Analysis

  • max time kernel
    171s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    17-07-2024 20:09

General

  • Target

    MechvibesPlusPlus.Setup.2.4.0.exe

  • Size

    61.0MB

  • MD5

    ec192ff193117229ab7b9fec5a81e772

  • SHA1

    34f4e8d8b2d22fd589998d13a148b5e2c22c3b4a

  • SHA256

    b1091d37f3d5691e7bf8cbfc46970a9ed643075f07af750175d1a58e03029132

  • SHA512

    5357a64440522ee2c9227f75d3f95b59747ce0c87d7635a89dd36a10f99eeac9a824b343c02c0ab609cbcb6ed771a9c3e13f115d7062964f70e00d1e3d0de956

  • SSDEEP

    1572864:zzb4n3FnJiUkcWP/zKmSJIrlMGDDORT0OBqbSzltm+LA3i:zm3FHT5mSJ8DDgTdCSR4i

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 27 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 47 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe
    "C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1488
  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
    "C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
      "C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe" --type=gpu-process --field-trial-handle=1160,6457331825412860136,4840480992552568560,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=11426423622075715578 --mojo-platform-channel-handle=1168 --ignored=" --type=renderer " /prefetch:2
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:876
    • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
      "C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe" --type=renderer --autoplay-policy=no-user-gesture-required --field-trial-handle=1160,6457331825412860136,4840480992552568560,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar\src\app.js" --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=15373046698402164326 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1496 /prefetch:1
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2164
    • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
      "C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe" --type=gpu-process --field-trial-handle=1160,6457331825412860136,4840480992552568560,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=17083549013178330399 --mojo-platform-channel-handle=2060 /prefetch:2
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7a213e74b4550fb1b557a90b4a04fa1f

    SHA1

    3e231ef0eead8e0dd3e4493930a746f52ffdfbee

    SHA256

    12ee3d025490f2c3604ba555e6773e494e836a202e200f5aa54ee83b158c9f63

    SHA512

    0027166c74841895a301cf5a0075518d39e8137ec040ddb9b5b897da1fcd7feb99be535f58540be6303afcce1eed4bef0684797321c5615f4916018257744631

  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\chrome_100_percent.pak

    Filesize

    142KB

    MD5

    8d56d44c318d122f7931d03ba435f00b

    SHA1

    387f530e06f79a2a9f7fbf4446c71c31db08e7e0

    SHA256

    fcb4faaa82d13d90c42dfa0669f67391b3124d30310d0f4c510f31412974cab2

    SHA512

    03bd2f56f73ad06fe22ebd94fb0de4e37d1771f8a9d82a47ea93002ba4696d906b59d0e25db63e98af10a169a8c3dc9d047cfcbca01030924bf93abe7bce1590

  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\chrome_200_percent.pak

    Filesize

    204KB

    MD5

    879f88cafa5714994744bde20e7bd2c2

    SHA1

    d63b55f9f7c0e40f9585cac8a5cb28c0ea9f32ee

    SHA256

    76126341d0dc2b4b6ddccf30559709e6a856cd47148107808bd18ceb16ed1df3

    SHA512

    4d70ae16c2656cf3a8aaad00e2ce0ddcc030bf1ad29bbb1d0e90c03f866c413f893b273b8b03aa12c9ea5ae01537ad1d2d1b2c52b35bf7773278121a09a3af9c

  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\ffmpeg.dll

    Filesize

    2.0MB

    MD5

    3f0832d571173ea855f0ae74c74f8b5f

    SHA1

    ad758a1c183da21b3e6373087738644c6e01706f

    SHA256

    ba40eca32e8046c9648e56e58d5b56aea2644f8cb1021845524aaebd1df2f2f2

    SHA512

    69abba4c697d12cc1732f119c2961a79fd962b7cc934786231f40ad0c02b9ca4919a98a57ce1d695b24820f12ae7bf3d8b2ea1b68e6d1c2221aff79ce3eeca2c

  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\icudtl.dat

    Filesize

    9.9MB

    MD5

    4c8a9e9c260dc5a6fee2a3c37520f5bf

    SHA1

    5a9883dbeb5314a98e7ab5326f9868e78ba387dc

    SHA256

    8c2df1f6e2ea8df2e5fc5e4b016b0cddd64a7ce6985189ca45be3c0ec99472c2

    SHA512

    c0da0b08a0b0eaa898f96c6e6c6fb65bc7f773f5814fc0d612a40e2fcaea4049c67cd2812716a564dbc16d609677ee62eaa9f9747d2a7bc5c9bce43cd2208aa7

  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\locales\en-US.pak

    Filesize

    69KB

    MD5

    15e8556f737d17bd4d645513ee190990

    SHA1

    a24844d68fe3e9f4c57d14e6091a06f5e6b5f327

    SHA256

    12e4fd083a49e038578ea2993e6c88239083c8d098231527eee861299a4e1c99

    SHA512

    4e5c423b2b14def0e6ebb9c7844bdc050198064c9db69d3a880c1444314211995b1f0dec6fcbb12c6d5e59f690c3ffc893c2265bf7168d1ecbc8d83dfa5e1465

  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\natives_blob.bin

    Filesize

    81KB

    MD5

    f8ac49858ca8739658ff44c296f8aba6

    SHA1

    427b4da3bd619d85381c36d61daf2ce392e07909

    SHA256

    354ff502a0e1ed73df4e5c7b52970356b04777461f6e169f72a8567ab5f4c317

    SHA512

    52e875aedbdc5dad21e01a42e333ff5aefed9ae6468a00e80f2bb373b871196f9a82bc3f43a6c72c9dd6be0e4fbc591d3ede41ca47b23a806b788db5aa9bf313

  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources.pak

    Filesize

    8.1MB

    MD5

    978e8122033961585e14c65949d15e11

    SHA1

    3097d04bbcdfc6ff9e0bb52c2d38f6395e4bb631

    SHA256

    a435fa0e07a9124b0d457811de5e2245aeb225ad55ab99186cb665c6ec6e30ef

    SHA512

    5f6706116b7eaec70213f7343cac44eea2dc735de6262524b5508a659b150d8a5ad7f449fec984b45a2e5c170e1cb4feb927a19530c94841f3e6429a2fcaa1c0

  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar

    Filesize

    29.1MB

    MD5

    faab0fa0379f4963062b184eff8f58bf

    SHA1

    6026cfd73bd12d924276a245b50ef455c1622a9a

    SHA256

    881dbb091241ea8184e18932042a9f91875576216dfd6c12ed4395eacb1dc813

    SHA512

    2bb7c3b6ef4d24dd011e8db16c56a98795219ad6cc458cd8f8fb6035f5105b38b614d3a192666ae1d51cf55579c435e4b2e220c6e61b2de3a7613789dbee64a2

  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar.unpacked\node_modules\iohook\index.js

    Filesize

    10KB

    MD5

    d5bd9499effb0aaf4cf743d7a3ff6c72

    SHA1

    e2692a2a210c97738571507d3339154bbf3e8610

    SHA256

    6a46e672296f2c2909064edef440ca5c47bf19256482c818261bddb95b7c3ed9

    SHA512

    3a26580c1120945d46c62837588e02675d80b11b181f56bda679d7113bedac00436b295b7333dcadfc8df318e78a42b8bcb3a265b8b5ccdd7328f8598c9e05c3

  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar.unpacked\node_modules\iohook\package.json

    Filesize

    1KB

    MD5

    abb2954ebff323667aa99b7d7fe20ad9

    SHA1

    825cf260ebb1928e2f5bcbb94c77fe5b4314b5c4

    SHA256

    af5d81d708b491beab411675265209916d72ccef27369d97b2ac5ebadc866a0e

    SHA512

    7eeab173a9dc6e5b6c0078bc2356683bc91d21afa2f44819c7f49978390acd660e36ca92e6d51275d178ab7b0aaf768958215c78bbc7e85315fdd4b8b7a54fcd

  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\electron.asar

    Filesize

    346KB

    MD5

    98ff67f9a24cfeb9e22abf267d526893

    SHA1

    c174492560b2ade98e660f5c0b7e23ff88cdfc84

    SHA256

    74c4276a97f49c3178c61ceb41eb25af0998bf99ed1020d5f5b47e14b53e7b35

    SHA512

    66001dce7708d36f6c168f9fbe864ca6ab67b2db7860ba4e432903b13a643b354cdb661ff9b0d0388711382dd8ef3ed3f5ee47e9a0f5a23b2674d1c6ecc3a96e

  • C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\v8_context_snapshot.bin

    Filesize

    685KB

    MD5

    ca7cd9e8812bf3d3af627e2ce32ac9be

    SHA1

    ae584ef401ec7684128517812e9eebc824098151

    SHA256

    15135d0f1bf67e01601a01dac865ae49d59eae99bc8967da1b8f0d5c7ada7d84

    SHA512

    f15ce97f2fe8d1e2230c7754449313f8c5b9a850a1bf2700adf47e95fd93a27c6d41a3435a1cbaf76b99a4ed2465ff5c8c39138239bda07e97b25e4bf377a310

  • C:\Users\Admin\AppData\Local\Temp\Cab217.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar239.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\nsProcess.dll

    Filesize

    4KB

    MD5

    f0438a894f3a7e01a4aae8d1b5dd0289

    SHA1

    b058e3fcfb7b550041da16bf10d8837024c38bf6

    SHA256

    30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    SHA512

    f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\Network Persistent State

    Filesize

    160B

    MD5

    918d8a47c337b71516ff56de3b0ec306

    SHA1

    a5fa7a891440e6c5115f447f1809f8c1703dad13

    SHA256

    0e96ee778046578f90bdd722f36eb4c578a50e916d5f2fc63149aec743914fe6

    SHA512

    a3433d0be715c206e8328591720cf2f168bb12012c4d014eaeb13d22da9d38f3119cb2adb5db0839bef18f011bbe8af35f87770a16458d156ce2c4908701da19

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    28B

    MD5

    e1799a6c025923914531d83c49925068

    SHA1

    6d4e875b2967f7652ecd31907573917b44047c4a

    SHA256

    0f042363c805bf07180499e560802c4aefaa1df046bc334b5e91c21481ac0c1e

    SHA512

    81fb7d1e1cac8a578a9d9adce3f2561e8b1817d8269bd17e65624b29b5830a3c7284f35d70e695424b3b49461cd523722501ec498d33f785840bb398b5d9c409

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    67B

    MD5

    ca753d78c3e7b5a85af9440e02535141

    SHA1

    31a8fa4f2ece7a7bb6ec9b053671efbf9a9ccdef

    SHA256

    68d2f47be8e4028ca304a67303b50e1eda489221202bdc4c246487cc9265f704

    SHA512

    ba47e7e88624a3b0471a1e1751c59447324fe0bd01fc4984188aff6766077005a5b4f7b4155040688825cad3a95ea46f07988b34c2eb2faaf3ccc7abb70759c8

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    114B

    MD5

    b9f623cdffc0656dfd2cfe77ebaab04b

    SHA1

    2946a3f3566352f8c90d1b5931703f037a7c38f5

    SHA256

    02dbb43902b3f11675a53b8e77c2216f03549c3a9b1c53b493f2938d67ab8e12

    SHA512

    b943dfa4ff280a6888291f917a5582fd692701e78aaf35a447f60bb23b78dd8f6f42190989209fda910641bf4c12237c57769c8a31912b2f71113ff12764a4bd

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    9e10f726f1f0776497fb88e0d1dfa622

    SHA1

    6a1ebbb3f8e9de82e6457bc46e7473e0fbc673f1

    SHA256

    81b0022d650ac6128ddac5e6665e49455f51b46a3737bb0710b6013bdbdaaa6e

    SHA512

    f1999bd5885ad71c39627856106b9a6584b05571046124c0698e767a558c358b5847e9f2d1fcdd7cd27b5b32cf4d68a2a2578e9ce9f96915b5eff2ebfc6a3fa8

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    784f0d4c1229953fba289e209cdb327b

    SHA1

    0213920a8e0ee75ad8c819a962ee8e7249edd798

    SHA256

    d0f65f3df4d2a5070aee0fcd6de9adf8edf126841623c04a371fadc37454f537

    SHA512

    3d8cd3368b1ae04f5626b63222e07ee5e6e6de109f75f6270e82f3b2c814d03b0990867de4b92e2828604fed0cbe6ebab5b8bfaa83be56bfb10d3a9d0715475f

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    08f5b671cee05e3d3158fc8a9234048e

    SHA1

    6aa4432e26bf5129bd3dbd87528bed04078494df

    SHA256

    b36b37e9f4e92cd9f285c6506877b23a79d0f42fe2eeeecc00ff69b76d60da86

    SHA512

    7a38aae6905cd76166fc385236b5451a2651a102bcfcb6d29ceec6630f8d7e4f474bbb3eccafeac2d4d2f3e3f21488442c2e337cf80260e30901f039a0f68303

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    d58793f9b4c5c3ae3ddf608370fa93c0

    SHA1

    4a573f7addb5e66c7f0eea4ae80947f5bcb45b34

    SHA256

    a36dd89b202d4a77355e060cc198008885499f35699b873b53c18ebc99949a65

    SHA512

    cb4b801818fc61bcf65132c5bc21db818d6d1cf47e0849d4780b32a2ba3d010a0f9c9f2da85f1ec277f6059654702bd1685c7b600fb35eedd7e037583c306c91

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    28748f223a4c40d772bcc96c130c7514

    SHA1

    e8906fea9d25a383e139295b7b1ae80bbb09ac5a

    SHA256

    7cba733586bd78354cb8dc6a96d80d0f1e63741e3f163ffd89506806876a691a

    SHA512

    55b0e472b3aa43c1a43d4b1b009f157008103c985abde28309f8c0baa300e110522be4676c59cca2e09bcd44b79749e45b4e07942f625bc57258ec6890ef92c6

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    438d2491268814939fe0d703b167575b

    SHA1

    73db243e42281d03bb509516e0bd19d43b747d75

    SHA256

    833fa2497f6d776f81253aa2f9055967de8ccdd8130d900b719838c95b0faba3

    SHA512

    3d4055e566eef8050be8f10c3cbf918f34f3fe566d6c2722084b04c7b3ccbf8793af26967e9fe215e13b84072acc62e5b9a97d8960add3d6a833c36bb230256f

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    2cd5a744e3a1375e94ea35545b9a1502

    SHA1

    30fb4290a73aa1137fb5ca753961d4338c8d0928

    SHA256

    c2f1e28dce08e013d80a08af3dd6963ad4c9b4ddec8a686979324800e5f41f73

    SHA512

    2963cab85d16d881ec1f6932b3fd78bd66761076fe071ef635fe7e03e8105e0e1968db6dafbf0000d72a8c6f9ee4d049cf4c50aa5cb4ec6c4eb396ea9644e090

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    e18b2dbec036b353910973fe9a9faddb

    SHA1

    5d024ed00adaa136e0f20e066adf45814e8d7913

    SHA256

    2c1a093ecd3d45486394f374a18f7f62d05a8b4b10d6404320d05e757a49bfee

    SHA512

    ded5f47277b3da2ae2724dbc15bb90fdb3c15ad4c94b896e4ca1f420cef82fa81f7c7653323d3c0f3c3a65bb91bda36d993708765fda39a8567079720bd3c4da

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    99c50cc34e0e39537a29b80aad2e4274

    SHA1

    03b1e1dd49eff085ac4317aff785879aeae220df

    SHA256

    cd314a924aaec6d1601bbae58883d6b0484e0635e42c9b8e5f75975bbe31e954

    SHA512

    3c2df3bb7601a5436d99c70130c28b8d75bda583d9a2f8da51bb4b4a8c7b4fe7e97515c484eac8e919be3e0a6d9e46a3bf42ebeb114bfa8450b48fb772b76a71

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    cdebf96952d64c73d2b5eda409ee4da3

    SHA1

    7bb0930072e3e7797a1d18350407e8702e85b757

    SHA256

    2e8fd7e04d71af4c5c1822d96ab6b1be6b3a53df4532973d4e4e63a952eff5dc

    SHA512

    b735697c7162dc0eeb7a3f17d9e8a3a24853cbcefcd15c555a77b5c812c7ab0f0034999f3242f93eedd47ba5fc594e9271ad35b17b6a00c3e07d357dc32a4cd4

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    38549b4db09c1cf2f92d16f8d3562d2d

    SHA1

    e4adfc0d425225e1653c3753f43c8f05901b3f26

    SHA256

    12b0f837c91da1904fda4b4542cacc2c80cced18975768750c5e3e25e696e766

    SHA512

    41c09dde981f874f05c00207197c024fbb464ae859a55b1bf02e8d217310c3394cec296762237319bb05bcacceacc33a6cf84d2e79933488382b289743dddbc7

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    b4fbb0fe3c02043546b57ee2ad7b054f

    SHA1

    e6bd3e6367c69654e5e923d55057b78ce96a7776

    SHA256

    a143e2ab89d097b0261f254844cbdccd01b414c72acf3657929ce2f9727a7ffd

    SHA512

    982a8a2e285c0d32656cfe605cb8a14da0187e0b9d4940408d9b1e559a95a4e38f0b7a1a318b6151417eb5bf8819e91a0ece538305686ef744fb2a91775ff6da

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    eec917e1e247de0c37cbe24ed8099cfa

    SHA1

    c2ed7869c99587868e6cab0f60fbe6f114661a52

    SHA256

    9ab702f8bfe8ab3a66fe630345019d917c50aa9c401534a9b1a25f3c0e8e8966

    SHA512

    efc5228bca82fec80bdf22c4827651ee5539a99f5f2f8d730a072231cd28ecc304a82483e4762025523db671f7fe91f61dfc1e0427531904cd536a63c1e2cc8e

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    62db523f8d38b57e9f511bc5cc50d9c9

    SHA1

    357f49529efbb62f62bec6eb50b6fdd8cf800384

    SHA256

    3019cd86469aa5a7733157f866436a3cede784ab32ba836c8235e87b7c30d43b

    SHA512

    68a8948bfc252f866460fa1e8e9acf406cbcccc6ac2cc9fb4cd6f8944d332799c4b35a1e3ccc7d63c891238821e404f1c31d48a5de8fbcee648f1af3d2d619db

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    30d89a86c4abed0e617fc1648d8b5e18

    SHA1

    bb36fc99888fee3d8620461b27e2b4455db8927e

    SHA256

    b9499e59a74a8b48b1451f20b3f00d6f2bef71bed318b1959a6119e2466f43e7

    SHA512

    8298924b3798f95c153b9e5033fa3b00a39eb96c03e6c27fb1b1de9c8fb05bd956bdc6ce0711dda4bde4443f71853411ac88ea6bc8c6c45a2a52dcaddda1c6d7

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    632c2c5468b6a0019208d0caa0d47049

    SHA1

    6773e9ee174a4226c4ed81a1c09a298541efa094

    SHA256

    20746fa1f5354eca8de6149f64e559a55ab1c77c6387416ec1d30b3156d6a9aa

    SHA512

    52447f3cb66ec83b52e6cfcf0e7fc5dceb0626baa9d155f09bbc150dc65ce06223e9f8ba33e8635dc5f14cdc1b4c7f870915156f528dcdc50bf92dd52412369c

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    fbf5df11c09a2a6df15b8f8f9ac1d6e5

    SHA1

    8229106005d77e2761152ef4642749efb2cf6819

    SHA256

    10c008a4c1915bc28787de3eb9ebfd3df3d561b3fea60f1b8b835c98feb14406

    SHA512

    a8969ddfd24763a0a58181f4d3fb425b374eac83259a8e60fca2880e33d868ea97db619c361639e2a5a3acd2f417ca9f84ed46893b7dba2516de0014382c74a6

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    c0dcb7fa48c1b2abf7fd30700e7cf99a

    SHA1

    c50359d1db28718bc8ebb662e04dc96c0d54f011

    SHA256

    ae0e76af1627610bd92b1c3a5ea70bdff0fea9883cc4c9368a64abc116b297aa

    SHA512

    ca908975e19ba54acfb67a9685cdc66575c6eb5240744266fa7749b1c533a47210828370e875fb2d84fdfe7457e85604ad8aecd993bd212a674ec24bc25dd0a9

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    308a44a548d30f4462f76a3f7b58e33c

    SHA1

    efe9efcd91fba132e82ecb071a1b9aead9f47107

    SHA256

    19266f4c8ec4c52fe274140ad1187c1dcf74e8feb7426f8a849dd3089d15eb70

    SHA512

    05bd16bcc4074eac33e821c6669a7a512f2fc4ddc250e28cfcc17650edbb16f2e829eaf8bda22d7ee153a4d7a2067b1095fd2be8bb9452acc5797bb310f504db

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    8ac02e5b57bad82dd6fcea049885b98c

    SHA1

    b54256f52bf9c0299e0f6a1af4d7f1af279bcc2a

    SHA256

    0f696a2ce49ecd2a76a2c3b15a7271e6611f55a18c45ca0d4b55ed58d7f8fe83

    SHA512

    4ed80d26325499265949080086dcfc19f67824f00c9069562ef60e2a70c0303f1752585f4ea34d5c287076e4a49e9ae69aaa41f7f7189e247f30de8532bb8675

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    d6cfbc88f04bbb129ff225799b1d03dd

    SHA1

    419a22e14a020e13102467dbeb81415604f385b4

    SHA256

    ad640f1842ae7a657a9e3aa1fc70613dae9a47eeacd7a5b41e31d2cbe32188ea

    SHA512

    986c856eb5d41adf3ea6c77812a6ea1e094307c856fdc472c39bc9364424963a5c217ad0de5bd54d9b293e1a5d0b51ec012efbd8d8aeeb387ad0d37385dc1437

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    42e69a827c51037479e413fa0824bb48

    SHA1

    95f7312d332d44eef103ae051deaec384ff7c4b5

    SHA256

    745052828a00b653ff4aeee3109a9a20e7fbbcf801b4b30153e32060bbc2e022

    SHA512

    b1056f0f74acf44bc764d0c6a52f4d997367ae5ef95a7a6d6d92a948456e90e9cd7de79b39996bdc994f23deb06b719b29efd2aacb5b52d66e366cdf56645ed2

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    b98f7378a96028c4e0d239e98eb9bbf5

    SHA1

    fa82a87c47f4493583219fe3513ba55472b1256a

    SHA256

    258c507207572a729cae946456c23b0d9732343138ba4bc2295457a2b1c9f78f

    SHA512

    940a9f81b69686f03c37627314bac099762f37fd4b738a5ad5c2cfe3547452a939f6b31a1a6b1e1b5a5182fa7adc4c077675ab2274245387e24e7ac42652766f

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    7b3b11400f720c7da6df564e4640e847

    SHA1

    8bbffa3d1d64d03e5a92dc0e8c73077ce1f2c977

    SHA256

    be34f5e477c3a8d4e3f8a7f82f4c726f8037c0efd62645e5b698531a028f80f8

    SHA512

    ad5c28c2461ce8858d4cff21323cfcac9d4526680688da6bd25d64e6ca333b3278b95a5fb598a8aad97141139870987391a2bb1b69dffadfab0a1bac0e7731fd

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    864b02aeeb9362ae2fa686048ab66cb1

    SHA1

    3bb4a7f8d7f9aae101e6b12bb6e4200341f65d36

    SHA256

    8b0fa76428883a176a2b1a96b07ddbbc4f2667737dfc4a854294b0ba6f230453

    SHA512

    217ba729e8856ec11fa754714ab445e92ef25040ad39674434f2948c8ea1ae35ea3dfe36ba8ad800e983a1d6c3b5506947a132c6238f86ab48cff37eaf1b3c4e

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    150B

    MD5

    a52afac7f1ee42d79dc4d055f4f19703

    SHA1

    a706192930590ecffaf8a3746ad0ea20b73a1680

    SHA256

    66ca29bf6d31a3d532115c24022b0e85d62cafeccbadfc0941368a0f81a1bfe3

    SHA512

    56ff2aed1bef6317e39c68b70ff0e90a1632247c075858be708d360570588d4e88c3d91736a2e6714038f42431c9be2ab7afd813d042b8022b51fcd166b4d4bc

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    184B

    MD5

    75e61ca1fbc3b733c089e98e937b78a5

    SHA1

    7f8bbeaf1a88db6ffd22983537ed1fa3f9256473

    SHA256

    eb6aa0a4bd9fa52d379a49c0622049e3850ad1e9561fa60cf5547c51fb6af11e

    SHA512

    87c1809a212941b4f3bd62153908e73e0ca0af34785d46dda7acf50a2ef7d8ea0a9e3012a9b500a0b8a421ec1a40c8a78b7a23d0f3cb2875af29ab6fe0d88441

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    151B

    MD5

    8199aaab59a8cb8c50e0d9e220588bfe

    SHA1

    dabaf2860b644d7fa76159c50e06184718e6c13e

    SHA256

    ddd76a0e6d640ec64be8dceab4486bd4e9353979a3b57dbc52fe658ef78b7748

    SHA512

    8dba05b7c11585f7ed5a87fd82786220bec2e3f7b81cf9e96f65ffcc9ae6f8a76f0146ee05b1efa93e6de02cc8de7645fee6e2d854f885da26cdfc090a0fb3a4

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    184B

    MD5

    2652d16d4210fad089d87bff19a2d77a

    SHA1

    b8d6bd4cca75e2de33b84ad2f4e1a7004e60b201

    SHA256

    caed7a716ad64514dbdf92e74ffb8165480ca29c0be4d451349d0fc076e2576f

    SHA512

    829c18ab8e9b5a4155e1aa03d5dcd99eb6c987f20984ac21b717cdff824a580e31a3dabef249fd5d50e8990e1e1a4d7bfe4f588568d233ac8199f7f99ae66537

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    184B

    MD5

    a5b16e209ad404dc51d2d497ef62390e

    SHA1

    0cfd7edbcc7edd0db4c5dee347089770a3f3471d

    SHA256

    880c0e7b8efa557d3a7b97949a5b6233b691309dba34a3db9cb2493e5d9d3a2a

    SHA512

    df7f98704de9dc8cc12126f485a9f452da61908ae5dda098870a1a60a6ca0d83cd782907b79e9a01053e995cbbf4ecc8c6cea374ba2a7219605eca7612226587

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    184B

    MD5

    11898e075857c27ae0a4b89913bbf116

    SHA1

    93783d7a318efc143391fa4f2b0ac0127e2d26d8

    SHA256

    69205cf288d1727b7827b95a51a6f9f719c4644b466810c54c02ff407def29fa

    SHA512

    59b5574a4ad522468dc54b14fe7056fd47f55b3837f4dfa40d34fb409d1afb4661097727bc5d24adccc08853c179b236419f2ba2faa5a4f3353fb34050b47894

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    184B

    MD5

    7d1be66e7b1ce67e3b42a8851fbd8513

    SHA1

    9be54e5413918b66202284b2ab3d499f1c97c02b

    SHA256

    39114959662623a4f77748dff5eddb8dc45c117d1b41b036da6ddc32dc779631

    SHA512

    6575510af30560545ae5f80b8cbdcb7bc773ba064ac614cdc8df0afa1f8058dab5c037c213b0745d8fd6a3ef73bfea59e0002c48726efe2289f19ea223fb8fc5

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    185B

    MD5

    e1e8b91009f1b9123287e7473bd3ade5

    SHA1

    1b0412245cd65683363d97cc7764f9bcd500f797

    SHA256

    845f6d129dc840c47daa5e42278a21df48b00c0e3143a875292ea3666c32102e

    SHA512

    50fd9c94bae245fbc3c2264efd15273040882649d142c58b5c091161c9bc70a473b31a9f1d771ac5458f049722da7856508fb2e5827659cd2111a5ee52a3e2b6

  • C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

    Filesize

    184B

    MD5

    0a8fd2b08acad7a184895f69b132ef77

    SHA1

    9262295d1b8417809115ca43ed1ae912611fe699

    SHA256

    93647ea0728fba2f7e10877100f125efd3199df203277b00c9786b447560688d

    SHA512

    0ee934f7ebfec9776e6c220ffa411fa1378303560aa3a63b928b2a27c90628a04010f56dd0a96ff3329dec3dd8de691e79a4891014e0cd54814eed0818da4f48

  • \Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\d3dcompiler_47.dll

    Filesize

    4.3MB

    MD5

    57d829f7d174d1a8067612c09cf6566b

    SHA1

    79ed06500dcee028885b00301f7a9a9155c69b62

    SHA256

    dca0cd7272a56801dd74d0b253df33a8829bee61f5fa0c6d8e2ed5b62f440dff

    SHA512

    16936ce02b7445b56d67adf43d896d2dd9bf1f713d5a765fe97c73c72f22ef8915372dd7b04cfdcfad72447924b6e03d8ae0e0565927a2f862433b2860bcfd64

  • \Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\iohook.node

    Filesize

    38KB

    MD5

    7d3309184c3fe31421ecf440b8f22bdc

    SHA1

    1cadaba47a7ad6cc6a48d666c71dd06125278a1d

    SHA256

    bcaba6a47a20d7f7e270a3106b7aa5b0452677b9bbb2c8658ff2ef5467f7ba5f

    SHA512

    1032800dc7755aba8a20da4f9cbad6cd4fe43fd970c0bca4857e4b4d9b1ecc1435a6c6cabccb7d2e78cab3bebd3737e068166ef05de7548fdcfb1fcdeafdda4c

  • \Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\uiohook.dll

    Filesize

    29KB

    MD5

    23bc8e664d518e9ae62d2071ed109a37

    SHA1

    247382dd6ee33146526b176cf31d0e4457771f3e

    SHA256

    55f23fa8941eda217857158c7430b0ed18cad0db2f9d73cd70cd9cd7a8594520

    SHA512

    dca29e89c59721be236a140e31b8c2597e748d70637cefccf0a6b17083ba791259d94e1f400d579f9f2d462d589eec2caa9067d09821a385c49b39e6777060d1

  • \Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\swiftshader\libEGL.dll

    Filesize

    333KB

    MD5

    61eb55ca308ae053d6556d48bbcd2523

    SHA1

    039e1ba62b748f52a2864c184cafd9ac5ada5f4d

    SHA256

    3570a5d6b667cdf5e3e6e2cebc8b91f5668a85ddc418f9469f61fe9b57addbe4

    SHA512

    a678b836c148869a3723c493e3b04b23a0a5083328b0524d61393204da7ff6671f2a25b50e6d0993e8b206d8f14454c616554c5e1115983cbe211dea8b73ea8d

  • \Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\swiftshader\libGLESv2.dll

    Filesize

    3.7MB

    MD5

    9282eacd90a0979d8c1d234308ca52f5

    SHA1

    82ae1d6fbfb5a1015421991a31ad33138243f9bb

    SHA256

    df2e4d254703ab38a9be2dbbf90493ebe55723dac66b0347e2e21ce7293318cc

    SHA512

    48befdba812ceb968863e0cd54d6335adb6e8173b79bc9bc899122201ad551fb07bdfebe47360c7d6d487caa2148a18f609ba0e601ee4df89d40c8b3a951d5e8

  • \Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\INetC.dll

    Filesize

    238KB

    MD5

    38caa11a462b16538e0a3daeb2fc0eaf

    SHA1

    c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

    SHA256

    ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

    SHA512

    777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

  • \Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\StdUtils.dll

    Filesize

    100KB

    MD5

    c6a6e03f77c313b267498515488c5740

    SHA1

    3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    SHA256

    b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    SHA512

    9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

  • \Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\System.dll

    Filesize

    11KB

    MD5

    75ed96254fbf894e42058062b4b4f0d1

    SHA1

    996503f1383b49021eb3427bc28d13b5bbd11977

    SHA256

    a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

    SHA512

    58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

  • \Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\UAC.dll

    Filesize

    14KB

    MD5

    adb29e6b186daa765dc750128649b63d

    SHA1

    160cbdc4cb0ac2c142d361df138c537aa7e708c9

    SHA256

    2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    SHA512

    b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

  • \Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\WinShell.dll

    Filesize

    3KB

    MD5

    1cc7c37b7e0c8cd8bf04b6cc283e1e56

    SHA1

    0b9519763be6625bd5abce175dcc59c96d100d4c

    SHA256

    9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    SHA512

    7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

  • \Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    ca95c9da8cef7062813b989ab9486201

    SHA1

    c555af25df3de51aa18d487d47408d5245dba2d1

    SHA256

    feb6364375d0ab081e9cdf11271c40cb966af295c600903383b0730f0821c0be

    SHA512

    a30d94910204d1419c803dc12d90a9d22f63117e4709b1a131d8c4d5ead7e4121150e2c8b004a546b33c40c294df0a74567013001f55f37147d86bb847d7bbc9

  • \Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\nsis7z.dll

    Filesize

    424KB

    MD5

    80e44ce4895304c6a3a831310fbf8cd0

    SHA1

    36bd49ae21c460be5753a904b4501f1abca53508

    SHA256

    b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

    SHA512

    c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

  • memory/876-394-0x0000000000060000-0x0000000000061000-memory.dmp

    Filesize

    4KB

  • memory/876-427-0x0000000076EE0000-0x0000000076EE1000-memory.dmp

    Filesize

    4KB

  • memory/1488-379-0x0000000004560000-0x0000000004562000-memory.dmp

    Filesize

    8KB