79fda24f081fdeca56e47e9392fe3d22b6c31

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\swiftshader\libEGL.dll

Filesize
460KB

MD5
acd46d81bb4f34912c255a8d01953635

SHA1
25969cc9e588e174b854566778f283f067c3c0c6

SHA256
bd1bc00a5c29726fb39645041fc6c8295256d90c7f739ebeaa8b6c382a4db189

SHA512
83692654ada422391b428953b2cec67048a171bbef4c59158f34607a762feac8a233b52ceaa528306cf103d9830ee38897afa996389e086d3778f290555a059b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
8090f82a02c6850cc7bd2b481a7533e0

SHA1
54a0b66d76c1b60e45e83ba4627299d0b2aae84a

SHA256
e9473ba82f6d8742ab74e67484886291aa69037db72e0ae256b19581de0b772e

SHA512
b2e3c57926860a7954ca6e426f5f2fa080cf6ccb5c4edd77f59744f240f597aa9613f46294e8b344db76b46fe78777b5016828b8ab2fc274ca107f3af7abd878

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\v8_context_snapshot.bin

Filesize
168KB

MD5
c2208c06c8ff81bca3c092cc42b8df1b

SHA1
f7b9faa9ba0e72d062f68642a02cc8f3fed49910

SHA256
4a67de195878d290f49b503b83e415917b8bbcbd9936b07a5d33b48e9bc6e0a3

SHA512
6c3c370dd086a976c44d4059a315bd3bcbb50961aa34734e65a40d861cffca9090d47cec74575afe23952e394e4845bda2d8798eebe01fb54a7a6288bce238f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\vk_swiftshader.dll

Filesize
4.3MB

MD5
df2f469b761a706fba0b50149660f7cf

SHA1
2f9d8cb92b6e321e24a5437a1f77745a3507e7be

SHA256
be1e1dd3897dc9a997fdc5b3216f9af24c20fc678963f7486b0a6dae8900c274

SHA512
827e979f573f5cbbe6dd3c6bbe4414ab0d292005856b651b157f150a8d5605c3e77f76944dc0158ae9c632bdc31c243b1e9a467f03d3d3ddb08e95ff5b2e1347

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\7z-out\vulkan-1.dll

Filesize
715KB

MD5
67ebd2114a9c3a1b2ce2635f21e100e8

SHA1
15a8315b28dca9d7b5c1f604882050714f130718

SHA256
37ee8858cada6db0e511d083ba0729282b004b7e239966521300955ad8b1b18a

SHA512
6578d098b657ba4b28da60f338e033f5622e2fa9473d1833af85a44b314c1d662fcf12120dc466c7c19fcd5901b012f1f8ae7c9ce65ff8155ecd68714f25e102

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Roaming\ffpenguin-app\Dictionaries\en-US-9-0.bdic

Filesize
441KB

MD5
a78ad14e77147e7de3647e61964c0335

SHA1
cecc3dd41f4cea0192b24300c71e1911bd4fce45

SHA256
0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa

SHA512
dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101

Download Submit
\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsdBCDA.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/688-599-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/688-636-0x0000000077170000-0x0000000077171000-memory.dmp

Filesize
4KB

Download
memory/2248-581-0x0000000003880000-0x0000000003882000-memory.dmp

Filesize
8KB

Download