885aba75eddb447464874fbeeeb0c456b218ab3fceef279697b32e07372c2a75

Analysis

max time kernel
270s
max time network
265s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 09:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SkinChanger.exe
Size

86.8MB
MD5

2f7f672c15bd26e2c73831848cc6436f
SHA1

d57fe68cfad3eae75095dab49d019886dd954e2a
SHA256

ec4d84990bb0d163d45ee842a7cbed806ea7b67552895a25a62d614cabfdda72
SHA512

f8ce0889774e8ac02c4003f1f75748f1d143f0a3c07ff73ccd96bf2bd00f61b03d705090b8e4c21198a8aa1a1c3095a16b173edb081ce4697f975bc361e3c0b7
SSDEEP

1572864:on0YI2VqaYBiMFacAtjsmjLASovu3NI/q17EATkPZOQNe6xiQyB+w75m:v92kaYBlFaz1w7G3O/pPPAQNe6xiQyho

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\SkinChanger = "C:\\Users\\Admin\\AppData\\Roaming\\SkinChanger\\SkinChanger.exe"	SkinChanger.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	SkinChanger.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	SkinChanger.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	SkinChanger.exe

Executes dropped EXE 6 IoCs

pid	Process
940	SkinChanger.exe
2092	SkinChanger.exe
2168	SkinChanger.exe
1516	SkinChanger.exe
2636	SkinChanger.exe
3024	SkinChanger.exe

Loads dropped DLL 23 IoCs

pid	Process
2552	SkinChanger.exe
2552	SkinChanger.exe
1124	Process not Found
1124	Process not Found
1124	Process not Found
1124	Process not Found
940	SkinChanger.exe
2092	SkinChanger.exe
2092	SkinChanger.exe
2092	SkinChanger.exe
2092	SkinChanger.exe
2168	SkinChanger.exe
1516	SkinChanger.exe
2636	SkinChanger.exe
2636	SkinChanger.exe
2636	SkinChanger.exe
2636	SkinChanger.exe
2636	SkinChanger.exe
2636	SkinChanger.exe
2636	SkinChanger.exe
2636	SkinChanger.exe
2636	SkinChanger.exe
3024	SkinChanger.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkinChanger.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	SkinChanger.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	SkinChanger.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
940	SkinChanger.exe
940	SkinChanger.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe
Token: SeShutdownPrivilege	940	SkinChanger.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
940	SkinChanger.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 940	2552	SkinChanger.exe	32
PID 2552 wrote to memory of 940	2552	SkinChanger.exe	32
PID 2552 wrote to memory of 940	2552	SkinChanger.exe	32
PID 2552 wrote to memory of 940	2552	SkinChanger.exe	32
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2092	940	SkinChanger.exe	33
PID 940 wrote to memory of 2168	940	SkinChanger.exe	34
PID 940 wrote to memory of 2168	940	SkinChanger.exe	34
PID 940 wrote to memory of 2168	940	SkinChanger.exe	34
PID 940 wrote to memory of 1516	940	SkinChanger.exe	35
PID 940 wrote to memory of 1516	940	SkinChanger.exe	35
PID 940 wrote to memory of 1516	940	SkinChanger.exe	35
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36
PID 940 wrote to memory of 2636	940	SkinChanger.exe	36

C:\Users\Admin\AppData\Local\Temp\SkinChanger.exe
"C:\Users\Admin\AppData\Local\Temp\SkinChanger.exe"
1⤵
- Adds Run key to start application
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Users\Admin\AppData\Roaming\SkinChanger\SkinChanger.exe
  "C:\Users\Admin\AppData\Roaming\SkinChanger\SkinChanger.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:940
- - C:\Users\Admin\AppData\Roaming\SkinChanger\SkinChanger.exe
    "C:\Users\Admin\AppData\Roaming\SkinChanger\SkinChanger.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\skinchanger-nativefier-30486c" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1028 --field-trial-handle=1072,i,8806344164968557913,16591513110666672684,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2092
- - C:\Users\Admin\AppData\Roaming\SkinChanger\SkinChanger.exe
    "C:\Users\Admin\AppData\Roaming\SkinChanger\SkinChanger.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\skinchanger-nativefier-30486c" --mojo-platform-channel-handle=1312 --field-trial-handle=1072,i,8806344164968557913,16591513110666672684,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2168
- - C:\Users\Admin\AppData\Roaming\SkinChanger\SkinChanger.exe
    "C:\Users\Admin\AppData\Roaming\SkinChanger\SkinChanger.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\skinchanger-nativefier-30486c" --app-user-model-id=skinchanger-nativefier-30486c --app-path="C:\Users\Admin\AppData\Roaming\SkinChanger\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1512 --field-trial-handle=1072,i,8806344164968557913,16591513110666672684,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1516
- - C:\Users\Admin\AppData\Roaming\SkinChanger\SkinChanger.exe
    "C:\Users\Admin\AppData\Roaming\SkinChanger\SkinChanger.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\skinchanger-nativefier-30486c" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1228 --field-trial-handle=1072,i,8806344164968557913,16591513110666672684,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2636
- - C:\Users\Admin\AppData\Roaming\SkinChanger\SkinChanger.exe
    "C:\Users\Admin\AppData\Roaming\SkinChanger\SkinChanger.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\skinchanger-nativefier-30486c" --app-user-model-id=skinchanger-nativefier-30486c --app-path="C:\Users\Admin\AppData\Roaming\SkinChanger\resources\app" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1072,i,8806344164968557913,16591513110666672684,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\SkinChanger\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\resources.pak

Filesize
4.9MB

MD5
c7b17b0c9e6e6aad4ffd1d61c9200123

SHA1
63a46fc028304de3920252c0dab5aa0a8095ed7d

SHA256
574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66

SHA512
96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\resources\app\icon.ico

Filesize
16KB

MD5
0e81be39beb41921a74dcd3b42e8a68c

SHA1
8c447e0a18b1f6a3b69729410406dd70153fdaa8

SHA256
96ad2162b507b443dea26e16e73e035a642484b8089d9fbec43b6c29464fb18b

SHA512
0fa4e1c82b6aad9e6b3796c64ef27b6349b35e067f2dbec90d13dbe38bea5154df819f097e1a20564b039796cd7be1fceefdab2d272d7d5214f5c88c4787e841

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\resources\app\lib\main.js

Filesize
495KB

MD5
d1bbee38f184cd44322a0bbae13d6b7d

SHA1
900c2362ed581436a7e0b5210ae1cc2fba769ca0

SHA256
3bc4df185354269c757e4c31414ded23866a6e5bb880b07e2ba22e1314281863

SHA512
6ca51132ff3e88c97005c626d913d263a9ed383e64803f66a980ce57e92e3bba16b3008b87480818476cde5979efea6bc2c1edb1472517a93d26d1bccb75d0a2

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\resources\app\lib\preload.js

Filesize
4KB

MD5
fa55c68c5f0b5a560604becb9df601fe

SHA1
0eeb7a10a9574238d6360ab895c78ddfdbca61ed

SHA256
317ea36e9119cd2024689687aaf927287213b5ec2909bb98c1ae87a01b49106e

SHA512
709da44b05879e4c1e8121e8c818e364bd6167d873529274d9ed63ea1b25a1ff4e9f501f11668a01677f9f610950a44b9fcbef99356d4c3cd9db51619d2dd9bd

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\resources\app\nativefier.json

Filesize
947B

MD5
594b84d374832be68c2e76d5615d18f1

SHA1
e4c3c13b3f1df2226d5e79d4e55a19161d089876

SHA256
903606674887f6fbef5dac3f908233eaad13e2e3e4ba2574a77aeef421bd0111

SHA512
c2054843458aa0940c9294d7533cc8a624ce6363d0ba3f41980f92a9a6b520e0ac688221ba5d15c84785ecf6a6713850e0d1a273e20c5625423fd34f9300b5a0

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\resources\app\package.json

Filesize
598B

MD5
a4dcd7f05c94b9e51c2e9a65b9eb5f99

SHA1
cdf6930eecbf44ac420c69d8deb4209e5225615f

SHA256
8981240c01b0e66d805442ba2b81ff1b7475d0d8eb006a87462ff4f6deb77217

SHA512
96bf53df9e37dc0bd470351de11568470461a5fbb7a5337b4d9b77bad1227216b85225776b4f07a0263bff15a763f5fda48fa410dee40bdd4444377603e08943

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Roaming\SkinChanger\vulkan-1.dll

Filesize
854KB

MD5
8df5d7efc2d9092102e2a92e097a33be

SHA1
cc9801f6bd7e818b86fe4fb52752eadbdd859a7d

SHA256
8ee6e0d63b89d920dc627fca1af5f19653d51e8318adb064cc4f122576e780ce

SHA512
ee65444dcd37dff045826dc922dcc97ccd44d7ddfe373bcd971ce0facf91e13f3df07a1368fd6c49e63e8c5c19fc2fd669182f688e80d83804c534dd9d10f1da

Download Submit
C:\Users\Admin\AppData\Roaming\skinchanger-nativefier-30486c\Local Storage\leveldb\CURRENT~RFf77d5a7.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\skinchanger-nativefier-30486c\Network\Network Persistent State

Filesize
645B

MD5
155cf031c68273b37268a4d9b3254eea

SHA1
2beae7211c74b0cb36ff23742919175733d7351a

SHA256
2b02d1590408f61a3bf8350f3140471f3d1ac964a5bbb0ad87ef4244cd6f8d86

SHA512
c910389da11e8b7bd3d16e90f4e99f5c6f271f1c646dccf0b3c956dd09c967ffc672b470f3f16feb36f317f9c82cae5d4e5e823a617c7565386d3abeb8cf5c6e

Download Submit
C:\Users\Admin\AppData\Roaming\skinchanger-nativefier-30486c\Session Storage\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
\Users\Admin\AppData\Roaming\SkinChanger\libEGL.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
\Users\Admin\AppData\Roaming\SkinChanger\libGLESv2.dll

Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
\Users\Admin\AppData\Roaming\SkinChanger\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
memory/2092-250-0x0000000077770000-0x0000000077771000-memory.dmp

Filesize
4KB

Download
memory/2092-219-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2552-195-0x00000000003F0000-0x00000000006CF000-memory.dmp

Filesize
2.9MB

Download
memory/2552-209-0x00000000003F0000-0x00000000006CF000-memory.dmp

Filesize
2.9MB

Download
memory/2552-10-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2552-166-0x00000000003F0000-0x00000000006CF000-memory.dmp

Filesize
2.9MB

Download
memory/2552-9-0x00000000003F0000-0x00000000006CF000-memory.dmp

Filesize
2.9MB

Download
memory/2552-0-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2552-14-0x00000000003F0000-0x00000000006CF000-memory.dmp

Filesize
2.9MB

Download