a537628fc0239ee5e022eb18eb2359c31e5e0a39ecc71b50b0b69003f53914ee

Analysis

max time kernel
140s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NylithBootstrapper.rar
Size

239KB
MD5

a67e15aedb0a73d21e870b97706f87cc
SHA1

51bc2af8d6705ae6f59c9642a99410d2fa442856
SHA256

a537628fc0239ee5e022eb18eb2359c31e5e0a39ecc71b50b0b69003f53914ee
SHA512

997fcf27cc9c2d85f4aa163696876b1162ff23957e290a35950f22bd8a6d6e8291524c828ed6e83d6422d845f1e44a0c67d3cb936b6981d3bfb7054bc661a5a9
SSDEEP

6144:grcWEduyk9P8ZjdfNfOzpPT7t5o2XBCayCRMiO6u2a0/VIoEw/:JIy2P0d1+JLo6TMiOE/mb0

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	NylithBootstrapper.exe

Executes dropped EXE 3 IoCs

pid	Process
4148	NylithBootstrapper.exe
1872	Nylith.exe
4400	Nylith.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
50	raw.githubusercontent.com
49	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NylithBootstrapper.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4148	NylithBootstrapper.exe
4148	NylithBootstrapper.exe
392	msedge.exe
392	msedge.exe
3444	msedge.exe
3444	msedge.exe
4120	identity_helper.exe
4120	identity_helper.exe
4148	NylithBootstrapper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
620	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	620	7zFM.exe
Token: 35	620	7zFM.exe
Token: SeSecurityPrivilege	620	7zFM.exe
Token: SeDebugPrivilege	4148	NylithBootstrapper.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
620	7zFM.exe
620	7zFM.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 1872	4148	NylithBootstrapper.exe	97
PID 4148 wrote to memory of 1872	4148	NylithBootstrapper.exe	97
PID 1872 wrote to memory of 3444	1872	Nylith.exe	98
PID 1872 wrote to memory of 3444	1872	Nylith.exe	98
PID 3444 wrote to memory of 4792	3444	msedge.exe	99
PID 3444 wrote to memory of 4792	3444	msedge.exe	99
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 2916	3444	msedge.exe	100
PID 3444 wrote to memory of 392	3444	msedge.exe	101
PID 3444 wrote to memory of 392	3444	msedge.exe	101
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102
PID 3444 wrote to memory of 2512	3444	msedge.exe	102

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\NylithBootstrapper.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:620

C:\Users\Admin\Desktop\NylithBootstrapper.exe
"C:\Users\Admin\Desktop\NylithBootstrapper.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4148
- C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe
  "C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8.1&processName=Nylith.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x120,0x11c,0x7ffef72b46f8,0x7ffef72b4708,0x7ffef72b4718
      4⤵
      PID:4792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16420481507691898324,16005942350044180685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
      4⤵
      PID:2916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,16420481507691898324,16005942350044180685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,16420481507691898324,16005942350044180685,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
      4⤵
      PID:2512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16420481507691898324,16005942350044180685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
      4⤵
      PID:1092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16420481507691898324,16005942350044180685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
      4⤵
      PID:4976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16420481507691898324,16005942350044180685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
      4⤵
      PID:4508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16420481507691898324,16005942350044180685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
      4⤵
      PID:3328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16420481507691898324,16005942350044180685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16420481507691898324,16005942350044180685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
      4⤵
      PID:2244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16420481507691898324,16005942350044180685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
      4⤵
      PID:872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16420481507691898324,16005942350044180685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
      4⤵
      PID:3652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16420481507691898324,16005942350044180685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
      4⤵
      PID:2848
- C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe
  "C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe"
  2⤵
  - Executes dropped EXE
  PID:4400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
4c68fa9da4031e4f6bce89afb698f67a

SHA1
05253b06c10ab70558beac773286ef6c56292e6c

SHA256
9556882e8bef920eb50efe55b57afacc70c710e8ab808eb95b04e8d4b88eed2e

SHA512
e750014f86f1ff47103a585b912659913f4b40c284444747c770d3ca870cbd2ca1f249406b815c518c59d5b6f95ff3761bd56912ec799a22170ca0f7aa9a7ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c977e7bdd82bbc7d2a8944046b002f3f

SHA1
851f1619eef6070df7f73502ac066753c5e0d2c4

SHA256
778b86e3e0073e6d04143797ea33c0eaa438e6102dde6d80ec29ad98be788814

SHA512
95452a94fe0e004f21799420694337344f18e2b0390116ed6a53f1c30ee41d7b7d6f87826b84eef7c05d5840f6ca23e3fc7cd8290ba87ba2b0cfb9f4180b6a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fbad813c20428a667a587ba79c44bac3

SHA1
4870ee587dfc2762c5540db922d950f11ca78386

SHA256
32bf0a2d83c9a6e7805019eb365a1e365cbed7079eecafcb410e20c166e1af97

SHA512
5a8e3399b5731e9a9c0da213d14a2670630c2220eed6cfc7272da3874b76b4d4a630f71a1aee0cd88de8d2f0497a28ed3cf0bcb20744bdaa81598ad831610616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2fda2b69d146bada8982b7cecf1e523b

SHA1
1b9be90d05918233a6485db9dfa1653bee0f2641

SHA256
7328079f580b201bf08709a44fb0ea480031133d23b1f6bd511269db00aaf8a6

SHA512
2994df457601013211613b3f134756619ea49ed6092b3beb138e562e75ccc368d56737b20100e3217d8b2acf2a64e2d20934fb9547bd4ea9702db577baa6f284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
85182dccd923e7abd78c08e77fac48d0

SHA1
048ec0c6d35a6ccf655b9e8e21cc86f454a1f8c0

SHA256
84f366f416778154575f4585340d30a9a4affd484c41efb001ef678326631cb7

SHA512
95809a9a2fcf56e45838d74d8c90229574c57d1e7483ef3adcfe84e5521917d3781f9212adf6921061301d7cfbc4754dfff64a0a9ebeda647bca54e9c538b232

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe

Filesize
9.2MB

MD5
2b3d773742947235a2eaad2deecbb1fc

SHA1
46f234267a06bbe94b87bf40d0c0271ba4dc68e3

SHA256
e4074eb2ebe7b2fb39c3f637654d9934c8caef265fb7520152c1bfd2d4d3192c

SHA512
229d8896bf41096a334ffc813f01719dced348c2f52e1780e57c8aa4efa5079573129328838283af4a653a78e5c39ac9a2b72a4ef8896f5390bb15a4b8bcb782

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe.WebView2\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe.WebView2\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
66e2b9cbfa07c117a5c561c13b6054a8

SHA1
12740482d78512fae5ca861724b89acdba8d5251

SHA256
facac8379816178a85037c606fa1376a75919cc500e3c0cc1b7ae0d972a47e9c

SHA512
4f582bb4f94002f1c71bd8d2ff49b97423af59ff80571e4eb3c95f4e8ea5af135a2b133331dec92ad178e253dabc1a228395ddb05a45a7fa71077377b7d064c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\Nylith.exe.config

Filesize
2KB

MD5
275ac791ede95759b37ab00ae6a222d7

SHA1
cb179505c438d60782d243b07b241e2fed77e830

SHA256
8c6cb4df1b68121229aa209716be47a255ed65ed7d212f159474ced37b6ee04b

SHA512
fa108551c8f5322fe1e91c8e1e62592dc28da0ce9fc747a3e0e6a1d2041b91cad40b6df954e90f177caf5b127e359100759912a88261687dcfd48abc43cb0539

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\bin\DebugMonaco\package\esm\vs\base\browser\ui\iconLabel\iconHoverDelegate.js

Filesize
368B

MD5
dff5cd240217dc0e722c27be242db91d

SHA1
244d1e7b3a10bb26e52ad9019e0e20f8bb3a72aa

SHA256
151caa77914089aa02273bb851f4b9a198eaab38da7eb9e4bdd7af8075c2dc57

SHA512
e6033e28f65f29ec3a7fc2e367bb6dd2909e38e5e5ccd267fe920e82c25de00c3cf5593db022dc1664ec00652882d5093121f2686788ee3eb60d0b2d87fef6d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\bin\DebugMonaco\package\esm\vs\language\json\_deps\vscode-languageserver-textdocument\lib\esm\main.js

Filesize
10KB

MD5
722df93c13e5a9e4b3a42c515d6281e3

SHA1
e046b8875a0373f38e8135f6500bc9deb9b1cc34

SHA256
bb9e7de4f27538b132cd593302a62f8a42f433e1b0e04a1edb4472a97d6ddf46

SHA512
6e1db81e7286e7762cce5c281c1ddab227ab374c5c33ff45a5031275592a84fd47547b6ad496f302bbca0bbdc01ed899ff8ed87f22bb8b88973a257e345b70ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\bin\DebugMonaco\package\esm\vs\language\json\_deps\vscode-languageserver-types\main.js

Filesize
66KB

MD5
f80215fcc9a89ba7be3bc0b32cacb094

SHA1
8449846cc76fc770a31e310882454f5d6beae342

SHA256
1adcb7cc0756472bc16ace850f3f5b6d5746ea4af2d75ad0785b967dd07bf9f1

SHA512
7187397ff691dfe558c00a8393d4d3d86b7ab8fdbed8b40ecd43c8ba3af40f8ceab0f78d001cc892ea0d5b5a36be4a559715a4385b39a6db1ce473b2883513b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\bin\DebugMonaco\package\esm\vs\language\json\_deps\vscode-uri\index.js

Filesize
11KB

MD5
db7069b3b398babf3a2a97e7f7c3aa65

SHA1
2208bc3bb4548247d672cbd3368dbb992ce6d312

SHA256
15fce1bc78e59f11f36c62e31b6db98d10cf5810fcb8fceeecf9cbdd2ac9742d

SHA512
326716687bed34d862a71df1c7259988de21ef78af8829d2253f099988818200477df7e13f97fa78671d426a856feaa651d1c8350f7edac5d59ec9bc13f354d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\bin\DebugMonaco\package\esm\vs\language\json\fillers\monaco-editor-core.d.ts

Filesize
37B

MD5
604924c7fd140e65f677cff5c06ea77e

SHA1
60adb20bf4cac895df6b31a4da98a4d2267ca3e6

SHA256
87b3728d7af0f6c25f9cdbedfbc093f5e46a24371910199a638a1a13e3444668

SHA512
34affd619893b93ebfeb0d19daf6c4768b0e3de7d4d8272058cd41608ef9a1f5ceb5951b0b8a7732dd4e3e020d51bda9c9509eed4a3a5705d3a1ad396d610af1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\bin\DebugMonaco\package\esm\vs\language\json\fillers\monaco-editor-core.js

Filesize
404B

MD5
40fc593844c4ee88ff8e87481824dda0

SHA1
c2d8bed92d90e685576812d7c62ac2db28af2185

SHA256
a27649c652a7abcefe0b54567eb64f1cdf9be521bab22cfb71718e816b160375

SHA512
0457cf90d188e803401555e57a24647e592830ddad9e9e73d64a89889ec6b40eb15d2330ba507c6bad2faceb6c14bb643b4557db1e68896354aa6a19a99ae357

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\bin\DebugMonaco\package\esm\vs\language\json\fillers\vscode-nls.js

Filesize
1KB

MD5
1e2ca4b54776b992ed920a66940bca7a

SHA1
86ed5c8360d31c4763c05184fa4e7cc46cfa9354

SHA256
539191b86cffb8607fc04d0369756281f63bcb884cbe6ea729a668edf4018059

SHA512
fb249812b6587078d8a715d4c684af62db0ed05f6d80afb3374fe1f1e0a0a11b2c2551fcb738f3383b88152f95ca889c7c81543da7575d8d8b161d5c9ffea07b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\bin\DebugMonaco\package\esm\vs\platform\telemetry\common\gdprTypings.js

Filesize
12B

MD5
5c7f99e3d4eaae821996a487acc6a5e2

SHA1
9ff99e6a0a31241fe503c3c76a340bedfe2902b7

SHA256
f761c91419d0a89422a0004ef1a92929dd4d2d5e5c16758654d8b0467d1998c6

SHA512
9247b46a096ad45b486e4b83bb880a7d4e0da7731e3e64b8ba41513a0632932d3bfcf132b2d20e81e363c2595aa9a38d486111dc6365c0f014c1af25ec0be839

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\bin\DebugMonaco\package\min\vs\base\browser\ui\codicons\codicon\codicon.ttf

Filesize
63KB

MD5
b13daaad214ef227a36fefd95d924380

SHA1
95791fc8733a4bae907859b1a46bd1115f90c983

SHA256
774c4acc42f27289850537e2b6e9b85f67fde54145f6f41876dc4f65b45a4a20

SHA512
ad05613494a490e01504a30e34d7fb5bc2e535d70b5e5d5154a81ad1acaa51c0e368a6fae6aaa0a42faaae63f7e751a98748a7c291056100b7ad687ff6ae687d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nylith\Nylith Main\Nylith\workspace\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
C:\Users\Admin\Desktop\Nylith.lnk

Filesize
2KB

MD5
19a487c3020d39f7cebb84512204925e

SHA1
184b4541eacfcbc7d0cca81cd976c50504312f26

SHA256
a4dd2f6cad68220f38c40d38fd346dd6228c50e2741feb663b730cdef05d981b

SHA512
d96d808cd0fbd5fa7746a5745bd6a92589447cfe91e33865e7feb005bee601fe14898f7bb1e1e1d45d211c6283fe83591686c6b245d7c51b0d4039393b21d3a4

Download Submit
C:\Users\Admin\Desktop\NylithBootstrapper.exe

Filesize
259KB

MD5
25b05f71bbbff3d3b0c11a8b40eb46b1

SHA1
3c3f9abbd9d5c26d4034e0c588ecfd97a95d2169

SHA256
34e45cef356fb9716d02f7572e7e7cf7851ce3ce1f411e20ae424815ad83aa2e

SHA512
f150baa70ba6e0fd9fa286b5cac552548044d7a1846537653ffc5a7a70d604cca29c1d944a1b36da54378520147f3f6e134392682f6f89275ebfd93b49a17901

Download Submit
memory/4148-9-0x0000000004F60000-0x0000000004F6A000-memory.dmp

Filesize
40KB

Download
memory/4148-11-0x00000000748A0000-0x0000000075050000-memory.dmp

Filesize
7.7MB

Download
memory/4148-13-0x0000000006830000-0x0000000006842000-memory.dmp

Filesize
72KB

Download
memory/4148-10-0x00000000748AE000-0x00000000748AF000-memory.dmp

Filesize
4KB

Download
memory/4148-3300-0x0000000006810000-0x000000000682E000-memory.dmp

Filesize
120KB

Download
memory/4148-3299-0x0000000000F20000-0x0000000000F96000-memory.dmp

Filesize
472KB

Download
memory/4148-8-0x00000000748A0000-0x0000000075050000-memory.dmp

Filesize
7.7MB

Download
memory/4148-7-0x0000000005020000-0x00000000050B2000-memory.dmp

Filesize
584KB

Download
memory/4148-6-0x0000000002A10000-0x0000000002A2C000-memory.dmp

Filesize
112KB

Download
memory/4148-5-0x00000000006C0000-0x0000000000708000-memory.dmp

Filesize
288KB

Download
memory/4148-4-0x00000000748AE000-0x00000000748AF000-memory.dmp

Filesize
4KB

Download
memory/4148-3470-0x00000000748A0000-0x0000000075050000-memory.dmp

Filesize
7.7MB

Download