c5fd5691f4eec136f0bdbfbc3f84c0f70cb0b39d03ea4402eace25b90a699c82

Analysis

max time kernel
82s
max time network
22s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

potato-launcher.Setup.2.2.6.exe
Size

60.2MB
MD5

5344ce3654bd1db264e8cc5d75a62b59
SHA1

817854ce44c8b3c5cc6854e7324f904f9f18d900
SHA256

c5fd5691f4eec136f0bdbfbc3f84c0f70cb0b39d03ea4402eace25b90a699c82
SHA512

d95874fe444133001a00738d79ce95e5486e7a215ddee25cb497d71ea2989319011734d5f0b8c2f921adf99aa93fc02131b9bb5f44844c36c24ff3cf3e6df86c
SSDEEP

1572864:Ng0PJY8xZrIfDg7IksBLC958fhXdfbH5C:Ng0PJYuZkf37FCUdtVC

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation	potato-launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation	potato-launcher.exe

Executes dropped EXE 5 IoCs

pid	Process
1952	potato-launcher.exe
584	potato-launcher.exe
836	potato-launcher.exe
2152	potato-launcher.exe
2680	potato-launcher.exe

Loads dropped DLL 28 IoCs

pid	Process
1308	potato-launcher.Setup.2.2.6.exe
1308	potato-launcher.Setup.2.2.6.exe
1308	potato-launcher.Setup.2.2.6.exe
1308	potato-launcher.Setup.2.2.6.exe
1308	potato-launcher.Setup.2.2.6.exe
1308	potato-launcher.Setup.2.2.6.exe
1308	potato-launcher.Setup.2.2.6.exe
1308	potato-launcher.Setup.2.2.6.exe
1308	potato-launcher.Setup.2.2.6.exe
1308	potato-launcher.Setup.2.2.6.exe
1308	potato-launcher.Setup.2.2.6.exe
1196	Process not Found
1952	potato-launcher.exe
584	potato-launcher.exe
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
836	potato-launcher.exe
2152	potato-launcher.exe
584	potato-launcher.exe
584	potato-launcher.exe
584	potato-launcher.exe
1196	Process not Found
2680	potato-launcher.exe
2680	potato-launcher.exe
2680	potato-launcher.exe
2680	potato-launcher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	potato-launcher.Setup.2.2.6.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1308	potato-launcher.Setup.2.2.6.exe
1308	potato-launcher.Setup.2.2.6.exe
1308	potato-launcher.Setup.2.2.6.exe
836	potato-launcher.exe
2152	potato-launcher.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1308	potato-launcher.Setup.2.2.6.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1308	potato-launcher.Setup.2.2.6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 584	1952	potato-launcher.exe	30
PID 1952 wrote to memory of 836	1952	potato-launcher.exe	31
PID 1952 wrote to memory of 836	1952	potato-launcher.exe	31
PID 1952 wrote to memory of 836	1952	potato-launcher.exe	31
PID 1952 wrote to memory of 2152	1952	potato-launcher.exe	32
PID 1952 wrote to memory of 2152	1952	potato-launcher.exe	32
PID 1952 wrote to memory of 2152	1952	potato-launcher.exe	32
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34
PID 1952 wrote to memory of 2680	1952	potato-launcher.exe	34

C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe
"C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1308

C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
"C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe" --type=gpu-process --field-trial-handle=964,11649977719949474734,4985879152263028508,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=988 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:584
- C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=964,11649977719949474734,4985879152263028508,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1364 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:836
- C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe" --type=renderer --field-trial-handle=964,11649977719949474734,4985879152263028508,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\potato-launcher\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1420 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2152
- C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe" --type=gpu-process --field-trial-handle=964,11649977719949474734,4985879152263028508,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=988 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\potato-launcher\chrome_100_percent.pak

Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Users\Admin\AppData\Local\Programs\potato-launcher\chrome_200_percent.pak

Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Users\Admin\AppData\Local\Programs\potato-launcher\icudtl.dat

Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Users\Admin\AppData\Local\Programs\potato-launcher\locales\en-US.pak

Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Users\Admin\AppData\Local\Programs\potato-launcher\resources.pak

Filesize
4.9MB

MD5
6120d136e6d76250458f419b8d3bb719

SHA1
185fcbf43e5e3c42b4c5e458429389432e5a038f

SHA256
16c0aacf7f675564d93daf07faf027842225f06f77d83fe4de8b45999617571a

SHA512
b41c3ecb4363fa43bb277ceee3f9bca25d00838e28434f7d85a92d275d558c392d6250f6564eea1353adb9bf8696923a09dee93ecf1187b3b9766bccd399fad7

Download Submit
C:\Users\Admin\AppData\Local\Programs\potato-launcher\resources\app.asar

Filesize
9.0MB

MD5
3e36aec2ca825a9d4dccd4fce4cd62d2

SHA1
0696e73b83aeca408ae4e7b6d1e16f6e1418ea1a

SHA256
07b4c728170b8a9318ea79679d2f5c3602344b35280679148a4e828e928b863d

SHA512
9d7645263a9818e5e811c4563d6146dd7437cfda8bb43311553b776f8a1c67a4191c025d1dc61915417a8295644dafc7a2f939e3016544c3340b0d8bdcdef5c2

Download Submit
C:\Users\Admin\AppData\Local\Programs\potato-launcher\v8_context_snapshot.bin

Filesize
160KB

MD5
06a8585b4d1376ec2f559ae59efd82ab

SHA1
5ac5fb297c113109c979fae08cf1245a56b80acc

SHA256
662cc8ea152b1c4f910085b207b5b14826aed9f324ea23a9602db6d61c721c4f

SHA512
d77097fd0d17a29c7a231677598da238d14c34d8efb7b03e72aa94f3dc6a8fa7cbec3a8a5eaffd8cf9db83894c1fd0f7d7bcf38e6abb1899a8884371f6607729

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab234B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar236D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\potato-launcher\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\potato-launcher\Dictionaries\en-US-9-0.bdic

Filesize
441KB

MD5
a78ad14e77147e7de3647e61964c0335

SHA1
cecc3dd41f4cea0192b24300c71e1911bd4fce45

SHA256
0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa

SHA512
dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101

Download Submit
C:\Users\Admin\AppData\Roaming\potato-launcher\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\potato-launcher\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
\Users\Admin\AppData\Local\Programs\potato-launcher\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Users\Admin\AppData\Local\Programs\potato-launcher\ffmpeg.dll

Filesize
2.7MB

MD5
32305330c7da4c1f8f5d6a96cea1c050

SHA1
faffd0472613ec05e03b97e19ab2cf3fcc1131c3

SHA256
a82017dcdeffa20362af06e6891335e3dc720c04721c7c99f57ffc2f1f5e12a7

SHA512
be50b90f8f036d8631c4ee08601bb16fbe93fb7f7a5460af312a7bbaf595541acf722637bc8830c25f9b957abe68cbffb0adf594ffcfb675ce82122b062cb283

Download Submit
\Users\Admin\AppData\Local\Programs\potato-launcher\libEGL.dll

Filesize
436KB

MD5
58b262243d3fc20bd2be53dc5a916704

SHA1
e5d327d0ae3dd8c6d8703d1a948ca149af05a804

SHA256
3c7bb3af62b10503e4b7365b36f417940cf905062f67b44f6a720ecbb8fa1cd6

SHA512
1d100b64003f4899b88588c0542ba1a11838755aa39aeda8590e3f54f4a107fc394ccb076a3f51f9366cc8df02452c1437304efd1ef97cb1b673cb096e7457e9

Download Submit
\Users\Admin\AppData\Local\Programs\potato-launcher\libGLESv2.dll

Filesize
7.5MB

MD5
b6d3c9f886ca3f0c23a1127ad315a0f4

SHA1
182816a795662a55a3cece044394aebe2321cd80

SHA256
8f88137a6808da0528231c0d6718fb0c8f261395b5960943149260e2827b6558

SHA512
8f6ebb9a774f0049f511c246a27f9a67aa1696fc5b17579e60899a144098baf3815dc60c6933ad37efeab5d9e8a88dc4b3f0d615f313619ece3b500cca27a41d

Download Submit
\Users\Admin\AppData\Local\Programs\potato-launcher\swiftshader\libEGL.dll

Filesize
458KB

MD5
55b8b501f5d9c93be4fb212b472639d6

SHA1
61d76929e380a0bd5bc3d4e043715df2646a9859

SHA256
14bf1fe299ed862a8c5c43580d81c898579400313957943e1123a6ac3afbd26d

SHA512
6a4f2b800247491d297fc35797f8006d7c7214585bb308f0fd5cc2950b5fe21ba8c0058ebcbd81f47daa52f8b618f91f22961fc20069ca2fe3169424b793e6b2

Download Submit
\Users\Admin\AppData\Local\Programs\potato-launcher\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
3d51b28ecc844be0908a63fe4e689c82

SHA1
2134cda25f3c65b299a56cbe8026c2583e1ed2f0

SHA256
447a9cc889c9a431a976eb16a9de8bfedf2b3e2a62db025cd2567fafa9698c5b

SHA512
00c7547fa48dfff82cd0605fdfb83d16d7d2b451a2b85c11baa49ba63ccc3685647ce2ea0dae9e1ffc23662ab4efcb846e31cc53136dc0fe5f1422a01ed78000

Download Submit
\Users\Admin\AppData\Local\Temp\nsjDA8.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsjDA8.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsjDA8.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsjDA8.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsjDA8.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsjDA8.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/584-252-0x0000000077160000-0x0000000077161000-memory.dmp

Filesize
4KB

Download
memory/584-219-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/1308-205-0x0000000000710000-0x0000000000712000-memory.dmp

Filesize
8KB

Download