dbae0132369a82f2c1d08c0a38d6415c07d727995d9f70f4236bdeada68041e8

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Somiibo-Setup.exe
Size

245.6MB
MD5

f75307b77bb583ee0e912bf0a19ced83
SHA1

6571908284b87773812a88c21348337410b06970
SHA256

dbae0132369a82f2c1d08c0a38d6415c07d727995d9f70f4236bdeada68041e8
SHA512

f5a1ad0a47366c32fe483c0263284a289376b9551712aaf05d80c0e2d37710c8225afd8ff2c9918efa4533fd013a0a514c8ac7c3970e082bb64d7da8afe065c7
SSDEEP

6291456:M5TWyCgG0XimuLo33ue5TWyCgG0XimuLa46wOM:+dyL6dyLaE

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\electron.app.Somiibo = "C:\\Users\\Admin\\AppData\\Local\\Programs\\somiibo\\Somiibo.exe --was-opened-at-login \"true\""	Somiibo.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 31 IoCs

Web Service

T1102

flow	ioc
78	raw.githubusercontent.com
37	raw.githubusercontent.com
74	raw.githubusercontent.com
80	raw.githubusercontent.com
84	raw.githubusercontent.com
48	raw.githubusercontent.com
73	raw.githubusercontent.com
38	raw.githubusercontent.com
47	raw.githubusercontent.com
50	raw.githubusercontent.com
85	raw.githubusercontent.com
36	raw.githubusercontent.com
49	raw.githubusercontent.com
71	raw.githubusercontent.com
72	raw.githubusercontent.com
83	raw.githubusercontent.com
40	raw.githubusercontent.com
44	raw.githubusercontent.com
79	raw.githubusercontent.com
81	raw.githubusercontent.com
82	raw.githubusercontent.com
39	raw.githubusercontent.com
43	raw.githubusercontent.com
45	raw.githubusercontent.com
75	raw.githubusercontent.com
76	raw.githubusercontent.com
41	raw.githubusercontent.com
42	raw.githubusercontent.com
46	raw.githubusercontent.com
51	raw.githubusercontent.com
77	raw.githubusercontent.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
35	api.ipify.org
52	api.ipify.org

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	Somiibo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	Somiibo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	Somiibo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	Somiibo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	Somiibo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	Somiibo.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
3064	tasklist.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 10 IoCs

pid	Process
3160	Somiibo.exe
3584	Somiibo.exe
2028	Somiibo.exe
1896	Somiibo.exe
3916	Somiibo.exe
4488	Somiibo.exe
5632	Somiibo.exe
5892	Somiibo.exe
3736	Somiibo.exe
3436	Somiibo.exe

Loads dropped DLL 20 IoCs

pid	Process
1576	Somiibo-Setup.exe
1576	Somiibo-Setup.exe
1576	Somiibo-Setup.exe
1576	Somiibo-Setup.exe
1576	Somiibo-Setup.exe
1576	Somiibo-Setup.exe
1576	Somiibo-Setup.exe
3160	Somiibo.exe
3584	Somiibo.exe
2028	Somiibo.exe
1896	Somiibo.exe
3916	Somiibo.exe
2028	Somiibo.exe
2028	Somiibo.exe
2028	Somiibo.exe
4488	Somiibo.exe
5632	Somiibo.exe
5892	Somiibo.exe
3736	Somiibo.exe
3436	Somiibo.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Somiibo-Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe

Modifies registry class 43 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\somiibo	Somiibo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\somiibo\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\somiibo\\Somiibo.exe\" \"%1\""	Somiibo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.html\ = "Document"	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Document\shell\open\ = "Open with Somiibo"	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.pdf\PDF_backup	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\PDF\shell\open\ = "Open with Somiibo"	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\discord-701375931918581810\shell\open	Somiibo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Document\ = "Somiibo"	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Document\shell	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\PDF\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\somiibo\\Somiibo.exe,0"	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\discord-701375931918581810\ = "URL:discord-701375931918581810"	Somiibo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\PDF\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\somiibo\\Somiibo.exe \"%1\""	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\discord-701375931918581810	Somiibo.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\discord-701375931918581810\shell	Somiibo.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Document	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Document\shell\open	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\PDF\shell	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\PDF\shell\open	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\somiibo\ = "URL:somiibo"	Somiibo.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\discord-701375931918581810\shell\open\command	Somiibo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\discord-701375931918581810\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\somiibo\\Somiibo.exe\" \"%1\""	Somiibo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.htm\ = "Document"	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\PDF\ = "Somiibo"	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\somiibo\URL Protocol	Somiibo.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\somiibo\shell	Somiibo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\discord-701375931918581810\URL Protocol	Somiibo.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Document\DefaultIcon	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.htm\Document_backup	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\PDF\DefaultIcon	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\PDF\shell\ = "open"	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\somiibo\shell\open\command	Somiibo.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\somiibo\shell\open	Somiibo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Document\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\somiibo\\Somiibo.exe,0"	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Document\shell\ = "open"	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Document\shell\open\command	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Document\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\somiibo\\Somiibo.exe \"%1\""	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.pdf\ = "PDF"	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\PDF	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\PDF\shell\open\command	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.html	Somiibo-Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.html\Document_backup	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.htm	Somiibo-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.pdf	Somiibo-Setup.exe

Modifies system certificate store 2 TTPs 17 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Somiibo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Somiibo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Somiibo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Somiibo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Somiibo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Somiibo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Somiibo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Somiibo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	Somiibo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Somiibo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Somiibo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Somiibo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Somiibo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Somiibo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Somiibo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Somiibo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Somiibo.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
1576	Somiibo-Setup.exe
1576	Somiibo-Setup.exe
3064	tasklist.exe
3064	tasklist.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
1896	Somiibo.exe
1896	Somiibo.exe
3916	Somiibo.exe
3916	Somiibo.exe
4488	Somiibo.exe
4488	Somiibo.exe
5632	Somiibo.exe
5632	Somiibo.exe
5892	Somiibo.exe
5892	Somiibo.exe
3436	Somiibo.exe
3436	Somiibo.exe
3436	Somiibo.exe
3436	Somiibo.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3064	tasklist.exe
Token: SeSecurityPrivilege	1576	Somiibo-Setup.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe
3160	Somiibo.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 4036	1576	Somiibo-Setup.exe	87
PID 1576 wrote to memory of 4036	1576	Somiibo-Setup.exe	87
PID 1576 wrote to memory of 4036	1576	Somiibo-Setup.exe	87
PID 4036 wrote to memory of 3064	4036	cmd.exe	89
PID 4036 wrote to memory of 3064	4036	cmd.exe	89
PID 4036 wrote to memory of 3064	4036	cmd.exe	89
PID 4036 wrote to memory of 316	4036	cmd.exe	90
PID 4036 wrote to memory of 316	4036	cmd.exe	90
PID 4036 wrote to memory of 316	4036	cmd.exe	90
PID 3160 wrote to memory of 3584	3160	Somiibo.exe	101
PID 3160 wrote to memory of 3584	3160	Somiibo.exe	101
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 2028	3160	Somiibo.exe	102
PID 3160 wrote to memory of 1896	3160	Somiibo.exe	103
PID 3160 wrote to memory of 1896	3160	Somiibo.exe	103
PID 3160 wrote to memory of 3916	3160	Somiibo.exe	104
PID 3160 wrote to memory of 3916	3160	Somiibo.exe	104
PID 3160 wrote to memory of 4488	3160	Somiibo.exe	105
PID 3160 wrote to memory of 4488	3160	Somiibo.exe	105
PID 3160 wrote to memory of 5632	3160	Somiibo.exe	107
PID 3160 wrote to memory of 5632	3160	Somiibo.exe	107
PID 3160 wrote to memory of 5892	3160	Somiibo.exe	108
PID 3160 wrote to memory of 5892	3160	Somiibo.exe	108
PID 3160 wrote to memory of 3736	3160	Somiibo.exe	119
PID 3160 wrote to memory of 3736	3160	Somiibo.exe	119
PID 3160 wrote to memory of 3736	3160	Somiibo.exe	119

C:\Users\Admin\AppData\Local\Temp\Somiibo-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Somiibo-Setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Somiibo.exe" | %SYSTEMROOT%\System32\find.exe "Somiibo.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4036
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Somiibo.exe"
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3064
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "Somiibo.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:316

C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe
"C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe"
1⤵
- Adds Run key to start application
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe
  C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Somiibo /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Somiibo\Crashpad --url=https://o192327.ingest.sentry.io/api/5546751/minidump/?sentry_key=1fae8cbbcbed41ba986f3fb7d2710a4c --annotation=_productName=Somiibo --annotation=_version=1.2.30 --annotation=prod=Electron "--annotation=sentry___initialScope={\"release\":\"[email protected]\"}" --annotation=ver=16.2.8 --initial-client-data=0x4a0,0x4a8,0x4ac,0x47c,0x4b0,0x7ff61b2629d8,0x7ff61b2629e8,0x7ff61b2629f8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3584
- C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe
  "C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe" --type=gpu-process --field-trial-handle=1648,4619174471567747900,2928892257147577475,131072 --disable-features=CrossOriginOpenerPolicy,PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Somiibo" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2028
- C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe
  "C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,4619174471567747900,2928892257147577475,131072 --disable-features=CrossOriginOpenerPolicy,PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Somiibo" --standard-schemes --secure-schemes=somiibo --bypasscsp-schemes --cors-schemes=somiibo --fetch-schemes=somiibo --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2060 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1896
- C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe
  "C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Somiibo" --standard-schemes --secure-schemes=somiibo --bypasscsp-schemes --cors-schemes=somiibo --fetch-schemes=somiibo --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\somiibo\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1648,4619174471567747900,2928892257147577475,131072 --disable-features=CrossOriginOpenerPolicy,PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2380 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3916
- C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe
  "C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Somiibo" --standard-schemes --secure-schemes=somiibo --bypasscsp-schemes --cors-schemes=somiibo --fetch-schemes=somiibo --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\somiibo\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1648,4619174471567747900,2928892257147577475,131072 --disable-features=CrossOriginOpenerPolicy,PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2628 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe
  "C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Somiibo" --standard-schemes --secure-schemes=somiibo --bypasscsp-schemes --cors-schemes=somiibo --fetch-schemes=somiibo --service-worker-schemes --streaming-schemes --app-user-model-id=electron.app.Somiibo --app-path="C:\Users\Admin\AppData\Local\Programs\somiibo\resources\app.asar" --no-sandbox --no-zygote --enable-blink-features --disable-blink-features --field-trial-handle=1648,4619174471567747900,2928892257147577475,131072 --disable-features=CrossOriginOpenerPolicy,PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:5632
- C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe
  "C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Somiibo" --standard-schemes --secure-schemes=somiibo --bypasscsp-schemes --cors-schemes=somiibo --fetch-schemes=somiibo --service-worker-schemes --streaming-schemes --app-user-model-id=electron.app.Somiibo --app-path="C:\Users\Admin\AppData\Local\Programs\somiibo\resources\app.asar" --no-sandbox --no-zygote --enable-blink-features --disable-blink-features --field-trial-handle=1648,4619174471567747900,2928892257147577475,131072 --disable-features=CrossOriginOpenerPolicy,PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:5892
- C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe
  "C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Somiibo" --standard-schemes --secure-schemes=somiibo --bypasscsp-schemes --cors-schemes=somiibo --fetch-schemes=somiibo --service-worker-schemes --streaming-schemes --app-user-model-id=electron.app.Somiibo --app-path="C:\Users\Admin\AppData\Local\Programs\somiibo\resources\app.asar" --enable-sandbox --field-trial-handle=1648,4619174471567747900,2928892257147577475,131072 --disable-features=CrossOriginOpenerPolicy,PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3736
- C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe
  "C:\Users\Admin\AppData\Local\Programs\somiibo\Somiibo.exe" --type=gpu-process --field-trial-handle=1648,4619174471567747900,2928892257147577475,131072 --disable-features=CrossOriginOpenerPolicy,PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Somiibo" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4576 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\somiibo\chrome_100_percent.pak

Filesize
138KB

MD5
4f7cf265db503b21845d2df4dc903022

SHA1
970b35882db6670c81bd745bdeed11f011c609da

SHA256
c48e6d360aee16159d4be43f9144f77d3275a87b3f77eae548e357601c55fc16

SHA512
5645d2c226697c7ac69ce73e9124630696516fc18286a5579823588f93a936da71084a3850f1f9a7b34c624f4c502957107f5957ffba5e6c1e4da6d8da7d3348

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\LICENSES.chromium.html

Filesize
5.2MB

MD5
4247afa6679602da138e41886bcf27da

SHA1
3bb8c83dc9d5592119675e67595b294211ddbf6e

SHA256
bf59a74b4404aa0c893ca8bbe636498629b6a3acdff4acb84de692462fd626e4

SHA512
ad3103f7fd32f0ec652bc7fcb8c303796367292a366037acad8e1312775cdd92c2f36ed8c34a809251ad044508e1e7579b79847de61025baf8bda5ad578a0330

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\chrome_200_percent.pak

Filesize
202KB

MD5
6a7a9dee6b4d47317b4478dba3b2076c

SHA1
e9167673a3d25ad37e2d83e04af92bfda48f0c86

SHA256
b820d19a7a8ce9d12a26837f967f983e45b07550b49e7b9a25e57b417c5f6fd9

SHA512
67466e21a13ca449b014b511fb49bfc51df841eb5776f93b4bda2e0023da96d368ac5c65de051ed9de1899275b9f33839af2c387be903688cdb48bf08993791e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\ffmpeg.dll

Filesize
2.6MB

MD5
7977f3720aa86e0ec2ad2de44ad42004

SHA1
04a4ef5ccd72aa5d050cc606a7597a3b388c6400

SHA256
61c6bd5fee2c150265241a15379c4053b174b1cd7687749629afcdbd1264a02e

SHA512
8ef3b8f506b5ad7241b96d381a501033266358fb3756a457c46ed499547db1232012f849838e65f916129fab1a0d74711e9851b8e0669831acbbf4c3494e492d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\icudtl.dat

Filesize
9.7MB

MD5
2e7d2f6c3eed51f5eca878a466a1ab4e

SHA1
759bd98d218d7e392819107fab2a8fd1cfc63ddf

SHA256
b62b7240837172959299dc3be44fffa83dc374353154eca1612e1bde330aa8fa

SHA512
0f1465e8efe32b0eaba628a30bbb21254a05d80f4407a1434120a55fb928cf575b3879e1b7cf754cd19b23c262ae715fa84a8049073563cb38f1855be7db1124

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\libEGL.dll

Filesize
431KB

MD5
7b77074945dfe5cf0b1c5a3748058d57

SHA1
fdea507ac2be491b8ad24ddc1030ea9980c94c0d

SHA256
994972c1bc515c199552d50e97ad217ae15a3eed16db06181c7df50e743e8a56

SHA512
d637b2c7d75723601af099317a39820d3edbd3cea1e1cb20b702deb6ca7fdb0b67e1351cc8fee1c7badff957fffb848a8dce18bb25bfd60c81a588da4f68c1fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\libGLESv2.dll

Filesize
7.6MB

MD5
8c93e19281992a00993fc0f09e272917

SHA1
3a2d12bc85f829775ec8c5c1f8e35a783d37b7a7

SHA256
1ebc1da8d7e463a5d3dc127a632989ef35cfbd94cb18bf1f8ee790f172d43703

SHA512
c4ec65378d83e6645c9128825853de2d3e82c0f430cd28fdc761eaf2d011267c3794b7c1dcef017750323873d7fe976656eebf9ed7c03582741d43738f3e0c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\am.pak

Filesize
179KB

MD5
ebe0e7e0c78fac281a3f0196da22cee9

SHA1
689864d898905d43b8a70bdf37c5b339daaf48eb

SHA256
08d86a45ff0a4b21e74b06509c376ab0f907cae72a3e0cbf5c17fc275d10ac5d

SHA512
89b6603e5db8ad53ee5623c2c0f7e81194278dbdf5ed49c7480049006b20744fd4642743c2b4a264cafa87e7f787d6d6cbf26f12ff2b851333b3ba7541ebd933

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\ar.pak

Filesize
184KB

MD5
3a8a7a08fedb148ebee6d3300356e37a

SHA1
2e9ac1ea8b6396b909f823486538d5640ddcaa1a

SHA256
43636fc76a2da6ab562c4c3bcc1a5d548a169dc0e884484fb7e4341814c44c78

SHA512
7951829cc7aa385bb5f8078a7af7d4f0b49fa8c05eecb2808eac3fb0e8700c63f92db888ad64f526d992a14d54948a6807bf06f9fb688aecea40311eaacea181

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\bg.pak

Filesize
200KB

MD5
5ed6adc6158f554e71bdac7dc9731b16

SHA1
394c8396c566d2b92cef881c332624be812115fa

SHA256
0a3e79a6d270d212037ccb5a8730b7abfc45c6e9175dd7e17d997daed0985726

SHA512
796f107698e82dfad9ec8d2ac1fc3f79b1f3a339a06eccd783dcd262ddb7399f8e3c093799f16640cf7a4488f1d2eb04ba6b7cb14ac9e9fcf87488cb8305b35d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\bn.pak

Filesize
257KB

MD5
ee25e9cf28fdd35846d8a9b3c4220eed

SHA1
702342cc207ced1bb585195abcf263cbc4ea0069

SHA256
9994b9832bce803bee8c48a8176653099df7768074e3c54d09a18593376466b9

SHA512
2b703cd07bacc9f70e36844f148c980cb112a806b4ca11f692b9bbe6995fd5636eb9bdc84c5cfaf79790dbbb1ecf7cf2b61a7d6ff89311eb4907c586e20b7dbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\ca.pak

Filesize
125KB

MD5
53e3fb38f84f60b98d23b337e4f03f92

SHA1
42e435837dd36872d2a413518a299cd293ff8536

SHA256
b00bd41c1222b3ea078df5b92cec1946e41430be241d0d57dc9baa4c70c91f3a

SHA512
98d0328e7370b1fec9e15ad0cff9e1353686fc581e3df9a8896e3c2e62ced044c4c51ea63f35ec8b7eb3e7df5c83ef5157468979b7f20e85480597042c1ac192

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\cs.pak

Filesize
128KB

MD5
f125738776a9fb8dbf25311fa3dadbcf

SHA1
3448b58d4810e69f5c1eca4e1484308c3ceff502

SHA256
5d5089718677f9a4e677dec72058c376a5829921cd523ecb919d0da7766d3cd4

SHA512
ca5300e5fb73ed4ee8c108e875c66ce7f105693f3ba78cb00f33218febfdb3ea27fe26f118dff3fb2e4af66f722f8348760cb576aba48887be25fdfae4991776

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\da.pak

Filesize
117KB

MD5
22134b12d90fdc00f23a1e0a6fb04eec

SHA1
17c9fc2cacb6e5ccc393d1af9bdf3e8e63ecdaaa

SHA256
62020dd01b47b696e2e11d7f5598628c07782a96ea6bc013dc2ffe8c820b7c94

SHA512
9cce6ffb2d84cedcc5ccf200080d6a2cab691468c042e8e48a5fdd809b5c0d067c322326e49d18f66da8e0b1d28adeda4cd03e12d7aa11350b72776737aa3427

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\de.pak

Filesize
127KB

MD5
fceb00caf7e76e688007665feae99e83

SHA1
06fece84cf7028b3871f144258b8d084faf8745b

SHA256
80e63ef1950b8438813271365a7b6a3f3aba0bacc179f5675654249f31c06a3c

SHA512
08c14eb299a035949e6b64a069cadee66c420b7d66bb00d65d6a1a08fbee08a57ab08f8e77c44387f0fe02b47aeb0bf2709a1979025613cb51af4ab82fc3b6d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\el.pak

Filesize
220KB

MD5
db449f218a705453eb10b5f418e28d7b

SHA1
7bc8fcc59c532bb086a7f081cd8d275a89dac835

SHA256
73da35d01b91707846775bea7dc0331fc1caebd5c63d101aa8bb8bb58ca7f193

SHA512
7dce45bc723d62498b335be0ab72dfc91c44c01f96f25c2314e9245a0eab28a92dcaa730b11f108b604545592445ed1612721416f60ae3bf55b1bd438bd04f78

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\en-GB.pak

Filesize
103KB

MD5
074d3dd44706502de7c33e791794b23a

SHA1
564a73ffad9232052c692eb94f560d6b17227c47

SHA256
9c3954a5ca2cf126370a1152e9281f41a7ca97c69293f556a2c79ea6729324ae

SHA512
6e1296d04b16534274fa438643ecee6e37d17ed935623f73d5a8f3510a194e0efda9ca60fac8d51d25763c4818050e23c306f9ee18284b8600610d14f7768d98

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\en-US.pak

Filesize
104KB

MD5
0dcd84e9e50a3e0819d5875ea889ced4

SHA1
7c47f6e4e0cafec3a13c07d689d1dd6ff6516b1e

SHA256
699b6d7f05a484e76d3e1197a656247863e570f03cc02634c9dc42078a5c5007

SHA512
153fc15f676d78d5d0f3a6862fc7eaa60c2a659c25ce87485f0253c321d9407a9b799b959104c27a8e7b5487f0de926ae8f375e2c3d313329112e48f2d001a17

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\es-419.pak

Filesize
124KB

MD5
cadd9ec43e823609c4bbdc418da6009a

SHA1
91bdd44d5972a4763227ee7c127fe122aefe195f

SHA256
6c8d074047d57a79cf5cadf9caa6e9a64bce0895743a3dd89ed1350cc91c1e4c

SHA512
2b9eae4072e46024e33f000b1df1a64246f70498a557f4a03234d3dd47aadb04883b98ebf48eec21f0d6ca4c8a62065f675fdb352be680a56644ea3ae1db93a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\es.pak

Filesize
125KB

MD5
39288ea031009bb9db582cbd93c7d534

SHA1
467f76d33e39526a4d8cb6068eaf8e2791b3a9ee

SHA256
6cd39669df96b4b5b9047f7689338d3beb9ad7f8be2fddc595ef1ecbc47481c2

SHA512
4a635e969cf2b09aab5f8723a3380c5e226bf0546019506d18de65c1e4a599d268b9ee2e03a65b245075f899a09697b7b535f1055c19344a411100c8f29d93b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\et.pak

Filesize
113KB

MD5
fcdea2954549e5d8f1e7a5de36ae4f74

SHA1
41dcdcefbbab3e0e908d98ec9b6bac7eacecbb99

SHA256
d875bca2e8800657306727902f4f5fceec7415ea530bfa780ece0f016f792569

SHA512
37ea008078083a36b07b1f5d0ca6e16f62b06a19266d8042efc796bf33c53200f37d3a37f5b48d024dbfab9e6689ec9c3f22d6e37e3898fa7deb61ace1fb2df3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\fa.pak

Filesize
176KB

MD5
e3f56d4b0fa2878ed6847631d3b05dea

SHA1
627f48d5423afcb3cade0789f058d60867419041

SHA256
2ee67a38cce9ffae1a639be17c0ef7ed7c763d9c15c9621f300bf634e1f25a64

SHA512
e29c28717f31dc57c2294857680a439acec25478913ea425b0c7b6e50f3343b21fb7983c15352f9e3c001ffa0c8e500d92a1924acde32a4b5bf3f5b6c60c4142

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\fi.pak

Filesize
115KB

MD5
4f323a2eb73ccd029e742cee4dfa9769

SHA1
b860372d21cc55eb7ddbbf9f5bac61fed39426de

SHA256
e1888472c8e1330e70e514d0a1936749a7e5d39f67e7edc818661c2cbf3e301a

SHA512
d07d0f74736cd32d73b3a33867e65a25b727b5c30cb743162908e23d958fb3ae97285f600a9ef8196e61be9d450da5903d1e468fceb3b05ced93aa600387fddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\fil.pak

Filesize
129KB

MD5
693abd21a6855aeaa31f6c738c6b6fc9

SHA1
bb1fa375a9f0c682d9913b1c1610535eb2b4028d

SHA256
f0bb231c710c025ad4643e2128867de6e111da867384082e7dc2d0769976b6ce

SHA512
03c68c45e3144a73251d950a8c7695e5b9c2c66711134016543ac07ee6eded723324d5312fad4624d35d0bfe9861ca4b7440d2445e6d3d6cff4a1a3cd5263c98

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\fr.pak

Filesize
134KB

MD5
e609419893f1d885a2f17f94805a441c

SHA1
31083ac114fa4077a7da7c796ab3744873fb893f

SHA256
8d71c36d04f2d6062458aa2614f7ce223b2ee9b4665556803f764f384b191091

SHA512
77f965f436a009a5aacebed3cc15adde5a1054e1c699b8a50b947a7e78a97cf43317d50b0ab7a42532c77d320b7393007e47199f31c58f7acb6f462f98fdd4c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\gu.pak

Filesize
248KB

MD5
57cf11b4352e59f11b20b7ab754af031

SHA1
ca1716d419f175a2dd548929fd551dcbd1ef4bd7

SHA256
55588f211c26e1deb47b04d39728ec051b99334c55d30252b94df57d0fba2f52

SHA512
c74360769323b3267aa218e994f49c7e135d4f320365a349a5362c1755c4b660050a070bec6c5446d4620be97a341270b6c01289db20ddf5199ece23117110a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\he.pak

Filesize
155KB

MD5
6010987755f300c7984dd3f72f518ab2

SHA1
eb85f0849a86aa5fb585efaa070d2d7300b197a3

SHA256
1c84a575e28e9a72335ed13409d6861995bd9859fd57a4d9509fe912db4a56a9

SHA512
4b77f74d986c16524a3a6c7f60cdbe53ac5be59418737835a7fa186e4b6ee853cce8317cce352fe4064c75a7d27bf1303d76eabc53993ff1e4b7758a8ccc6228

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\hi.pak

Filesize
256KB

MD5
34bcb12c154075510d9d3066ad4a8d1f

SHA1
6a3c062221db4f391f8505892f584647b05a410a

SHA256
83c6c411d75ec5c5de6984b21fdecb07c9b926c66b67c5c99380605f6fdd8928

SHA512
aba38e4a8039bbdc46b510a8370c82d3b199b4a02da7751c162c941e6d893a9cdfc0ce92db4144ecc2b2644d58b0bc6cc7cceb0533c62c131cc55be0258c3a7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\hr.pak

Filesize
123KB

MD5
feea1754a955eb61cd41763be4e5ae2e

SHA1
bb6252fec9ada8bf9ed7b81f59843d5abfcac80d

SHA256
787680ecb5d5ece246894481834b30145919c22b04d2dcad2f6ea2b2254abafb

SHA512
3d24c9ccb83f6ecf976df5cf00fdb0b46d53f09c1cb08ab68bb8d9944452785f40a761a152605708d7672f7dcb24e0b7cad1cfc14b267bf5fc1393cfd05ae4d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\hu.pak

Filesize
132KB

MD5
ae13d7ddfeb82df9950c71a4ea0bd10f

SHA1
7b55315628060668f444b110031b1fc4715bda11

SHA256
17758e2bc746f6d770fca8969ed0aa2d00658d68792d2e8bae94d7b58665d83f

SHA512
f94247fecc4fda5bdbe9732f151cdffed337eee01f59aaab6e6452c570a549dfb87c0528484c1879a04af134ac883a21043c582d0a642e185e4e64e3aff830be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\id.pak

Filesize
112KB

MD5
b5e4e0092bd1063e8bd68d0b539ab005

SHA1
5e3d12a6fb497687df81ed64de17b0502ea84f2a

SHA256
8d7ef1377d39fb6045c9d4b1bb064c329bd789ee33b6de530c187f1e713dd7f0

SHA512
52b535a143bc13a03804cfda2d3f2f81f036b8d24897d1ef4a657ed290ba14e43d7cfe92c868cdef6b093b09b90119f7e50e8496eaf347c8e4fdfc13c5e306a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\it.pak

Filesize
126KB

MD5
a2b9cce245e754258ea187ceb3aa2670

SHA1
50f84fbcabea10385714a3c3a2483247ac040c02

SHA256
b72f89e5d2cacbd2db7ce28ceae35faab8c4199ec993fea64e8c78df882032d0

SHA512
5e9cca2605d4a86d4f2b39845c8396c37f88b6f1d08c8f0e2b6f0896d60754331a588d0c0fc59e9ad8fccf0d50100a2307fff2d9df784f91537b1d9e108727ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\ja.pak

Filesize
148KB

MD5
e720738027460b044429705f7ea1d25c

SHA1
851b59efad4ae074849fe41f40a56c5534caaf72

SHA256
c78fde77efbca1b3cc0cd12bda718d1a113bf6b6f3ed558b5c9a452dc974edfa

SHA512
08b0fd0ceff7ddfed26985bf84b54d75cead1f6fd4d5971da9e40996af6dc5fe9455c402f62e758020a6ccdb1ee0213cc2a5ddfa28a2bfb1e8064c6a4401c3a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\kn.pak

Filesize
283KB

MD5
90107e2353e707a6d071c9aabb5adefa

SHA1
e4dfe445ca7830b3a56af38af1d73e3cb94abc73

SHA256
9155b06ccaefbea6461f5c51e25ce25d85ca7bd557e76dae00a4d6a09a4bc424

SHA512
dead3b94638afbf4ef27e1cb5283ad2d0af73ab8996e7d2e8202ad174796121799992f577c974fc0ec53fe2b8f6fb4d37c3bef70b72c29b5b721377a0cf3b093

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\ko.pak

Filesize
123KB

MD5
f21c6033fa73bc7d3358c2467c9048d2

SHA1
939f209f00e6664294872e0dc3b33a9015a2f1fb

SHA256
d19cfa8ae07f23b81c0d40d7e751628844fc1aafb83d4bb4dcbe71caecf6ea2e

SHA512
a4a4909ca56d3d924639cf1adab6d9ee512132c99c8e3dd37f2b949a1c816ab29ce81c01c658022e680344516201fdb0440abb97e577e6946e2731411674566d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\lt.pak

Filesize
134KB

MD5
02e9c88d9d5e58d135c9a92effcce38d

SHA1
92421a5fac68d506fa904075ea7cf39a3da8efc3

SHA256
38ad40532287da53fcdb6076b9cdb841bbb4f30162681707295bcab448149e65

SHA512
f0897d62e81eb6e2c56cf1a5b5ad5124521c345f70cab841071c7b70b16130984700d694a32dfa010460244d8b520ba1b217ffd76f75c074b5b3a9ccda26b02b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\lv.pak

Filesize
133KB

MD5
7313fab584b7561b1fa63de07b972118

SHA1
3a44d445f57a78867d37638a80ab39add3fcaa4a

SHA256
7b92238240c31c197029d41fdffc244f68caeb8002854f65ee3125bd95643598

SHA512
05b067847a63c0419298616278678ade6a4fec4008323121ace5a09e22f6dae409494474f5a88adc703833691a7d4810546d012d4311e176fe58812f166b8ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\ml.pak

Filesize
298KB

MD5
21aee42070f9eace2a8e14759526f05f

SHA1
fedd83251a3fdb1846bf0e7e49a3a78cd77fae02

SHA256
393d2dcd5c7c33945626fcf10ea4457649fa7b4c100c039898385133c26395cc

SHA512
60cc85a5a638d370710680bd39a6946d04660a0856bde49190fbc0002acf91617cfc3f3087a37cf592c047550ed2c5b73c2a769fbdffcacf4ad3ffa129c929e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\mr.pak

Filesize
244KB

MD5
fd3452d812a6129b8b6db620423adca0

SHA1
9bfe47a0e9f1843c90875f28d8873d592098024c

SHA256
c9704a3e528092ef676be4a653cb14b906e7c32424d59c8e4f22981014bd9111

SHA512
7ec30343e985f7bdc6a64fc13d50bfe58ae098b03e18afeaeb4c89073059698cdf40477f2323a52c5e8f07f37b28608c54734501d14ad6ae0c9a0f2f4ab0e689

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\ms.pak

Filesize
115KB

MD5
0bb952597b170dd4dd76e9d9d546ac3d

SHA1
101aafdf6a4ac0cdba7bd88538e7ac395e715e3e

SHA256
f6721ce0d4d601ffeff011d652a9bf2518386cd8c1d2317763e37512451534ff

SHA512
46c9b63273d6ea30ee63ff230d6b5600018ae54032e04a6707f5873ebd383d0d59645f8d0b44b8ce9a4d40d5acd3453b618b9c4fd3c1b958adb5aefba3465464

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\nb.pak

Filesize
114KB

MD5
e5546ac3407546d6b786e24c7bc21ab1

SHA1
7a9e44a525ae005d0b41020c403c4e1e49d237b7

SHA256
751521cbf27777bc99f2039b987686f921cb27e02c959f6cbeb976799e45066e

SHA512
becf51540db5a0893e6f44d588be98142bab5c2a0f37c0212348e3cf39da52def2fd104c039229b52767a9345890f5768ed897b4bde5c6feccd75036d8b4f363

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\nl.pak

Filesize
118KB

MD5
a17bff141aec095625d0420c7a609b08

SHA1
edf3746b20ff9e3bdbf09b195e7781da1f799a91

SHA256
7482c28c2a42a94615118b6b8cc7d002415923ca104ef86a95a4ad05c8db36b9

SHA512
903c50c39160e40920bdcce0dc337e83b03bba00481f82ebc8ac1cf6927ebfaa75b1f9791038a71632c5e79bf7331bbf7468cc626e303929801c08f54d092c8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\pl.pak

Filesize
129KB

MD5
41fd7c76e30b333027e86e20a65283a8

SHA1
81afebdfd62255d0b0ca508141dcd7b67982f4c1

SHA256
5de95dc2236f896e66debfe2cc7553a5bfeaa7ffea2820fe1f2f67368af84f7e

SHA512
c59132dc329ee72fa8e9e9c653da597b5fa40a6eb0a7988cf62b1bdaa646a9f09f504219bfbc5af394a12c9ab6050a39740460a3e5c3ed0946b556c33f608219

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\pt-BR.pak

Filesize
122KB

MD5
3b70cbf1aa47436b78a5e8c7672ce775

SHA1
ff9f2820e5782f9eae0ea1d5ede61665fa62cc06

SHA256
8b4a8a3b8741610c279283a6cb843cb274223f720edac1c73296340b02569fbe

SHA512
41e3b3264d8034edf9ee1ab696ca4612ee6ef4e8537b4598805362c4a250f81274425cfa2c9c62330fed73a683e6d3b2ff537b51d869d7da19c4422728da7c0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\pt-PT.pak

Filesize
126KB

MD5
e9f8bc9fd1e845551fe3bb63c9149726

SHA1
0bfbe46e8ffd62493c019e890a30ebc666838796

SHA256
50cadb4da4e61fc335d145374511c34e5a0e40f9c26363614cd907cc7942a777

SHA512
1d3761caadc3ac750c0a89c64db472bcb0764fc1c4b1108a9443fa71633ec7fdd945120a6f05e76221d9c58103cc9865b4857877d57d60b623f92a0235ed15fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\ro.pak

Filesize
125KB

MD5
4d1ed9e347de9351454d11132c06e916

SHA1
e3734d17a579ac423ec5fdc5829a211c7b76e049

SHA256
57dc80c76c535c645893c9d3b4d0c4779aaa877445383abec79e32cf02c41276

SHA512
bd3d0841678879a24eb6f2f15c27bcb64a5d7ad171debbb51e7601a3898b830b1985b365363a01d22967969d4d4ddf89a130a5a33ff6a94cef6410b0e89f1849

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\ru.pak

Filesize
199KB

MD5
fd441a4b72397f5d76915ebcdef45aa1

SHA1
94a0ab5704e7303c6ef1c2ee5be0b6f4a52d146e

SHA256
df41fb92e4d682d47b5adf942600b4f23c1aa5274b31b844cd4c4b6f0ec86a86

SHA512
5fab517ec0141bb67b4b5ac868100b770fc0b7773b94f977af9205294da9305a2079327a4ece1ff1d9a3b3c805c8d8676c2b0505bf190d1c57c4ed0c14a1cfdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\sk.pak

Filesize
131KB

MD5
befec33f564454253ad90d6cc06ecf62

SHA1
1fa0e082c89f9aa397551421a35b7dfc941f5250

SHA256
9db30eeac7f1814158283affa0af6451c6f7966896cd6d6df8eab14a37e58c9f

SHA512
a581faf67311eb8d81b481d1e3348f579745331f87523650a4fc35ddbe6d5033e726feab0ca3911ef76a21aceabc3e2122d16333d1b7840a933b5231a9e2d157

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\sl.pak

Filesize
124KB

MD5
cfb094955a5a8f655ce8a598d5a89706

SHA1
181ace68b0c3be132ab73302ba7f7c8750f9adae

SHA256
15489195e92cf11354a9a02895aad2ba8f17aecb676dd77942054a4f3f0fd623

SHA512
a31e131663072c1192a4146321db5f0f457d27e14afc8ae40a92a4f255df4cd5302774534fed5247e145c73739a709dd5852af35750f35ecbab0fd4c1a612e2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\sr.pak

Filesize
189KB

MD5
f4041623ce5e06d2dea58d532edb120a

SHA1
2d7ee3ef60b39e3508427c7bc12e046d7bf5e928

SHA256
f2f80d7325d259811afea1e7648c42d3ef3eebfeddaec27ee2817f4e68ab541b

SHA512
18691f4cee3eeaa2305d1c978d803fdf757d9c4e87e88e36d7b1fff482cfddd820568b39a1108065f61dd2cf10d7219c27813aad4d64e71695ab91084ec3c694

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\sv.pak

Filesize
114KB

MD5
773fc8c89b093c40191fc233730188c1

SHA1
28001794144bdb76f62044d57e2d52c8ae1635c6

SHA256
6aab29795a36a0234c6d447fb1fdd9011da505c348b934346a27b6a2ddb92ff3

SHA512
f9bfd3e72955104b922c34352ec16d56939eea634b9abd549d4a3342dd72f8768c85bff59814e419aee6469f6521f4f71fcfe9b8a81c1824187ba818f6d6caac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\sw.pak

Filesize
117KB

MD5
70510abd3079bf26caf327989e810216

SHA1
ea640cb8b3c63d71d9b3a0d377fef5540b04fe81

SHA256
a11017a3e0e7f48338d4515ec9e79c1764387232a0d9a05fecc4b594bff40091

SHA512
ecbc97397557e27e66536a97ddf78a744c104b258d40d6f31972e6e5c6615699dd24eb02144ae0d3d53764da0f83a06f561ba95bbf08da4bf4a548b0e7f8c052

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\ta.pak

Filesize
296KB

MD5
8a1a245b43af1f174f262d8f53014d59

SHA1
655045f5c71aa2589851a66d5387d4125bbce1ec

SHA256
85d8ef6fb5fdbd1d689aa6cdbbb768376b08b03ff39f7528a3804a3b4bd82af1

SHA512
d71b73fd2b5658acf5825f142130c49c278c801fd8beb5fb2039a3c209a1214a9cc00fb6896735fa4d020bc2279afca1577f35fb0a96a315631d46656d2055d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\te.pak

Filesize
274KB

MD5
93edec428bdaa1f84f5c9478f440997a

SHA1
e03f6bd50b0e0d888f9dfbdc87c98ff567e6a91a

SHA256
a499f50e452ca02ea476fab8954e7ff58d2ee0c6263b8a4657b6ebddeecd2520

SHA512
ae34e29f1e8d23dacca66036e355b12ebb1117ec6e5e99413c792a0dc8b772eb63578b2406730b014fb4ffe32b05dfd9fab8adcf38ab3f5b9bfd0cf054ed09f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\th.pak

Filesize
232KB

MD5
96212a5191b7062d1620388acf1d09cd

SHA1
d3616b6c4649dcfa347df0473e64219ccd63e63a

SHA256
fa5f97bf433df481a6257fa39ef8dcc7961c5d5a83008b02c9773836d7bfc96c

SHA512
5192c36317c3a50696796c7286f77b1a02b7a0f83abb16ff7d47ec94281b85ee2fb29b9ddff7c4ad8b28a2a757772bd2bc726b10c19658ab672966679d391508

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\tr.pak

Filesize
120KB

MD5
4e7c047364c7c4809242741b98b28092

SHA1
4ff1b303476cb75d8190568c346e8cc2e452da14

SHA256
6a25be43b786ab853f8081c53012be623543830cce5ccd246ec040d98f22b852

SHA512
4624cec04114c15a72a804fa4966fe61303effe97039337273ed0dc99e8a6a685ca5cf5fa901a84c8b219d443f1a89e6e7cbe09eb21e7ecff662301067a6cefb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\uk.pak

Filesize
202KB

MD5
33f02db055c3f91148feee375acabfb7

SHA1
ca1dc284f41bc55cf35f94a4039008df9970d411

SHA256
1968e9ed7722089330e7a8ae2c08f241aa106ed2be8948461439e6a92c330688

SHA512
ad16973e4103ced979276c6de175eb600241491ec9c441168e6375f68f8867d3f0eba422dd0ef6404208564015119f1e5e2500d5cf4ff2d8da45d713ed8c251d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\vi.pak

Filesize
143KB

MD5
98cb45f0555aee1985710196db17d72e

SHA1
1362238c253bc2a0e50c8dde6c95deb027fd6348

SHA256
39a130557fea33a9c899f347fa3ed455e58bd51acc0b3b4586f76694b0f34646

SHA512
93125310ade0c7029f0406aab291c35d2b7d1941f85bfd3d6071f85ff347c46e793a5ef164c08ebfcba252269a4aa84bf7a3b8779a36ee2f3da303411becc27d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\zh-CN.pak

Filesize
105KB

MD5
20b6d54de42cf9c56f0a85fdc27d82e8

SHA1
cecb82b4afe8544876f443fcf578453358ab59a8

SHA256
4140caf95939f116993ecd8bc5f7681991f96735d2397c9c7b4c66e3013eed24

SHA512
646af407dfb85863f4555961f37f706c18b5c1e68b3111eda9f9b531ba2bb60cf67211ad634037b872156f0ddd04d50d68c49173a27a78ce59f75cbc2bb6c3bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\locales\zh-TW.pak

Filesize
104KB

MD5
03ade5ba27cd3ae9bab6ab3a5cb721c2

SHA1
a747311a5f6c2e0e535efd52bc96f3c4d12d5c3f

SHA256
0c4abf7a66026068cd4f458d504cb04f3e04cf9fae45419ddc2d592f24899a2a

SHA512
33e122328773039595248a85dc0940841a1e273957ec9a4e175871b3ada48008b608ca6569b495275abb8e2a8844ee0c4d90b48af915a3f5a6aa44f3c37e51f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources.pak

Filesize
4.9MB

MD5
99c5bf0dcd43f961aa3e177f7dc42d42

SHA1
5618abd2e7b45c50400bb4aa0c455bb0b28bc472

SHA256
75ff04d991c2a203105525a1ccb200a461717ce7b86ada4be092fe903d95cdc8

SHA512
2e508c46eb266301f42ee6a7d63494f3856b422df61d0b605096bf4fc4943239d3fba15161adf8cb1cdcfd3bea8608102a0abce636999cc2a9e01bda51cc77ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\app-update.yml

Filesize
89B

MD5
4bd54e14c7344987d83565366c90842c

SHA1
fbb20057331fe0c7125cf116a23d774809d36d43

SHA256
6921633d9f490cd0967c866ae60946820e4bfbd9d268730da77fdfd00cf2e939

SHA512
da1c5db37180f7ec663cbb2e77d5b93fbee70318f4e7ce52b54798ebcdd59aa49f1463d7fc6b53eeab5a5e6b263151f57d01b5b5a551bb30a2302f30270e50bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\app.asar.unpacked\node_modules\active-win\index.js

Filesize
1KB

MD5
b7307fbdc83d443b4cbcc5d66921d964

SHA1
db73b6c315119ae0bcf2b983df1f2adbba78eb71

SHA256
c4a404129e8696821ff09d5910d8e380c5ec0a41b96cc3800bee5fee3d24f48f

SHA512
bbbbfbe65129a75baa212e2de3b92c64289a17ca18fe1a04335ed772563db269364958e34dd566f954c72de9a42959c54789bb8a3cbadf738d9cfc4e54439313

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\app.asar.unpacked\node_modules\active-win\lib\binding\napi-6-darwin-unknown-arm64\node-active-win.node

Filesize
16KB

MD5
c86ce9cbdca3c672678b02084479222b

SHA1
396c645789bbcba8de6f6f2a6e494f8067b28d6e

SHA256
60c2ef1a5b09cd7abf1d0ec54be68c1c8fb551ab34620f74bc0925aad0487362

SHA512
f4551f790be6f746634738b9372dbcbcc216a8dbf2444561bb8ba05c8ce277bbb16e0deaa3a214460d79dacc2e52254a3d9566614af9428ee70aefaf567f89a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\app.asar.unpacked\node_modules\active-win\lib\binding\napi-6-darwin-unknown-x64\node-active-win.node

Filesize
16KB

MD5
eb8d34a997e0b67ec9ccfafe3e056383

SHA1
81edffee762dbec8b944d76a10b754899a15d6ac

SHA256
9fc5a903a84d5511f09dc734aa075f32a286c7c9be967ae700b0cead4cd96e00

SHA512
5ab3b9fe26739cd94bf441ee2e9d895bd13854216137c375cb2b84b8d2698cbed5e0a6bd950d6a5325b7ad22f0239ebc2068eda5917add40da4ae98b8a04993e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\app.asar.unpacked\node_modules\active-win\lib\binding\napi-6-win32-unknown-x64\node-active-win.node

Filesize
151KB

MD5
561f6778bc6e2f593ab1fb4dbc619cf8

SHA1
55cfbfbf532036b0b5914f6a380d13c484726262

SHA256
4558d28161114d07c42de635007d38a4300fc4c6811c28b5436db5e8b2230a95

SHA512
ba23391488ce8e6975b2616a98ce3e2be504db4ed466fecbb9ac8d839e17038ef85867f14a0a3af6db14585d3794b0b8ccc2c5bdfe0d80d566f1b5673c79a4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\app.asar.unpacked\node_modules\active-win\lib\linux.js

Filesize
5KB

MD5
81f312e2660388b75c3c9b3567b9af65

SHA1
4803271bfc519ef8a9fb9aa7b986132b444a939b

SHA256
2c4b5a886a7e71e372985fca75861c8fbfa1e3ec187f6c132f37ef7582df7313

SHA512
15597020a72a298cd77800ed306fadf068b480007e6d12ce7ef5322c3eb55d866a553679897c0786a258b1741e96215466abe68c67a13f8650e4e48d64d6a89d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\app.asar.unpacked\node_modules\active-win\lib\macos.js

Filesize
1KB

MD5
164bdafc9b760eed38db721f7bb616d0

SHA1
bc451fe3ef6e768f00440c9807f01c83df9c836a

SHA256
759808a91e00c92943da4b0e8644d3944649bb3af25544d97d86b8c947fb2962

SHA512
fa1ffa02096f0d476739b2210844240f6d54eb84b33314fd9ba1f1297e3802e9c55085ffb6151885f183ac2b9e45dca0f3a02d517fbc1607ff208cefd834d1a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\app.asar.unpacked\node_modules\active-win\lib\windows-binding.js

Filesize
350B

MD5
f104f2c91685e373c299bdd5a08c82fa

SHA1
755f020ed4d5e717fe9ab46021cfac0c3766e686

SHA256
ff23087a89e51e106cf10f6e48ba60d325667ca558bc8e75e6d11e9ad5c5b5e5

SHA512
e9686c31bb3d96e99210f34c3817f1af3f05a629c9f8969bf0e71ddc91a2e5f5d237259677cf1f2af85033432f3f30f4196e8da573e0219b639a2566f8a7dfda

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\app.asar.unpacked\node_modules\active-win\lib\windows.js

Filesize
276B

MD5
2e2013b4e2e13f50d07c9e299b0f70ad

SHA1
0ee40eb968fd10c8514db6962169d7d35ae367aa

SHA256
22b011bf468e076e4d741783c68a0c4ff8b28ac99c5b80198eddc773128f8cbd

SHA512
e523439bb3714ec95a1fb5904cb6749af817175f8d8815292d711d15d347bcdba0cbda2eed4b8aaeead8487cdf58d0d1dd672586204d593679e3f79956d3ed9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\app.asar.unpacked\node_modules\active-win\license

Filesize
1KB

MD5
d5f2a6dd0192dcc7c833e50bb9017337

SHA1
80674912e3033be358331910ba27d5812369c2fc

SHA256
5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3

SHA512
d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\app.asar.unpacked\node_modules\active-win\main

Filesize
222KB

MD5
92f28c367b320fab501f48cc38dd5ffa

SHA1
aace496496cc9c169d39f62a57708f07631c11e4

SHA256
0ecc5a41402bfc08282120f452a33efc91fc3622a85d911222bfb35cced05099

SHA512
9263f135523670865c89894614a5cd87c75fb03b2bcc24a4847efaaec3240c163f5e92f7eeeed34d3bd20b563369903a84806a5469acf574aac5e7a0ffc2cedc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\app.asar.unpacked\node_modules\active-win\package.json

Filesize
1KB

MD5
30625282620f3105c018fe6146238654

SHA1
707aebdd3e53777c16c121fb73dafdf1926a4d5d

SHA256
5d178c9f34b0b7cfb567e57e23265399455d9b2bec7fc79cd25dd59e62e0a4e0

SHA512
bb686dbc3974ca942b43c93eb6c45c279b3f27eccdb47a01796dc9737a8ed92910bb20b5950d4e0416576e3278d89098c6333f72b915244f265e614cb7136cb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\snapshot_blob.bin

Filesize
48KB

MD5
c497639990ef3d4435fd721e8e855c9a

SHA1
85e7df364daab70730c756b8e24e81965d5a2255

SHA256
5e15a82831965e521bee172e6878806bba51d410d1fdf1b4eb01385d1954502b

SHA512
63f2514d585dd7d3b988f0aaeed8106a06b67629eb54f2152e8b4a24276d9f56fc4650c8770d0ab44b4c57ca458856a0cce5f26f6226a56a807b38ce5615ead3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\swiftshader\libEGL.dll

Filesize
445KB

MD5
be1b6fe26a1b5a3e1302c26ce5ce53f3

SHA1
c3cac08e89c4cc91eae1cc87e33a1dea723f1d78

SHA256
162abe61314e720384d8cdd43190a89df8a96de52f3ede7b6c58998f615d8546

SHA512
07dca111391dfb6b7e90d4be02071bc625128eeca0b9d9a3cebdc7916baec9f95cbbf906f2533befd6b62b9bbc69488ffa720f8d40c9710dd3b7d540d9dcaa55

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\swiftshader\libGLESv2.dll

Filesize
3.0MB

MD5
1e401ccda5b723ab8a595a54f7d2531c

SHA1
127716680dd16f776b19c2306d716935e54c5100

SHA256
c167a458174e2a280c39d7af31bd109e8e2921032a687097b584653adc33ab21

SHA512
1f2f35021f338aa7c5a0ae83c196217fbca6b1d017ac1bb4f1eebb93bd6e18c5d74c1a14bd4899d7a91d054b0139b2c4fc3271c35148ad1d8b71139aff0132fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\v8_context_snapshot.bin

Filesize
160KB

MD5
a718c9b6e5e6563e23e450a0d01b932a

SHA1
95ccb1228f024f037259e759dbac464f3c27b8cf

SHA256
315f5ed966a1f3a89c94d1b78b9bf70e59a2869601cf6551b2c1fd3e3b008447

SHA512
b04512e95ab3997bc7d5c65e2f526e124bf1895b139eb2b6c6c7b4a4aa381cd408eb2bba01f44b09b1936d24752baae288f24a32ed84687d3e7e0681b5387d01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\vk_swiftshader.dll

Filesize
4.3MB

MD5
77f7b4f46cb3e06b53729fd1e562dfef

SHA1
223c09805220ff2b5c1dcbdd5c0396231ea34f11

SHA256
a648cd4671b12b469c4d2de20c2ba2429c9388c0f9d4b3d9d2244853d0e5acb5

SHA512
6be9afda9320074c5842419cf8493d715ca65a3362d368d3a35e35a47d36f8197b0f19877485b41a06e21148613a77bb6275b0586c4a38da8a25efe6b5a6b571

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\7z-out\vulkan-1.dll

Filesize
715KB

MD5
25afbdf6701013c57b19b92225920915

SHA1
009300dd4ab3b81794388ce7d126ae90ff97535f

SHA256
22bb65dd206ce7ee10c05557933a04a04144e1a8228d2a9d1e9d704b0b1b2f7c

SHA512
575e38b60948cb704c355ba9cf3457f2693c30f95e85f10f795e759652bf4317e18ba480bee8aafcea9108415e8e58f674b22c7513a9fabee765142486919a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw7C65.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\4dcba817-00e2-46a0-bc01-741ce2acf260.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Crashpad\settings.dat

Filesize
40B

MD5
3ab848914b34d0acb73f40532c5afbce

SHA1
724d986347d63a4b5ff4258f46e3c342cef9df60

SHA256
4b9805e0b183530ae78a8e0d1ee836279747d0c6e59bc1be1f8b937a7f99e1fb

SHA512
b067b7f6ed4528c5a29224440d60b9a945c0147eeced07e0b85e730dba58832dd3828709c7e20f191724db249ad38d29ff53deddcf38b9b000f14dc5027f5bcb

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Network Persistent State

Filesize
393B

MD5
ba528404e8f4ec10c423d71f9989552e

SHA1
9b2c5d4fe497608bfd8d2d5a480c945e36562644

SHA256
59bc0095246977bc1c6069491ffb70e7f2c938e17a017a8338fd7ea06d1d406e

SHA512
d8a5a817e1d3442c3697fc6a1fc552ef6fbc9960fb3bdb34a64cc944bad3a8c04d8adb02442a92103e80d430dd90ca3ad914501cb005dd792e82fef813a43a6f

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Partitions\default\44b2ff12-ef1d-4595-a19c-6b5240a0df34.tmp

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Partitions\default\Cache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Partitions\default\Cache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Partitions\default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Partitions\default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
651d40335b325ab3f5ecdccf99757caf

SHA1
ad8cec35f1ca7f662089d2998cf138c26d36992b

SHA256
f0a093c7f42bda7fc2d704c67ca44555446dc6934a5ac0327e5b03ebb7e55768

SHA512
35bc7f3b525e08f1393e4d1f28fdb0ab57815937de3b14e988c8d545daea66fd89042d1387f5a6db5d0edb1ed6c8d5f5091eadf397e03e5fec0e5d29a9a6d478

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Partitions\default\Code Cache\js\index-dir\the-real-index~RFe581aa7.TMP

Filesize
48B

MD5
598c60a28be6d2aaba837e9931af4bca

SHA1
26d2f593c6075c4ea5bf8b0c8eba9aeeaa87d522

SHA256
9b8c4e50210079d01c03717c6c35deb4da9778b68c0b30f40c44c908c2e02930

SHA512
704ca5e420041067b409a21f3facd2643a3aef6a1bd133663af01ff3bb51e86a3814bc2eb5618a52470667179470bbdd2a29b9808fcf9b42d301e8b5a2ece0b0

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Partitions\default\Network Persistent State

Filesize
2KB

MD5
0f36ebd1d38bb568f6211ea86997e1a9

SHA1
2cc765f7c7fecebbd4c90a6724e981ee1bdcd966

SHA256
f943d224597fda5fcb142a832977f44ae3f2004cf2867d8801898e3584038dc6

SHA512
cc0e8af35827768fc4445099f31881c3d5f386095dbf5e68e8776079dd70aa0967e04a53da7af98af8e2d9108fa8b4daa84d5eb018ecf03b23047063361e1f6d

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Partitions\main\Network Persistent State

Filesize
1KB

MD5
878fe3c7f271ffba07e7645fde9299eb

SHA1
3c1793586fd1327dcb908dbddce7013d7ff4ae64

SHA256
68ec5953f9374e0c5ec94f8777ad0240dd6d86d1bc836ace4b65e345756211b7

SHA512
3e2dad991b4d799267921aacbe35681f6ea30af77d93680c954fb01436fb09d084ad0420c225b5f6d95e6d9fee6ab2962fa1ffbc15e0f1162f35a3c2adb4b262

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Partitions\main\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\Preferences~RFe57dfa2.TMP

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\TransportSecurity

Filesize
366B

MD5
8983c3689d4ec8ca1b3b525a547e60c1

SHA1
d3720827dbc24509555008e7877d23f01919bca3

SHA256
2c931795b4ddb97b49df0273822c9f7e58a76fa7d2365c83d991f8ffcd6befa5

SHA512
cd0a2eba399dfc75f378f55be21f8718fd016125b60f5b6e2463560a8fa624651652ff5e6d96f195eb16d4dbc9e6c397185447ccd7c105f8d63e72ae025c7923

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\TransportSecurity~RFe5934f1.TMP

Filesize
203B

MD5
54173038030b54ebfdef12ef4e182dd6

SHA1
7c5e8cf82298d67c9ddafdb520643ea38262603f

SHA256
d84b5940b0720339b2097f25471e0729781a5c15c84169558d1320566695da4a

SHA512
b3c2bb9e78f6b31ea8b5f92a86fa19c4b0066bc157f6176e4a1b2a2665c1f1cab85793ef99f9e4cc891f16c15885606c20a71f1079447cd3cde0af4c9b31cf85

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\sentry\scope_v2.json

Filesize
4KB

MD5
6b9040a1a289b06f5187a6b5ab3f57ad

SHA1
2cee72f8058a3103d5582448ebb64709cc4b079f

SHA256
ffdf8bd1bf6df89fecf5be16e23d201b9563750678e1c39045ba79818cef9b88

SHA512
6ff1292f88b95150ee64ffc5b48f1dfc3bf8ffed63160543a9b607703bf10af89b5d9c0bbdb1f7ab13b74187efd31350094122356353107296d6321e14504974

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\userData\global\settings\browser\config.json

Filesize
247B

MD5
7728be2978b4a1f7ba65a63fb5802d89

SHA1
f66bee9741e69d6a40a7288b1935a7f7ee095471

SHA256
212037e8ad99869e1536a80963423d22637c00eae2ad63bd32692528e50a3650

SHA512
1d3c23654fbe8dcc6c5b21a17cf086eeda9f8663a5035b28179d02d081c3b30ed1bacef7e857ad379b07cd18636b3049c8005399ac276e5e46c25ee0380c7a0d

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\userData\global\settings\sessions\config.json

Filesize
391B

MD5
f174ecc60309902b8c1a9a50df364160

SHA1
ceb26f0c3016113ca101ed1433bcf3765f50ea83

SHA256
3a5cd06405b49c243299b200a323b2a751227e71067e866fbde7d46840475fe8

SHA512
dfef3cf41dde151f86c1a3476b2f80f3c22266de55d32ae92398679a69737d5d49bd84c7892673ce0716bc04feb9afe1ee66133993c8952d2df89b2509668436

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\userData\working\usage\config.json

Filesize
136B

MD5
9568605a69760e638e172f046a747763

SHA1
c80894dffc545749dd86169d7d6fe6094cb5d610

SHA256
f890ea8595c7ba5907029c8640f326d74a77955ec1935bc3cdfb2ee26d32b4ad

SHA512
bf25a6b218d27c51d60d1ed596439f14372025c2cad4bfaa0e8e778bddb7f266a8a1b3baf4b96de8893d9023ff94cd55035cda50a93f623e7b4867f66e57b8f2

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\userData\working\usage\config.json

Filesize
136B

MD5
3dfdeac785b6487537ff14a341316e87

SHA1
be019fb8896d3d97da464c4f16c4d751b9a2ddf2

SHA256
9bca3b16fd8fa7f708b0dfbbc65941c49ad05294852c21aed2b81c7487126fb0

SHA512
d3d70390dce4ba812424f72d594aabe67ef850a16537fa585a0b7b5b1430276a5a381ba6c6cb74431cbb37e38abfa24d4f3a94ab0e941d25cd1847f41d098d33

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\userData\working\usage\config.json.tmp-46388239891c9412

Filesize
135B

MD5
8f74efea42ccd2f7537a3d1ae7eb29a4

SHA1
b22e4b9eb6506b23a987a0d7c35e4ffefb3bedb3

SHA256
28864dc5ce85074494c7bfeb22b5b482898574a7314d891b67ca6278f147ca5e

SHA512
4999f21e26e961a98289c4039e2672cb9ba7278f1e4b73841760f0be3a6292ecf1998b80dae7a4d7ca3c603be529c63dccf6674d61b0bfab4de29eda4238754f

Download Submit
C:\Users\Admin\AppData\Roaming\Somiibo\userData\working\usage\config.json.tmp-46388270891d28ee

Filesize
171B

MD5
97f03817ea2770886c159fea369e7028

SHA1
8249dc1c5c8543e723d0605d32b90c0d22219562

SHA256
9a37552e70d0f578d9f9cf4a7860b6475b8ad6d432eb64b7534d31b64e2a2722

SHA512
e423ae4521b5086283dd394c51e48becb59306e8471db7cec5e53eadb47c7ea5807e3638c8acaf41bf7b2aa3e399822eef1dcd571d6b4343f4ce6f82ffa0b551

Download Submit
memory/2028-1649-0x00000205773B0000-0x000002057744E000-memory.dmp

Filesize
632KB

Download
memory/2028-844-0x00007FFD9BD30000-0x00007FFD9BD31000-memory.dmp

Filesize
4KB

Download
memory/2028-1636-0x00000205773B0000-0x000002057744E000-memory.dmp

Filesize
632KB

Download
memory/2028-1604-0x00000205773B0000-0x000002057744E000-memory.dmp

Filesize
632KB

Download
memory/3436-1775-0x000001C65A7A0000-0x000001C65A7A1000-memory.dmp

Filesize
4KB

Download
memory/3436-1776-0x000001C65A7A0000-0x000001C65A7A1000-memory.dmp

Filesize
4KB

Download
memory/3436-1778-0x000001C65A7A0000-0x000001C65A7A1000-memory.dmp

Filesize
4KB

Download
memory/3436-1766-0x000001C65A7A0000-0x000001C65A7A1000-memory.dmp

Filesize
4KB

Download
memory/3436-1768-0x000001C65A7A0000-0x000001C65A7A1000-memory.dmp

Filesize
4KB

Download
memory/3436-1767-0x000001C65A7A0000-0x000001C65A7A1000-memory.dmp

Filesize
4KB

Download
memory/3436-1777-0x000001C65A7A0000-0x000001C65A7A1000-memory.dmp

Filesize
4KB

Download
memory/3436-1772-0x000001C65A7A0000-0x000001C65A7A1000-memory.dmp

Filesize
4KB

Download
memory/3436-1774-0x000001C65A7A0000-0x000001C65A7A1000-memory.dmp

Filesize
4KB

Download
memory/3436-1773-0x000001C65A7A0000-0x000001C65A7A1000-memory.dmp

Filesize
4KB

Download
memory/3736-1715-0x0000014F40880000-0x0000014F4091E000-memory.dmp

Filesize
632KB

Download
memory/3736-1688-0x00007FFD9BD40000-0x00007FFD9BD41000-memory.dmp

Filesize
4KB

Download
memory/3736-1689-0x00007FFD9A640000-0x00007FFD9A641000-memory.dmp

Filesize
4KB

Download
memory/3736-1806-0x0000014F40880000-0x0000014F4091E000-memory.dmp

Filesize
632KB

Download