Overview
overview
7Static
static
3Feather La....1.exe
windows7-x64
6Feather La....1.exe
windows10-2004-x64
6$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...64.exe
windows7-x64
7$PLUGINSDI...64.exe
windows10-2004-x64
7$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3Feather Launcher.exe
windows7-x64
5Feather Launcher.exe
windows10-2004-x64
5LICENSES.c...m.html
windows7-x64
3LICENSES.c...m.html
windows10-2004-x64
3d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1resources/...up.exe
windows7-x64
1resources/...up.exe
windows10-2004-x64
1resources/elevate.exe
windows7-x64
3resources/elevate.exe
windows10-2004-x64
3vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
1vulkan-1.dll
windows10-2004-x64
1$PLUGINSDI...ec.dll
windows7-x64
3Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
30-09-2024 01:56
Static task
static1
Behavioral task
behavioral1
Sample
Feather Launcher Setup 1.6.1.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Feather Launcher Setup 1.6.1.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240910-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/VC_redist.x64.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/VC_redist.x64.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Feather Launcher.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Feather Launcher.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
LICENSES.chromium.html
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
LICENSES.chromium.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral18
Sample
ffmpeg.dll
Resource
win7-20240903-en
Behavioral task
behavioral19
Sample
ffmpeg.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral20
Sample
libEGL.dll
Resource
win7-20240903-en
Behavioral task
behavioral21
Sample
libEGL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral22
Sample
libGLESv2.dll
Resource
win7-20240903-en
Behavioral task
behavioral23
Sample
libGLESv2.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral24
Sample
resources/app.asar.unpacked/native/cleanup.exe
Resource
win7-20240903-en
Behavioral task
behavioral25
Sample
resources/app.asar.unpacked/native/cleanup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral26
Sample
resources/elevate.exe
Resource
win7-20240903-en
Behavioral task
behavioral27
Sample
resources/elevate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral28
Sample
vk_swiftshader.dll
Resource
win7-20240704-en
Behavioral task
behavioral29
Sample
vk_swiftshader.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral30
Sample
vulkan-1.dll
Resource
win7-20240903-en
Behavioral task
behavioral31
Sample
vulkan-1.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240903-en
General
-
Target
Feather Launcher Setup 1.6.1.exe
-
Size
104.6MB
-
MD5
3a201dabfdaff24a8c208b11049e276d
-
SHA1
c19478d565e5d3e41347aa65e8cb4b66b31a05f8
-
SHA256
56bacfb737076b0b10f9896ac124c2e8f83cb855f7b31ef5a95338b7529b3126
-
SHA512
88a769b8587e8f4ca00546ebd21a976349a2532dde0bca6418f07e56d0a6e2b26c451a379b1ff0b5ffc5448e0d0f5e1c72e7821b3ea5cb0f4e07cf8497112472
-
SSDEEP
3145728:mkQEzg2K6FiBz+GBTRJmgm0Iiy+FO7Ahhq60XYJMP2ZW:mw26YzlggmtB7Ahh9mxeW
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6} = "\"C:\\ProgramData\\Package Cache\\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\\vcredist_x64.exe\" /burn.runonce" vcredist_x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} = "\"C:\\ProgramData\\Package Cache\\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}\\VC_redist.x64.exe\" /burn.runonce" VC_redist.x64.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\N: msiexec.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation VC_redist.x64.exe Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation Feather Launcher.exe Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation Feather Launcher.exe -
Drops file in System32 directory 50 IoCs
description ioc Process File created C:\Windows\system32\vccorlib140.dll msiexec.exe File created C:\Windows\system32\vcruntime140.dll msiexec.exe File opened for modification C:\Windows\system32\mfcm140u.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140jpn.dll msiexec.exe File created C:\Windows\system32\mfc140jpn.dll msiexec.exe File created C:\Windows\system32\mfc140kor.dll msiexec.exe File opened for modification C:\Windows\system32\vcruntime140_1.dll msiexec.exe File created C:\Windows\system32\msvcp140_2.dll msiexec.exe File created C:\Windows\system32\mfcm140u.dll msiexec.exe File created C:\Windows\system32\mfc140u.dll msiexec.exe File created C:\Windows\system32\mfcm140.dll msiexec.exe File created C:\Windows\system32\mfc140fra.dll msiexec.exe File created C:\Windows\system32\mfc140rus.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140_1.dll msiexec.exe File opened for modification C:\Windows\system32\concrt140.dll msiexec.exe File created C:\Windows\system32\vcamp140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140u.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140deu.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140fra.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140ita.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140_atomic_wait.dll msiexec.exe File created C:\Windows\system32\concrt140.dll msiexec.exe File created C:\Windows\system32\mfc140chs.dll msiexec.exe File created C:\Windows\system32\mfc140ita.dll msiexec.exe File opened for modification C:\Windows\system32\vccorlib140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140cht.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140enu.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140kor.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140rus.dll msiexec.exe File created C:\Windows\system32\mfc140cht.dll msiexec.exe File opened for modification C:\Windows\system32\vcruntime140.dll msiexec.exe File created C:\Windows\system32\msvcp140_codecvt_ids.dll msiexec.exe File created C:\Windows\system32\vcomp140.dll msiexec.exe File created C:\Windows\system32\mfc140.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140.dll msiexec.exe File created C:\Windows\system32\msvcp140_1.dll msiexec.exe File created C:\Windows\system32\msvcp140_atomic_wait.dll msiexec.exe File created C:\Windows\system32\vcruntime140_1.dll msiexec.exe File opened for modification C:\Windows\system32\mfcm140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140esn.dll msiexec.exe File created C:\Windows\system32\mfc140deu.dll msiexec.exe File created C:\Windows\system32\mfc140enu.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140_codecvt_ids.dll msiexec.exe File opened for modification C:\Windows\system32\vcamp140.dll msiexec.exe File created C:\Windows\system32\msvcp140.dll msiexec.exe File opened for modification C:\Windows\system32\mfc140chs.dll msiexec.exe File created C:\Windows\system32\mfc140esn.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp140_2.dll msiexec.exe File opened for modification C:\Windows\system32\vcomp140.dll msiexec.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Feather Launcher\locales\el.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\zh-CN.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\zh-TW.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\vk_swiftshader_icd.json Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\en-GB.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\pt-BR.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\te.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\tr.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\v8_context_snapshot.bin Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\ru.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\bg.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\sr.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\th.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\resources\app.asar Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\de.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\ur.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\Uninstall Feather Launcher.exe Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\libGLESv2.dll Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\vk_swiftshader.dll Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\af.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\fr.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\it.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\ta.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\libEGL.dll Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\gu.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\hu.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\resources\elevate.exe Feather Launcher Setup 1.6.1.exe File opened for modification C:\Program Files\Feather Launcher\resources\app.asar.unpacked\native Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\LICENSE.electron.txt Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\resources.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\fil.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\lt.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\resources\app-update.yml Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\resources\app.asar.unpacked\native\cleanup.feather Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\d3dcompiler_47.dll Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\ffmpeg.dll Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\en-US.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\es-419.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\kn.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\nl.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\ms.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\pt-PT.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\snapshot_blob.bin Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\am.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\et.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\id.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\lv.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\mr.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\ja.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\pl.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\chrome_100_percent.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\LICENSES.chromium.html Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\vulkan-1.dll Feather Launcher Setup 1.6.1.exe File opened for modification C:\Program Files\Feather Launcher\locales Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\ca.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\he.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\sv.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\sw.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\Feather Launcher.exe Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\ar.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\da.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\es.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\fi.pak Feather Launcher Setup 1.6.1.exe File created C:\Program Files\Feather Launcher\locales\nb.pak Feather Launcher Setup 1.6.1.exe -
Drops file in Windows directory 15 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File opened for modification C:\Windows\Installer\MSI294F.tmp msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSI2595.tmp msiexec.exe File opened for modification C:\Windows\Installer\e582104.msi msiexec.exe File created C:\Windows\Installer\e582119.msi msiexec.exe File created C:\Windows\Installer\SourceHash{AE043016-3897-41D4-870B-1DAEE62CF152} msiexec.exe File created C:\Windows\Installer\e582103.msi msiexec.exe File created C:\Windows\Installer\e582104.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI2B44.tmp msiexec.exe File created C:\Windows\Installer\e5820f1.msi msiexec.exe File opened for modification C:\Windows\Installer\e5820f1.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI2323.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{12A2980B-E47B-491B-92F5-0BC703841ED4} msiexec.exe -
Executes dropped EXE 12 IoCs
pid Process 3080 vcredist_x64.exe 4220 vcredist_x64.exe 2916 VC_redist.x64.exe 5080 VC_redist.x64.exe 1680 VC_redist.x64.exe 1968 Feather Launcher.exe 2164 Feather Launcher.exe 3164 Feather Launcher.exe 4460 Feather Launcher.exe 768 Feather Launcher.exe 2728 Feather Launcher.exe 4996 Feather Launcher.exe -
Loads dropped DLL 25 IoCs
pid Process 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 4220 vcredist_x64.exe 5080 VC_redist.x64.exe 1968 Feather Launcher.exe 2164 Feather Launcher.exe 3164 Feather Launcher.exe 4460 Feather Launcher.exe 2164 Feather Launcher.exe 2164 Feather Launcher.exe 2164 Feather Launcher.exe 2164 Feather Launcher.exe 4460 Feather Launcher.exe 4460 Feather Launcher.exe 768 Feather Launcher.exe 2728 Feather Launcher.exe 4996 Feather Launcher.exe 4996 Feather Launcher.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 5012 5080 WerFault.exe 101 -
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Feather Launcher Setup 1.6.1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vcredist_x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vcredist_x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VC_redist.x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VC_redist.x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VC_redist.x64.exe -
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters vssvc.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000bf081c85bb6cd1e80000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000bf081c850000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900bf081c85000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dbf081c85000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000bf081c8500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe -
Modifies data under HKEY_USERS 9 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 msiexec.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\feathermc\ = "URL:feathermc" Feather Launcher.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\InstanceType = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\PackageName = "vc_runtimeMinimum_x64.msi" msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\InstanceType = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\B0892A21B74EB194295FB07C3048E14D msiexec.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\feathermc\URL Protocol Feather Launcher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v12\Dependents\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6} vcredist_x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\Media msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\PackageCode = "EC0A963907F595049ADA5482152F864A" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\DeploymentFlags = "3" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle VC_redist.x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\PackageCode = "F96055D82F2822E4CA2882E9779EF982" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\Assignment = "1" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53\610340EA79834D1478B0D1EA6EC21F25 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Net msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\AdvertiseFlags = "388" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\DisplayName = "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649" vcredist_x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\Dependents\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6} vcredist_x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\ = "{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}" VC_redist.x64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30708" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B0892A21B74EB194295FB07C3048E14D\Servicing_Key msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30708" VC_redist.x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{AE043016-3897-41D4-870B-1DAEE62CF152}" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\ = "{12A2980B-E47B-491B-92F5-0BC703841ED4}" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\Language = "1033" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\PackageName = "vc_runtimeAdditional_x64.msi" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{12A2980B-E47B-491B-92F5-0BC703841ED4}v14.30.30708\\packages\\vcRuntimeAdditional_amd64\\" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6} vcredist_x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\610340EA79834D1478B0D1EA6EC21F25\Provider msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\Clients = 3a0000000000 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Media msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B0892A21B74EB194295FB07C3048E14D msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B0892A21B74EB194295FB07C3048E14D\VC_Runtime_Additional msiexec.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\feathermc\shell\open Feather Launcher.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\Version = "12.0.40649.5" vcredist_x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.30.30708" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\Version = "236877812" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53 msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\Media\1 = ";" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\Dependents vcredist_x64.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v12 vcredist_x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Dependents\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} VC_redist.x64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\AuthorizedLUAApp = "0" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\DeploymentFlags = "3" msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1 msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8800A266DCF6DD54E97A86760485EA5D msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{AE043016-3897-41D4-870B-1DAEE62CF152}v14.30.30708\\packages\\vcRuntimeMinimum_amd64\\" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\Version = "236877812" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\Net msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\610340EA79834D1478B0D1EA6EC21F25 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\Net msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Version = "14.30.30708" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\Assignment = "1" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{12A2980B-E47B-491B-92F5-0BC703841ED4}v14.30.30708\\packages\\vcRuntimeAdditional_amd64\\" msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Net msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\610340EA79834D1478B0D1EA6EC21F25\VC_Runtime_Minimum msiexec.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 Feather Launcher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C Feather Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 Feather Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 Feather Launcher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 Feather Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 Feather Launcher.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 2708 Feather Launcher Setup 1.6.1.exe 1964 msiexec.exe 1964 msiexec.exe 1964 msiexec.exe 1964 msiexec.exe 1964 msiexec.exe 1964 msiexec.exe 1964 msiexec.exe 1964 msiexec.exe 768 Feather Launcher.exe 768 Feather Launcher.exe 2728 Feather Launcher.exe 2728 Feather Launcher.exe 4996 Feather Launcher.exe 4996 Feather Launcher.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeSecurityPrivilege 2708 Feather Launcher Setup 1.6.1.exe Token: SeBackupPrivilege 4380 vssvc.exe Token: SeRestorePrivilege 4380 vssvc.exe Token: SeAuditPrivilege 4380 vssvc.exe Token: SeShutdownPrivilege 1680 VC_redist.x64.exe Token: SeIncreaseQuotaPrivilege 1680 VC_redist.x64.exe Token: SeSecurityPrivilege 1964 msiexec.exe Token: SeCreateTokenPrivilege 1680 VC_redist.x64.exe Token: SeAssignPrimaryTokenPrivilege 1680 VC_redist.x64.exe Token: SeLockMemoryPrivilege 1680 VC_redist.x64.exe Token: SeIncreaseQuotaPrivilege 1680 VC_redist.x64.exe Token: SeMachineAccountPrivilege 1680 VC_redist.x64.exe Token: SeTcbPrivilege 1680 VC_redist.x64.exe Token: SeSecurityPrivilege 1680 VC_redist.x64.exe Token: SeTakeOwnershipPrivilege 1680 VC_redist.x64.exe Token: SeLoadDriverPrivilege 1680 VC_redist.x64.exe Token: SeSystemProfilePrivilege 1680 VC_redist.x64.exe Token: SeSystemtimePrivilege 1680 VC_redist.x64.exe Token: SeProfSingleProcessPrivilege 1680 VC_redist.x64.exe Token: SeIncBasePriorityPrivilege 1680 VC_redist.x64.exe Token: SeCreatePagefilePrivilege 1680 VC_redist.x64.exe Token: SeCreatePermanentPrivilege 1680 VC_redist.x64.exe Token: SeBackupPrivilege 1680 VC_redist.x64.exe Token: SeRestorePrivilege 1680 VC_redist.x64.exe Token: SeShutdownPrivilege 1680 VC_redist.x64.exe Token: SeDebugPrivilege 1680 VC_redist.x64.exe Token: SeAuditPrivilege 1680 VC_redist.x64.exe Token: SeSystemEnvironmentPrivilege 1680 VC_redist.x64.exe Token: SeChangeNotifyPrivilege 1680 VC_redist.x64.exe Token: SeRemoteShutdownPrivilege 1680 VC_redist.x64.exe Token: SeUndockPrivilege 1680 VC_redist.x64.exe Token: SeSyncAgentPrivilege 1680 VC_redist.x64.exe Token: SeEnableDelegationPrivilege 1680 VC_redist.x64.exe Token: SeManageVolumePrivilege 1680 VC_redist.x64.exe Token: SeImpersonatePrivilege 1680 VC_redist.x64.exe Token: SeCreateGlobalPrivilege 1680 VC_redist.x64.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe Token: SeRestorePrivilege 1964 msiexec.exe Token: SeTakeOwnershipPrivilege 1964 msiexec.exe -
Suspicious use of WriteProcessMemory 63 IoCs
description pid Process procid_target PID 2708 wrote to memory of 3080 2708 Feather Launcher Setup 1.6.1.exe 85 PID 2708 wrote to memory of 3080 2708 Feather Launcher Setup 1.6.1.exe 85 PID 2708 wrote to memory of 3080 2708 Feather Launcher Setup 1.6.1.exe 85 PID 3080 wrote to memory of 4220 3080 vcredist_x64.exe 86 PID 3080 wrote to memory of 4220 3080 vcredist_x64.exe 86 PID 3080 wrote to memory of 4220 3080 vcredist_x64.exe 86 PID 2708 wrote to memory of 2916 2708 Feather Launcher Setup 1.6.1.exe 100 PID 2708 wrote to memory of 2916 2708 Feather Launcher Setup 1.6.1.exe 100 PID 2708 wrote to memory of 2916 2708 Feather Launcher Setup 1.6.1.exe 100 PID 2916 wrote to memory of 5080 2916 VC_redist.x64.exe 101 PID 2916 wrote to memory of 5080 2916 VC_redist.x64.exe 101 PID 2916 wrote to memory of 5080 2916 VC_redist.x64.exe 101 PID 5080 wrote to memory of 1680 5080 VC_redist.x64.exe 102 PID 5080 wrote to memory of 1680 5080 VC_redist.x64.exe 102 PID 5080 wrote to memory of 1680 5080 VC_redist.x64.exe 102 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 2164 1968 Feather Launcher.exe 109 PID 1968 wrote to memory of 3164 1968 Feather Launcher.exe 110 PID 1968 wrote to memory of 3164 1968 Feather Launcher.exe 110 PID 1968 wrote to memory of 4460 1968 Feather Launcher.exe 111 PID 1968 wrote to memory of 4460 1968 Feather Launcher.exe 111 PID 4460 wrote to memory of 768 4460 Feather Launcher.exe 112 PID 4460 wrote to memory of 768 4460 Feather Launcher.exe 112 PID 4460 wrote to memory of 2728 4460 Feather Launcher.exe 113 PID 4460 wrote to memory of 2728 4460 Feather Launcher.exe 113 PID 1968 wrote to memory of 4996 1968 Feather Launcher.exe 117 PID 1968 wrote to memory of 4996 1968 Feather Launcher.exe 117 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Feather Launcher Setup 1.6.1.exe"C:\Users\Admin\AppData\Local\Temp\Feather Launcher Setup 1.6.1.exe"1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2708 -
C:\Users\Admin\AppData\Local\Temp\nsfD1D8.tmp\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\nsfD1D8.tmp\vcredist_x64.exe" /quiet /norestart2⤵
- Adds Run key to start application
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3080 -
C:\Users\Admin\AppData\Local\Temp\nsfD1D8.tmp\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\nsfD1D8.tmp\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{D9D99871-934C-4AF6-A5E4-EF9FBB27B9CD} {76B508C2-2530-4906-922E-001CE204ED41} 30803⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4220
-
-
-
C:\Users\Admin\AppData\Local\Temp\nsfD1D8.tmp\VC_redist.x64.exe"C:\Users\Admin\AppData\Local\Temp\nsfD1D8.tmp\VC_redist.x64.exe" /quiet /norestart2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Windows\Temp\{F379F2AA-BF70-4C44-8D4B-B6BA908EB215}\.cr\VC_redist.x64.exe"C:\Windows\Temp\{F379F2AA-BF70-4C44-8D4B-B6BA908EB215}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nsfD1D8.tmp\VC_redist.x64.exe" -burn.filehandle.attached=672 -burn.filehandle.self=780 /quiet /norestart3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5080 -
C:\Windows\Temp\{DF2BBB5B-5E76-4E52-859B-FA6583DA70D2}\.be\VC_redist.x64.exe"C:\Windows\Temp\{DF2BBB5B-5E76-4E52-859B-FA6583DA70D2}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{008F6F11-687A-4F49-B37F-4669D1D68915} {17E907C3-20BF-428D-8A52-57EA198A92DE} 50804⤵
- Adds Run key to start application
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1680
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 10604⤵
- Program crash
PID:5012
-
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4380
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵PID:3388
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1964
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5080 -ip 50801⤵PID:4988
-
C:\Program Files\Feather Launcher\Feather Launcher.exe"C:\Program Files\Feather Launcher\Feather Launcher.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Program Files\Feather Launcher\Feather Launcher.exe"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1740,i,11584367928757136111,1410273368814696598,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2164
-
-
C:\Program Files\Feather Launcher\Feather Launcher.exe"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --mojo-platform-channel-handle=2016 --field-trial-handle=1740,i,11584367928757136111,1410273368814696598,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3164
-
-
C:\Program Files\Feather Launcher\Feather Launcher.exe"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --app-path="C:\Program Files\Feather Launcher\resources\app.asar" --no-sandbox --no-zygote --disable-blink-features=GetDisplayMedia --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2388 --field-trial-handle=1740,i,11584367928757136111,1410273368814696598,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4460 -
C:\Program Files\Feather Launcher\Feather Launcher.exe"C:\Program Files\Feather Launcher\Feather Launcher.exe" "C:\Program Files\Feather Launcher\resources\app.asar\preload\preload-mod-watcher-fork.js"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:768
-
-
C:\Program Files\Feather Launcher\Feather Launcher.exe"C:\Program Files\Feather Launcher\Feather Launcher.exe" "C:\Program Files\Feather Launcher\resources\app.asar\preload\preload-skin-watcher-fork.js"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2728
-
-
-
C:\Program Files\Feather Launcher\Feather Launcher.exe"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=844 --field-trial-handle=1740,i,11584367928757136111,1410273368814696598,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4996
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5bde5c6ab5d5ebb388e2eac84d2ee72a7
SHA16053c0cd78304545b292f106af5db9fd8f2ed07b
SHA256fc2f1da2f1438597a1c9b02ed37ba16876ab5682da9e6965634e562a41e69bfd
SHA512bdb50dba4d9e849b4a1c5405d19a4962ac762805e48c54f09486ee2eaff3c731f872ed9227299563cb9e70038b5d93f1799068d6d55ec92d4e45a791db0a1711
-
Filesize
19KB
MD5e9af18a8edded32210402bff704b475d
SHA14592c26c17a8304931216f2a2bceb1c6c35d461c
SHA256d7b36e101141fd2b17de531ce52f5a974b5a46938bebf21ca6111ac412b74ff3
SHA51220307df86948a06ea5ce7664479728594ddbcb74a29235ffe19fc4cff6025d847ef83282bebfe8151c2ede9f95a49daa703d0caf39efbd2b324f92bbb28eb5d3
-
Filesize
21KB
MD51b299b0e1f0de6520d95f6a207f265a0
SHA16938aa585fafe6063e8ebc86034fc8f5b1f89c78
SHA256bb0755e408cab746a44ee025c31e31a0120374186222275780b39e819f2e29a9
SHA512c6e8313f278c7e6d46e0ae2c02d8c1d02d77eed81011af4ad4a9ecb4995c55adc0e8c24a938cb06bebb8cacaabe4bd51d4555cb29653d88dc0b46906cde7edf0
-
Filesize
21KB
MD551b3d49dc40ec915d53e2caf5855431a
SHA1ffab1ee81836eab2236f3e058c4d2b1508fc9e85
SHA256c9aa081a1e057d97f9186f59fba197dfe2a431a89024c11608054f7b045cf7d5
SHA512b69ac859934c708e177f6fb39d0910030915fe7b4bf387127c72d043ee2522fc1985bd76409ad20c33dde04f0f22d07f390880184a31d688402807ba8f3eb03a
-
Filesize
126KB
MD5a3d4515d3a33a407d313a62818e82a5d
SHA1967ff9a6774a66f7b3299af4fd5d70961ed54d79
SHA256662a9db6ef4197cb4b6c50648a2cafceb7fd903015828df3fee605a602370be0
SHA5120c757e1beccbca1ae0791fa0c51a9e2019696bd0965c73de67b364fba6f317ea2cf20fa65e4fa7dd22519683528e5112dc8c530049170f4e702e0c8d4e065801
-
Filesize
716B
MD5b2653041509a465407073d21c22cac1c
SHA14423caa12f6ff12282f5b01af9ca559cec8049b3
SHA25668544c805e1e622f77cc8bd4fbb77fd568c0d826480c200759fe6ac3d6527437
SHA5124f0d0630ad121165bb89e97907ccf3e73d7e9407760d2e29c0a76305932f71982c9c5cf6c9d03e31937fda96d79674cac7e29d485a4b91655430866bec9c2046
-
Filesize
2KB
MD557332a0c245ff6af33c01f215d0d1362
SHA1c197fa209017d9bbfc8710428fafb63e3e0ed0a8
SHA256a28e92248f01dffafb938ee5088c5a02ed98f01ac10fc56f8c8b15530658e15a
SHA5126abd6bed03701440ca5bfa7332bb82274115aa4457af576ee7d7ea61a96cf94f3223649621dcb90befbed61cdb041e44822535032ab58b992a2b5d750bf06f4a
-
Filesize
2KB
MD5025623573551902542d37f5fe685e01f
SHA180ba1ad9c98f69f915ea3b964375286e237d9598
SHA25639821153f80bfaee192cd23a18a8ed16ea03e1c52c619fe9b758944392c0ee16
SHA51224ba10c4c2d626fed968984689b70ac07e8ed19b49b6bbe40c8f23d2a28c00046a1283809cececf0fa9b7566df0ff8dff9cf47729bef7a624b9700c4f6b98c20
-
Filesize
7.0MB
MD57c665f5be07c5c43fa97973838b6a8ce
SHA103a3d5c39fbe0c43fa1560ed63276d905b2b74e9
SHA2564b8df94e631f974b979086e9bc78395e3c95a813af55481dd2d89fc07ee64815
SHA512c36d241427f4f0ff8059d839288b0bb150c873a4f7f9d78816617efa74e4b59a7b27d219db224460ce9f1ecb874e2c89f9b75fb3ffb3e0c8720fd917610f9d1d
-
Filesize
1KB
MD54d42118d35941e0f664dddbd83f633c5
SHA12b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA2565154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA5123ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
-
Filesize
6.3MB
MD5997768ae7eb8c036425bed10f766e823
SHA12ec99026b977f6603a8a7890bc05594a9a4f13a1
SHA256ab30ee348b3257ec2f19fb5733e64278438be792f1280ce0f28eae0c9cb8943c
SHA512f408b817b68861cbad62425e0bb8726f876d36a2212186a8f948d5c825c95ed819dcc41284d8ad8ac11e7ab7ff6141588fededd01c287780f84269846515f639
-
Filesize
175KB
MD53bab45c70f22646cf8452c30903810cb
SHA140b31d4c79b5a2b8d12f8cf8b6c49c962c31f766
SHA256d4282ae977f23afe252e19e421c8d09696ea3b83a1e73a6aaebaaa5547c74cbc
SHA51285eda055494f0233c963e821906cf69d94e664d8396e8b08e7a8f412e1c16af71252fef1bfe3ed43cfad157aa90c0dcbb375626e2ddf0e807c9b23ad27e61d9c
-
Filesize
4.7MB
MD5cb9807f6cf55ad799e920b7e0f97df99
SHA1bb76012ded5acd103adad49436612d073d159b29
SHA2565653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62
-
Filesize
2.7MB
MD568ea02ddbfdd0aa3a694789ee6d95bc2
SHA1326354fda27d5de1a7bf23b440c6eeb889c7c00d
SHA2560c4e27571b2b7c2f50fb6c6d9746fa978079bfb3834bd69ac2f36123c41a0c99
SHA5125d517890cfa9782eb5e78ae9bbec54c25b7db1260bc73e39e6b96fc5482b5d7908e25b8b0571eab7129ce78963bea601fecc6be1efda6376addb1c0240e7276e
-
Filesize
10.0MB
MD56690f2b2384e1bf8961fda96a4d07691
SHA1111f6dd9833c653908431621fe8fbc87f1135632
SHA256cb73d42d36839708013393ad0e4e932fdda9a1acda9275ecdbe74fe89eea8366
SHA5126a5242fdc0ba09e339151feae1b3f7a9f00a09288b6f4ea9305d1a09d8bc3015c074ee91de35b8d6fc765c2fb55ec37dd91b8e66b7a7bb3148cbc305de19b088
-
Filesize
458KB
MD5655672c205e37b079c34a4427118479b
SHA1e1d595a25e76f2f1be50f0ac3046e82462790d69
SHA256498fafb59d3d1a91fa24f95a59411dacf3fb373408e8ea5f931e2ed6b2732d36
SHA512a5ad3ac4e382d28d2d95cfc1b02ffca2ba1b5277567c1db81e14a87891e6ef9e5b8b2b56f4b63f8512c0b527dc3de7a5ebf5bb479dad827dfa17294f5874ab92
-
Filesize
7.1MB
MD5eb2b911d33f5ba82109a0d5608c28334
SHA1fbc578fbcfc88a132438b38e97bb87c16a9f698f
SHA2562404be88c798b43499ab7466e2b04bd58510f0d3fa59049aba6ffb932b65c977
SHA51219becd2003702813898893f7b1fcd1db179a76fbd201fe34471254b75ba5e98af262922adafe5ef0672302cdf4c0b1e2f8910fd2e51ded0f3c4d6c5a43de489e
-
Filesize
321KB
MD53ab2fcf223a5fefe8a186741b3507e14
SHA19e851c09c08415a228fad02ba87a9caeb29e3b9b
SHA256e6db19247e92d007323f9e0ee776c423a6a8a64ab321c9d5c964cf137e390a4d
SHA512c1259f7953191b7c89694d826f4e45564d4c7b6be2aa7e85b73c5a6f723894b139ba62d215def008f45a95215fb3da7463e229c8ed014a6db4b03e64133891e9
-
Filesize
519KB
MD51ef5cb04c40f553fad6dd74295ff4588
SHA19065653dc4ec508b657fb86f45a69114d1ab4be1
SHA2569aa0bee97cd6957d3fa1dc43e3bc45b7fc4f55df6df9a33faa7aeaf6e2c46a71
SHA512fe766d0841a1a247442e85b5e4890fd3f83c76686e61c2243ed93a373d7c4b9a79558200583e58fb17cfa64efe053d61c582d83beb078a62ef232376e4741ead
-
Filesize
561KB
MD5f27d0b588bfb76f541e9a8d83c74fc58
SHA123d01bdf7e1a7d9cc34a53b5d0e9a221395d0f67
SHA25688645be62d0421ace7b2c44df7de67a4a83b04977049bef82b465f60f06d5560
SHA5129406a3150e40a5c93c9a2ba82030b334161273ec3d66c8812cb7328340cafd0ce549f178cddcd00bfc227a258e8aba64305be203fb6502fd87f76f224d0a7126
-
Filesize
596KB
MD5d9291d2f1e816471f691f37c5a4635a0
SHA1201f26fff690b95f559d57866d7db519364ac27e
SHA2564a7d229dbd7ca53bac0438d5705a8ecad9e33213f6752e58624da1b9e9cd571b
SHA512074b46011bed5750dd49ec5e021b02850d11b235730c27bc2d0910a69f2f1d03c79dbe692b5dc34b7be28ab071b8af6c639151ebb10364f04b8acf4615c54270
-
Filesize
765KB
MD5bc688ba7dd2b0f9946ac98a1df15131f
SHA1b453ec6785191b3dbd5d78e7b25b9481b6522b32
SHA2566ad844d2b22c8fbf3587ea603140deb1475dab934ac62e402dbf1c6946dc882e
SHA5123d60102975a6acb39ad5f750128ab4967bdb5a64eeb398c5fc71e5fcca860eb97487df4e85269a5ffdc1f030bae2ff1c03d61b08565792f84696693aef8119ba
-
Filesize
363KB
MD5711098caf9322fa49fbe4ee2ba794a7e
SHA1d567f076ed6b8b1479c566efb155ba491401f140
SHA25695758e3b0e83067a8eb8f135f1a9f6112db18ab6a21981c5ec32c899c729a159
SHA512bcbff969d9e3ed54f6072b359f911c0c9ed875b12fc7a29002e9a251331b4d47b7c0d740ef1c596bbc8828d6e32f216f41bdadf0873a0a85ea5b65bc8770158f
-
Filesize
370KB
MD511a76a16e2f94290a6671b2fa7c782bb
SHA1ccaecdb49758bcff8fe31ec0907b3a4a0f1ee6d1
SHA256dee2f88b85753600284bb4acc844be1f0edd5688f98340770bc042aecbd73fb9
SHA512a19845703cd2af109c085383307eff88e8f2ea4f6446541ba1f0bba89522e714d43cfa355af149a9a12ead96ab389b27c273a53dd15a93b401f6f7eb4d43886c
-
Filesize
335KB
MD5528f37f3f0f7b145a979d5c241b4fa0a
SHA1553184bd357c6493e73c1a1dcc5d142e1a36f0ff
SHA25619444d709ff0b9343aef93a640c505566572a0f3121012716d2af937c08d6dd1
SHA5126a58016bd952dd93026e81bd240a5d02b0538c61b3f0422ce4439a719d4c0d76caada1f3177d4c4942c0b573844c7e42d202285758dce8bdd8c44115ea4b068d
-
Filesize
360KB
MD58ae896d9d42d65ae82093eefe5dba356
SHA157b6175fcd23ae0dafc7eebbdaf7cc26c1ead0bc
SHA2566e8983727e035e77652fb453192871e435dbab03ffb3088a86ec918ef01b7f37
SHA5126271a6e21fca7793964199489d21d1fb8d93eff2cf1979b3da7ca6eb22d4786a28a6e62b6ba0b8907a6be7487d5c9c45d8d372eb34ec16ddddbedfd49dfc475f
-
Filesize
650KB
MD579077480619d88f5d4d0c349e86de169
SHA13b05b9de0d79e6cf82ff5e482dd1626f58d1c858
SHA256b4bdd19191dc4bc22f8a3ecab032f034b0c0c0669e9a5ba1b42717ec0b5b418b
SHA5121fc5697c798c83f70345700037af7aa22acfac5a3c7e319dd57d587a35b7e907ecfdf175e283df365e31c0f824713743a96cc56b60e9c1f335bda80fcfec38ee
-
Filesize
293KB
MD50444defa8f211ac4eabcc760b14a5b8a
SHA1f143e080ba73f83c77d6c095ab8be1f71f763532
SHA256e252661d412a068610ac2e2a64609f21f71c64602c579a14d7e6ee59d08fdfc1
SHA512ef4977e477c3c39c2915e82162bf44370a3e2242a2fe57b43a0c2342171d02278adcec9d602ad4d4021a6554ad85a55d4635ccf3cf97405bda30626379d875b6
-
Filesize
296KB
MD51e9b12891461eefd9db12e537965329c
SHA1bf2346e045f79a70218890764b9318fa86886b36
SHA256bd67fc968d75e77f2bae7ad552c398ccc4dad8635d74814c2046f813010c45e7
SHA5123f01b9fc7e07bf6f3f8cda357debb83f73bb24179f6926d0b24114ac0078f42941a68842453bd7ee86cb759ef76e240b84278ebe1541cb659fb7caf3cf5b6820
-
Filesize
358KB
MD5637dcfd56428fe96bb0a778b0cf8a660
SHA11bad857d600d00864edc3d31529cf4ef6a49b580
SHA25645f136986a226b1385189997aad2f660d0f518cc9871862250736237e0b105cf
SHA51266b5c92687e97326af47258d38ec523184ced00855ca385515c64bfb9a7e3eb8dd1f885c4db5891bad680c670714bf9e5574483e34265c1f7781c8a7e7af9301
-
Filesize
359KB
MD585e0afd9c09f97cecc025f31fdb6269c
SHA113b9ec632e465c31fe6e88b1e3c186a2eacf5de6
SHA256e1a9180677d2989137e8dd381e6c847c47b385a6d3e965a047829479317736ae
SHA5120371b816522bc43b124ab8dfba3ac55e63c435276031f7035075a0767a11f3d73b5991156ee6ea1770d0115c09cb653c9d3fbda4b2d9f1e00b068c9d7a2f8db4
-
Filesize
323KB
MD5f6b7f59ef4eadb505faf6f939adafecd
SHA1738f208a717786f23d124201aa16b377b686cf50
SHA2568e75989893f0d59f6ccae2042231ec8e7dea6fbc78210700d0d1d3a67f6b1d59
SHA512195bec3a111c498cb4b791bc7d15b459014717fe4270cd82d01e6e4d1b12bac03e267b7699b12e43db5c6cfd8625b6358bcee039aa18edf593f824fb27bcb38e
-
Filesize
524KB
MD5d7051343f1cd16379689a2a28a614bae
SHA17dfb720048bcde2282c682d5653fdaf3b55d89cf
SHA2564c00aed6cd9f9f6d2a98c157cc10a07f4f09fcc18b72c048eb6777a2600181ce
SHA5123d4284a0c4c528be1b9466582bfaf2cc1acf9a03ce9cdcb27ba2481c31cd841b0a70912ca388dfe1d3cdbc58c82e095baa961707a344d03cb0db777a61b5cdd3
-
Filesize
332KB
MD571f7182ad054b5294d1a3c8fb91d1612
SHA113a210397d6352912c35ffcfceb0e2ba3910f7b4
SHA2560b41ce33c0036aee83989ce4ffc2d096b2f6fab77634e4bb500ec70a51b4e0bd
SHA512157f11807cdf4667efbc93cf2f3134d9d48b6eb08b941eefb7b085dd3e110efc42c78ef554c0faa2b46e0155903342c6b5b6b20f796907138619b880bcb2d2f9
-
Filesize
372KB
MD5850333b9705ef8ea07a6a9ded5904040
SHA112950aeb4d7f13ff335c5012e1d0af0da50ba541
SHA256742705b1c87900f6e8f02fa112d2cf13ffaa6c09c62a7dc34a2cd6a29608dd10
SHA512c464725f7f9702c9e94a7491e963664fbfb2b07507ade4f32fe2372eb9d0313bb229fa8eada511b338d094780341c24cfb59f745471b0b82fbae94ebdc8ef4e8
-
Filesize
387KB
MD50b0722d0c9187ed3bb445e66b9f73668
SHA1426b41bc9677861b61daf77e235c20ca70b5deb8
SHA256b7b3e4f04dadde5c228408c32c55f088372181cad5b71df515cdad8dd1ef9e6d
SHA5124d5e3d6054cef9f903844a0822906c612def3d4c3319a7114a54421ff1a4d3c523d02d457d5a2ef8636d6f4183392f64d821c6ab2e8b79c9930e95f7a36a891b
-
Filesize
740KB
MD59ad27f9e3aa9356d8398a823a5a90762
SHA165a3b8b786a245e307bad3966d9ec02094c06cde
SHA256984aed687408ebdeb291a57893034490d6acfe9d34546dcc3715f33c8907ca61
SHA51246fa7165714cd1b7c1e2389c85e2ed73f40125491959cc458ac621f5e156963f0fc141deb1c973996a15bb2b7b835ba36806db762ebe97b02159d64d002a93f8
-
Filesize
458KB
MD5f7f22a75ba2cc2a2d1094ecdc60a208b
SHA1a631ebc0d180fa994b3856f706ea75714292a7f6
SHA2564e972808f0a25619462a0390105e8a869037341a30b3481b3c80d918009efdb2
SHA512fa7e27d931421fa504c6731e4aebfec0908c98f72c2ec7341195ca907420dfedf30f68e0949e3824b6368d64244de3bba6a7183d3fae424a0e1de69bbfa9d71a
-
Filesize
771KB
MD5d0b36880a50bd87dfab2ebaff24c0ea9
SHA1eb1f30d0092b4900f332cc2162f9f1c52ccf4da8
SHA256b23dd1037a3d133ef29b73f5fd90765a7af9f0f69b24858343acb084a59b01c8
SHA512bb80d1ca39707b96601433f9b10d7857950aae2075d173d5650af2e3a6e6fc795ba4a6ab55888933b9f0e62bd03d362af42357ba22c75a1ad599d153582f6bab
-
Filesize
358KB
MD55858fdf0f665ef6dba8a4e68ae175974
SHA1fc8085083e4b38462c42e6ca5ae67fea408f18a8
SHA25666e85a46152b7baa26b2fd8d6af3df0ca67f54b75281aa08cf6a0f7e769aee8c
SHA5126b32b62749b2e1a8921faa425ffe69f1d3bb3d8ebceb74f5215c355a35aac8220ae8a0624c68ec45123430cc731812504fc22bfac1d50e810168f3b3509176cb
-
Filesize
387KB
MD5e74277eadf72ef7164e03a0a38d8f6f3
SHA10085e77f0a9bf30d290f1eaf24466a12789a1c6f
SHA256df6c21a38bedd4c6d02ab60650f4c34537e238d4c72b96b2857973027542c3d8
SHA51227ef60832a863c4ad3ff0816ee03b8bdeb584fc83654f4b1061786014aea92334ed44482321a370836aba7e08cc4b0992a8ece81cf8b98e42cdc76813470ecb9
-
Filesize
318KB
MD5437540fba9de2809d42dfc66ad78d664
SHA10ef84382147c9ec2c1f8f248f7234506d0f3785c
SHA256788a4e41a8e6b70e714913b4894a48fdf24799f7a20320565c523b233a41a8be
SHA512e893b418457b2aaef7605e36a61351b43b18b38ba675b2377bbf7744c7ba83fb66db151faf28f9bf0361f874cb4dc93e4bb1066cb7a5fb6a41b1b97f907c1dbc
-
Filesize
353KB
MD5f21eee789d7b89f4c1ac03bcc95b6391
SHA1754ddc787e22378c3034c78dc126e49d952c1ffb
SHA25694652279dd554461d91613fd2cf295e0c68a7fa46855c53172781b15a5b2bcb7
SHA512588640b61bc8ec60d9d6a6110544b0d191cf0d084e17bc79ab19177eaf74899c1eccd7b0f0f6852182b48b19596446e819ef0c1d64fbffbc87552a8d0eddf49c
-
Filesize
430KB
MD5d453d6bf0d493cf8a28dcc7e32149cde
SHA1fe164f188b61c6b0c243262df7fda8fc612d9e82
SHA2561b3bcb7b6482cd9b005aaf30ccde3b4f3603f0a9e1d0f2209d70ecc74f7353de
SHA5121588071999065dc93959ac36557e321881e7f244b2166c0af76deb4083d3e9580e6d0dac1fe474a49cb43cebc76a3f0ed400e750c090886c77e85ad0dea86c2b
-
Filesize
854KB
MD5be3dcd0f8dd4275662a01a381bf294fc
SHA1b97dc0e112e1b66ab3b9b7679cd9b2e8d9e40cba
SHA256c06445ffccb52fca884686db4eda33d315d8340fd653c199c0fd8a07d1872720
SHA512a9b00474ab5d1ab88bc005ff53c8d7e33a103d87c2794e38bd6819de629969d9dff06bd4bc7c2318ada4de5a61d68462bf5e0464c7f53a4250b4f617f99ad32b
-
Filesize
361KB
MD52f216c3e58b73f7981d61034d707b53e
SHA1fd47331e07c8575057aaa58b1068e82721073300
SHA2567b87b2795f4bee5d4ea37b959ef9d7815b4cc39ba3470d97006370337c3e5997
SHA512eb07bfc41b76e4ccac9346f9540208d184291cc443028ce74cefdead0b2c63cef6c92862eb5c5479810cbfc98ad2a60d9281a6286d25a78ee12e8dfcb2522288
-
Filesize
387KB
MD52a21c3d432c272f81edf923308858802
SHA17dad07b28eaa2db09c341a4670a17016702ea1d4
SHA256da21c47633640002d0eb397d9f2685df542b6f5e53ee3ca655340750de2f3217
SHA5128f646dbceb6a13568364f194f1ab95055378404e0ac21a3b4e609bfc1ab3b41869fb3ef4700aa0161ef43e4a394666437c17cf49f7bb0bb1d27fcdfb252ac782
-
Filesize
386KB
MD5f0645d37826c1e2923240b745506b7f6
SHA1d41a06f30cb4aa187b6f02320db9c743058551da
SHA2561af1ac2692035d502e772f976c977936d0feb42f65a9096e0af2fcf8b7df03bf
SHA51229ccd6915aced1680eb0ab6ce4554ccbcfcc196a7e1398ae5da1433205c7b2e77ed2bc7349704d1dffafd108403bffe53c36bd018bacf6faf7363f8e35c32a9d
-
Filesize
897KB
MD568ba8ab8cdb6bcab0650324a9b2736c4
SHA15cb7dcae00cfaba7e621373273dc80144319f031
SHA256c990dd02ea8ccad94f5002b2b05e74ad258a9b13ec1168732cde06d0723e2a91
SHA5127b4b75d2a67b32c0232b05de4085196484bf52cfeb109f2543c4cb184456601afafe3e05ae7ec9c37666499bcb424346114fc9fd08af65a7af853e42cb16f5cb
-
Filesize
728KB
MD5a72af6ed3bc9c364cdd096d65e3b5349
SHA1f652a7d21e8cafebcd72cc38891d4b7b908444c8
SHA256c20543bde56b4ba78b7efd8a1fd4d6990e751ea7e243c91a2e83ca78dc0d9289
SHA5123d0523ac8ac9e1d9f2e3e802053a14c8c3ea0b45cac0865b10efb23e869236b8103824777b5efd45eda7d6da128e9ec15bc68963bb60cc46a034ef357fd66b77
-
Filesize
332KB
MD5aa1d4538fd06a6663ca213e059592f90
SHA14197b4bdd58b09ca8caf76d0c22e3eda358dbeca
SHA256d51d9f4fd2be492a751db6898b4c2843b2b6cbfe893bb66ffa4eb8e1a66e7e5f
SHA512718d3ed30f8f8052b2c52e8458188880a050ccf14f2929e953e18a551f6abd4fbc87af525ccd2efa353bbee00529cdeb7146373023d598cb6430e16465bf1cae
-
Filesize
325KB
MD59cd8697bbc2b78dc3fe4c022d1fd5ee2
SHA19b0cc62586e391af46899464dc22df60746b53df
SHA256fee60b6eff88716fd8ad4a9b2da8b16827753c819671831e2d7dc2723aee3bf8
SHA51230db548a2bc7af38ffe0a1970a52afce2fee04c02b4b61b277d875f068c86fe46fe537303cbbbbb66f3f715268b43cf3b2cdfcd90c2a4157393d6242eca79c37
-
Filesize
336KB
MD5abab4a5f1afd809d2e7d5cad3ea17e70
SHA1d57dd02b63849f7798b1ba11efb889075fed10f3
SHA256361d54411d890d26fbe6d1f8e8f8258e72afca143783f9f16145b9f4f5f9333d
SHA512076a061a9278d83c76048696d14120310b64fe41a0300a0e0588e1c7ae933026d8994f9672d85c5c76046a3d7eba5fea6ce70fa7fb4cde0990777e3965fb1d8c
-
Filesize
373KB
MD5b5fa6aa430ac5ffbaf172627733d0a28
SHA122179851889ee0f30097b0ca7417575f91c9b7bf
SHA256fb1dc5b556f59b6ad642167f1df9e654517ad494559eb3f441ca8f79d56a86e0
SHA51280dda2de947cf5e2084bcda6623b83ab7cabfbcf5e6fe4d36d3290ee10f18f7be897b29bd3ac9f5be72572e04a7791e008532dee68bdb9647b20532fa38cb386
-
Filesize
353KB
MD58bef64a4500a00f0e72944a4a4b6556e
SHA113724500fabaa1c452a253bd43572d40d74f8e43
SHA2561054376071aba92b165cf561b7931a18ae0b29c9ca22eda85c5c9c7e6721e49b
SHA5128590fbb13913342c988a7bfbe7abe1483cefca90b801152ba483752804879a30b5f8aa4f7cd55165978984da68937006b675a65d7c6ca93e770ea2586a35ab02
-
Filesize
356KB
MD5a0e1ae3d3ee87f7031fffd278cce007b
SHA1c36d4e8db6913f021a0be1d9b8a3e8a13943359b
SHA256e5c382258030217591f439a4020069378c3362677258d5129c69ef8e25abd6c2
SHA512bad63254f3a4fb65a9e7cf00587985cbbc93fb3fc2b48735b59fed3c98ebc1c51fd5e8394209f86c6040d05663b677b6d468cd98920f9b088c6fe1cdfea7b47d
-
Filesize
365KB
MD53e9f9e59dd4a782ff7b1f1106df6c88c
SHA1a0694aa9cc39e1aa5ee6b0cccc0de76b14a8f808
SHA256d56825b2ad81fa419b428855d8b3cff01015a446b7cc989d7b17fe1b3b5f45cd
SHA5127e03875cc9b5c01838af6b470c541cf7f2402fbbd1b50bf0634a4c26fe417c85d59f53112e1013425d26dd2664c83181591baca502c259e513445a6ea2fdd18c
-
Filesize
593KB
MD59cbc09a3aad1ed164062db66c31b5031
SHA1ea8fef1cdaccec36262c65f09b4448128a5ad2bf
SHA256f6b76bf79ea9f03d6bf8a399778a387029baf9a94ad274788514b2086b612bd8
SHA51202b7510ae112a28aeabff0833ef997b1fe0d7ea23818221da8df16db392d4b85792fb60bbb3f3157c912269f5abf0db0aa82364e2cdeaedaf8b2d8fdce2537f1
-
Filesize
376KB
MD5ff48eea350d1fe820a47c2cd0f9a93ac
SHA11a069d1f9b278be78cefd290670dcecc463aa7a3
SHA256fe43904bfb0072add943ee8d44e9f92a80eb2aa55ce7157de52ea625c277db53
SHA512507ab138d8b6dbabdeacf3031fe4c63687fd91d04d0eb5e27b12ffe1d84c93ee40f69e48853d6bebe177d614e4a14f034024f93397a0e9fe5779ccd01760caa6
-
Filesize
362KB
MD51dbb16fa2da8c13145420e85cda509c4
SHA16bee3ddc96a98c1e658299dabf6457fcf90c67cf
SHA2565015c0685b66ef38c92ffc4963e144e913b646d8e855f3976e50c8039879cccf
SHA512a98b086bf9175b7c2b5c25e1208c8f7248c6eed2bc9acc095a52479550b58bd22dfd9a09dd3674f59ce9ef537f27b0dafcdab194158438d0e68d3c120fb97e34
-
Filesize
560KB
MD57b929206486e740b4c9299112186a94a
SHA1b52a4c8eafa2d9439d525a167cb3482f31d7a6e1
SHA256a0ef17a572ce510796886b844226b65991bbddcc71b763b91569a07ef23d2070
SHA51291f4676cc8eeee6f3d643f13c27602ce05639b3707bbd950fb0f745242e92d053b74f575d87522a43f2135662870ca3e3eb6ca894737a5d14900b9e48c837673
-
Filesize
328KB
MD5c5bd14d64a64ac7f361e49035405852f
SHA1e2484e58f524464fadf898ee0a3c972db19fa9d0
SHA25621c7d459c55f255c6da5a6454eafc836a3bcdba9c99c76bad0f0d6fbbe7a33ef
SHA51274443233e16ec24814ebc4e16aa5108ab447c4b1d095c2e18ae4cd2d25fccb13a182fda1dbcc286b9f8b07e80e19ab19544fe758efd90910a4eb1d05c3ce3393
-
Filesize
344KB
MD58e490ee67f6c53f9916715b0d32257d2
SHA1dbf51ece8c770f38019f497bb10966feffde0ea9
SHA256a8d904e4871efa01c72ef64bab601e6cb1de216db4a696966e90fe1b733bef17
SHA512a5774b930e4d5f6d91049fafdb6a743fda32f670e9aad9000740010d1b271a4c3c881d138e40abfcdbc6bf98f37fb3791007a74d38ac507b8bf86ebe0ee00c15
-
Filesize
880KB
MD52204d0005209a5a2fe25bb44b8e5ace3
SHA1161d7d4e286d7bff25e3f096923a5a7c7a3cd30c
SHA256fafe173abc2ca773026b0caa24e693a0ac4c9d0ad7c40258bece10e4714dcb15
SHA5128dc654487702636e28a1fcde05b8b9d2ec71a640c48233dbd5ed0aa174a875e275e310973f7e993908919affb7671282d40a8dd280b24a1c5cd29dc66e4f9abe
-
Filesize
819KB
MD5d7f858c12123e975b4a862c3df05c0f4
SHA1f8d2ffbf76883f5f095e10f3de5694c209c47b12
SHA25629e4d010c6b951c129633aac0f55b70107fd24dcf1062c20e263611e30ab4b93
SHA5121d44549e83b0af8d9c1b5826c970eb8dba5e8159c0ccc3586022d65d1e5234b06cc97ee4a9d45d7d944e882f4c5a12947bf810f73c8c064255ac0f46e35799a6
-
Filesize
690KB
MD573bc88a210dcdfb14b6f29d8f86f4f4d
SHA1fb3392a03cc355aae318902122b7245f2fc13d01
SHA256bb8b656b1d2c4cf5f361f59b44abd4809cd774e664dbd0f90b62b97ea125e3c6
SHA512671b90bff006b22ce714971bb8ba87acc4d887f9893709a090a85a8dcabb1ecd72edf54775c77378ae22dfd5ad2880df10efb201b1d4c11a1d304086b8ed3c8f
-
Filesize
350KB
MD58faad383bb39fa15ccc8d07beffa5a34
SHA15bcd907923c04b310dda718b5eff4115cf42c6fe
SHA256e31a9cefcbef64d082b77a16a2d5dff11673f74363cf9fc34e36004a62e308d6
SHA5129a604a1e4cbb23d48203d02950465020c6dd5a3556ac6e5ef7dceb0491b8d5c5722b6b73226642f2234885a36dbdcb1f628503b6cf63c84b4a28408d74e82764
-
Filesize
592KB
MD5987144e7837f63de1889492166f4330a
SHA1f9b5055572eb238b357a7c977c4ceb6f7a768232
SHA256d10af321c33d48f5e97abb1c74b76e43e63390b9022bed58437fa4d271283900
SHA51232ae4c6d7e90cc0723ca385fddf36ae88fc803bec790d844eac4c7a67493352c3aa85a49b095178fcbfa4485b9167b6f4dbf0034e7784148383d0084d63fb9e5
-
Filesize
522KB
MD577ce70fb50d1de7cfdd6b13161a09809
SHA109d08cfaffbf255a013a8b9727d40c776be51d37
SHA256ae2457b6f347d34fa8ecf524d91154ba9b80ee160196d774546c1b8924049495
SHA5127fae3a792a2d64ecbf60ba2b694ddf2b40df0e1fb81b602b878ede856912579b7ea78488bbe998151350df814a8d8b0f3f1299882c9b330d214f9db05de86b56
-
Filesize
415KB
MD534f3d7788e213b731c0495b2fe45c78b
SHA1e7a2ed024e61375077973031e2dc82d924ed75ca
SHA2562ca9eb9d04ab45f479b392ca9067d353e5472f863d3b784acfcb1361c6da30d7
SHA51248400842614a31f65278e667b43d188dd44e4e9101c7d3d01ad75569d1182cb603ad07168195364ae53dc598f544f438f846ccfc604db208fb29998b292febdc
-
Filesize
301KB
MD5d9be21bde24de1026279aeb67999b1bd
SHA10a0e090bebc5e4e7550152bee739f220f8ad9e9f
SHA2566c364baa231f41c668fb15da586568a985fee2b4bb3e611c07ba97675336c013
SHA512d376aaa1d38f20e0cf89131452df6d67489711950a3c89aa515570588797c4d83c5dc467773d3af525a551e0f6087fdabbd2ec3d2b48db4b961f2c1e9932f0db
-
Filesize
298KB
MD531b1d4dc9c0fbabb29c2e32c759e7238
SHA145810ead9541adbd12f15eb63bf33f932f7e48d1
SHA25654469b7be7f1c7cd972e77d9853813d41b515b2ef8a3824e7fad2646b3ebb3a4
SHA51210e76d0226cda5541a3352c8111b16d59d563e91512be4e0ddcac9b71e0c2f5953ac170d8a23fa1c6d523d3214057950ccb7a67f922921d6c34d475590055856
-
Filesize
5.1MB
MD52cccd68519bff7f6a45380607940ca9a
SHA1107ed8e7aaf2ea4d8b290afc023fdede16e47254
SHA25644387afe96c6d1cc6b24e6e05e42e92eb51d6c520743fc8e2eab06c683ba27e3
SHA512da3c67f10ff1d741f6c4d5313f8f1887ad3232b33935d5576d321e2d0622f601fde3f3cae24b23f00e8e7f7f48aea49fcf4fde12aef2b396ea5697566f8b7128
-
Filesize
144B
MD59300d1436965c7c0933f53bd16bd332b
SHA196246ceebfd51faa9470f9152d0925f6cc1983cf
SHA25653c824fd08de03ee221296cb75ad6e8c3cff5b8254a467180197cb308666377b
SHA5129683ac45be9771e053fa11a0b13b7fe6866c44385046c3f7b67e77e1fd068f5903bdb1987209cf68432ffc021f8366f6fb002c360e3ed6ae030a8fe3996415f0
-
Filesize
45.5MB
MD5cad3e01bcb66e7411b1c764acfe8c0b8
SHA1c454e64152d2e4e0e45301baf5d436b3bfe75427
SHA2568074b9131dd6424ae5b6dcb8ba256933e677ad0392df8e4a444ec98df81dbee5
SHA51263b884a98fd494c31f59c5bc61ca5f7f777e466899d978696adcae5c596dac4a3043124595ca678ade392ee417b675e375f3aef349f4ef280b3872af66a59a58
-
C:\Users\Admin\AppData\Local\Temp\nsfD1D8.tmp\7z-out\resources\app.asar.unpacked\native\cleanup.feather
Filesize989KB
MD57c2dc9165c530f4888ac63233c040560
SHA141f5048d8365df3fd35c744ceb49bb5ff0e63edb
SHA2564fcdb7229bfcaa4b158d0a2b4092e76d8145a1e82fa432c99a7d5ad11eb84e9e
SHA512a6dcc746353c736d848ae3eed110a519e3db52195f4f02193d322220948073964e53e4d082cf3a07765c48018f357153257cd04d5f5f3d05bb44dfd400b2932b
-
Filesize
125KB
MD51d3e78a104f30be7b3f7aa71ffa7900b
SHA153463a970842e544c0784abb748d4ac6c17e511f
SHA256158f83e3dce35ad8943c73d3414fe02a4a9ad73527ec4dbd73c15a94accd2345
SHA512a35df4ea88a8e44931dcf939958e6004d3024c9d8afa892dcfb8755546505f33fa70b7c04a3d85627ffdef66c08f2fe341a1756a63323fdf6fea17f71f85bdbf
-
Filesize
401KB
MD517b5a28e6aa7ef49bea7555843937313
SHA18c740e68f009c3d03db74edc347cc5d1fac7b1b8
SHA2562590aa136bc101f1075e42cd8939c7679ceb35b773c989be2ada49acaffd01a5
SHA512af7efffed22246389d6a834cc8d8467e965849ffb8fbecd4d192c0596d1a026c6ddbe49cd2029163fd77bad22906e80446512bdb918875a7fa96c6ffef65cfc5
-
Filesize
716KB
MD5b978b7e83b574a43fe766af2b670c1c4
SHA1ab0d1211740fefe3b8ddc8bcb2400e68cc88ba4d
SHA256f59fa568139442c7f547fc8a5a0fd090ddc8427cc409e2fcef0518a9dcb47a96
SHA512ac0f297b128e83d55788aadf5870849781d81cc61461117c5cf22f757e20089acb640b3ebc2f3bb2fbe1659e75da73a63cb884be4a791a90702758e6c52dc706
-
Filesize
4.6MB
MD517bb7a2a7cd8ccd96ed19753cfc75bec
SHA17c996eaa179fd472a572a0efb3e243a81b283977
SHA256070c9bb970f13a47e3246fbeadd4d2d3916273e1ae3db2059d806691bfeaf6d8
SHA51280ff7ba1b32e3de374e8637852b96c12882a5f7d32651ff0e1c2cb97898a44aee46a569a42b073a4e368f364f0daae2e86eca36068fe6794eb5ba55cd3ca5ee4
-
Filesize
106B
MD58642dd3a87e2de6e991fae08458e302b
SHA19c06735c31cec00600fd763a92f8112d085bd12a
SHA25632d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f
-
Filesize
849KB
MD558871cf606db440509b56a3f764e72e3
SHA1312e810cfcfb663b0da00eac3b87294c0b035cfa
SHA256ea1f3a66f9322d20da4542c42595eb789e532a224a0338dc488e998ae00e59ea
SHA51207279c40721414f6ab345f83d9189c3c7012a54fc839359cb33cf4793ea771507535518554be99bac339463b7bee89e263e7a5cdd3f443a550ca6476c350a2a4
-
Filesize
9KB
MD517309e33b596ba3a5693b4d3e85cf8d7
SHA17d361836cf53df42021c7f2b148aec9458818c01
SHA256996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA5121abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
-
Filesize
100KB
MD5c6a6e03f77c313b267498515488c5740
SHA13d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA5129870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
Filesize
12KB
MD50d7ad4f45dc6f5aa87f606d0331c6901
SHA148df0911f0484cbe2a8cdd5362140b63c41ee457
SHA2563eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
Filesize
24.1MB
MD50c86174ca06d892881301203cdf2c32d
SHA12b7462bb7732725f011a085349d6d206eed40048
SHA2565d3d8c6779750f92f3726c70e92f0f8bf92d3ae2abd43ba28c6306466de8a144
SHA51216c1b043c81394bab65b40c5a9c5b742300cb605d9780226af725bf4d6e38c701f604549b2a3b2138ae951aadfc53faea66c97268c8c61c6c4f0771426ecca62
-
Filesize
3KB
MD51cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA10b9519763be6625bd5abce175dcc59c96d100d4c
SHA2569be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA5127acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
-
Filesize
4KB
MD5f0438a894f3a7e01a4aae8d1b5dd0289
SHA1b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA25630c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
Filesize
424KB
MD580e44ce4895304c6a3a831310fbf8cd0
SHA136bd49ae21c460be5753a904b4501f1abca53508
SHA256b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
Filesize
6.9MB
MD5b364dd867258dfc79342e00d57c81bb5
SHA1c990b86c2f8064c53f1de8c0bffe2d1c463aaa88
SHA2568588eb697eb2049344e6206d2b66ff63104f1c55e553621ab8ecc504d6b9e9d4
SHA512d5d5408d7a0bd7731761c601232df77a972592bf027f29771d17fa7b62103b43d98b55516bbf7d45611658a2e477a60ce4cf89a349a85c4abe33186278f4c44f
-
Filesize
1KB
MD5d6bd210f227442b3362493d046cea233
SHA1ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b
-
Filesize
117KB
MD5a52e5220efb60813b31a82d101a97dcb
SHA156e16e4df0944cb07e73a01301886644f062d79b
SHA256e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf
SHA512d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e
-
Filesize
455KB
MD5622a95e2fccc1657cb2a760688b40665
SHA13feda4e77dcd8faf189371c71a35066b01320873
SHA256e52469f3bce3768b43615ba44bc891dd2cda1b8e05659debd0cdbdebaaf9b199
SHA512cd7a4705a8b7543d85b9d45d2832641d9783232494c66570d0a1084dbeb67cbfb5f4143e0deda7840f8f53db890f1029f9faf2a8814c1e885aa618f028a0b6b1
-
Filesize
370B
MD594d2f51d1093a3ffd658563aa0c99538
SHA1520b928410c4a09c23287d1a9078c936702b41d7
SHA2564dabc5dd15787cc671811195bac9e2f7a029730cb4deb474d6571b5f33b726b2
SHA5122c3efc9682ef99040b57f1e726180a50feb11e17eb84c608521eeddaca26dbfca872efd784837669f83696e5433be9dcf302394f7001050b25913df0c849f973
-
Filesize
682B
MD579e630918de31f7e152af8189cd441e8
SHA1415ec3d403a29ab72b1c02f4f1312ec159056d03
SHA256d45532af6d6154f089d92f874c4e86d2d6385caf0ddc3e7c87c73bd44f547012
SHA5120336c4dd4d4f39821305b27ab98a09e7fa1ffd2b539f9edf4f291b48c7340c3611962aac98fb7c6a3007af03de37001d089dd153506a7f7b961842ea97f5d486
-
Filesize
682B
MD5660b860d3cdaeebd0ca33490e1d80c3c
SHA14e3af8a2b9f95c9f7be586e5ea23759f37bbc464
SHA25674b7bf86c7b3494760c3b22e65dc17a80fab7051c5f53c0ac04a8273026b5888
SHA51244d4e82c40119fa18d16fac01d4b289f4e787ddd6e229903f16804bfc2a880b3bb2d3b03ba8a0a7d9c569846b9beee8f771eb0c58535f772d6826b9e5131815e
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
370B
MD54114f7a6dbb0229d9c2d8c608d2115de
SHA111a7a8683e0478555752171983a2288cda01171e
SHA256860c9480e49d462871b3698d247285957844c8ac1300b68e6a469d9bb55d2cc3
SHA5124d1758784dbb4d0740d0fa83c54578690f6bc97566fd2d1a7e1bf331389be054f337b481d84fba69c869112fe49761eee10bc8f593d63cdbce5eb04976ea7331
-
Filesize
537B
MD58c3af194837d48eded4907701738ca26
SHA118ce5a3a9b5874300263112eb8c55a45f8320cc6
SHA256d91d66ab3f4d7fa332907e618dbf21aa928c35cf1bf60e41096e040ed1512250
SHA5128620a01efc24f988121e03f3002a260967127f8b6d31b42c51cad88b0ea5b0c044744b63761656b0de12cbbc0465b599b214156ced91c43892ad4f7dde3d947e
-
Filesize
370B
MD56d4be08f22ec00d0e3076279b7955c9a
SHA1c1671a2f37345672a1bfb54f0d67388b4b6c4af2
SHA2569ee732150c5541fe0ad4a81fda6c7466a6f97a95e3fffe77d82e3f205b2e5edc
SHA5122a7f2819cc50df37b14c5a85c15cc2030a183b9538313f0485b6b0dc11e3640e52778822c28a1048f2a1c4cfdde717b13b9ec81c680f4ff0e5e98b5cb7215f77
-
Filesize
86B
MD5d11dedf80b85d8d9be3fec6bb292f64b
SHA1aab8783454819cd66ddf7871e887abdba138aef3
SHA2568029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA5126b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
94KB
MD5c8e5574247f5a2468f71b53fc0279594
SHA1c28d7c9cad48882beaeed0fba15cbc11fc2f949c
SHA2560373c0cd6856950dee1b1a9e3ddb896099c6c823f6e46dc00802fed19dbd58d0
SHA512d244d3879cbdfd22bd94eb7d4950916b5999d6c012b0287a8807a110f1bc80266049f4d0563b97bb0154bcde7480ffcba07e9f7e66fc2ac20020e3c77792df81
-
Filesize
191KB
MD5eab9caf4277829abdf6223ec1efa0edd
SHA174862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA51245b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2
-
Filesize
5.4MB
MD51a7fda01018e33117041e2b5725916ea
SHA1513deae0ed56c851c3a877a03b49489b595c621c
SHA256de8136207a6ad76ab507e7c35f44fbf6ab9692d119453ae5af7f025d24ac138f
SHA512b672c1e1b5a90299f0b05de15b18f49aab5f8d2a3cec07d4e4290def476ea7e0b643105848d3e814cd82abe68c6663aebe7c4d72ee846cb8bbefc71e9286612d
-
Filesize
869KB
MD513f098f4d6afca8049843ad230c32902
SHA1dae3ad20a6966b267469e21d6a55706f762a4afe
SHA2564f2b1de049338f791dab6d5d8be6edac556a33b5b4abd8b06662a25ed7c17a37
SHA512cd0d37f5e027792ac6660af9d1b93cfef1ea367415f949f822379781b079cbd2a15d48b29b3c868f70154e9672f5616d19092b321028cd07d5d8e326d482993a
-
Filesize
180KB
MD54963ff6455aad7d1f9d9d47e0ae3fa89
SHA1bd44672354dc55d828b39bfc1d49543a8f8dce79
SHA25639699ef0144e0b375091fd1824e940f8c91e4dbb7eb5b568903d4baf70e6d2cf
SHA512ca419a5ab17533d3c1263c5e9c5334a13290495b87a86b41bf04058872874376114b4d62ca66cee9863c673862d513899dd80dafd4dece6a999702e2ad8c3bff
-
Filesize
180KB
MD5a074f9ba7166e1f8ad9db84ce76d843a
SHA12a36a3d8707f8b4fec94e26ec6e2a5df721591eb
SHA256a3ba9b962f0e5ecdcfa3f9ff7b25bf7b61d78abe5f393ee45f71ef7ce0d9d497
SHA5128ef81f2680f2b2de0453f2f2e8f209257c38f0e243a55d478a0085415af1483771741b09009eee3b1b78530016ca53c38b00918c5a6a91d947576d3b061bd31f
-
Filesize
634KB
MD5464799b58f1090430afa4aa6183bedb6
SHA1f2b3d878516031e4d968fa8d7b160a14e51688e8
SHA25642305b0bdfc29a9b03bbbf17b0adc12146cdb37031ae51029b440d537f714571
SHA5127ab70eb7fdcc107bc41c345b8ca7414ea40f7c3b566614d7767d5d9d93b84cb73d14e447b8a885ce71fb1c46a2469b825a56946a1ef7ac0f8ffdd3110f08d97b