56bacfb737076b0b10f9896ac124c2e8f83cb855f7b31ef5a95338b7529b3126

Analysis

max time kernel
164s
max time network
158s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 04:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Feather Launcher Setup 1.6.1.exe
Size

104.6MB
MD5

3a201dabfdaff24a8c208b11049e276d
SHA1

c19478d565e5d3e41347aa65e8cb4b66b31a05f8
SHA256

56bacfb737076b0b10f9896ac124c2e8f83cb855f7b31ef5a95338b7529b3126
SHA512

88a769b8587e8f4ca00546ebd21a976349a2532dde0bca6418f07e56d0a6e2b26c451a379b1ff0b5ffc5448e0d0f5e1c72e7821b3ea5cb0f4e07cf8497112472
SSDEEP

3145728:mkQEzg2K6FiBz+GBTRJmgm0Iiy+FO7Ahhq60XYJMP2ZW:mw26YzlggmtB7Ahh9mxeW

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6} = "\"C:\\ProgramData\\Package Cache\\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\\vcredist_x64.exe\" /burn.runonce"	vcredist_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} = "\"C:\\ProgramData\\Package Cache\\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe

Blocklisted process makes network request 2 IoCs

flow	pid	Process
4	1160	msiexec.exe
6	1160	msiexec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation	Feather Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation	Feather Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation	Feather Launcher.exe

Drops file in System32 directory 50 IoCs

description	ioc	Process
File created	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File created	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File created	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File created	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp140.dll	msiexec.exe
File created	C:\Windows\system32\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File created	C:\Windows\system32\vcamp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\system32\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File created	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File created	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File created	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140.dll	msiexec.exe
File created	C:\Windows\system32\vcomp140.dll	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Feather Launcher\resources.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\vk_swiftshader.dll	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\vulkan-1.dll	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\af.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\am.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\sl.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\chrome_100_percent.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\fi.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\sv.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\ur.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\es.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\ar.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\el.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\lv.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\LICENSES.chromium.html	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\hi.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\id.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\pt-PT.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\th.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\resources\elevate.exe	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\da.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\fa.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\it.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\kn.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\mr.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\ms.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\nb.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\ta.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\de.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\resources\app.asar	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\fr.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\sr.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\tr.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\resources\app-update.yml	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\en-GB.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\gu.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\uk.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\Uninstall Feather Launcher.exe	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\et.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\bn.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\LICENSE.electron.txt	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\sk.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\sw.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\te.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\lt.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\he.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\vk_swiftshader_icd.json	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\ca.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\cs.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\es-419.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\hu.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\ko.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\ru.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\icudtl.dat	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\Feather Launcher.exe	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\libEGL.dll	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\en-US.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\fil.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\hr.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\vi.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\zh-CN.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\chrome_200_percent.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\ml.pak	Feather Launcher Setup 1.6.1.exe
File created	C:\Program Files\Feather Launcher\locales\pl.pak	Feather Launcher Setup 1.6.1.exe

Drops file in Windows directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WindowsUpdate.log	vcredist_x64.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File created	C:\Windows\Installer\f76b232.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f76b232.ipi	msiexec.exe
File created	C:\Windows\Installer\f76b246.ipi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\WindowsUpdate.log	VC_redist.x64.exe
File opened for modification	C:\Windows\Installer\f76b22f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB63B.tmp	msiexec.exe
File created	C:\Windows\Installer\f76b243.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f76b243.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBC5B.tmp	msiexec.exe
File created	C:\Windows\Installer\f76b259.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f76b246.ipi	msiexec.exe
File opened for modification	C:\Windows\WindowsUpdate.log	VC_redist.x64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\f76b22f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBAD3.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSIB530.tmp	msiexec.exe
File created	C:\Windows\Installer\f76b242.msi	msiexec.exe

Executes dropped EXE 13 IoCs

pid	Process
796	vcredist_x64.exe
1660	vcredist_x64.exe
2136	VC_redist.x64.exe
2360	VC_redist.x64.exe
2384	VC_redist.x64.exe
2272	Feather Launcher.exe
2104	Feather Launcher.exe
2328	Feather Launcher.exe
2468	Feather Launcher.exe
2056	Feather Launcher.exe
444	Feather Launcher.exe
1264	Feather Launcher.exe
1708	Feather Launcher.exe

Loads dropped DLL 45 IoCs

pid	Process
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
796	vcredist_x64.exe
1660	vcredist_x64.exe
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
2928	Feather Launcher Setup 1.6.1.exe
2136	VC_redist.x64.exe
2360	VC_redist.x64.exe
2360	VC_redist.x64.exe
1628	VC_redist.x64.exe
2272	Feather Launcher.exe
2104	Feather Launcher.exe
2104	Feather Launcher.exe
2104	Feather Launcher.exe
2104	Feather Launcher.exe
2328	Feather Launcher.exe
1204	Process not Found
2468	Feather Launcher.exe
2056	Feather Launcher.exe
2056	Feather Launcher.exe
2056	Feather Launcher.exe
2056	Feather Launcher.exe
2056	Feather Launcher.exe
2056	Feather Launcher.exe
2056	Feather Launcher.exe
2056	Feather Launcher.exe
2056	Feather Launcher.exe
2468	Feather Launcher.exe
2468	Feather Launcher.exe
444	Feather Launcher.exe
1264	Feather Launcher.exe
1708	Feather Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1040	2928	WerFault.exe	27

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v12	vcredist_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\ProductName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30708"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\610340EA79834D1478B0D1EA6EC21F25	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30708"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\Version = "236877812"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\ = "{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}"	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{AE043016-3897-41D4-870B-1DAEE62CF152}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\610340EA79834D1478B0D1EA6EC21F25\Provider	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\feathermc\ = "URL:feathermc"	Feather Launcher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\PackageCode = "F96055D82F2822E4CA2882E9779EF982"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\feathermc\shell\open\command\ = "\"C:\\Program Files\\Feather Launcher\\Feather Launcher.exe\" \"%1\""	Feather Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v12\Dependents\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\Dependents	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Dependents\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\DisplayName = "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649"	vcredist_x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53\610340EA79834D1478B0D1EA6EC21F25	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\610340EA79834D1478B0D1EA6EC21F25\VC_Runtime_Minimum	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{12A2980B-E47B-491B-92F5-0BC703841ED4}v14.30.30708\\packages\\vcRuntimeAdditional_amd64\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\feathermc\shell\open	Feather Launcher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Dependents\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\PackageName = "vc_runtimeMinimum_x64.msi"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\Version = "236877812"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B0892A21B74EB194295FB07C3048E14D	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\Version = "12.0.40649.5"	vcredist_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Version = "14.30.30708.0"	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Version = "14.30.30708"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\DeploymentFlags = "3"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Dependents\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v12\Dependents\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30708"	VC_redist.x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30708"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\ = "{12A2980B-E47B-491B-92F5-0BC703841ED4}"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\Clients = 3a0000000000	msiexec.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Feather Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Feather Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	Feather Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	Feather Launcher.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
2928	Feather Launcher Setup 1.6.1.exe
1160	msiexec.exe
1160	msiexec.exe
1160	msiexec.exe
1160	msiexec.exe
1160	msiexec.exe
1160	msiexec.exe
1160	msiexec.exe
1160	msiexec.exe
444	Feather Launcher.exe
1264	Feather Launcher.exe
2272	Feather Launcher.exe
2272	Feather Launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2928	Feather Launcher Setup 1.6.1.exe
Token: SeBackupPrivilege	1556	vssvc.exe
Token: SeRestorePrivilege	1556	vssvc.exe
Token: SeAuditPrivilege	1556	vssvc.exe
Token: SeRestorePrivilege	2408	DrvInst.exe
Token: SeRestorePrivilege	2408	DrvInst.exe
Token: SeRestorePrivilege	2408	DrvInst.exe
Token: SeRestorePrivilege	2408	DrvInst.exe
Token: SeRestorePrivilege	2408	DrvInst.exe
Token: SeRestorePrivilege	2408	DrvInst.exe
Token: SeRestorePrivilege	2408	DrvInst.exe
Token: SeLoadDriverPrivilege	2408	DrvInst.exe
Token: SeLoadDriverPrivilege	2408	DrvInst.exe
Token: SeLoadDriverPrivilege	2408	DrvInst.exe
Token: SeRestorePrivilege	2040	DrvInst.exe
Token: SeRestorePrivilege	2040	DrvInst.exe
Token: SeRestorePrivilege	2040	DrvInst.exe
Token: SeRestorePrivilege	2040	DrvInst.exe
Token: SeRestorePrivilege	2040	DrvInst.exe
Token: SeRestorePrivilege	2040	DrvInst.exe
Token: SeRestorePrivilege	2040	DrvInst.exe
Token: SeLoadDriverPrivilege	2040	DrvInst.exe
Token: SeLoadDriverPrivilege	2040	DrvInst.exe
Token: SeLoadDriverPrivilege	2040	DrvInst.exe
Token: SeShutdownPrivilege	2384	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	2384	VC_redist.x64.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe
Token: SeSecurityPrivilege	1160	msiexec.exe
Token: SeCreateTokenPrivilege	2384	VC_redist.x64.exe
Token: SeAssignPrimaryTokenPrivilege	2384	VC_redist.x64.exe
Token: SeLockMemoryPrivilege	2384	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	2384	VC_redist.x64.exe
Token: SeMachineAccountPrivilege	2384	VC_redist.x64.exe
Token: SeTcbPrivilege	2384	VC_redist.x64.exe
Token: SeSecurityPrivilege	2384	VC_redist.x64.exe
Token: SeTakeOwnershipPrivilege	2384	VC_redist.x64.exe
Token: SeLoadDriverPrivilege	2384	VC_redist.x64.exe
Token: SeSystemProfilePrivilege	2384	VC_redist.x64.exe
Token: SeSystemtimePrivilege	2384	VC_redist.x64.exe
Token: SeProfSingleProcessPrivilege	2384	VC_redist.x64.exe
Token: SeIncBasePriorityPrivilege	2384	VC_redist.x64.exe
Token: SeCreatePagefilePrivilege	2384	VC_redist.x64.exe
Token: SeCreatePermanentPrivilege	2384	VC_redist.x64.exe
Token: SeBackupPrivilege	2384	VC_redist.x64.exe
Token: SeRestorePrivilege	2384	VC_redist.x64.exe
Token: SeShutdownPrivilege	2384	VC_redist.x64.exe
Token: SeDebugPrivilege	2384	VC_redist.x64.exe
Token: SeAuditPrivilege	2384	VC_redist.x64.exe
Token: SeSystemEnvironmentPrivilege	2384	VC_redist.x64.exe
Token: SeChangeNotifyPrivilege	2384	VC_redist.x64.exe
Token: SeRemoteShutdownPrivilege	2384	VC_redist.x64.exe
Token: SeUndockPrivilege	2384	VC_redist.x64.exe
Token: SeSyncAgentPrivilege	2384	VC_redist.x64.exe
Token: SeEnableDelegationPrivilege	2384	VC_redist.x64.exe
Token: SeManageVolumePrivilege	2384	VC_redist.x64.exe
Token: SeImpersonatePrivilege	2384	VC_redist.x64.exe
Token: SeCreateGlobalPrivilege	2384	VC_redist.x64.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 796	2928	Feather Launcher Setup 1.6.1.exe	28
PID 2928 wrote to memory of 796	2928	Feather Launcher Setup 1.6.1.exe	28
PID 2928 wrote to memory of 796	2928	Feather Launcher Setup 1.6.1.exe	28
PID 2928 wrote to memory of 796	2928	Feather Launcher Setup 1.6.1.exe	28
PID 2928 wrote to memory of 796	2928	Feather Launcher Setup 1.6.1.exe	28
PID 2928 wrote to memory of 796	2928	Feather Launcher Setup 1.6.1.exe	28
PID 2928 wrote to memory of 796	2928	Feather Launcher Setup 1.6.1.exe	28
PID 796 wrote to memory of 1660	796	vcredist_x64.exe	29
PID 796 wrote to memory of 1660	796	vcredist_x64.exe	29
PID 796 wrote to memory of 1660	796	vcredist_x64.exe	29
PID 796 wrote to memory of 1660	796	vcredist_x64.exe	29
PID 796 wrote to memory of 1660	796	vcredist_x64.exe	29
PID 796 wrote to memory of 1660	796	vcredist_x64.exe	29
PID 796 wrote to memory of 1660	796	vcredist_x64.exe	29
PID 2928 wrote to memory of 2136	2928	Feather Launcher Setup 1.6.1.exe	35
PID 2928 wrote to memory of 2136	2928	Feather Launcher Setup 1.6.1.exe	35
PID 2928 wrote to memory of 2136	2928	Feather Launcher Setup 1.6.1.exe	35
PID 2928 wrote to memory of 2136	2928	Feather Launcher Setup 1.6.1.exe	35
PID 2928 wrote to memory of 2136	2928	Feather Launcher Setup 1.6.1.exe	35
PID 2928 wrote to memory of 2136	2928	Feather Launcher Setup 1.6.1.exe	35
PID 2928 wrote to memory of 2136	2928	Feather Launcher Setup 1.6.1.exe	35
PID 2136 wrote to memory of 2360	2136	VC_redist.x64.exe	36
PID 2136 wrote to memory of 2360	2136	VC_redist.x64.exe	36
PID 2136 wrote to memory of 2360	2136	VC_redist.x64.exe	36
PID 2136 wrote to memory of 2360	2136	VC_redist.x64.exe	36
PID 2136 wrote to memory of 2360	2136	VC_redist.x64.exe	36
PID 2136 wrote to memory of 2360	2136	VC_redist.x64.exe	36
PID 2136 wrote to memory of 2360	2136	VC_redist.x64.exe	36
PID 2360 wrote to memory of 2384	2360	VC_redist.x64.exe	37
PID 2360 wrote to memory of 2384	2360	VC_redist.x64.exe	37
PID 2360 wrote to memory of 2384	2360	VC_redist.x64.exe	37
PID 2360 wrote to memory of 2384	2360	VC_redist.x64.exe	37
PID 2360 wrote to memory of 2384	2360	VC_redist.x64.exe	37
PID 2360 wrote to memory of 2384	2360	VC_redist.x64.exe	37
PID 2360 wrote to memory of 2384	2360	VC_redist.x64.exe	37
PID 2384 wrote to memory of 2144	2384	VC_redist.x64.exe	41
PID 2384 wrote to memory of 2144	2384	VC_redist.x64.exe	41
PID 2384 wrote to memory of 2144	2384	VC_redist.x64.exe	41
PID 2384 wrote to memory of 2144	2384	VC_redist.x64.exe	41
PID 2384 wrote to memory of 2144	2384	VC_redist.x64.exe	41
PID 2384 wrote to memory of 2144	2384	VC_redist.x64.exe	41
PID 2384 wrote to memory of 2144	2384	VC_redist.x64.exe	41
PID 2144 wrote to memory of 1628	2144	VC_redist.x64.exe	42
PID 2144 wrote to memory of 1628	2144	VC_redist.x64.exe	42
PID 2144 wrote to memory of 1628	2144	VC_redist.x64.exe	42
PID 2144 wrote to memory of 1628	2144	VC_redist.x64.exe	42
PID 2144 wrote to memory of 1628	2144	VC_redist.x64.exe	42
PID 2144 wrote to memory of 1628	2144	VC_redist.x64.exe	42
PID 2144 wrote to memory of 1628	2144	VC_redist.x64.exe	42
PID 1628 wrote to memory of 2608	1628	VC_redist.x64.exe	43
PID 1628 wrote to memory of 2608	1628	VC_redist.x64.exe	43
PID 1628 wrote to memory of 2608	1628	VC_redist.x64.exe	43
PID 1628 wrote to memory of 2608	1628	VC_redist.x64.exe	43
PID 1628 wrote to memory of 2608	1628	VC_redist.x64.exe	43
PID 1628 wrote to memory of 2608	1628	VC_redist.x64.exe	43
PID 1628 wrote to memory of 2608	1628	VC_redist.x64.exe	43
PID 2272 wrote to memory of 2104	2272	Feather Launcher.exe	48
PID 2272 wrote to memory of 2104	2272	Feather Launcher.exe	48
PID 2272 wrote to memory of 2104	2272	Feather Launcher.exe	48
PID 2272 wrote to memory of 2104	2272	Feather Launcher.exe	48
PID 2272 wrote to memory of 2104	2272	Feather Launcher.exe	48
PID 2272 wrote to memory of 2104	2272	Feather Launcher.exe	48
PID 2272 wrote to memory of 2104	2272	Feather Launcher.exe	48
PID 2272 wrote to memory of 2104	2272	Feather Launcher.exe	48

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Feather Launcher Setup 1.6.1.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Launcher Setup 1.6.1.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\vcredist_x64.exe
  "C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\vcredist_x64.exe" /quiet /norestart
  2⤵
  - Adds Run key to start application
  - Drops file in Windows directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:796
- - C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\vcredist_x64.exe
    "C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{CB6D6C5B-567C-43C0-9573-379847DC881F} {0301249D-409E-428B-B08C-CD5C661B67BC} 796
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1660
- C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\VC_redist.x64.exe
  "C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\VC_redist.x64.exe" /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2136
- - C:\Windows\Temp\{9BB8EE0A-0E38-4A31-B084-AC5B309D9346}\.cr\VC_redist.x64.exe
    "C:\Windows\Temp\{9BB8EE0A-0E38-4A31-B084-AC5B309D9346}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\VC_redist.x64.exe" -burn.filehandle.attached=224 -burn.filehandle.self=232 /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2360
  - - C:\Windows\Temp\{28B44910-EAF2-4D4B-8DF3-D781C9AD830B}\.be\VC_redist.x64.exe
      "C:\Windows\Temp\{28B44910-EAF2-4D4B-8DF3-D781C9AD830B}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{1D9E83EC-0FC1-42B2-8AFE-45889179279D} {61EADD6A-B637-4AF2-85EE-59728214E9DB} 2360
      4⤵
      Adds Run key to start application
      Drops file in Windows directory
      Executes dropped EXE
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2384
    - - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} -burn.filehandle.self=540 -burn.embedded BurnPipe.{14D39C42-E1DF-4E3A-8B3F-D56D2064217D} {75928F1E-14F8-4EFB-A312-900CC3129080} 2384
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2144
      - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=224 -burn.filehandle.self=232 -uninstall -quiet -burn.related.upgrade -burn.ancestors={ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} -burn.filehandle.self=540 -burn.embedded BurnPipe.{14D39C42-E1DF-4E3A-8B3F-D56D2064217D} {75928F1E-14F8-4EFB-A312-900CC3129080} 2384
        6⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1628
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{84A19032-A4EE-4971-95CA-0380BE8CA80E} {EC58E30C-4600-4115-8EA9-02B05B56AF64} 1628
        7⤵
        Drops file in Windows directory
        Modifies registry class
        
        PID:2608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 568
  2⤵
  - Program crash
  PID:1040

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1556

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "0000000000000000" "00000000000003B8" "00000000000005C4"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2408

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000004B4" "00000000000005B0"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2040

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1160

C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Program Files\Feather Launcher\Feather Launcher.exe
  "C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1076,i,10337066225690411003,6143606258848057500,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2104
- C:\Program Files\Feather Launcher\Feather Launcher.exe
  "C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --mojo-platform-channel-handle=1308 --field-trial-handle=1076,i,10337066225690411003,6143606258848057500,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2328
- C:\Program Files\Feather Launcher\Feather Launcher.exe
  "C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --app-path="C:\Program Files\Feather Launcher\resources\app.asar" --no-sandbox --no-zygote --disable-blink-features=GetDisplayMedia --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1532 --field-trial-handle=1076,i,10337066225690411003,6143606258848057500,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2468
- - C:\Program Files\Feather Launcher\Feather Launcher.exe
    "C:\Program Files\Feather Launcher\Feather Launcher.exe" "C:\Program Files\Feather Launcher\resources\app.asar\preload\preload-mod-watcher-fork.js"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:444
- - C:\Program Files\Feather Launcher\Feather Launcher.exe
    "C:\Program Files\Feather Launcher\Feather Launcher.exe" "C:\Program Files\Feather Launcher\resources\app.asar\preload\preload-skin-watcher-fork.js"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1264
- C:\Program Files\Feather Launcher\Feather Launcher.exe
  "C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1216 --field-trial-handle=1076,i,10337066225690411003,6143606258848057500,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2056
- C:\Program Files\Feather Launcher\Feather Launcher.exe
  "C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --app-path="C:\Program Files\Feather Launcher\resources\app.asar" --enable-sandbox --disable-blink-features=GetDisplayMedia --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1076,i,10337066225690411003,6143606258848057500,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f76b235.rbs

Filesize
17KB

MD5
4c718048325c15ec2f91863075c28408

SHA1
a573881f7bdaffbc023052b7796275f3ebba2db2

SHA256
30a89adb132ad2f7a5f201e4d21f15c8c3078f1574a41731bb4cba7848200211

SHA512
dc4740e00c809e69a7cf3e0cb982e70ba39679b09c1a002763d2ce07e7df3c70fa026138b020aa7d4a2dd0bf0328b083536819cb555098c77379c187eb4d5d49

Download Submit
C:\Config.Msi\f76b241.rbs

Filesize
16KB

MD5
749a96d1fd771829389dddf26f67094c

SHA1
ffdd52f18dcf731a5f2ce3e3296d524e61ecb929

SHA256
d4a39657f361a4b381efc4d56f5a260b549b7bc93e4bf7b868bb74f08bda32aa

SHA512
ea98a6f9b8f834f75b0e39182473ec4f13dc59d16cc8a4c97e96621e5eee3fe06f3d1e12454fdfd493fde457c39e3f506bc62f5e870dd960019646c40970e2a5

Download Submit
C:\Config.Msi\f76b249.rbs

Filesize
18KB

MD5
cbfbbdd47ccc3e33de2734e7271d0574

SHA1
601cea5c960dcccd5fd9a9b5f63a805133836520

SHA256
6e7f5c515af26cae0cc32b7906c33e476d12dbe9252a97835a9ac1fe246c85e4

SHA512
4bd3dd11c2d72b1df61fd417e1b19936177501945230e5af52a232a97f694fe10816a50555660949b94a8ea09356e3236547dbf56f98dbb7781812f6e6f46c10

Download Submit
C:\Config.Msi\f76b258.rbs

Filesize
17KB

MD5
6a87bb9ab19f0a86d144300bdf6ccc0a

SHA1
a799e9ad0d3c0fe65064b933efe8cd7e1d71cb78

SHA256
adb51af14134ff6af211f783cea1940c451532fb6b1348e40772a30d9a9b000e

SHA512
de954a268743c0fb447e9d5c55c8a1509e995e370145405e748d033bbd03bc6e9c6023b6c92b0d428b41907e031fba6086d32b1be74a5c45df9199179c56a205

Download Submit
C:\ProgramData\Package Cache\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\state.rsm

Filesize
712B

MD5
d5489adcc15fa6d9789031cde25f2405

SHA1
a498485c06eb0af445b804d02b31587977a13d86

SHA256
41a3b37f2487e025b90ac25cd7235279fa34c4de8097c1c5e3728a611b579537

SHA512
6e02325f83bc9e9ef7f6b7e872fc8b7d78981fa4309a6f6fce623fcacf5133de1863f24ed8e8e241565f90bbd83c8b99521193d6e77e26450656b2f84327da20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bd56c5fca2d69c53aa92f59a791bd90

SHA1
b336810ff0463bd4a4ce78bd5ecbc768cf266ae4

SHA256
bae96a8f2e042f492ab865336f634e23791c896f52acbc2c24bfbe2edb2d3c9a

SHA512
01bcf125c2ac60210638a44b233fbefee0192de9c1c81c3ed8f984370693142f12361ea72ea0d672b8f8fd303fa490a26e874cb7dc8229c86735b9c5a76edd25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
367d4639bda2b30bfb56151713a87b0f

SHA1
13e35662256c7358a12ee80992250a4d26348248

SHA256
47ff85764c8871657e56ba46569ad71de282f7c8484cc83a1e944f942c909f42

SHA512
9db34f2a95f91a76f1010438b1629f2fc1c93fd9ca7c0d0a151ecb48c7971f7157450fe6d378d79e6f0bec392af4c6cd4012636e7c5fbd007a1681be804fdf81

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB251.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB254.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB3D4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240703045925_000_vcRuntimeMinimum_x64.log

Filesize
2KB

MD5
e96b2a7ea58717783891537c6c18e492

SHA1
ebb1597edf331decb047ab6ea2b3013e1f0da566

SHA256
b34d66cee8186f833900523d3e9bb839575d69b284a7218b30f28a1bff6227f9

SHA512
3bc5783804ee176e89628bede1eaf0064bc389b9039c5c3c4cad40f647c90296a86c042d9961e42e1bb97d7cdecef1686c4c3717004a98f5d28217257afef139

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240703045925_001_vcRuntimeAdditional_x64.log

Filesize
2KB

MD5
ee2b8f9252206620a7925c5cb1a5c72e

SHA1
b95d2ea5859093aeb33570f07cb2063d3cb219d0

SHA256
4570509775762bff518bb6fd0a9e3f3021af934d4ad320af43fcbf4fb848f3e5

SHA512
445724d753801e05c8786e94c0472abb51f7d3eb93735b5bafd572cf959fa3eb77d1aaf60661179733e806d08f8d5e2fbca5fa6ac324fefa5080536d98b44df0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\LICENSES.chromium.html

Filesize
6.3MB

MD5
997768ae7eb8c036425bed10f766e823

SHA1
2ec99026b977f6603a8a7890bc05594a9a4f13a1

SHA256
ab30ee348b3257ec2f19fb5733e64278438be792f1280ce0f28eae0c9cb8943c

SHA512
f408b817b68861cbad62425e0bb8726f876d36a2212186a8f948d5c825c95ed819dcc41284d8ad8ac11e7ab7ff6141588fededd01c287780f84269846515f639

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\chrome_100_percent.pak

Filesize
126KB

MD5
a3d4515d3a33a407d313a62818e82a5d

SHA1
967ff9a6774a66f7b3299af4fd5d70961ed54d79

SHA256
662a9db6ef4197cb4b6c50648a2cafceb7fd903015828df3fee605a602370be0

SHA512
0c757e1beccbca1ae0791fa0c51a9e2019696bd0965c73de67b364fba6f317ea2cf20fa65e4fa7dd22519683528e5112dc8c530049170f4e702e0c8d4e065801

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
3bab45c70f22646cf8452c30903810cb

SHA1
40b31d4c79b5a2b8d12f8cf8b6c49c962c31f766

SHA256
d4282ae977f23afe252e19e421c8d09696ea3b83a1e73a6aaebaaa5547c74cbc

SHA512
85eda055494f0233c963e821906cf69d94e664d8396e8b08e7a8f412e1c16af71252fef1bfe3ed43cfad157aa90c0dcbb375626e2ddf0e807c9b23ad27e61d9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
68ea02ddbfdd0aa3a694789ee6d95bc2

SHA1
326354fda27d5de1a7bf23b440c6eeb889c7c00d

SHA256
0c4e27571b2b7c2f50fb6c6d9746fa978079bfb3834bd69ac2f36123c41a0c99

SHA512
5d517890cfa9782eb5e78ae9bbec54c25b7db1260bc73e39e6b96fc5482b5d7908e25b8b0571eab7129ce78963bea601fecc6be1efda6376addb1c0240e7276e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
6690f2b2384e1bf8961fda96a4d07691

SHA1
111f6dd9833c653908431621fe8fbc87f1135632

SHA256
cb73d42d36839708013393ad0e4e932fdda9a1acda9275ecdbe74fe89eea8366

SHA512
6a5242fdc0ba09e339151feae1b3f7a9f00a09288b6f4ea9305d1a09d8bc3015c074ee91de35b8d6fc765c2fb55ec37dd91b8e66b7a7bb3148cbc305de19b088

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\libEGL.dll

Filesize
458KB

MD5
655672c205e37b079c34a4427118479b

SHA1
e1d595a25e76f2f1be50f0ac3046e82462790d69

SHA256
498fafb59d3d1a91fa24f95a59411dacf3fb373408e8ea5f931e2ed6b2732d36

SHA512
a5ad3ac4e382d28d2d95cfc1b02ffca2ba1b5277567c1db81e14a87891e6ef9e5b8b2b56f4b63f8512c0b527dc3de7a5ebf5bb479dad827dfa17294f5874ab92

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\libGLESv2.dll

Filesize
7.1MB

MD5
eb2b911d33f5ba82109a0d5608c28334

SHA1
fbc578fbcfc88a132438b38e97bb87c16a9f698f

SHA256
2404be88c798b43499ab7466e2b04bd58510f0d3fa59049aba6ffb932b65c977

SHA512
19becd2003702813898893f7b1fcd1db179a76fbd201fe34471254b75ba5e98af262922adafe5ef0672302cdf4c0b1e2f8910fd2e51ded0f3c4d6c5a43de489e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\af.pak

Filesize
321KB

MD5
3ab2fcf223a5fefe8a186741b3507e14

SHA1
9e851c09c08415a228fad02ba87a9caeb29e3b9b

SHA256
e6db19247e92d007323f9e0ee776c423a6a8a64ab321c9d5c964cf137e390a4d

SHA512
c1259f7953191b7c89694d826f4e45564d4c7b6be2aa7e85b73c5a6f723894b139ba62d215def008f45a95215fb3da7463e229c8ed014a6db4b03e64133891e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\am.pak

Filesize
519KB

MD5
1ef5cb04c40f553fad6dd74295ff4588

SHA1
9065653dc4ec508b657fb86f45a69114d1ab4be1

SHA256
9aa0bee97cd6957d3fa1dc43e3bc45b7fc4f55df6df9a33faa7aeaf6e2c46a71

SHA512
fe766d0841a1a247442e85b5e4890fd3f83c76686e61c2243ed93a373d7c4b9a79558200583e58fb17cfa64efe053d61c582d83beb078a62ef232376e4741ead

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\ar.pak

Filesize
561KB

MD5
f27d0b588bfb76f541e9a8d83c74fc58

SHA1
23d01bdf7e1a7d9cc34a53b5d0e9a221395d0f67

SHA256
88645be62d0421ace7b2c44df7de67a4a83b04977049bef82b465f60f06d5560

SHA512
9406a3150e40a5c93c9a2ba82030b334161273ec3d66c8812cb7328340cafd0ce549f178cddcd00bfc227a258e8aba64305be203fb6502fd87f76f224d0a7126

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\bg.pak

Filesize
596KB

MD5
d9291d2f1e816471f691f37c5a4635a0

SHA1
201f26fff690b95f559d57866d7db519364ac27e

SHA256
4a7d229dbd7ca53bac0438d5705a8ecad9e33213f6752e58624da1b9e9cd571b

SHA512
074b46011bed5750dd49ec5e021b02850d11b235730c27bc2d0910a69f2f1d03c79dbe692b5dc34b7be28ab071b8af6c639151ebb10364f04b8acf4615c54270

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\bn.pak

Filesize
765KB

MD5
bc688ba7dd2b0f9946ac98a1df15131f

SHA1
b453ec6785191b3dbd5d78e7b25b9481b6522b32

SHA256
6ad844d2b22c8fbf3587ea603140deb1475dab934ac62e402dbf1c6946dc882e

SHA512
3d60102975a6acb39ad5f750128ab4967bdb5a64eeb398c5fc71e5fcca860eb97487df4e85269a5ffdc1f030bae2ff1c03d61b08565792f84696693aef8119ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\ca.pak

Filesize
363KB

MD5
711098caf9322fa49fbe4ee2ba794a7e

SHA1
d567f076ed6b8b1479c566efb155ba491401f140

SHA256
95758e3b0e83067a8eb8f135f1a9f6112db18ab6a21981c5ec32c899c729a159

SHA512
bcbff969d9e3ed54f6072b359f911c0c9ed875b12fc7a29002e9a251331b4d47b7c0d740ef1c596bbc8828d6e32f216f41bdadf0873a0a85ea5b65bc8770158f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\cs.pak

Filesize
370KB

MD5
11a76a16e2f94290a6671b2fa7c782bb

SHA1
ccaecdb49758bcff8fe31ec0907b3a4a0f1ee6d1

SHA256
dee2f88b85753600284bb4acc844be1f0edd5688f98340770bc042aecbd73fb9

SHA512
a19845703cd2af109c085383307eff88e8f2ea4f6446541ba1f0bba89522e714d43cfa355af149a9a12ead96ab389b27c273a53dd15a93b401f6f7eb4d43886c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\da.pak

Filesize
335KB

MD5
528f37f3f0f7b145a979d5c241b4fa0a

SHA1
553184bd357c6493e73c1a1dcc5d142e1a36f0ff

SHA256
19444d709ff0b9343aef93a640c505566572a0f3121012716d2af937c08d6dd1

SHA512
6a58016bd952dd93026e81bd240a5d02b0538c61b3f0422ce4439a719d4c0d76caada1f3177d4c4942c0b573844c7e42d202285758dce8bdd8c44115ea4b068d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\de.pak

Filesize
360KB

MD5
8ae896d9d42d65ae82093eefe5dba356

SHA1
57b6175fcd23ae0dafc7eebbdaf7cc26c1ead0bc

SHA256
6e8983727e035e77652fb453192871e435dbab03ffb3088a86ec918ef01b7f37

SHA512
6271a6e21fca7793964199489d21d1fb8d93eff2cf1979b3da7ca6eb22d4786a28a6e62b6ba0b8907a6be7487d5c9c45d8d372eb34ec16ddddbedfd49dfc475f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\el.pak

Filesize
650KB

MD5
79077480619d88f5d4d0c349e86de169

SHA1
3b05b9de0d79e6cf82ff5e482dd1626f58d1c858

SHA256
b4bdd19191dc4bc22f8a3ecab032f034b0c0c0669e9a5ba1b42717ec0b5b418b

SHA512
1fc5697c798c83f70345700037af7aa22acfac5a3c7e319dd57d587a35b7e907ecfdf175e283df365e31c0f824713743a96cc56b60e9c1f335bda80fcfec38ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\en-GB.pak

Filesize
293KB

MD5
0444defa8f211ac4eabcc760b14a5b8a

SHA1
f143e080ba73f83c77d6c095ab8be1f71f763532

SHA256
e252661d412a068610ac2e2a64609f21f71c64602c579a14d7e6ee59d08fdfc1

SHA512
ef4977e477c3c39c2915e82162bf44370a3e2242a2fe57b43a0c2342171d02278adcec9d602ad4d4021a6554ad85a55d4635ccf3cf97405bda30626379d875b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\en-US.pak

Filesize
296KB

MD5
1e9b12891461eefd9db12e537965329c

SHA1
bf2346e045f79a70218890764b9318fa86886b36

SHA256
bd67fc968d75e77f2bae7ad552c398ccc4dad8635d74814c2046f813010c45e7

SHA512
3f01b9fc7e07bf6f3f8cda357debb83f73bb24179f6926d0b24114ac0078f42941a68842453bd7ee86cb759ef76e240b84278ebe1541cb659fb7caf3cf5b6820

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\es-419.pak

Filesize
358KB

MD5
637dcfd56428fe96bb0a778b0cf8a660

SHA1
1bad857d600d00864edc3d31529cf4ef6a49b580

SHA256
45f136986a226b1385189997aad2f660d0f518cc9871862250736237e0b105cf

SHA512
66b5c92687e97326af47258d38ec523184ced00855ca385515c64bfb9a7e3eb8dd1f885c4db5891bad680c670714bf9e5574483e34265c1f7781c8a7e7af9301

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\es.pak

Filesize
359KB

MD5
85e0afd9c09f97cecc025f31fdb6269c

SHA1
13b9ec632e465c31fe6e88b1e3c186a2eacf5de6

SHA256
e1a9180677d2989137e8dd381e6c847c47b385a6d3e965a047829479317736ae

SHA512
0371b816522bc43b124ab8dfba3ac55e63c435276031f7035075a0767a11f3d73b5991156ee6ea1770d0115c09cb653c9d3fbda4b2d9f1e00b068c9d7a2f8db4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\et.pak

Filesize
323KB

MD5
f6b7f59ef4eadb505faf6f939adafecd

SHA1
738f208a717786f23d124201aa16b377b686cf50

SHA256
8e75989893f0d59f6ccae2042231ec8e7dea6fbc78210700d0d1d3a67f6b1d59

SHA512
195bec3a111c498cb4b791bc7d15b459014717fe4270cd82d01e6e4d1b12bac03e267b7699b12e43db5c6cfd8625b6358bcee039aa18edf593f824fb27bcb38e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\fa.pak

Filesize
524KB

MD5
d7051343f1cd16379689a2a28a614bae

SHA1
7dfb720048bcde2282c682d5653fdaf3b55d89cf

SHA256
4c00aed6cd9f9f6d2a98c157cc10a07f4f09fcc18b72c048eb6777a2600181ce

SHA512
3d4284a0c4c528be1b9466582bfaf2cc1acf9a03ce9cdcb27ba2481c31cd841b0a70912ca388dfe1d3cdbc58c82e095baa961707a344d03cb0db777a61b5cdd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\fi.pak

Filesize
332KB

MD5
71f7182ad054b5294d1a3c8fb91d1612

SHA1
13a210397d6352912c35ffcfceb0e2ba3910f7b4

SHA256
0b41ce33c0036aee83989ce4ffc2d096b2f6fab77634e4bb500ec70a51b4e0bd

SHA512
157f11807cdf4667efbc93cf2f3134d9d48b6eb08b941eefb7b085dd3e110efc42c78ef554c0faa2b46e0155903342c6b5b6b20f796907138619b880bcb2d2f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\fil.pak

Filesize
372KB

MD5
850333b9705ef8ea07a6a9ded5904040

SHA1
12950aeb4d7f13ff335c5012e1d0af0da50ba541

SHA256
742705b1c87900f6e8f02fa112d2cf13ffaa6c09c62a7dc34a2cd6a29608dd10

SHA512
c464725f7f9702c9e94a7491e963664fbfb2b07507ade4f32fe2372eb9d0313bb229fa8eada511b338d094780341c24cfb59f745471b0b82fbae94ebdc8ef4e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\fr.pak

Filesize
387KB

MD5
0b0722d0c9187ed3bb445e66b9f73668

SHA1
426b41bc9677861b61daf77e235c20ca70b5deb8

SHA256
b7b3e4f04dadde5c228408c32c55f088372181cad5b71df515cdad8dd1ef9e6d

SHA512
4d5e3d6054cef9f903844a0822906c612def3d4c3319a7114a54421ff1a4d3c523d02d457d5a2ef8636d6f4183392f64d821c6ab2e8b79c9930e95f7a36a891b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\gu.pak

Filesize
740KB

MD5
9ad27f9e3aa9356d8398a823a5a90762

SHA1
65a3b8b786a245e307bad3966d9ec02094c06cde

SHA256
984aed687408ebdeb291a57893034490d6acfe9d34546dcc3715f33c8907ca61

SHA512
46fa7165714cd1b7c1e2389c85e2ed73f40125491959cc458ac621f5e156963f0fc141deb1c973996a15bb2b7b835ba36806db762ebe97b02159d64d002a93f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\he.pak

Filesize
458KB

MD5
f7f22a75ba2cc2a2d1094ecdc60a208b

SHA1
a631ebc0d180fa994b3856f706ea75714292a7f6

SHA256
4e972808f0a25619462a0390105e8a869037341a30b3481b3c80d918009efdb2

SHA512
fa7e27d931421fa504c6731e4aebfec0908c98f72c2ec7341195ca907420dfedf30f68e0949e3824b6368d64244de3bba6a7183d3fae424a0e1de69bbfa9d71a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\hi.pak

Filesize
771KB

MD5
d0b36880a50bd87dfab2ebaff24c0ea9

SHA1
eb1f30d0092b4900f332cc2162f9f1c52ccf4da8

SHA256
b23dd1037a3d133ef29b73f5fd90765a7af9f0f69b24858343acb084a59b01c8

SHA512
bb80d1ca39707b96601433f9b10d7857950aae2075d173d5650af2e3a6e6fc795ba4a6ab55888933b9f0e62bd03d362af42357ba22c75a1ad599d153582f6bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\hr.pak

Filesize
358KB

MD5
5858fdf0f665ef6dba8a4e68ae175974

SHA1
fc8085083e4b38462c42e6ca5ae67fea408f18a8

SHA256
66e85a46152b7baa26b2fd8d6af3df0ca67f54b75281aa08cf6a0f7e769aee8c

SHA512
6b32b62749b2e1a8921faa425ffe69f1d3bb3d8ebceb74f5215c355a35aac8220ae8a0624c68ec45123430cc731812504fc22bfac1d50e810168f3b3509176cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\hu.pak

Filesize
387KB

MD5
e74277eadf72ef7164e03a0a38d8f6f3

SHA1
0085e77f0a9bf30d290f1eaf24466a12789a1c6f

SHA256
df6c21a38bedd4c6d02ab60650f4c34537e238d4c72b96b2857973027542c3d8

SHA512
27ef60832a863c4ad3ff0816ee03b8bdeb584fc83654f4b1061786014aea92334ed44482321a370836aba7e08cc4b0992a8ece81cf8b98e42cdc76813470ecb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\id.pak

Filesize
318KB

MD5
437540fba9de2809d42dfc66ad78d664

SHA1
0ef84382147c9ec2c1f8f248f7234506d0f3785c

SHA256
788a4e41a8e6b70e714913b4894a48fdf24799f7a20320565c523b233a41a8be

SHA512
e893b418457b2aaef7605e36a61351b43b18b38ba675b2377bbf7744c7ba83fb66db151faf28f9bf0361f874cb4dc93e4bb1066cb7a5fb6a41b1b97f907c1dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\it.pak

Filesize
353KB

MD5
f21eee789d7b89f4c1ac03bcc95b6391

SHA1
754ddc787e22378c3034c78dc126e49d952c1ffb

SHA256
94652279dd554461d91613fd2cf295e0c68a7fa46855c53172781b15a5b2bcb7

SHA512
588640b61bc8ec60d9d6a6110544b0d191cf0d084e17bc79ab19177eaf74899c1eccd7b0f0f6852182b48b19596446e819ef0c1d64fbffbc87552a8d0eddf49c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\ja.pak

Filesize
430KB

MD5
d453d6bf0d493cf8a28dcc7e32149cde

SHA1
fe164f188b61c6b0c243262df7fda8fc612d9e82

SHA256
1b3bcb7b6482cd9b005aaf30ccde3b4f3603f0a9e1d0f2209d70ecc74f7353de

SHA512
1588071999065dc93959ac36557e321881e7f244b2166c0af76deb4083d3e9580e6d0dac1fe474a49cb43cebc76a3f0ed400e750c090886c77e85ad0dea86c2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\kn.pak

Filesize
854KB

MD5
be3dcd0f8dd4275662a01a381bf294fc

SHA1
b97dc0e112e1b66ab3b9b7679cd9b2e8d9e40cba

SHA256
c06445ffccb52fca884686db4eda33d315d8340fd653c199c0fd8a07d1872720

SHA512
a9b00474ab5d1ab88bc005ff53c8d7e33a103d87c2794e38bd6819de629969d9dff06bd4bc7c2318ada4de5a61d68462bf5e0464c7f53a4250b4f617f99ad32b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\ko.pak

Filesize
361KB

MD5
2f216c3e58b73f7981d61034d707b53e

SHA1
fd47331e07c8575057aaa58b1068e82721073300

SHA256
7b87b2795f4bee5d4ea37b959ef9d7815b4cc39ba3470d97006370337c3e5997

SHA512
eb07bfc41b76e4ccac9346f9540208d184291cc443028ce74cefdead0b2c63cef6c92862eb5c5479810cbfc98ad2a60d9281a6286d25a78ee12e8dfcb2522288

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\lt.pak

Filesize
387KB

MD5
2a21c3d432c272f81edf923308858802

SHA1
7dad07b28eaa2db09c341a4670a17016702ea1d4

SHA256
da21c47633640002d0eb397d9f2685df542b6f5e53ee3ca655340750de2f3217

SHA512
8f646dbceb6a13568364f194f1ab95055378404e0ac21a3b4e609bfc1ab3b41869fb3ef4700aa0161ef43e4a394666437c17cf49f7bb0bb1d27fcdfb252ac782

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\lv.pak

Filesize
386KB

MD5
f0645d37826c1e2923240b745506b7f6

SHA1
d41a06f30cb4aa187b6f02320db9c743058551da

SHA256
1af1ac2692035d502e772f976c977936d0feb42f65a9096e0af2fcf8b7df03bf

SHA512
29ccd6915aced1680eb0ab6ce4554ccbcfcc196a7e1398ae5da1433205c7b2e77ed2bc7349704d1dffafd108403bffe53c36bd018bacf6faf7363f8e35c32a9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\ml.pak

Filesize
897KB

MD5
68ba8ab8cdb6bcab0650324a9b2736c4

SHA1
5cb7dcae00cfaba7e621373273dc80144319f031

SHA256
c990dd02ea8ccad94f5002b2b05e74ad258a9b13ec1168732cde06d0723e2a91

SHA512
7b4b75d2a67b32c0232b05de4085196484bf52cfeb109f2543c4cb184456601afafe3e05ae7ec9c37666499bcb424346114fc9fd08af65a7af853e42cb16f5cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\mr.pak

Filesize
728KB

MD5
a72af6ed3bc9c364cdd096d65e3b5349

SHA1
f652a7d21e8cafebcd72cc38891d4b7b908444c8

SHA256
c20543bde56b4ba78b7efd8a1fd4d6990e751ea7e243c91a2e83ca78dc0d9289

SHA512
3d0523ac8ac9e1d9f2e3e802053a14c8c3ea0b45cac0865b10efb23e869236b8103824777b5efd45eda7d6da128e9ec15bc68963bb60cc46a034ef357fd66b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\ms.pak

Filesize
332KB

MD5
aa1d4538fd06a6663ca213e059592f90

SHA1
4197b4bdd58b09ca8caf76d0c22e3eda358dbeca

SHA256
d51d9f4fd2be492a751db6898b4c2843b2b6cbfe893bb66ffa4eb8e1a66e7e5f

SHA512
718d3ed30f8f8052b2c52e8458188880a050ccf14f2929e953e18a551f6abd4fbc87af525ccd2efa353bbee00529cdeb7146373023d598cb6430e16465bf1cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\nb.pak

Filesize
325KB

MD5
9cd8697bbc2b78dc3fe4c022d1fd5ee2

SHA1
9b0cc62586e391af46899464dc22df60746b53df

SHA256
fee60b6eff88716fd8ad4a9b2da8b16827753c819671831e2d7dc2723aee3bf8

SHA512
30db548a2bc7af38ffe0a1970a52afce2fee04c02b4b61b277d875f068c86fe46fe537303cbbbbb66f3f715268b43cf3b2cdfcd90c2a4157393d6242eca79c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\nl.pak

Filesize
336KB

MD5
abab4a5f1afd809d2e7d5cad3ea17e70

SHA1
d57dd02b63849f7798b1ba11efb889075fed10f3

SHA256
361d54411d890d26fbe6d1f8e8f8258e72afca143783f9f16145b9f4f5f9333d

SHA512
076a061a9278d83c76048696d14120310b64fe41a0300a0e0588e1c7ae933026d8994f9672d85c5c76046a3d7eba5fea6ce70fa7fb4cde0990777e3965fb1d8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\pl.pak

Filesize
373KB

MD5
b5fa6aa430ac5ffbaf172627733d0a28

SHA1
22179851889ee0f30097b0ca7417575f91c9b7bf

SHA256
fb1dc5b556f59b6ad642167f1df9e654517ad494559eb3f441ca8f79d56a86e0

SHA512
80dda2de947cf5e2084bcda6623b83ab7cabfbcf5e6fe4d36d3290ee10f18f7be897b29bd3ac9f5be72572e04a7791e008532dee68bdb9647b20532fa38cb386

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\pt-BR.pak

Filesize
353KB

MD5
8bef64a4500a00f0e72944a4a4b6556e

SHA1
13724500fabaa1c452a253bd43572d40d74f8e43

SHA256
1054376071aba92b165cf561b7931a18ae0b29c9ca22eda85c5c9c7e6721e49b

SHA512
8590fbb13913342c988a7bfbe7abe1483cefca90b801152ba483752804879a30b5f8aa4f7cd55165978984da68937006b675a65d7c6ca93e770ea2586a35ab02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\pt-PT.pak

Filesize
356KB

MD5
a0e1ae3d3ee87f7031fffd278cce007b

SHA1
c36d4e8db6913f021a0be1d9b8a3e8a13943359b

SHA256
e5c382258030217591f439a4020069378c3362677258d5129c69ef8e25abd6c2

SHA512
bad63254f3a4fb65a9e7cf00587985cbbc93fb3fc2b48735b59fed3c98ebc1c51fd5e8394209f86c6040d05663b677b6d468cd98920f9b088c6fe1cdfea7b47d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\ro.pak

Filesize
365KB

MD5
3e9f9e59dd4a782ff7b1f1106df6c88c

SHA1
a0694aa9cc39e1aa5ee6b0cccc0de76b14a8f808

SHA256
d56825b2ad81fa419b428855d8b3cff01015a446b7cc989d7b17fe1b3b5f45cd

SHA512
7e03875cc9b5c01838af6b470c541cf7f2402fbbd1b50bf0634a4c26fe417c85d59f53112e1013425d26dd2664c83181591baca502c259e513445a6ea2fdd18c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\ru.pak

Filesize
593KB

MD5
9cbc09a3aad1ed164062db66c31b5031

SHA1
ea8fef1cdaccec36262c65f09b4448128a5ad2bf

SHA256
f6b76bf79ea9f03d6bf8a399778a387029baf9a94ad274788514b2086b612bd8

SHA512
02b7510ae112a28aeabff0833ef997b1fe0d7ea23818221da8df16db392d4b85792fb60bbb3f3157c912269f5abf0db0aa82364e2cdeaedaf8b2d8fdce2537f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\sk.pak

Filesize
376KB

MD5
ff48eea350d1fe820a47c2cd0f9a93ac

SHA1
1a069d1f9b278be78cefd290670dcecc463aa7a3

SHA256
fe43904bfb0072add943ee8d44e9f92a80eb2aa55ce7157de52ea625c277db53

SHA512
507ab138d8b6dbabdeacf3031fe4c63687fd91d04d0eb5e27b12ffe1d84c93ee40f69e48853d6bebe177d614e4a14f034024f93397a0e9fe5779ccd01760caa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\sl.pak

Filesize
362KB

MD5
1dbb16fa2da8c13145420e85cda509c4

SHA1
6bee3ddc96a98c1e658299dabf6457fcf90c67cf

SHA256
5015c0685b66ef38c92ffc4963e144e913b646d8e855f3976e50c8039879cccf

SHA512
a98b086bf9175b7c2b5c25e1208c8f7248c6eed2bc9acc095a52479550b58bd22dfd9a09dd3674f59ce9ef537f27b0dafcdab194158438d0e68d3c120fb97e34

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\sr.pak

Filesize
560KB

MD5
7b929206486e740b4c9299112186a94a

SHA1
b52a4c8eafa2d9439d525a167cb3482f31d7a6e1

SHA256
a0ef17a572ce510796886b844226b65991bbddcc71b763b91569a07ef23d2070

SHA512
91f4676cc8eeee6f3d643f13c27602ce05639b3707bbd950fb0f745242e92d053b74f575d87522a43f2135662870ca3e3eb6ca894737a5d14900b9e48c837673

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\sv.pak

Filesize
328KB

MD5
c5bd14d64a64ac7f361e49035405852f

SHA1
e2484e58f524464fadf898ee0a3c972db19fa9d0

SHA256
21c7d459c55f255c6da5a6454eafc836a3bcdba9c99c76bad0f0d6fbbe7a33ef

SHA512
74443233e16ec24814ebc4e16aa5108ab447c4b1d095c2e18ae4cd2d25fccb13a182fda1dbcc286b9f8b07e80e19ab19544fe758efd90910a4eb1d05c3ce3393

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\sw.pak

Filesize
344KB

MD5
8e490ee67f6c53f9916715b0d32257d2

SHA1
dbf51ece8c770f38019f497bb10966feffde0ea9

SHA256
a8d904e4871efa01c72ef64bab601e6cb1de216db4a696966e90fe1b733bef17

SHA512
a5774b930e4d5f6d91049fafdb6a743fda32f670e9aad9000740010d1b271a4c3c881d138e40abfcdbc6bf98f37fb3791007a74d38ac507b8bf86ebe0ee00c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\ta.pak

Filesize
880KB

MD5
2204d0005209a5a2fe25bb44b8e5ace3

SHA1
161d7d4e286d7bff25e3f096923a5a7c7a3cd30c

SHA256
fafe173abc2ca773026b0caa24e693a0ac4c9d0ad7c40258bece10e4714dcb15

SHA512
8dc654487702636e28a1fcde05b8b9d2ec71a640c48233dbd5ed0aa174a875e275e310973f7e993908919affb7671282d40a8dd280b24a1c5cd29dc66e4f9abe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\te.pak

Filesize
819KB

MD5
d7f858c12123e975b4a862c3df05c0f4

SHA1
f8d2ffbf76883f5f095e10f3de5694c209c47b12

SHA256
29e4d010c6b951c129633aac0f55b70107fd24dcf1062c20e263611e30ab4b93

SHA512
1d44549e83b0af8d9c1b5826c970eb8dba5e8159c0ccc3586022d65d1e5234b06cc97ee4a9d45d7d944e882f4c5a12947bf810f73c8c064255ac0f46e35799a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\th.pak

Filesize
690KB

MD5
73bc88a210dcdfb14b6f29d8f86f4f4d

SHA1
fb3392a03cc355aae318902122b7245f2fc13d01

SHA256
bb8b656b1d2c4cf5f361f59b44abd4809cd774e664dbd0f90b62b97ea125e3c6

SHA512
671b90bff006b22ce714971bb8ba87acc4d887f9893709a090a85a8dcabb1ecd72edf54775c77378ae22dfd5ad2880df10efb201b1d4c11a1d304086b8ed3c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\tr.pak

Filesize
350KB

MD5
8faad383bb39fa15ccc8d07beffa5a34

SHA1
5bcd907923c04b310dda718b5eff4115cf42c6fe

SHA256
e31a9cefcbef64d082b77a16a2d5dff11673f74363cf9fc34e36004a62e308d6

SHA512
9a604a1e4cbb23d48203d02950465020c6dd5a3556ac6e5ef7dceb0491b8d5c5722b6b73226642f2234885a36dbdcb1f628503b6cf63c84b4a28408d74e82764

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\uk.pak

Filesize
592KB

MD5
987144e7837f63de1889492166f4330a

SHA1
f9b5055572eb238b357a7c977c4ceb6f7a768232

SHA256
d10af321c33d48f5e97abb1c74b76e43e63390b9022bed58437fa4d271283900

SHA512
32ae4c6d7e90cc0723ca385fddf36ae88fc803bec790d844eac4c7a67493352c3aa85a49b095178fcbfa4485b9167b6f4dbf0034e7784148383d0084d63fb9e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\ur.pak

Filesize
522KB

MD5
77ce70fb50d1de7cfdd6b13161a09809

SHA1
09d08cfaffbf255a013a8b9727d40c776be51d37

SHA256
ae2457b6f347d34fa8ecf524d91154ba9b80ee160196d774546c1b8924049495

SHA512
7fae3a792a2d64ecbf60ba2b694ddf2b40df0e1fb81b602b878ede856912579b7ea78488bbe998151350df814a8d8b0f3f1299882c9b330d214f9db05de86b56

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\vi.pak

Filesize
415KB

MD5
34f3d7788e213b731c0495b2fe45c78b

SHA1
e7a2ed024e61375077973031e2dc82d924ed75ca

SHA256
2ca9eb9d04ab45f479b392ca9067d353e5472f863d3b784acfcb1361c6da30d7

SHA512
48400842614a31f65278e667b43d188dd44e4e9101c7d3d01ad75569d1182cb603ad07168195364ae53dc598f544f438f846ccfc604db208fb29998b292febdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\zh-CN.pak

Filesize
301KB

MD5
d9be21bde24de1026279aeb67999b1bd

SHA1
0a0e090bebc5e4e7550152bee739f220f8ad9e9f

SHA256
6c364baa231f41c668fb15da586568a985fee2b4bb3e611c07ba97675336c013

SHA512
d376aaa1d38f20e0cf89131452df6d67489711950a3c89aa515570588797c4d83c5dc467773d3af525a551e0f6087fdabbd2ec3d2b48db4b961f2c1e9932f0db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\locales\zh-TW.pak

Filesize
298KB

MD5
31b1d4dc9c0fbabb29c2e32c759e7238

SHA1
45810ead9541adbd12f15eb63bf33f932f7e48d1

SHA256
54469b7be7f1c7cd972e77d9853813d41b515b2ef8a3824e7fad2646b3ebb3a4

SHA512
10e76d0226cda5541a3352c8111b16d59d563e91512be4e0ddcac9b71e0c2f5953ac170d8a23fa1c6d523d3214057950ccb7a67f922921d6c34d475590055856

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\resources.pak

Filesize
5.1MB

MD5
2cccd68519bff7f6a45380607940ca9a

SHA1
107ed8e7aaf2ea4d8b290afc023fdede16e47254

SHA256
44387afe96c6d1cc6b24e6e05e42e92eb51d6c520743fc8e2eab06c683ba27e3

SHA512
da3c67f10ff1d741f6c4d5313f8f1887ad3232b33935d5576d321e2d0622f601fde3f3cae24b23f00e8e7f7f48aea49fcf4fde12aef2b396ea5697566f8b7128

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\resources\app-update.yml

Filesize
144B

MD5
9300d1436965c7c0933f53bd16bd332b

SHA1
96246ceebfd51faa9470f9152d0925f6cc1983cf

SHA256
53c824fd08de03ee221296cb75ad6e8c3cff5b8254a467180197cb308666377b

SHA512
9683ac45be9771e053fa11a0b13b7fe6866c44385046c3f7b67e77e1fd068f5903bdb1987209cf68432ffc021f8366f6fb002c360e3ed6ae030a8fe3996415f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\resources\app.asar

Filesize
45.5MB

MD5
cad3e01bcb66e7411b1c764acfe8c0b8

SHA1
c454e64152d2e4e0e45301baf5d436b3bfe75427

SHA256
8074b9131dd6424ae5b6dcb8ba256933e677ad0392df8e4a444ec98df81dbee5

SHA512
63b884a98fd494c31f59c5bc61ca5f7f777e466899d978696adcae5c596dac4a3043124595ca678ade392ee417b675e375f3aef349f4ef280b3872af66a59a58

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\resources\app.asar.unpacked\native\cleanup.feather

Filesize
989KB

MD5
7c2dc9165c530f4888ac63233c040560

SHA1
41f5048d8365df3fd35c744ceb49bb5ff0e63edb

SHA256
4fcdb7229bfcaa4b158d0a2b4092e76d8145a1e82fa432c99a7d5ad11eb84e9e

SHA512
a6dcc746353c736d848ae3eed110a519e3db52195f4f02193d322220948073964e53e4d082cf3a07765c48018f357153257cd04d5f5f3d05bb44dfd400b2932b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\resources\elevate.exe

Filesize
125KB

MD5
1d3e78a104f30be7b3f7aa71ffa7900b

SHA1
53463a970842e544c0784abb748d4ac6c17e511f

SHA256
158f83e3dce35ad8943c73d3414fe02a4a9ad73527ec4dbd73c15a94accd2345

SHA512
a35df4ea88a8e44931dcf939958e6004d3024c9d8afa892dcfb8755546505f33fa70b7c04a3d85627ffdef66c08f2fe341a1756a63323fdf6fea17f71f85bdbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\snapshot_blob.bin

Filesize
401KB

MD5
17b5a28e6aa7ef49bea7555843937313

SHA1
8c740e68f009c3d03db74edc347cc5d1fac7b1b8

SHA256
2590aa136bc101f1075e42cd8939c7679ceb35b773c989be2ada49acaffd01a5

SHA512
af7efffed22246389d6a834cc8d8467e965849ffb8fbecd4d192c0596d1a026c6ddbe49cd2029163fd77bad22906e80446512bdb918875a7fa96c6ffef65cfc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\v8_context_snapshot.bin

Filesize
716KB

MD5
b978b7e83b574a43fe766af2b670c1c4

SHA1
ab0d1211740fefe3b8ddc8bcb2400e68cc88ba4d

SHA256
f59fa568139442c7f547fc8a5a0fd090ddc8427cc409e2fcef0518a9dcb47a96

SHA512
ac0f297b128e83d55788aadf5870849781d81cc61461117c5cf22f757e20089acb640b3ebc2f3bb2fbe1659e75da73a63cb884be4a791a90702758e6c52dc706

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\vk_swiftshader.dll

Filesize
4.6MB

MD5
17bb7a2a7cd8ccd96ed19753cfc75bec

SHA1
7c996eaa179fd472a572a0efb3e243a81b283977

SHA256
070c9bb970f13a47e3246fbeadd4d2d3916273e1ae3db2059d806691bfeaf6d8

SHA512
80ff7ba1b32e3de374e8637852b96c12882a5f7d32651ff0e1c2cb97898a44aee46a569a42b073a4e368f364f0daae2e86eca36068fe6794eb5ba55cd3ca5ee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\7z-out\vulkan-1.dll

Filesize
849KB

MD5
58871cf606db440509b56a3f764e72e3

SHA1
312e810cfcfb663b0da00eac3b87294c0b035cfa

SHA256
ea1f3a66f9322d20da4542c42595eb789e532a224a0338dc488e998ae00e59ea

SHA512
07279c40721414f6ab345f83d9189c3c7012a54fc839359cb33cf4793ea771507535518554be99bac339463b7bee89e263e7a5cdd3f443a550ca6476c350a2a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\vcredist_x64.exe

Filesize
6.9MB

MD5
b364dd867258dfc79342e00d57c81bb5

SHA1
c990b86c2f8064c53f1de8c0bffe2d1c463aaa88

SHA256
8588eb697eb2049344e6206d2b66ff63104f1c55e553621ab8ecc504d6b9e9d4

SHA512
d5d5408d7a0bd7731761c601232df77a972592bf027f29771d17fa7b62103b43d98b55516bbf7d45611658a2e477a60ce4cf89a349a85c4abe33186278f4c44f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\.be\vcredist_x64.exe

Filesize
455KB

MD5
622a95e2fccc1657cb2a760688b40665

SHA1
3feda4e77dcd8faf189371c71a35066b01320873

SHA256
e52469f3bce3768b43615ba44bc891dd2cda1b8e05659debd0cdbdebaaf9b199

SHA512
cd7a4705a8b7543d85b9d45d2832641d9783232494c66570d0a1084dbeb67cbfb5f4143e0deda7840f8f53db890f1029f9faf2a8814c1e885aa618f028a0b6b1

Download Submit
C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Feather Launcher\Local Storage\leveldb\CURRENT~RFf76e4b4.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Feather Launcher\a1e3b2ec-0f86-4b69-bbfb-20b47d594acc.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Feather Launcher\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Windows\Temp\{02FDDD77-73F7-40BC-9705-8CD1C9A86017}\.ba\thm.wxl

Filesize
2KB

MD5
fbfcbc4dacc566a3c426f43ce10907b6

SHA1
63c45f9a771161740e100faf710f30eed017d723

SHA256
70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce

SHA512
063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

Download Submit
C:\Windows\Temp\{28B44910-EAF2-4D4B-8DF3-D781C9AD830B}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

Filesize
5.4MB

MD5
1a7fda01018e33117041e2b5725916ea

SHA1
513deae0ed56c851c3a877a03b49489b595c621c

SHA256
de8136207a6ad76ab507e7c35f44fbf6ab9692d119453ae5af7f025d24ac138f

SHA512
b672c1e1b5a90299f0b05de15b18f49aab5f8d2a3cec07d4e4290def476ea7e0b643105848d3e814cd82abe68c6663aebe7c4d72ee846cb8bbefc71e9286612d

Download Submit
C:\Windows\Temp\{28B44910-EAF2-4D4B-8DF3-D781C9AD830B}\cab5046A8AB272BF37297BB7928664C9503

Filesize
869KB

MD5
13f098f4d6afca8049843ad230c32902

SHA1
dae3ad20a6966b267469e21d6a55706f762a4afe

SHA256
4f2b1de049338f791dab6d5d8be6edac556a33b5b4abd8b06662a25ed7c17a37

SHA512
cd0d37f5e027792ac6660af9d1b93cfef1ea367415f949f822379781b079cbd2a15d48b29b3c868f70154e9672f5616d19092b321028cd07d5d8e326d482993a

Download Submit
C:\Windows\Temp\{28B44910-EAF2-4D4B-8DF3-D781C9AD830B}\vcRuntimeAdditional_x64

Filesize
180KB

MD5
4963ff6455aad7d1f9d9d47e0ae3fa89

SHA1
bd44672354dc55d828b39bfc1d49543a8f8dce79

SHA256
39699ef0144e0b375091fd1824e940f8c91e4dbb7eb5b568903d4baf70e6d2cf

SHA512
ca419a5ab17533d3c1263c5e9c5334a13290495b87a86b41bf04058872874376114b4d62ca66cee9863c673862d513899dd80dafd4dece6a999702e2ad8c3bff

Download Submit
C:\Windows\Temp\{28B44910-EAF2-4D4B-8DF3-D781C9AD830B}\vcRuntimeMinimum_x64

Filesize
180KB

MD5
a074f9ba7166e1f8ad9db84ce76d843a

SHA1
2a36a3d8707f8b4fec94e26ec6e2a5df721591eb

SHA256
a3ba9b962f0e5ecdcfa3f9ff7b25bf7b61d78abe5f393ee45f71ef7ce0d9d497

SHA512
8ef81f2680f2b2de0453f2f2e8f209257c38f0e243a55d478a0085415af1483771741b09009eee3b1b78530016ca53c38b00918c5a6a91d947576d3b061bd31f

Download Submit
C:\Windows\Temp\{9BB8EE0A-0E38-4A31-B084-AC5B309D9346}\.cr\VC_redist.x64.exe

Filesize
634KB

MD5
464799b58f1090430afa4aa6183bedb6

SHA1
f2b3d878516031e4d968fa8d7b160a14e51688e8

SHA256
42305b0bdfc29a9b03bbbf17b0adc12146cdb37031ae51029b440d537f714571

SHA512
7ab70eb7fdcc107bc41c345b8ca7414ea40f7c3b566614d7767d5d9d93b84cb73d14e447b8a885ce71fb1c46a2469b825a56946a1ef7ac0f8ffdd3110f08d97b

Download Submit
C:\Windows\WindowsUpdate.log

Filesize
17KB

MD5
586d082b64a9a45bbb38587d9cc3d82a

SHA1
075aa4594029092f84b70f8f893fe7f083010e99

SHA256
3493e0cd23000c3de3b47ec3e9bdf30c44152e25cc66f120f2c7996b08bb4125

SHA512
bab2d3bf56e5a6a4839329db2b62bd15d01f2cac8c124bca5748ce846cb237f3210cbb40c5052f170e3e374649f0b55f10d508317de1098d1e00ed7a5c31d0cd

Download Submit
C:\Windows\WindowsUpdate.log

Filesize
16KB

MD5
e9ab75d813680b42dcff2a6a5f491890

SHA1
441eb5eeea9a429181090252d7e46c1186d96897

SHA256
795b8596564820f6080d1b775fed754817e513250a550de008a76cede4ff5541

SHA512
08c84f138ca25aee088841399bbd90e0694eb81e2ff12feece1b4213c863dfb795aaf4504d4f24314e72c4d798da1af4ad373df9f13df888b8dcfa45b13241e8

Download Submit
\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\VC_redist.x64.exe

Filesize
24.1MB

MD5
0c86174ca06d892881301203cdf2c32d

SHA1
2b7462bb7732725f011a085349d6d206eed40048

SHA256
5d3d8c6779750f92f3726c70e92f0f8bf92d3ae2abd43ba28c6306466de8a144

SHA512
16c1b043c81394bab65b40c5a9c5b742300cb605d9780226af725bf4d6e38c701f604549b2a3b2138ae951aadfc53faea66c97268c8c61c6c4f0771426ecca62

Download Submit
\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsi3F71.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
\Users\Admin\AppData\Local\Temp\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\.ba1\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
\Windows\Temp\{28B44910-EAF2-4D4B-8DF3-D781C9AD830B}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
memory/1628-1052-0x00000000003D0000-0x0000000000447000-memory.dmp

Filesize
476KB

Download
memory/2104-1303-0x00000000773B0000-0x00000000773B1000-memory.dmp

Filesize
4KB

Download
memory/2104-1272-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2144-1053-0x00000000003D0000-0x0000000000447000-memory.dmp

Filesize
476KB

Download
memory/2608-1015-0x00000000003D0000-0x0000000000447000-memory.dmp

Filesize
476KB

Download
memory/2928-1094-0x0000000003E20000-0x0000000003E22000-memory.dmp

Filesize
8KB

Download