e4a4b7dc1ce13f53365fc9940f001d962114d14ff0f2dee826e7e0ae0a8c0da8

Resubmissions

21/08/2024, 16:05

240821-tjxaysxhle 6

21/08/2024, 15:59

240821-tffh2a1dpn 6

21/08/2024, 15:55

240821-tcxcda1ckp 6

Analysis

max time kernel
180s
max time network
181s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BrightVPN-Setup-1.472.797-af91873f.exe
Size

7.3MB
MD5

3d7a053bd1382496539ea51e7cb4f353
SHA1

f8a1af10ffd32e7ef77362ae16a7f7c7190b8c2c
SHA256

e4a4b7dc1ce13f53365fc9940f001d962114d14ff0f2dee826e7e0ae0a8c0da8
SHA512

9c01cdd313ef701ef68c05369dc142804407bcb30bb2cb377a095d0fceb17e6478f85d1e6ed96f07483ed1637414541c4217445ce6cc0faf85b2bda1f74def74
SSDEEP

196608:iUX1A/h3hCFYJ7dJiu2cXevevMRd2WcBRGacd3vEFbh2ztBfueVyg3R:iBkFKhJVuvev4d294iIbdh

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\Bright VPN = "\"C:\\Program Files (x86)\\Bright VPN\\Bright VPN.exe\" --silent"	BrightVPN-Setup-1.472.797-af91873f.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
161	api64.ipify.org
162	api64.ipify.org

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Control Panel\International\Geo\Nation	net_updater32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Control Panel\International\Geo\Nation	Bright VPN.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Control Panel\International\Geo\Nation	Bright VPN.exe

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\BrightData	net_updater32.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_7BC6BAD757FCD9C147D141E8A9D5A2A0	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_7BC6BAD757FCD9C147D141E8A9D5A2A0	net_updater32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Bright VPN\LICENSES.chromium.html	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\ur.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\resources\app.asar	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\resources\elevate.exe	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\libEGL.dll	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\LICENSE.electron.txt	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\bn.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\nl.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\uk.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\fr.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\hr.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\ffmpeg.dll	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\vk_swiftshader_icd.json	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\en-US.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\hi.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\ja.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\ms.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\ca.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\en-GB.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\hu.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\nb.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\sk.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\sr.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\da.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\ko.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\net_updater32.exe	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\d3dcompiler_47.dll	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\am.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\kn.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\pt-BR.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\pl.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\chrome_200_percent.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\icudtl.dat	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\snapshot_blob.bin	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\vk_swiftshader.dll	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\et.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\fil.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\lv.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\pt-PT.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\ta.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\te.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\brd_config.json	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\chrome_100_percent.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File opened for modification	C:\Program Files (x86)\Bright VPN\net_updater32.exe	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\af.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\fi.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\ml.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\ru.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\Uninstall Bright VPN.exe	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\uninstallerIcon.ico	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\bg.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\cs.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\he.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\ro.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\libGLESv2.dll	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\ar.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\es.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\fa.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\gu.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\th.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\id.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\vi.pak	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\v8_context_snapshot.bin	BrightVPN-Setup-1.472.797-af91873f.exe
File created	C:\Program Files (x86)\Bright VPN\locales\es-419.pak	BrightVPN-Setup-1.472.797-af91873f.exe

Executes dropped EXE 15 IoCs

pid	Process
2460	brightvpn_installer.exe
1064	net_updater32.exe
2676	net_updater32.exe
1812	net_updater32.exe
2956	Bright VPN.exe
2928	test_wpf.exe
1988	net_updater32.exe
4016	Bright VPN.exe
2064	Bright VPN.exe
1592	Bright VPN.exe
1936	test_wpf.exe
1844	Bright VPN.exe
2872	idle_report.exe
3696	brightdata.exe
3956	idle_report.exe

Loads dropped DLL 64 IoCs

pid	Process
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
1064	net_updater32.exe
2676	net_updater32.exe
2676	net_updater32.exe
2676	net_updater32.exe
2676	net_updater32.exe
2676	net_updater32.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2956	Bright VPN.exe
2956	Bright VPN.exe
2956	Bright VPN.exe
2956	Bright VPN.exe
2956	Bright VPN.exe
2956	Bright VPN.exe
2956	Bright VPN.exe
2956	Bright VPN.exe
4016	Bright VPN.exe
2064	Bright VPN.exe
4016	Bright VPN.exe
4016	Bright VPN.exe
4016	Bright VPN.exe
1592	Bright VPN.exe
1988	net_updater32.exe
1988	net_updater32.exe
1988	net_updater32.exe
1988	net_updater32.exe
1988	net_updater32.exe
1844	Bright VPN.exe
1844	Bright VPN.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	brightdata.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	test_wpf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net_updater32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bright VPN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	test_wpf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	brightvpn_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net_updater32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bright VPN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bright VPN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bright VPN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	idle_report.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	idle_report.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net_updater32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net_updater32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bright VPN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BrightVPN-Setup-1.472.797-af91873f.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rasdial.exe

Modifies data under HKEY_USERS 45 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\GDIPlus	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	net_updater32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\GDIPlus\FontCachePath = "C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local"	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	net_updater32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	net_updater32.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	net_updater32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	BrightVPN-Setup-1.472.797-af91873f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BrightVPN-Setup-1.472.797-af91873f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	net_updater32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	net_updater32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	net_updater32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	net_updater32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	net_updater32.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\lum_sdk_session_id:LUM:$DATA	net_updater32.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2676	net_updater32.exe
2676	net_updater32.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2460	brightvpn_installer.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe
2972	BrightVPN-Setup-1.472.797-af91873f.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2460	brightvpn_installer.exe
Token: SeDebugPrivilege	2676	net_updater32.exe
Token: SeSecurityPrivilege	2972	BrightVPN-Setup-1.472.797-af91873f.exe
Token: SeDebugPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeDebugPrivilege	1988	net_updater32.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	1988	net_updater32.exe
Token: SeShutdownPrivilege	1988	net_updater32.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe
Token: SeShutdownPrivilege	2956	Bright VPN.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
2956	Bright VPN.exe
2956	Bright VPN.exe
2956	Bright VPN.exe
3696	brightdata.exe
3696	brightdata.exe
3696	brightdata.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
2956	Bright VPN.exe
2956	Bright VPN.exe
2956	Bright VPN.exe
3696	brightdata.exe
3696	brightdata.exe
3696	brightdata.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2460	2972	BrightVPN-Setup-1.472.797-af91873f.exe	30
PID 2972 wrote to memory of 2460	2972	BrightVPN-Setup-1.472.797-af91873f.exe	30
PID 2972 wrote to memory of 2460	2972	BrightVPN-Setup-1.472.797-af91873f.exe	30
PID 2972 wrote to memory of 2460	2972	BrightVPN-Setup-1.472.797-af91873f.exe	30
PID 2972 wrote to memory of 2460	2972	BrightVPN-Setup-1.472.797-af91873f.exe	30
PID 2972 wrote to memory of 2460	2972	BrightVPN-Setup-1.472.797-af91873f.exe	30
PID 2972 wrote to memory of 2460	2972	BrightVPN-Setup-1.472.797-af91873f.exe	30
PID 2972 wrote to memory of 1064	2972	BrightVPN-Setup-1.472.797-af91873f.exe	32
PID 2972 wrote to memory of 1064	2972	BrightVPN-Setup-1.472.797-af91873f.exe	32
PID 2972 wrote to memory of 1064	2972	BrightVPN-Setup-1.472.797-af91873f.exe	32
PID 2972 wrote to memory of 1064	2972	BrightVPN-Setup-1.472.797-af91873f.exe	32
PID 2972 wrote to memory of 1064	2972	BrightVPN-Setup-1.472.797-af91873f.exe	32
PID 2972 wrote to memory of 1064	2972	BrightVPN-Setup-1.472.797-af91873f.exe	32
PID 2972 wrote to memory of 1064	2972	BrightVPN-Setup-1.472.797-af91873f.exe	32
PID 1064 wrote to memory of 2676	1064	net_updater32.exe	34
PID 1064 wrote to memory of 2676	1064	net_updater32.exe	34
PID 1064 wrote to memory of 2676	1064	net_updater32.exe	34
PID 1064 wrote to memory of 2676	1064	net_updater32.exe	34
PID 1064 wrote to memory of 2676	1064	net_updater32.exe	34
PID 1064 wrote to memory of 2676	1064	net_updater32.exe	34
PID 1064 wrote to memory of 2676	1064	net_updater32.exe	34
PID 2676 wrote to memory of 1812	2676	net_updater32.exe	37
PID 2676 wrote to memory of 1812	2676	net_updater32.exe	37
PID 2676 wrote to memory of 1812	2676	net_updater32.exe	37
PID 2676 wrote to memory of 1812	2676	net_updater32.exe	37
PID 2676 wrote to memory of 1812	2676	net_updater32.exe	37
PID 2676 wrote to memory of 1812	2676	net_updater32.exe	37
PID 2676 wrote to memory of 1812	2676	net_updater32.exe	37
PID 2972 wrote to memory of 1964	2972	BrightVPN-Setup-1.472.797-af91873f.exe	39
PID 2972 wrote to memory of 1964	2972	BrightVPN-Setup-1.472.797-af91873f.exe	39
PID 2972 wrote to memory of 1964	2972	BrightVPN-Setup-1.472.797-af91873f.exe	39
PID 2972 wrote to memory of 1964	2972	BrightVPN-Setup-1.472.797-af91873f.exe	39
PID 1964 wrote to memory of 2060	1964	net.exe	41
PID 1964 wrote to memory of 2060	1964	net.exe	41
PID 1964 wrote to memory of 2060	1964	net.exe	41
PID 1964 wrote to memory of 2060	1964	net.exe	41
PID 2956 wrote to memory of 2864	2956	Bright VPN.exe	44
PID 2956 wrote to memory of 2864	2956	Bright VPN.exe	44
PID 2956 wrote to memory of 2864	2956	Bright VPN.exe	44
PID 2956 wrote to memory of 2864	2956	Bright VPN.exe	44
PID 2864 wrote to memory of 264	2864	cmd.exe	46
PID 2864 wrote to memory of 264	2864	cmd.exe	46
PID 2864 wrote to memory of 264	2864	cmd.exe	46
PID 2864 wrote to memory of 264	2864	cmd.exe	46
PID 2956 wrote to memory of 2928	2956	Bright VPN.exe	47
PID 2956 wrote to memory of 2928	2956	Bright VPN.exe	47
PID 2956 wrote to memory of 2928	2956	Bright VPN.exe	47
PID 2956 wrote to memory of 2928	2956	Bright VPN.exe	47
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49
PID 2956 wrote to memory of 4016	2956	Bright VPN.exe	49

C:\Users\Admin\AppData\Local\Temp\BrightVPN-Setup-1.472.797-af91873f.exe
"C:\Users\Admin\AppData\Local\Temp\BrightVPN-Setup-1.472.797-af91873f.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\brightvpn_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\brightvpn_installer.exe" /pid=2972 /port=6451 /affiliate= /silent= /exe="C:\Users\Admin\AppData\Local\Temp\BrightVPN-Setup-1.472.797-af91873f.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2460
- C:\Program Files (x86)\Bright VPN\net_updater32.exe
  "C:\Program Files (x86)\Bright VPN\net_updater32.exe" --install-ui win_brightvpn.com
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1064
- - C:\Program Files (x86)\Bright VPN\net_updater32.exe
    "C:\\Program Files (x86)\\Bright VPN\\net_updater32.exe" --install-ui win_brightvpn.com --fast
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Program Files (x86)\Bright VPN\net_updater32.exe
      "C:\Program Files (x86)\Bright VPN\net_updater32.exe" --install win_brightvpn.com --no-cleanup
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1812
- C:\Windows\SysWOW64\net.exe
  net stop luminati_net_updater_win_brightvpn_com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1964
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop luminati_net_updater_win_brightvpn_com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2060

C:\Program Files (x86)\Bright VPN\Bright VPN.exe
"C:\Program Files (x86)\Bright VPN\Bright VPN.exe" --install
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "rasdial "
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Windows\SysWOW64\rasdial.exe
    rasdial
    3⤵
    - System Location Discovery: System Language Discovery
    PID:264
- C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\test_wpf.exe
  C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\test_wpf.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2928
- C:\Program Files (x86)\Bright VPN\Bright VPN.exe
  "C:\Program Files (x86)\Bright VPN\Bright VPN.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bright-vpn" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 --field-trial-handle=2232,i,4315800211015955069,16348025289051992642,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4016
- C:\Program Files (x86)\Bright VPN\Bright VPN.exe
  "C:\Program Files (x86)\Bright VPN\Bright VPN.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bright-vpn" --mojo-platform-channel-handle=2436 --field-trial-handle=2232,i,4315800211015955069,16348025289051992642,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2064
- C:\Program Files (x86)\Bright VPN\Bright VPN.exe
  "C:\Program Files (x86)\Bright VPN\Bright VPN.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bright-vpn" --app-path="C:\Program Files (x86)\Bright VPN\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2720 --field-trial-handle=2232,i,4315800211015955069,16348025289051992642,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1592
- C:\Program Files (x86)\Bright VPN\Bright VPN.exe
  "C:\Program Files (x86)\Bright VPN\Bright VPN.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bright-vpn" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2256 --field-trial-handle=2232,i,4315800211015955069,16348025289051992642,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1844

C:\Program Files (x86)\Bright VPN\net_updater32.exe
"C:/Program Files (x86)/Bright VPN/net_updater32.exe" --updater win_brightvpn.com
1⤵
- Drops file in System32 directory
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1988
- C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\test_wpf.exe
  C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\test_wpf.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1936
- C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\idle_report.exe
  C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\idle_report.exe --id 71364 --screen
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2872
- C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\brightdata.exe
  C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\brightdata.exe --appid win_brightvpn.com
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3696
- C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\idle_report.exe
  C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\idle_report.exe --id 55128
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3956

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Bright VPN\brd_config.json

Filesize
199B

MD5
8b7b33732167dee17025ef93182b933d

SHA1
6a78eac2937fa4480cc0b812a3b056797033bb89

SHA256
18b94ccbefe1ded06fd52e8a0243ed5eed1b8850a79a897250d7be51fc455f73

SHA512
759a16fd9d0d0966f81d3bca877906564bcfd520e2da9fc6312ea0b26c17c29f405b4f6c9d114f693415d0219138b7cf0c847d0703d637c2e6453f1a322c5c62

Download Submit
C:\Program Files (x86)\Bright VPN\lum_sdk32.dll

Filesize
5.9MB

MD5
bf2b2a148f771510167b53e1fb6880d1

SHA1
6731b642aa4de8983ed2b3291fea2ac99c51a8b3

SHA256
ca2179530756c58d5b989e87c5d6843f35106ebb73abd7a2011db0c572bbf3c0

SHA512
37a4451f9b989a77d8e49288e6cc71958e3c8a8abf08f812abfeac39946034ab6d97f654e366d46c6f2b8e5f215c72d804153ab40bfbd3a31389cab4fd6b4760

Download Submit
C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\20240821_160213_once_04_02_supported_1.472.797.log

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\20240821_160213_perr_04_04_start_dialog.jslog

Filesize
1KB

MD5
d65f6f49ca3c0b3a44ca87964359a47b

SHA1
b0c9613a686e90eaa2b23a878b9303a93d53206c

SHA256
f8e45abba1e2bcbff2d65dd3b09763b3b24f9f0db13946e1120e8691eed1a2c0

SHA512
195994514bb4a29de3e2145be10831f9413977cec2c981d47f455a314a35669612a56d3efa392c954ed474ba608719a05aee08516f1ba70a7265d860513055dc

Download Submit
C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\20240821_160213_perr_04_05_show_dialog.jslog

Filesize
1KB

MD5
d8ff342f7ebe1911c450daf02ee218ba

SHA1
7fc226833dc27a93daa1740a18855d71dca2ff24

SHA256
54b9a75360701104f8868c88501fb6643008495b35f691b8521aedb08e4436e6

SHA512
2fc8c985716d703370671f75eb4e8ef0b2ee2f546fc535ad363b0704444afd8e62d6beea751668e09706bb8fd27bb93d8a37856a385bad42676a2505e83dc998

Download Submit
C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\brightdata.exe

Filesize
1.3MB

MD5
1ef93fd9e5f77e41abb358e7a247ad1b

SHA1
6432fa03267a21e8b165ddd16f1ce8750d4e2f09

SHA256
fa21ea9546574f2cc8f37cafafa44e3510167af8e1fd35553b57a8a6e187ee09

SHA512
d673620ef33cea4d4ec6cbe3ddb61e4060d64e199fcbe8374967f2b8aa5ed7293772bce45f48f940564651f6726ac6e8290d8d6a20300eff391b6a0ed78ab54f

Download Submit
C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\idle_report.exe

Filesize
30KB

MD5
fc93562e5a83e6bc8199335610f4b6cf

SHA1
5978fae3eea45b8d9e56bd226eafac652963dea3

SHA256
bdf2df4c9d34cbd27658bd3119af5f5e23bdc64b366125871a6c2d232a6c764c

SHA512
547ab9aa855c3505b4b3ddd5e34c9d837e81bfd89a4349726a3737ae02e548452d3618ce19bdea435092d7bc231eb33349721b30baea1869ab4ff2aeac9c67d5

Download Submit
C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\lum_sdk_install_id

Filesize
33B

MD5
492c0e692e4c604558ba94099aab3b78

SHA1
3ee4e774f9372cc44ee148c597d984cf46eb1586

SHA256
59950b74e2415a9dda016fe9e54f5d67379e7163e646a5ce31aec1b5b6ea338b

SHA512
c690e60d6d4a7e4ebce670a4f2677c50152b78b5846330bb6e6837f4475940185f8a027208b4ed5fae88548ba6055cd25a4c496111a8d4e8fef9da95bf7169fb

Download Submit
C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\lum_sdk_session_id:LUM

Filesize
216B

MD5
ce754ea8754854cd744b981c0e3dc7d9

SHA1
153badf6d33d0febf388be7992088271639a2e80

SHA256
41958bc141a466772cb1a7705b840736c5466f6f0d5324718cd525808eb2f452

SHA512
f84cc2c40d98ddafb73716691c4c6f8ab35b987f137dc9a5903487764ea8b2d8fbf89a21f2b2ea1b7018024d0b9f0a8d4dfe2b7b1c63da9a4ef52efb67e53345

Download Submit
C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\net_install.log

Filesize
12KB

MD5
2504202bf5713d11c962c74008585430

SHA1
1e1b20776face36c27c1e2f4be7718f559badd4e

SHA256
02ef388626c6dbaf5b70aab2663930ec0c4b27b7558e37d4a4d9ba43275a2ca6

SHA512
fc69ea03672e19df32ac4a11ca9de3a538cc915cb89b3b997329d13f77c395425eca9f7b3ae28ba933cb40bdaa5c006e70fe40b4cbba8a2be763e3e7ed408b0c

Download Submit
C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\test_wpf.exe

Filesize
30KB

MD5
b321200731ab64d872fff5ae586b3dbd

SHA1
83c942051c580ec1270c92c510e7d063d24bbb4f

SHA256
242354284dbf91b86d67ee0fe389461c89687cae895e4717b8a6d44fc2f16396

SHA512
ad7cf30090ba998e5e0388a82c99ae29278643599ae480a2787459c67d004731d0ed1f6e842bf4a2b68d33db37e5a3ff98498211b6f1bbc71ec12aa3bd41c8c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8f09cd93b9f3b5882ad20d9384ec594

SHA1
4a31582449108d724f484f515b175d54d74811e2

SHA256
21f2979bb5e200aa663d48ae0e678408014fc3885e63ddd0ea12bad14209d8ee

SHA512
a0458ca53e006da99ac42ee22f7260ca8b1663fb304754c810c6975c63f035ca9bba397a6c7506207c26951900fb28bf90c3127d996fc9a7b7bd3a1e00600516

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba39829d9b215c11cc1867da07d600df

SHA1
dfedb78a72a8c12a035e2042a2861ab636efebe9

SHA256
02d0999a57a89220816c931dc1a2b29cf0b62cc683cf493fb57ba38972db7016

SHA512
328ea8229a9b241219202e147759c1d82eb767dddcf04e93631f44f522c0453082fba0a7579ac09a6926593071498250b417fdbe75c7ba3824a1c9ff45de8130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86c47554f613b15576f46b16f17a2469

SHA1
1b1d1ea4d4767e05810c746a4ebfc1f41508abe9

SHA256
fa450cc51de75f6c6688b715ad8286959ea5d4cce74cefe0d1bad9bfbc6838da

SHA512
6568cc824cb7edf95c78fc4f50bdab7009ab0e62e735dbf05f5fde72d995b2523e9c744d15a08d46090cd9a9d272b8681b21c3e6631c42e6713d803be26efdb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b474316210e9cecc861afef8390ee438

SHA1
c925437207d2c6e330e78e287127355ba824ef3d

SHA256
08aa67c1f4ef34c4f96178c34d295e3ba05a61442568a410beed9e887549965e

SHA512
1bb84b83402d8f9845b4e5f925d1b72fa9907cb1ed844592986a556741ddd0ac970d46a0b50c94228cba48395bdfc0b501cdd14514bb104ad37eb8a019c44c4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\createDesktopShortcut[1]

Filesize
4B

MD5
f827cf462f62848df37c5e1e94a4da74

SHA1
88b33e4e12f75ac8bf792aebde41f1a090f3a612

SHA256
3cbc87c7681f34db4617feaa2c8801931bc5e42d8d0f560e756dd4cd92885f18

SHA512
28a91492cbd2575e48007219b2b990a75abbf70708f6b93fe7a7fbd41e310dccad1e7d7fdfa568f4bcb95cfdec21dbcf8a125d683d0b34e53441027f856bb3e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\8364b24b-2662-4161-9e2e-a80e3e2bb3e7.tmp.ico

Filesize
278KB

MD5
7120c86313e792d9b11bc65b4de8c59b

SHA1
4fb65535742a2e56a44e5ce085a202c68814a3d0

SHA256
ceaf13ece3ee39f31a454f3d397a4b5f5d256c9a537a3cda4aa8af2a795c8b03

SHA512
88a5fc77e2c13c6974a62a77043d8511e52603c909e0fe52dafe8483212f9818591d18582fa4e18e5a9e01674d6bd70e44a0d1219db5cddca6fc95b70881ae78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7235.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7313.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\LICENSES.chromium.html

Filesize
6.5MB

MD5
796505037e030807d9ddd01c93eb353b

SHA1
79a1eac3b505e6d94a6206d4a5198d3cc11ab038

SHA256
9f3f2b4d9bbd3113486839eca85de119fab766450cdca08a4574b80748885708

SHA512
9435273a4541a579a427a295be47af8b81133896f50c97bab1d8ab391089f90186a7fd057b53e8b74829e4747e98428d8b4d242eb6854b1304a94a2891c2fd11

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\d3dcompiler_47.dll

Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\ffmpeg.dll

Filesize
2.4MB

MD5
c921230b4bbe802f0d797db79d0009b9

SHA1
dd852ce1f82b2daadfb85efa9c53e3264e1d401e

SHA256
02a6d001e6dd944738e09b720e49dcb1272cb782b870e5ae319d4600bc192225

SHA512
6acdda7d638609ffa1989e50dde5a51436ae3d98e036b24ffc2c3f08bc0d39e91a5a2ea427063645f3141f06e7c272ca45fd41333d6770f8402651489a0f6da7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\libEGL.dll

Filesize
375KB

MD5
51cc9f3891cfe33e095f901c8e5f121d

SHA1
03ac95d250969e65a3ede7a29c3e5425ccdd9fe1

SHA256
961aff31cab097ebb973a32140c4f87c415734412771cf1fdfe24ddc675b54c2

SHA512
3351898af8c75afa8df3f300416bc9d40f4ead90ea947876140ec54a015fafd149427a9dfb5b7c8239ae229839edd786561a5a73ffe37f29758946fd18730039

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\libGLESv2.dll

Filesize
6.4MB

MD5
fb74e837a2ebbf59afeb09106644a9ab

SHA1
55225fcc692aa332f698960c3dc1140d791d1fa1

SHA256
e6ab5fc601d0d230c989d2f481b37c259a0a1fffb7fb841b7099a5e966f0088a

SHA512
585e464de076d6d2560288fe9430004430effb0599134bfb30fabb7bad3cdccff9458d21d17f580823a308cd6472f36d1f1ce6a04e568ba6dcca2e68fd39d63f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\af.pak

Filesize
340KB

MD5
198092a7a82efced4d59715bd3e41703

SHA1
ac3cdfba133330fce825816b2f9579ac240dc176

SHA256
d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba

SHA512
590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\am.pak

Filesize
551KB

MD5
952933d2d388683c91ee7eaa7539e625

SHA1
7a0f5a10d7d61c32577c0d027db8c66c27e56c7d

SHA256
55357baf28716a73f79ac9a6af1ae63972eb79f93c415715518027fc5c528504

SHA512
5aa5ef0ed1da98b36840389e694dc5dcef496524314b61603d0c5ee03a663bb4c753623fb400792754b51331df20ac6d9cf97c183922f19fc0072822688f988d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\ar.pak

Filesize
602KB

MD5
98f8a48892b41e64bef135b86f3d4a6c

SHA1
32f8d57ec505332f711b9203aed969704bd97bc9

SHA256
e34d5cabaed4634c672591074057c12947bc9e728004228a9e75f87829f4a48a

SHA512
6ed3fe415b2f6de24136917da870b47c653d15c7a561baae55a285946a6f75e5141aba3bc064982f99baef0a893266693864c2d603c5c22c2b95627b2035f7a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\bg.pak

Filesize
631KB

MD5
9dc95c3b9b47cc9fe5a34b2aab2d4d01

SHA1
bc19494d160e4af6abd0a10c5adbc8114d50a714

SHA256
fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e

SHA512
a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\bn.pak

Filesize
812KB

MD5
d6ccc9689654b84bc095cec4f1952cca

SHA1
286130971826b0af1b6d29c5283dfa71af7cd7b0

SHA256
e325d936cd97c3f9ddfca2d87caefb8b6e7465ffa31d0386ae2456b18f7a92da

SHA512
db0400820c5cd1100337c955084eac3036b55bbf66b403337bec2079bc47696e2e48a771214662b286f4f45f763d2ad423aeccbd0f06cf0bc11038662558f4a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\ca.pak

Filesize
384KB

MD5
2f8d050c228583559cda181291b76e5a

SHA1
b047f1cfb30b1162b1dd79f7e424a83fd807eec7

SHA256
e1d6b5fd0bc411f2895eaaa1409916f5ffe39a5c6bd1bafe8af7ce33da5be17d

SHA512
e4f150cd9942ef5105e72376835da6edc31ef91783e41cd2fc04600c04f342bbc96e08e23c8af1c0c1e563bb8a7d3840a2289767525c30d08c2f23d0e837801f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\cs.pak

Filesize
393KB

MD5
26765c7be201444f0238962bb16a506b

SHA1
f9d4a33795e45127c14bcf35cc770845627e15e8

SHA256
936466784a55b965d23b016bc49377655bc5d281d012c8369c0809c961e05c74

SHA512
577d52d2d5048cd952aff1e76121a495328c1978cdea2eaa4f85812cc513917f69510e135e96f7967f4ed43cf88e180cb1d9059e17c855c8d4f94ca036730214

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\da.pak

Filesize
356KB

MD5
fecabf71853bab84eacdd95699c49f69

SHA1
8519afc13e100a550ca3d756518a0bc33674e0d3

SHA256
1b0793b1cbeb6a56ff1e64523c37ba753457320aa29f9718022caa07b4981d8f

SHA512
e932d382d41a79ece172349e916221a67d97f5fd4b2dc1325d6bd2f7c6757cbc01d6fbc8d9846f6ec462eb637210f7c650f6944418edbd3f8614ef99030d9392

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\de.pak

Filesize
381KB

MD5
ec069f60c9825080b9d18ff6492e816d

SHA1
34ce5101c9646f9c2deb9820a3b26eb91c525ebc

SHA256
e0f632ce324951002c80e019dd0169be9f6b0640533fa434cd6ca80f28a1d3f7

SHA512
95a88ac98f0957e5f200af76c1a743b976228f7da1bb6c6b3b88a54adcff05e1172d7cf2e6f0a82cbc8ad0aa79974a1bc046516250a3a5889fd7b2e4d7c0b804

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\el.pak

Filesize
691KB

MD5
306a80dadadb1f9182810733269537fd

SHA1
bc01a65a9d024ec72e613aedc60f4838be798040

SHA256
92403b6160e38746597d4dd7f64d64cf19e30b5e7862901263c39679187b2c91

SHA512
491016b8fcca59a7dc9523358c4a7b56c55360f424e8fe9330d6f01480835805e961f1e48f8777660510d9af9a66961c639df162190dec595a867d54150eecfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\en-GB.pak

Filesize
310KB

MD5
502260e74b65b96cd93f5e7bf0391157

SHA1
b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7

SHA256
463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b

SHA512
0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\es-419.pak

Filesize
380KB

MD5
774ced79da2fd32bd1ba52a0f16e0a19

SHA1
ff36dcf8b62046871f441f301dd7af51cb9ce7ee

SHA256
5aff3762747a6e8c6df9f2a3b470bf231b44163006b17ce87e2a03694be27b81

SHA512
7763c15fa97efa9a5af73dcdedd4fe260139bd8ff782ca3aa0937d9355b2d14c3e482e570844ac33d22d7b016c7b9097d727c1dd585f421dccd59ca7bbc24269

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\es.pak

Filesize
380KB

MD5
ba80f46ef6e141cef4085273a966fd91

SHA1
878f35e15b02558f75f68ec42a5cc839368c6d61

SHA256
267e7b6376e7e5ab806b16fde93bbbcd961bf0c3a7b3a2cabccab37faa9a1d16

SHA512
8a8b4f7db23d4c93756b6dc4219f00c77358a8fe992da1f51431597b82c3aa87abf3a98d79e13e7b4a14a1a9e94d388760fb6abf3a744406dee951c8e78cf361

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\et.pak

Filesize
342KB

MD5
e97fe1e6d06a2275a20d158dc4e3b892

SHA1
1575b9b1fc331a70bbe4ca7d1095d4ed6777ecc1

SHA256
d984aee4d18ca24a88846b1b6e0294d373733430f30bb4f1b97bc7d50d512c2e

SHA512
77879a4d1062671b616ba9b2ce0b6f69a5dbed6bd56b73ded902d1f9f44ecd96a2212690b3568c0ba273c73d91589ff2bf18c7ef9b66e0630fbaafde2a61b1b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\fa.pak

Filesize
557KB

MD5
d55f65c6fda6ed6f549d2c9f0a4ce874

SHA1
952792f2da5ed9cb1cfed14e5afb8abf5cf29cb3

SHA256
221bbbde078d135f6daca4978a31cc6a82f8f46536467ebc9a0cd322c58a7785

SHA512
d0bb83467182d8b3a8f8371d749e682cf05f89daefe28764f2c263e7cfbfc3f86cb388061b48dadda26c3dd246dd6f7a57af58ca9344c2f6b90de87af1e91c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\fi.pak

Filesize
351KB

MD5
fa7dbd2ee35587ff31fde3c7107e4603

SHA1
baaa093dcb7eccf77ce599c8ff09df203e434b60

SHA256
5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c

SHA512
587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\fil.pak

Filesize
394KB

MD5
3126f74d021e9423d71913bb45a62935

SHA1
c9a80c8585aabbfec34ae891416794b1b3e29a11

SHA256
4cd3fa70487e894400ad29e3bfbfba3e1c5edd799aab12c62c3aff3c2580ce5e

SHA512
fb360723ee53b3f7038eebd1b919a36784a0e3dc878e810bc905c4297379dade6006c8872ed68412b06161cacb0d6e32a7157ecf97d9e103a4ca3b2b71db8765

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\fr.pak

Filesize
410KB

MD5
51ee1ed54fec49effd103c29677885b5

SHA1
ced6fd3354007d1ef3ea7b6689aae5213c20cc69

SHA256
1f6bc09499ee37456968a28b67b81bbf5b9df4f0c6035a388242d2037a3b65a1

SHA512
dfd50ad99b89345940afead11c3a6940d4408a0e6265cddda1d71ad92527ea00d8057ac77ceb2ffe137a3f0d2f321c210bc7cf97ed821f01e538dc08d07149a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\gu.pak

Filesize
787KB

MD5
b7f4c73d56be31042d8edd7e8ea080f3

SHA1
c0c3595701c0a75c14931ed65958d36df0d925c5

SHA256
c36a20730d5f2b91cb61b5b2a5912db2ea5a328a9b8abe0fca0af300446d3c20

SHA512
ea0d766a754604cad4d5f3180c30f7dfdc3e1cfe79d67365b72adc0d7574851f21bdd5b748b16e8b4a95ade40c8ed0442bcefd511a2934cc9c701e379c955d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\he.pak

Filesize
488KB

MD5
6376d0a5f4273b76b1f4aabade194e0c

SHA1
337ba39f09454c0779ab64872b9fa11f866d6adc

SHA256
875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45

SHA512
00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\hi.pak

Filesize
821KB

MD5
ede7fa471c5eebc1fa55b9b3b6f92d00

SHA1
1d1f529c615799bb3a3319ddd1357cb5dc71464e

SHA256
1e9623c7407ae8b8a88df3f69a47ae8117f74c4dcb56897bb794a9c38ee5805b

SHA512
0f51ea54e828700080effa6c728230c523ff8e26fb350e6f337028d18614d5dfc4a2792cb92b5e606bd0702067f55fea546029cddd1ebf7fa74ef5521ff08338

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\hr.pak

Filesize
381KB

MD5
7095ef4caf6bd39174487002a4e09300

SHA1
1efe686bd0b7f035aee7ab4c52be6133121cd0f3

SHA256
3d7685163c5eb6a11e745ff934312b8681c5f85dfa8d9ea701e9dcaee1e7a285

SHA512
45488d46dfe7a31a007932917f7baf4c195da899de5dc56d98e555336668af3edb77996487649b86f56beac688374ce77f8feadc01e3f84d30d83bd67631f9c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\hu.pak

Filesize
411KB

MD5
d6904e7d1b6750d43a6478877c42618d

SHA1
919f090a6a3aa1112916f5bb0d5b73a62be43c1e

SHA256
3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f

SHA512
d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\id.pak

Filesize
336KB

MD5
881ff04e220aa8c6ed9d0d76bfa07cb8

SHA1
cacf3620d1bf85648329902216e6cdc6f588a5ba

SHA256
9210c4c4c33e7ceb5f70005a92a4fd36ca4facdd41701fdc1d2ce638db8adf22

SHA512
9134102928aa80c49bbf2b862e8079b2ee23636ce63412a4c3813f234d623ff563f5ca1ac407ddb77cecf1224896ed59ae979dcf63435d35a4f13de9c22755d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\it.pak

Filesize
373KB

MD5
91391f388b4b6c12a72710c35f4c355d

SHA1
f89e6ea977a10a9f050395489285ce8c041c2c05

SHA256
c0dc0a4a87f7bb054a30eb1174c3228ea2014bd94668a7d22995b99c4937d817

SHA512
8796d69d1a8bdbc7690ded45404174b7fa0b5bec8453d79a3c85bf4707c3f32caf634c792c72ce7bda3522eceb5fc6761b696471586397064d9f1f1988ceee88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\ja.pak

Filesize
456KB

MD5
8209dd8cf4e416416e015ff239b7c483

SHA1
7affd1707b9eec52c26a4c17708c8471c369e2f6

SHA256
3accfd9a1833ddeedb2082fb94101beb59b555c60f42e3070e9e04a372eba84a

SHA512
6a58a1ea8a46c325cac0629f2e3b571532a9a2a342ed61ca47bd1dcee20ce0b0350e4f6d3e8e4c6903c7ba4a4592a6382bf0fcb5437febd1673b3c2ce8cd7499

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\kn.pak

Filesize
910KB

MD5
d3d6bc60bead608e68e776e07d21ad30

SHA1
e40e38ca99026056c127e9e1a1ff821a50310887

SHA256
90b2df3338468e84e2cf2f2f67597cba5c3ceb5dba9c59ebd072ec15a70ce741

SHA512
05421db2f1202573a34de1e722c6bdb55a35821c4aebd54c80e6594fc92075cd9b97e5bfdfe93b4228c3a2646b92a27da4722ef3826e2807238dcc56ba273706

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\ko.pak

Filesize
383KB

MD5
b31780fff9541290c1d9f5b76141430d

SHA1
8b0fbdccd0a7f8141846763a0d27e4e0da0552dc

SHA256
b04c1b91cab31054be70cb851dc6716065545445801045daceb96eeee4d2334a

SHA512
a573dd09520059832e7f53386a64dcdde47452b02ce1e5d7e11385abbc8b734dcee0065b4ca351591bf9cc2f66fae204b9300702246d20265e8ddff4f7c1e6d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\lt.pak

Filesize
412KB

MD5
7b6bf901352885c0699db71239b7cf24

SHA1
9e3ec5f327c0d0e54a449332061e60a8c79243cf

SHA256
9200a9509bd77834d9912f4ba8f4219d2b9bd2cdad49a11873db30e99b9d1350

SHA512
79ebef723fb4c17581eb869b4b4e1a364a3d28df0e168e7e1a3583e0c1ec5b9716dd270925c0545b8247421a64b03705f10910fe3416900de9258840c470d580

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\lv.pak

Filesize
410KB

MD5
e664eb35f1284e9fc615e1bb4fab892b

SHA1
e777653abec377a394170b04f79e78acbe4b6a3b

SHA256
b5a31cbfcb40ad8d911de1618c4eb7e8cc67b97eb8878220f15d40eb014d8ac8

SHA512
c3232997e8d306e91ded72e9d81ffae2018af3e6c32fe620532e03bccd2883fce59b2a2290a1580d7080c468c02bcd24c1bc90051f06bfa9a4e17857d4aa583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\ml.pak

Filesize
948KB

MD5
00292b0801e0dd0a74091bf53f1574c9

SHA1
63a002e7a8796bc4b4459a19c95ce426fbd1ec7f

SHA256
61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6

SHA512
e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\mr.pak

Filesize
772KB

MD5
b9a2aa88c69c42ebcc41fef00c980a38

SHA1
9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8

SHA256
481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09

SHA512
5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\ms.pak

Filesize
351KB

MD5
d5da199f347452c5904bff9332a08f84

SHA1
b5fb8c22708a7e3130684f1a9923b6dab10c3ae5

SHA256
fe58cc4f62fc31e32c1fb9a0893a5483391ab6a91b1c92ed4a5e3103a962da7a

SHA512
9fddeb376bececc51dec997b3ed1e22821340fa172636f641af774dae8bc9b5c0780757380bf3fa8df0f9682a555ede81c449ae9468f63215c17123d13ee9f35

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\nb.pak

Filesize
344KB

MD5
bbae0915edec081b04bb903b689bc40b

SHA1
6a0fc635ce1c431e512b8b3b8448176aa4025556

SHA256
d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8

SHA512
573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\nl.pak

Filesize
356KB

MD5
9f547a24e2840d77339ca20625125b4c

SHA1
23366411b334f990a0328a032b80b2667fda2fcd

SHA256
55413d5eddb3300e0ae0fa5d79d26fdf1e5a12922d7018c8054b1faa9d660301

SHA512
34da7a0b58ee3904d00cf02d16d5a3ef508fb708d7c0a887286fc32cd6145b2bd857d317c784d1d1b17662041eadcf7e225908980eb93f2b81161d845c0bb67f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\pl.pak

Filesize
396KB

MD5
0dc77139d3530695cb4e85b708bc0bf6

SHA1
6915655afd1e37361c011f5c2113d72c7a0e85bc

SHA256
53b59486361b11512fb90f15065104b15ee2322bb7804f859cde2f2ecf9581fb

SHA512
ee1ca1d99ac279df4cc0e532aef2fc531061736b636a84310bdbd627e0f2435eac1a386ebb19aa901b6eae3929bda1c5da4f41b73a25a1b20137522e34547600

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\pt-BR.pak

Filesize
374KB

MD5
a064cb9d7cf18936600e9ccc03297006

SHA1
eb436a0c584ba91acb05dfccde139afbe26fe9f4

SHA256
c9ec3822044365457b8736348cf95a8e39bdfe3ed36267449bf3ed739accef2e

SHA512
95af684abf9d24cfc4d0668a02da1e2e69f5e671d671d8cdfadc22ec991908c6aa5663fe1fa88ca8e85c0508f409fa6c2bbc174c53674270f2b188018d358415

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\pt-PT.pak

Filesize
376KB

MD5
3f367760b57a5e4360dabcd4a650bc5f

SHA1
8d7cd6b0eb42361ee862455ecfa475d28f5aa934

SHA256
c89170385b3afb2ec89fbd61b8470ac718713c7296441c8430f173dac218e74b

SHA512
3dc30780d57dee91215a716dc6b4cb432838aa0161af4371f49f70db2076bd155b170fd2c1617f59e1b572144a2e150a34143eda82d9f2227d24d2281d5aba60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\ro.pak

Filesize
387KB

MD5
745a9b8c6422682f2cfa5561cc1f4022

SHA1
31e3616ef09f9b1fd1c41cf8f43e504a6f90276f

SHA256
7247470057a936d03bfa2a8776508ab66aa1040c41a4eb8f79c1e93551c74bb8

SHA512
8e0b7f98cb842a862ceca65e0166462275feed26c32c9c299aba9986d36b716a90d4a8db5ccef355ac266b7e969071014cc7ab6439778e77c52754bc23b4c575

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\ru.pak

Filesize
634KB

MD5
5cc0f54e022a9996773dbd64906d5580

SHA1
87c103bd69724579b478f904235e03caf61d5d79

SHA256
b4223b56ec88235819a427d60bb937eb3984076523f02a018f57819e0429bea9

SHA512
b3365fedcba50643cecf1a70297e1e67990d63ae05caa87de01a70ef6f28e0f73a9a0edb0ff80b4138c624e51aa2dac065a2d40877fc92137714ae07734c2f4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\sk.pak

Filesize
399KB

MD5
72946b939f7bcaa98ab314cfba634e0b

SHA1
71c79a61712c8c5d3dac07a65d4c727e3b80ab17

SHA256
75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7

SHA512
2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\sl.pak

Filesize
385KB

MD5
4ad22c6c64dbe0fc432afaa28090c4d9

SHA1
19eb65ae52a585dbd9c25c32f22b099020c43091

SHA256
6002c129a56558832e9bd260c427c0bd2e1566e0aea3ad999f89c8e479534f9b

SHA512
94f9d34e76560059ef80fc04be4d54e52a7d934dd28747db7f0f6684243b841087245699a471a55d667623d2ce5e597a3d2c6bc37cfd7ebd2f5b8fb40e6207e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\sr.pak

Filesize
595KB

MD5
fca817ed4b839b976ebcbf59cac66d68

SHA1
413efa65470319999032b6a25b3b2ee33b8cd047

SHA256
524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb

SHA512
cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\sv.pak

Filesize
347KB

MD5
5130a033016b45ae2c3363edb3df7324

SHA1
9f696d78b1b9efec180dc89ee0defc3ba23e6677

SHA256
3420a1fbcca5bf8c2d65d6dcb0db78b03f95f7f2fc56479a0de6e3312333ce6f

SHA512
401b71360dcacf3b1fdc411c92195051370db110863cbed37143263e7804cb24b75ff1908ee39ee848c28776df00d6edd8cc748acf3725668af7815929e8066b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\sw.pak

Filesize
365KB

MD5
9632dd7d883fa4deb3963ea663e0ffd4

SHA1
0db135be4b3a7c54c39e9df5034d5576b68ea92e

SHA256
690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e

SHA512
3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\ta.pak

Filesize
936KB

MD5
f100566697a96ce1f0a0c7e0bbfbe36d

SHA1
4c80a4930ba7d174c4203c199492463242bddf62

SHA256
7e818deedd50a533851bbf08e056bf2ad8d45f442a1a61d9b48e66804ea848db

SHA512
dfa6132a5b7e819e8d326bf5ee539d9ecb2dcd7fea429c75afec2291df9eeead6fa347b01f9feaf2235bce627fd39116176195f7a3d7d74de28951f939db1645

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\te.pak

Filesize
869KB

MD5
b1b6a9e3a04be79080ebbfacc1a0eb2d

SHA1
a5c8eb6a930062f6021d073d5f74ae146dc7fbc8

SHA256
d839531c4ff4a2885c993e0d358f78667215b0950c77a06ef01a6acff9221c5b

SHA512
bf0b163c8fc3988bfeb3cbb4b981596ce5afdf7e40149622fc3b60994e7d8efa5bb24c830036d168a6638feca48b8755aefa8640faae37055cae8fffb6a85568

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\th.pak

Filesize
731KB

MD5
a970b7e9d3aec2cd1b8ab798b3179f07

SHA1
bf17a7e80e01ac1704a1efdf27baf271b4c21e36

SHA256
cd80bf232f2f128a3d411f52c8039987559dbc1055f746eed6e0e8478b116dc1

SHA512
880555a2ac2f278aecb8794d8cc51f0833052e9f4ca187ed91fa35bb475e68ae3255cfe1dc074eac960c73c203e62c6b38077b266f5fab66ccc3ca73e94d4d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\tr.pak

Filesize
371KB

MD5
46f9b2a35efdf1120a8a946e4f1d0115

SHA1
af7bec1fba32d912b50288a7d988440627e4ee85

SHA256
b22fc7b75c52cc142f201d5cf107d17c1b173a494a6add022127f559fb46bcb0

SHA512
cd67f9c328408a8295f224aec190c7c411a868755fc5c9e90b4985b3c41a05d6d34dd30d4a3866f6c24e1d640f4c324bfba8c7ab806a6b216151cf0a504a03d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\uk.pak

Filesize
634KB

MD5
3b2a976a25dca963e91df3695c502d8c

SHA1
ce7ae51211f512c3723bb43ea0de9e6debb70597

SHA256
28ea88f19b2c34699d535ca0c691449b7e4001c12e8aed8d04b2078916e88a37

SHA512
ba41ee074239afdf8f194b4ccb33060fa9655e3ccdac6a16090959d3214f8db15396b3e038d7de26c478fdd003472f680d2b6ac9a92acaf6ebf8aa258747ecc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\ur.pak

Filesize
552KB

MD5
ba86f1f13fdc37a2c48c1da34c84f4c4

SHA1
2f1578d0eee76e60effb63967712b15c0d56829e

SHA256
4c7affdcc324cd791d10e235da809ce7501e8005be64340b6e8bf5595647a707

SHA512
fb2fe1548574da860bf27408a4f29d781fcefc300f744f4214843f343e343ad8bae29cb7047f87f5c3277641f561c6a30e5bc9d6490afbefc7af36974305a688

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\vi.pak

Filesize
439KB

MD5
065179c466c5b7457e249f11d152b99f

SHA1
cfc05e9dfb91b2af2944aed4718fa05b43844914

SHA256
b75694e390bd2e20780b3bc72f6e1473ba45d7537c27642a7d888dfd3bb6c3bb

SHA512
fb598391a028b7d3c7e25cae21ccfde655e6f871e498767a54f7cf0d5d4e48207213cd2598ca88e4f46c303cd2d8175238a5a5b720ab37beec1873d681165a8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\zh-CN.pak

Filesize
319KB

MD5
2febe4ef32e1a3884089908f402ad62f

SHA1
e65c54adc127b78494dd6189cca71f1c7bd2a5b0

SHA256
a7ac9fda6f4cd189b75fdadc4b70cd0d369a09b66eaeb5d032678cb97ffc98f6

SHA512
8e8b030af4c952c32ec277850d5573414630ff5196eaed52820f44e9c5bd03ab6f71a8add19215b0456eed859be0d5a6f28d48e12f1677d39842f35feffd5e57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\locales\zh-TW.pak

Filesize
316KB

MD5
02e9e0bc5c30ca60a869ea761fb662eb

SHA1
c5200f692544b681af8757627da430aeea4283ee

SHA256
c5061ec00bd969f76f3c0c6ff15ddacafed7491260bd8ced78118691ba57bdff

SHA512
07b5f401f89dfc36499a3e74318b471d9b2e795dc363dfd5a9394089d4783a4b51fd78e2092701b6974f1c51020f3b5f81171ce21690f8547ff3c8f3d54ce781

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\net_updater32.exe

Filesize
8.0MB

MD5
2c9406f63b04b2c55e4f14cb31f2081f

SHA1
74f111d852bdd1aa0d9d6b738511e15358281054

SHA256
cf891dddf3f94b28991ea2d630ccf0dfa24ade3f5ed51b5a1a856a94f53eae42

SHA512
8b9bf911e01f639cec214669d7b3b420265085f1014e7d93fc8df3b86d194a75ba4b6f0e41563fd38cb52c55494bca3705aa97fab57601aa6060f7846da7e866

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\resources.pak

Filesize
5.1MB

MD5
f5ab76d2b17459b5288b6269b0925890

SHA1
75be4046f33919340014a88815f415beb454a641

SHA256
4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c

SHA512
6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\resources\app-update.yml

Filesize
109B

MD5
2b9cd02b5ae22c6e0f87da397fa9ef98

SHA1
271a98490753b0d853a4e2d07f5949c4dd2c5bca

SHA256
dfbc06fb21cb961e3e1573a3fc704b894a09255353632194a3c3a535e691139e

SHA512
451a41bb3b1e86d062955c6a992839700ef527c156e05ef18fb6f9fefa907d6c569140233784686b4a51bfab5e64119bf7125cee0adbc096464069a3307152c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\resources\app.asar

Filesize
6.6MB

MD5
8f4ea69fc39cc48ea0c44d7c7408d5e9

SHA1
b28bb4b7e717125314e6a65ec227961f5c32a456

SHA256
25a4aab913220d85621f008bf25ce4e83eedaf211123c8e0e978a61c26555b48

SHA512
7b04d683330131b28484cffc26676988ef63bc684e91e3f9b092127ac5de1286cafd0f926a1e05a5e7af69c5750825c453a3b67e8b060ce81acdf10e5b6d90d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\resources\elevate.exe

Filesize
125KB

MD5
41632c36f979ab514bb50117f961091d

SHA1
6e2995bb047290fe55f9bfdef786cb624211ab6f

SHA256
3596346f7381817266812bac7e47df711c39aa1b53a84e4a128e1a6b9b1c8477

SHA512
814c2d3c47be5f4d38b9d61fb2cc08b581ae9499d0715ee65c5439fb48be6c66dd1f4bd6adb57f01b43832715a5a677699dd72fd82b8e277c923bf87599688ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\snapshot_blob.bin

Filesize
292KB

MD5
695cb675c0c33f09f6c6019579ab492b

SHA1
d14281484d915e0192ba4b92608d8903fddd277f

SHA256
3121f179e50d7825795caa68e722e996f794e17240ad6ea0aa94bd065e05aa13

SHA512
2b1f9c2e722c8ffc561bbff34dc169d20a0807ec5aa8c085151ecfdb79c3a2e3e6df40490bb11a35f411c69ebd8d77c9e37aa75d0edabe998161ab6a1e2139e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\v8_context_snapshot.bin

Filesize
585KB

MD5
b32cbc4a5ff34f441e8e0c264aa61849

SHA1
435d88a3e50ff85b6030c4c6e8918161fa340201

SHA256
4f72c7b625b64d38f819a970cfff5921ff4080e27de84b00b9a7cf8be15277c5

SHA512
7c13eedfab9fba821d5a26e5ba81444a84b48aff13a7cd508c03f7ea113997c2edf7126e5547e16fb3e98a942f0070a5d597c25971afbde92b46125085b57b4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\vk_swiftshader.dll

Filesize
4.3MB

MD5
ad00a712203b9dfb702d886e43d215e6

SHA1
1921d4d14b5ac0a669f69cd852a41eba8377a434

SHA256
01742049534047b956328b9a0ca57f720e957edb684a6a0d70acc992e2b684fc

SHA512
f4672dce073c940fe3b9f9687fc9a195b5d0a6e51bb92c91047775be244ce95a2c743947eb05299d77cb3c8b914821984bb98182bc9afdc35e3963148f5562e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\7z-out\vulkan-1.dll

Filesize
774KB

MD5
c5292c08876926143ef404b3e638c314

SHA1
aa4917507da1bd71d0671c449af9e2e081295c90

SHA256
84c7f070e59f3b0bce2d32d4f2e6c7e03fb5d30f82a99c4edd8a251c9a3c0e74

SHA512
9e4d8f89de130d20ac7fcc34e3e8914320bed5d0ca61156a80a8d9bc66882e6f6a19012106e949ecda8e515203a605ad56e19ec0d4c0f73cfbab5f40c5746763

Download Submit
C:\Users\Admin\AppData\Roaming\bright-vpn\50a19eec-76ee-46f6-b5e0-14efb14d0410.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\bright-vpn\Cache\Cache_Data\f_000001

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\Roaming\bright-vpn\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\bright-vpn\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\bright-vpn\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\bright-vpn\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\bright-vpn\Local Storage\leveldb\CURRENT~RFf782fd7.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\bright-vpn\config.json

Filesize
33B

MD5
da90d6a03d3b528807affe0e5857af9d

SHA1
26d7ff2ceabbeaea5a8b13453b8bbb34dba5735e

SHA256
cc36724f14d36f810b3fac824e2886ccb576783d98a417b60d6056ab410a31c3

SHA512
ae803dd9c22afd21ec3c6ee0de9295ed3ce2a489f60b792126a7756b27fd8435a0686c26b680fbbc33c1b22e14506c33ab8031d899316f8a95cfc903678b4f48

Download Submit
C:\Users\Admin\AppData\Roaming\bright-vpn\config.json

Filesize
105B

MD5
73d7142f2398d6bc8d495891231dc37c

SHA1
d46ebdf5e1fa5000ccf6d1c69ffb79ef94f4b06a

SHA256
1018c16ede8cfa736e3c3f802967d67ed1c954bd7a2f96b75605960c49563813

SHA512
828acb1a5f22dfa4d19f4961896a355a4f7cbd46386a786c0317eb8179cc26e8b9f84c47bdbe53a122292c092f884790e99ec1bcf4014157f5912896fb1e7a21

Download Submit
C:\Users\Admin\AppData\Roaming\bright-vpn\config.json

Filesize
75B

MD5
e0e21f346b90c0f753e3d47eaaf40d6f

SHA1
030590c6ebfead9d45ae7681924633da9cf8b649

SHA256
9d0dccb16558d1d130dffa3de6185421af590b01e384964e5553ea86bf99b70f

SHA512
6c2422bbe6ead92594ef728f1eb5f15c8fb714eb4bb6e580cbf3b98063e276d8406010c0f8553c540600e7ae92309e9dc508091034fd38b8555c7f69aebce36a

Download Submit
C:\Users\Admin\AppData\Roaming\bright-vpn\config.json

Filesize
134B

MD5
f296e244062c4078d56b033db3b4b736

SHA1
9b6f301a86d64d97104158628237a0b79e24df43

SHA256
76136566c04782c71fe8d76ff4c034bfad407969c9c3958a3f82a04a2da6c08a

SHA512
37abc5499b065ee644c0d12275cbdcf766b974cc276423412bbc3709c34005f4aeb84b68bd6a8b7d33e14d21823ee0a33cdce441ecd3fdf699180c12a7d8df49

Download Submit
C:\Users\Admin\AppData\Roaming\bright-vpn\config.json.tmp-42561806073904a6

Filesize
155B

MD5
4d979901a0a4aa1fd37c4d0e87f63c78

SHA1
0fdbb8ba61a5e10c95fa699d965837297df6436c

SHA256
710129a12d54c7027f6bbc14f186f0e807a899f2a21b7c7057514f995aaa1c75

SHA512
57cbf45d3d32bdd7748d82ed866b91e4570711ec1da550898e6d09e7279e41837987e8fb9cd3b91bdcd3b03145199d305274eaec0f78a6b6fb0cf1cc01bddcec

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4e4067cf24d4085db426c8ebd48be319

SHA1
8efcdd6e7733d01bcbd63386ee51f72129fa2077

SHA256
5ee7c4e44636897d5ccfc7640d219c264590254ec38774cb29b872d177252916

SHA512
65dae7b72350e0fa462ae7657a9504fbb5413c03f7a5c7a3ef845722b8e6011fa4dfa227a4456881713049cb5e23d172618ef74099ad15f72d3f6dc1c8233401

Download Submit
\Program Files (x86)\Bright VPN\net_updater32.exe

Filesize
8.0MB

MD5
162ea249c65668fbe14538d17159aafe

SHA1
77acff41bccff5dddc06dc3c2266a09690718a2c

SHA256
9fabc290d1b886a6a01b61113e85988b29708f896cb356000c778e51b294897d

SHA512
c1b4c405a159fababfa15a7fde0b552a2b49e1966331563dcf5b07e709c9e373a5979bfc9093bcf2fffc0b85988638da22144852f3820d03d8a5deea0558a4b8

Download Submit
\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\brd_sdk32_clr.dll

Filesize
4.7MB

MD5
8fb1b4597cdb2f3eb3f6aa34b1fd0004

SHA1
6f59be39abff7e55860a682293ab7c8ef2b85750

SHA256
afe626120be5dcabb918c0627ddcb9ff6fc0bbdfc7c7d8c1a4d4ebf760e99ff9

SHA512
47f9f3069f64f75b46226efad2149fbc44ec185752831c10d9d54b1e96797b1384957e8cb37c521df064e575926645f55abf60b22785707ca4572fd3e4c73fef

Download Submit
\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\msvcr120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\INetC.dll

Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\brightvpn_installer.exe

Filesize
2.1MB

MD5
78da1448fcf8307c8bd6fa8e193a5375

SHA1
8e8468f806ed18901f5f9231a4928fa99bc0cb83

SHA256
1c4652e180674d20ce42314d46460ae1beeaa2bc092c749df1aca5be47fe4bd5

SHA512
c2d5124e45020c29493d078608331b576a28e4b4533c7667fac9f41ae9632f6ff9907a2bd46a3ca5a5a424a9c884eef5b714ccc66b240adfae1364b6a7aa1ee8

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD3B.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1936-1883-0x0000000000B20000-0x0000000000B28000-memory.dmp

Filesize
32KB

Download
memory/2460-29-0x0000000073A70000-0x000000007415E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-50-0x0000000073A7E000-0x0000000073A7F000-memory.dmp

Filesize
4KB

Download
memory/2460-1019-0x0000000073A70000-0x000000007415E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-1020-0x0000000000760000-0x000000000076A000-memory.dmp

Filesize
40KB

Download
memory/2460-87-0x0000000073A70000-0x000000007415E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-24-0x0000000073A70000-0x000000007415E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-86-0x0000000073A70000-0x000000007415E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-85-0x0000000073A70000-0x000000007415E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-26-0x0000000000760000-0x000000000076A000-memory.dmp

Filesize
40KB

Download
memory/2460-25-0x0000000000760000-0x000000000076A000-memory.dmp

Filesize
40KB

Download
memory/2460-27-0x0000000073A70000-0x000000007415E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-28-0x0000000073A70000-0x000000007415E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-84-0x0000000000760000-0x000000000076A000-memory.dmp

Filesize
40KB

Download
memory/2460-22-0x0000000073A7E000-0x0000000073A7F000-memory.dmp

Filesize
4KB

Download
memory/2460-83-0x0000000000760000-0x000000000076A000-memory.dmp

Filesize
40KB

Download
memory/2460-23-0x0000000000190000-0x00000000003A8000-memory.dmp

Filesize
2.1MB

Download
memory/2460-82-0x0000000073A70000-0x000000007415E000-memory.dmp

Filesize
6.9MB

Download
memory/2676-351-0x0000000002F30000-0x0000000002F3A000-memory.dmp

Filesize
40KB

Download
memory/2676-306-0x0000000002F30000-0x0000000002F3A000-memory.dmp

Filesize
40KB

Download
memory/2676-206-0x0000000002F30000-0x0000000002F3A000-memory.dmp

Filesize
40KB

Download
memory/2676-174-0x0000000006260000-0x0000000006704000-memory.dmp

Filesize
4.6MB

Download
memory/2676-173-0x0000000006720000-0x0000000006BDA000-memory.dmp

Filesize
4.7MB

Download
memory/2676-150-0x0000000010000000-0x00000000105F1000-memory.dmp

Filesize
5.9MB

Download
memory/2872-1999-0x0000000000FB0000-0x0000000000FB8000-memory.dmp

Filesize
32KB

Download
memory/2928-1038-0x00000000011B0000-0x00000000011B8000-memory.dmp

Filesize
32KB

Download
memory/2956-1207-0x0000000010320000-0x00000000107DA000-memory.dmp

Filesize
4.7MB

Download
memory/2972-1021-0x0000000003B70000-0x0000000003B72000-memory.dmp

Filesize
8KB

Download
memory/3696-2125-0x0000000000CC0000-0x0000000000E02000-memory.dmp

Filesize
1.3MB

Download
memory/3956-2131-0x0000000000240000-0x0000000000248000-memory.dmp

Filesize
32KB

Download
memory/4016-1779-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download