Malware Analysis Report

2025-08-05 10:06

Sample ID 230430-1trlsafb3v
Target Bluebook Setup 0.9.162.exe.bin
SHA256 98b34d775532bb30e1b64d9cd7f7068ece76b983232083bca22110647ff1a279
Tags
lumma redline discovery infostealer stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

98b34d775532bb30e1b64d9cd7f7068ece76b983232083bca22110647ff1a279

Threat Level: Known bad

The file Bluebook Setup 0.9.162.exe.bin was found to be: Known bad.

Malicious Activity Summary

lumma redline discovery infostealer stealer

Detects Redline Stealer samples

RedLine

Lumma Stealer

Checks computer location settings

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Collects information from the system

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Gathers system information

Suspicious use of AdjustPrivilegeToken

Enumerates processes with tasklist

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-30 21:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-30 21:56

Reported

2023-04-30 22:16

Platform

win7-20230220-en

Max time kernel

29s

Max time network

41s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe"

Signatures

Detects Redline Stealer samples

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

RedLine

infostealer redline

Checks installed software on the system

discovery

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe

"C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Bluebook.exe" | %SYSTEMROOT%\System32\find.exe "Bluebook.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Bluebook.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Bluebook.exe"

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

"C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nso985B.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nso985B.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nso985B.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

\Users\Admin\AppData\Local\Temp\nso985B.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

\Users\Admin\AppData\Local\Temp\nso985B.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\chrome_100_percent.pak

MD5 8626e1d68e87f86c5b4dabdf66591913
SHA1 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c
SHA256 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59
SHA512 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\chrome_200_percent.pak

MD5 48515d600258d60019c6b9c6421f79f6
SHA1 0ef0b44641d38327a360aa6954b3b6e5aab2af16
SHA256 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce
SHA512 b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Programs\bluebook\ffmpeg.dll

MD5 7b33115a739876682c124953fa49c6c5
SHA1 c20dac43f981c66c01bfed5149ae2fba6b1beab0
SHA256 b51c5c4b6b57b4b4fadcec13baeabc3f72d54cd5ff9da5f99c52e289e7d831eb
SHA512 6671de92ece80775bd7bee023b310c9a0df11571bce1ed2e36f0ac4f3e168daafb1e296d7f802b177f2f5b47582489f2c36d6768b1767697194eee5f69e23672

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\icudtl.dat

MD5 2c367970ac87a9275eeec5629bb6fc3d
SHA1 399324d1aeee5e74747a6873501a1ee5aac005ee
SHA256 17d57b17d12dc5cfbf06413d68a06f45ccf245f4abdf5429f30256977c4ed6de
SHA512 f788a0d35f9e4bebe641ee67fff14968b62891f52d05bf638cd2c845df87f2e107c42a32bbe62f389f05e5673fe55cbdb85258571e698325400705cd7b16db01

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\libEGL.dll

MD5 2f912eb3edb25e584d85c2c1f395c02d
SHA1 f75909f678c37bcecb0dfa8a250e24392db9e941
SHA256 0fe74cda75a901c3569c7deec0b275277bf61b948e6d7eb8efa5d004909c88ac
SHA512 16d358330ff9c09cc3378aa9449879facae8c7c25a066c133a9a99b7039a6222115b1698275c03fd5f580667bda448c9d9590d6af9d9debc9b303a649024fa5a

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\libGLESv2.dll

MD5 06ef5cb407f79e4f45e6e5d58527969e
SHA1 0132a3b7cf4e25d8e5923b2a48aa4520c93a6913
SHA256 883bd36f3bf96507030e6c58c830c05c4a8c9ed01d4ddd22c6754ed046cdf28c
SHA512 0bc6ff29bcd0bec82563750f53fd98f4c43f71d02e1994e6499a1574686701419ce0c1ff3bd08bd6ce70261c350aedec2c7d85f47e5f7631b595cbe03878e92d

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\LICENSES.chromium.html

MD5 c3528648bedbde1223a2faab1a3f9af3
SHA1 934d3c8f184258338ff380964ed89053ce69ac5b
SHA256 57b8e5a3f2cd62805001aefca035c7348b4d1abac157e6df3d798bb31f2ec3d2
SHA512 3e3cc0fd7a55f67ee0afff9696beef33bdc9524375bbe9d8e8f7660fd408c756c1156ca0b02ecccdc22799c7b8e74dbde012732ad6b3ebe0a3cfc54ff5132b35

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\snapshot_blob.bin

MD5 bcea5afff895e9501351afbf2a5538a8
SHA1 d12145d6d3ac0aa876a7756be810400374c367b5
SHA256 fc08355e14aa572686c1fb0739ca422a9c2011a74a89bf418f57196da758bdd6
SHA512 9a89da743292428db4881986b297567e182d809804959985b2dfdc71d75f4fc211d1ea51f89c5c8e9718683762cb8f113b59744bb6f56f6151112b369d602eab

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\resources.pak

MD5 f2c3793223ff3f191e19bd79d9945bde
SHA1 bf18661d4a94f851c8679e82b5b41d605fddd6b1
SHA256 714dd8d8fcaa42ea5bf31a927a86811d93031f838abd0396a86addee3dc98e18
SHA512 243e18f07b29e1390d33000ad49e9041b63c7606ffbd8e3d5b0bea309e7f2931a88c08d51254737f12ac39301089b92a2681b1273aa5e21bbccb18b05f5cf098

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\v8_context_snapshot.bin

MD5 36bf4b67900f0e4c934c991b1c917007
SHA1 9325a5c9594e8d72e7a1a802f0d0e81aecbdbda2
SHA256 67eb082e6a3bbcb9f34775b85eaae08d5955ded252887c0ca6674fbc48514c88
SHA512 b339196623bca2d3c3f6cdf59a9d6370c33f7a2fc86ed1ad164f4bdebe9f6b30dd488a6e5a75d9b656ca81f252e588bf2a021e364f67632af43ad4444c5fd8a6

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\vulkan-1.dll

MD5 d893b340d9a66fd1714219ea05877eb1
SHA1 c70ec1ddf7805034377bfaed8064b1706c3d6c78
SHA256 d3d558cb0b33fb1a568c1ed37b0c762fd8c836d8a7d0e19fd0d7407088370e8a
SHA512 0e89deddc64bd36b4d89fe7ff45467a3393869fbd89b14b636a9ffa105840d561f9f07a675d47fba305169a69b1d392830ccecf5604d7b1c55faba1674f4cdec

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\vk_swiftshader.dll

MD5 fc31797666ee0936343748f7b238a594
SHA1 7a087b5206cbcd4acca92cb3ed0c888faf146d67
SHA256 25db511d7a02f3ab4e4ba76092f01a03236d86a378927e9b41e48c795a5c518e
SHA512 8c52c3b2fce4d1193d42aebe457730217a997c7e6dd57cbb2ca2946c9449e25a4874d1bc91f2402edeb2b8b12f2ce542b3faeb56831bdd070fc98f4e08c51e26

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\af.pak

MD5 464e5eeaba5eff8bc93995ba2cb2d73f
SHA1 3b216e0c5246c874ad0ad7d3e1636384dad2255d
SHA256 0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1
SHA512 726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\bg.pak

MD5 38bcabb6a0072b3a5f8b86b693eb545d
SHA1 d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89
SHA256 898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1
SHA512 002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\bn.pak

MD5 9340520696e7cb3c2495a78893e50add
SHA1 eed5aeef46131e4c70cd578177c527b656d08586
SHA256 1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39
SHA512 62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\ar.pak

MD5 6352905a290802a05dd3a64d22216f6e
SHA1 11adb10f0678079c8f73779bb039e12329bcaac7
SHA256 00861d9fa5763cc5c3152edb4a5c956c6bc4f56311ce2ed9e6b496181624ab5e
SHA512 0b0dbad8201ebd1a7dc2cfb11325c509efbcced3ac3d337915cf2972defe2304ea9f8af91d9362cb51333459900a80b714e7302a6483ad58fd64404f8410b6ea

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\am.pak

MD5 2c933f084d960f8094e24bee73fa826c
SHA1 91dfddc2cff764275872149d454a8397a1a20ab1
SHA256 fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450
SHA512 3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\ca.pak

MD5 83f9f785483cd92a73843ed98e674f86
SHA1 70e223dba0ecc5cf3f5fcf32278d97ff864c8024
SHA256 f7f54b55a917a0f68e4b7ed7a3e6feabb224c52d09786b939712607ebe8ab0ea
SHA512 df231f6774a9568cc4b85ad18d13c31cfb4de78830c72900ebd613d580e914e85eff85330ac9aa85246a0e4949891fdfb224ac615a03fcb0ce05b989391963e8

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\da.pak

MD5 7ff057b530184205100dbea8635a29a7
SHA1 f6e22b2e37e6d7bf0ca9bec220650f01d1a4a091
SHA256 40b32636ffb813574d8a063ce7e74860ab06b93a9b16dd56b5b6aa602b5e6943
SHA512 09b7b6c280d98f21beeddf1b9e5834462f29d299a64276c198ef3eab466b352695172d2ff118664c34e51a2b73e21949f203ba35b0bb6d3e031ac770e3e6b451

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\cs.pak

MD5 f36f1b2ff12fb87a578c36f73f5aac83
SHA1 73f61f7b6f191468ff4d9566a0bb6eccf1069cac
SHA256 877a0a3dcb5d393365b2f775faff0d3593dd84b380a27dc72025597061a50ba7
SHA512 c61a38f937dcc90c7dd5b87d9514147b6362d339d9af85bcb3677bb12ae5715d05426f6e67ffd3b441cc41530883a227096b4135b98f2d5c73f51612e0a0e4c9

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\en-US.pak

MD5 19d18f8181a4201d542c7195b1e9ff81
SHA1 7debd3cf27bbe200c6a90b34adacb7394cb5929c
SHA256 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb
SHA512 af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\en-GB.pak

MD5 e0c79cf2e5b790386e44b125d8e1a5fc
SHA1 1b75baf8035b81d6494f9f36930bbc8c512e1dbf
SHA256 6b0e81b2198e025eae1e2f6d5d3a33ccce034d1f4bc59e4cade1b5f5adb99f1a
SHA512 e4feb64ce7edf416422127280cf87967a5e6b20436a8ed33932b1bade73f0691ac819449d38fa0d8a81b888d6319f0b3167aa16e225999dfd6e7800d2365f2a6

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\es-419.pak

MD5 a510ff6703676bacde7e528823878018
SHA1 6551a7dac1c3fcd839b8d7c6ca92470f30a93d0d
SHA256 77114f519743741a488a9b57cdc7190f0507c37dc3b29811704a048172ba6736
SHA512 e9b75bc92eb077db57f906ef544b2339c4eb4f6eddf65d2570c36a00ab4b8a167a53e869d81150a7d097ecbf4ba19625ad4228f133392cc850352fe66fea47e0

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\el.pak

MD5 e66a75680f21ce281995f37099045714
SHA1 d553e80658ee1eea5b0912db1ecc4e27b0ed4790
SHA256 21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f
SHA512 d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\es.pak

MD5 e42486833449ea57261d5bbdabb8b4e2
SHA1 09734ed71302c7a3bf5f84dee1dfab7732bc0745
SHA256 d539c88c4493cb1d9eae600611e3119fe129ec95149049f4b62fc3a97d78ca61
SHA512 8ad283323c3f2e7a9d2e33eb86c371be6a9e29d9243e0d74d5936606692367212f81825d5c313a8859ff8de84eb6d23cbfc577ca47185392da803717f29e8b24

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\fi.pak

MD5 7243727348009668ded33dd0109118c3
SHA1 aa19e2e340c8328132d12ff79d8fd6b02c512a48
SHA256 6581fca26336f66d8ba898ec1253b237db30e7cd1a25fc788290d7ace96fa6e1
SHA512 e890346915c0891a9f49640f232f6633e25655b969911a6697adfea709cec59bb925678e0b97424936c59d523c3ee9e2dc23f115e20c45ca3ed51ae691d0d7f0

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\fr.pak

MD5 3a5bb07820cf46c0f4a81a25724fe870
SHA1 dbc296c1fc516c60d453253ee341ca4d31554230
SHA256 b62c51b85545b3f5d70ac9c684a111689044636eafaeb196f5d52760e0f96f91
SHA512 0222f7a8bf3a6f77fcb9ab7eb0d03509d15bb8634d556547ed55141d550af241a525cc99eb13957744fe2e6d4732b9dbe4d078cb3555b16af6c13e20b9f4e8a1

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\hr.pak

MD5 cbca0ad35cfa5c4b852cc8f556706b0b
SHA1 608d2e11a40e5e15a2840e248a249d1562ba9846
SHA256 6ea4b1a28cf567cca73ccdb7eec631fffba3b49acc41e3c88b448514578d80da
SHA512 5b6f01c10d613f278d507d43fb0c708b32fd486d9b5a5f31a9837d0b1025da6ff85772b8f39e192cd8625d363be570565fd4eaf0f8d11c17ad6cbd956893022b

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\ja.pak

MD5 e9133185d2339d0a2f68c4c739eb3615
SHA1 cfa6db85ec99bb38b734254b7d4a83d12ee5cd00
SHA256 ba2acb635671a48ed0bf8cdc6e0a0318cfb33eb74b4171c6b483b95f2a167bc5
SHA512 e89c886a601943d2089bad27ce9458f95929fd39fd2f88da0545f71e9d18a678eafc303630d0f94ab3af7c77ad19fabdb2616a2d004151232bc6ce1ae8e4c46e

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\ko.pak

MD5 54ace51d8b687e36a66a2bfde258a550
SHA1 1b2fe7c62e3f2c7deede2034e44980e02afa3b4d
SHA256 8d131066e2fa004e11f9128162bfc354d3254381059d6c852bf88a55859ae3e8
SHA512 50b825a88d646a32a4d620bcdf5ce490c8dfbea628c5256a6918dc647c42385f955396ec5d3b32cfdb50153897cf303cd517bc9f62663b14def2dae42229f640

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\mr.pak

MD5 5657d67f6d21b507aab24ff62b0d4701
SHA1 b685a327c525b7e42eece306984e6d88dd803a29
SHA256 671c3cb2a805a63a275ad608d37d0577c6a2813dd67fb6c2b70f8232323aac04
SHA512 637c60834edc6f31c80692274af05e3f78466cd5ddb2fd7c79315b0f54939f41f25c3b30c86fd10751d032def1f99cb853c3186128a76a3a82a6989eaf14a835

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\nb.pak

MD5 55d5ad4eacb12824cfcd89470664c856
SHA1 f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673
SHA256 4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261
SHA512 555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\nl.pak

MD5 285f965bdfd40491c0669f41a1c9e2f5
SHA1 b5c17191ab4d152c7793b6dec0a2e8f1fc298a89
SHA256 b20178135b9f21feef0315fb2f2bc574c2876385e607a539ff0ce6ae7faf707b
SHA512 03de0c35bc75fb96cc5871b5d06a49d99b92864541a3a03816c1245bef567401b260ed94b99818f81273395b1ec60a9f6cae22084ef34e01a95cc41da4fbd1b7

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\pl.pak

MD5 fbc79131a645b3853b4fa97c2b589a07
SHA1 91c6d4386384efa9074956b9e811a0aac385aa4e
SHA256 0948238576efb502327af4040c1d9eb1346fbf1bdcee35cd46746b170a7ea6a7
SHA512 0559d787bb7e4fa32a70c19cf0d1b2962d3869363904c13f345ef733f1193c73a13bad9600d7a5ffacf60b92cd97c27e27f7c4b7e143d0925fb358498c92f8cf

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\ru.pak

MD5 e582616cb61afb76688aa7669936bbff
SHA1 cd2e894a59238ce90be527156243546b4a3fc53e
SHA256 e4edec80c9e29357bcf31eda5d8b046c6c9fbc6434a0b5594b6a906d5f1407d1
SHA512 a5346390b6ec966d75839fb84e8d7284db55065b1a032ecd869a06555cdf116caaad73f9b059c92c17d5a5fb310a41c5f3b2461eee531b231adacb1b3d3d6cec

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\ro.pak

MD5 d8b831a4896af7c78c534f1e8676ae37
SHA1 175da19445b975b24a1e7bc8ffafa93d456ed10c
SHA256 3a58f2275ea6a2baa68924b1dab6b0f06abf8b6657a878dea94b0060a95e38f0
SHA512 e7e75dc7f92eb28759b567ec395f2a951c0e71284c75b9e2c4efd92209dda5767d51d51cdf591d04baddcfe88fbc2c8e6851a904d631b69bd801b9568767d948

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\sk.pak

MD5 07498676ad49df5cb1a14d91e2fc2353
SHA1 da344ebcc2ed566b45668c8ff5b950cb921af71f
SHA256 b7ba1d08ac8498ea6a37186a51b30d6d0db17136ac734982af4dab97f4a6cd9a
SHA512 548dd27e98700681941ac13e6cf90a70c66520f70df51c75ecfbb32391805ee536a34f3e90400c1cfb34b750c9415378e1a75233db614c94a057da64d3369d91

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\th.pak

MD5 f9ff2275865f2cdebb9b0d19d4fb57a1
SHA1 e83c6c8e0005bf34771af3f1c0c9d8ebaa822f95
SHA256 3d4556bc0f26b89d090a8a779a8fda8f6fbe157a23181cbfb1d6c67a6212b864
SHA512 96f596bb564e62bbafe62774fba1cefa644feff47a331e54cd7dc9b85b29f2a2e8e785e85d90cccc27f9a1c735b0a8c6dbe01fa244601f1359194f64a49ee6d0

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\vi.pak

MD5 ebb5db1dbb64895b1a25120d5ac9b5e4
SHA1 810fa53a97fe42994f8a68698d582651d69cfd51
SHA256 ef3ddadb90dc73b73e25e9608626ce68d6778445812b8bd2f6c81e1f1e4bff16
SHA512 fba594183c7b672204330ca698f1e195026fc51d4e05db2c49e58a896c3b5e11e23286be0d6ffae3ec321e6c08322544df3c876dbce3c2e69a951985a84a2c91

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\zh-TW.pak

MD5 c651e23053764c38a4e8a7f34317f19b
SHA1 93cd303c91024748d283c3779f11402cfb4f5c0b
SHA256 9689ba3f2dc7248a3ab5db3b97d473e29464afbc7f2d1c7035f7e8e9a1c05aa4
SHA512 1b7951fc4dcc2c08811dd3449fe2ce1302286b3eca21675adefa25a806ae7dcf91c565a111032fc5fda4dd9f5231875f0c77cdfd22ecc7d435450080d853a503

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\zh-CN.pak

MD5 0d5b72258b56c584113a022e16777387
SHA1 77f91e8c36befb818229ef8fef068e97f60ecf0f
SHA256 539f0bfdb461bf777aab14a4baaf47c8c32ae1856cc4ac93b23ce73dc50ba02a
SHA512 632c4ca60529c717fb2ba700d8f12017d097e67045639e2c30144a0372cecf595a2727d3505f019b91e8a15fe3259f2727bfb24e970dea8080a11e1a3dfa2068

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\ur.pak

MD5 1ca4fa13bd0089d65da7cd2376feb4c6
SHA1 b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c
SHA256 3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f
SHA512 d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\uk.pak

MD5 88d51b6df9f3cec54eda732dcf2c63fa
SHA1 a826200f112d5c69f1aa5837bc40d4c423515029
SHA256 e914b8956745a14d9d64f12698805e0910f9d3581dd380468949b54576fad2a6
SHA512 3ed8f2090497597d4e2583901993331de19f9dc787ea886dabdaf22a79aefa2956e63501c9a50be34fabf7287b6751f50d9a5105e4f16a579961ebc0d6eff14e

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\tr.pak

MD5 1525dd38ca529c56f9d3e08293385690
SHA1 e0dfb9d60a3469d701dcb9ead8f8cd2cfe6fd604
SHA256 5a7e1c8b572f67ed40e9d5107ddd6f8791b03138bb9933cfb26f1678b2c4a9cd
SHA512 195ffc165e45a51c12b03252759c5e1ff684e57b5994aeca608d40ef6799f29812add6fb2479e8e8c1655799f4dbf29e47272324b857b9161ad43a1b271eddfd

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\te.pak

MD5 41e49a1ef6850d90e0cbdc720c45ea5a
SHA1 a2fbe1585a1b653ac6acccaf6184ae2de3e007af
SHA256 aa2b9d1ad8591e91872c3fee62b111b74d6e7e890a47d0bcc388947ae5245290
SHA512 687ff66471248104f8780f142e1810ccc7275857e4bd188447d01cecbe74ebac4070ab135d4a7111bc5f4ae17247dd865f21a2d3e73031534dac1f5117bc4570

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\ta.pak

MD5 292f763cb8eb588659eb7cc25cf57d2e
SHA1 dc42622f272843cb3afce9968146b85a98485237
SHA256 d5bfe0699342b8bba6c4c73c115b1c7f3f903c4ed95d77461c34369f2f60d5ee
SHA512 100ec32914f0d140baa414180cb2ba34e95f75ab73a0c036d6d5ebb64cc69b2b7c62b9e3f9de192bab8ddac3b387b953bed2ca1fd3bf0aab0198b9c1f2911151

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\sw.pak

MD5 67a443a5c2eaad32625edb5f8deb7852
SHA1 a6137841e8e7736c5ede1d0dc0ce3a44dc41013f
SHA256 41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd
SHA512 e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\sv.pak

MD5 251682c6f4238bef8ab5471870a5454b
SHA1 2bf36466446abe39d487c61898d335901bbb09b0
SHA256 e1cbce672de3ba3a01272b9b763dcfd8229fba0883df2b4117ac6b0f9916c073
SHA512 de1e507b24e71f60c298253aacff49724b6a8c6336455d8dfcc6e939e53ed5e7a95dc5574e66a7fae38b6666446ac9cd83e5ad1b794b4ffa38d06052663c1f45

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\sr.pak

MD5 c68c235d8e696c098cf66191e648196b
SHA1 5c967fbbd90403a755d6c4b2411e359884dc8317
SHA256 ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b
SHA512 34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\sl.pak

MD5 83ef046784c1b113e827cb744bcb8656
SHA1 f6f3e0e975e7d3ca8e06f1988cb8a1c182eea734
SHA256 ab2079923e2baa27c220df2f1559af8edc785f8e9fe2e12c8ecb0e0e7e7d0a09
SHA512 f62f7e1eee91f5d42d591abbc7cb0fdf639834090824e7ab7f4dffb1e6c108c540074fdbadd5e153caecdb37b722ed9f737f13cbab387685013781949b9ee321

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\pt-PT.pak

MD5 e032c0d39df2b7bfc71ece3bfe694039
SHA1 6664f303bae983a1bffcba22e9df712bb3cb59d6
SHA256 60a5a7f03d4d54397ca04be0c89d1f67a496b72807c0bd660c076bc945b40339
SHA512 3f12ed39848ad76411d4d84b2ccef59e2346d40c8e7ddbf6e333a2323df737d864126777fb54a15e90283ced2e7f04a7dda561fa2ebe13b30e082988b13e1406

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\pt-BR.pak

MD5 3701247a5ac607053278aea185ee6616
SHA1 8cb40ddd4865347677f8d327792c6edb69012f76
SHA256 7f41c3a58d08d98f21232e7c85839c9dec0053b447bb4dae867d2faadb278d45
SHA512 637070ebc4411fb92bef5ff75eff46602db8ed59021f37f1a0d8201093f047419c558ec1af49c4dbbb4f58e7169e2f2cf04af7e1d11a57d39ab1cf036cb8497c

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\ms.pak

MD5 aee105366a1870b9d10f0f897e9295db
SHA1 eee9d789a8eeafe593ce77a7c554f92a26a2296f
SHA256 c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939
SHA512 240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\ml.pak

MD5 038b9eb34737bf472fde68b91a40f122
SHA1 64771e91d4fdac0b909c6f446cc2f310be7d1320
SHA256 27b7947e36a521403de094cc563d5eced1e46f98e4d6b872fd424352f798e84d
SHA512 3c96b42ab838f2ad5434e719f5906427a5fb327967d04c8498f3af4e913de833ac9cce6545fcfe0de2dc920cdf54c8b31c1d1527f609f90bcf9728d7bdbaac7d

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\lv.pak

MD5 4468d6a6114d5a7ea3c1173ae9a8250d
SHA1 ef664a6a140fb7a244bce44ff8c73250856d8061
SHA256 0ff66161377be2fb8b2b456a64dd910d8375a2b9f1f6f22333540a77111903d6
SHA512 db4179b53cd44f297f5455a167ceccdd2a384c5296311346fa53f15ef5acab76cd166df13dbdf22b0c85a66455f22218e88c02fda2c5e2f863b9f4e7ea6e9a56

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\lt.pak

MD5 64b08ffc40a605fe74ecc24c3024ee3b
SHA1 516296e8a3114ddbf77601a11faf4326a47975ab
SHA256 8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e
SHA512 05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\kn.pak

MD5 fccd5d8ad5e1c774771b19dda55d9b9a
SHA1 fabbaf469e4aec44342a7e6f74b837cde2203b71
SHA256 47c77fdf73267865a025a54027865a8d67e26943264a43c6e794ccbd6eec549b
SHA512 c9dc6cf0ff5a4094cc07ce4881319778a076b44651b16a220940d7a587ffaa92b6b80f7264605a3c8e6dd780e9c3d8e4d403d01cd8f94e0122ac19cd4d636aac

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\it.pak

MD5 8cde7372fc5095e581bf64fb77e04d61
SHA1 0d30e0ae2c401a06ffb4056bab44d2b5d3970492
SHA256 d011fd39c3cbab740a7944a60a8dd48d6f76c563ea473cfd1f569c5e6fc9fa4e
SHA512 83778880ad95b39b5746d512aa116b05928f580f0c5e75b45cddcb80addb24cf079f73f65771e1d75ca18925ea6fdb86283aa060af2cd1308dee53ee728f76e8

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\id.pak

MD5 366d1b2c3759d6ff9c588f53ec9a7c5b
SHA1 e9d5c6e8311c6f7b7c4ad997db0cec5c11cfd754
SHA256 0853a5543923b7a8db5989ebb8ebe8f9fb6271bfa59b94f5843f97de4401e2d8
SHA512 879e72625fd112cec85a6489c590d7e89c65753d2beee259f7393e7377729d40bbb8cd0a2a9fcfde93d14c2cc9a97879312e60ab26035970a632e36d2f8d9e53

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\hu.pak

MD5 2aa0a175df21583a68176742400c6508
SHA1 3c25ba31c2b698e0c88e7d01b2cc241f0916e79a
SHA256 b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72
SHA512 03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\hi.pak

MD5 bc777a1010c846906d05d75d82f5dea9
SHA1 73bbeeda37164845ca3f4f2827165b4023f8a194
SHA256 ccf7a557d0f8353ff3d656d4c2a4fca2d462ed2cc3d18c599d98f4d57b23c615
SHA512 e6a01b80adfa31fa93d48fc4f1ba9222d21b8ed7734e664e4f274843b46d826ec8863483c0e8647e39ad85988dfe0a2848d32a26ce1fdd8a0eb85e4fe64be292

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\he.pak

MD5 c6937badd93ff4ae6f6a2c9e31f678d5
SHA1 b3175d7bebe340ab08e0d8e85d550a076b073c55
SHA256 3cd4440501bc67d0b2e33e1346ba133fb9a09a8762f2334732f8cc349cd840b7
SHA512 db232d7da04b4a854fd399fa04779469ec6fd0a752c4da7b2eed6d1aeaca4a096130fe326c91d777131d1a8ba32637d884e518f1522e9658d233a35e5eef9397

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\gu.pak

MD5 9e189d21ad5843b69c352466c94cdc4c
SHA1 99af98cc510abe726b54f28488f647ea6f7d4c91
SHA256 9c210e3143f99df59bebea6bdb6e30959f8520d59a20fffd437f7029840bb3a9
SHA512 c3007f45ec20c3c3e763f20be1a5557f548a28757cb032617c20fe7d44b7524368b75b8182de243048aa56b939b2a790b5b85cf359b009c4c20c41089e8992e8

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\fil.pak

MD5 d7df2ea381f37d6c92e4f18290c6ffe0
SHA1 7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4
SHA256 db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a
SHA512 96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\fa.pak

MD5 e861a65f12b38a3def1fe9e933cae275
SHA1 8d083b5902a15a63ef11c7783f12e088d333fcf5
SHA256 f9a8e3b9bbc809f11cc3dc32811940e033bd78a31ec154d28321473f8efa1e4d
SHA512 d1fe91c693c794b4a4d60560800c919977654832e8f6e34fb1ec0ffbf5c411cf35b0a0e22e036dca48a246ab8d6bea0427c5ceb232d460e9c59cf4163d55314c

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\et.pak

MD5 8b3cb5e4b8ac769bde84e5c375c1774e
SHA1 53665908d6ec12095abd766911d8abcc84c6da58
SHA256 c351b84558214420495bed6d882d37496483cc66b0e10400ca872e3fc4145b66
SHA512 b0dff640d32e5c277f2d3441abf823e8859f28f215cfc63fde8a968cbc9b9531aa0394e10fa98284d186323e3357ea2265d762dc034be86bb50f5c55630ab4c5

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\locales\de.pak

MD5 1b928ff4831916bbe39e4b2e08f52267
SHA1 dd8788bb4d386f7d0b8e685a09cc9ca361b7c31e
SHA256 9c335a4e85b4ac58ed386d89d284be053ef288b2706a4cae433d91625ec1b31e
SHA512 95dc4ecd45708277618a913bd07073a7cc61b642ae14fecc91ac0548898771a522a0672ee67399e5f5c8ca3006c37aa878b74af1f41717b9607c00f49e40124a

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\resources\app-update.yml

MD5 e874af7a21ab440d77cd696b9ecfea29
SHA1 1eed6047c66c91834dc1f4ff74028eca08e21929
SHA256 4511d3a0293bf26467328b8413816f3f5fffc95c311cc2cccdaf2432e0d74943
SHA512 d0d57fd7de0a8edac70f2ddee60bc026076266a047f2d12ab698fb781388ad384df6f7c17a9541d279ba2f530333cf32b127ee28ffe84a74797b56218c8f7d42

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\7z-out\resources\app.asar

MD5 f42fcc70db7d2cc1cb5b65a8662c3133
SHA1 1b91e14aebdb1e4a9c3475efdbef751d2ee6893d
SHA256 55d741a60e676c5bda52e8388a2f302a3cc05ee7a0b3ff6268efd6086cd02e39
SHA512 f71d6e57166b551e638411c001074bb67be633e96695a64539a2228947d8f0893bec3a4c322086d49db0f345b540b977cb51495e99b575c0d778330474546634

\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

\Users\Admin\AppData\Local\Temp\nso985B.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

\Users\Admin\AppData\Local\Temp\nso985B.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

memory/1588-621-0x0000000003AF0000-0x0000000003AF2000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

\Users\Admin\AppData\Local\Programs\bluebook\ffmpeg.dll

MD5 7b33115a739876682c124953fa49c6c5
SHA1 c20dac43f981c66c01bfed5149ae2fba6b1beab0
SHA256 b51c5c4b6b57b4b4fadcec13baeabc3f72d54cd5ff9da5f99c52e289e7d831eb
SHA512 6671de92ece80775bd7bee023b310c9a0df11571bce1ed2e36f0ac4f3e168daafb1e296d7f802b177f2f5b47582489f2c36d6768b1767697194eee5f69e23672

C:\Users\Admin\AppData\Local\Programs\bluebook\ffmpeg.dll

MD5 7b33115a739876682c124953fa49c6c5
SHA1 c20dac43f981c66c01bfed5149ae2fba6b1beab0
SHA256 b51c5c4b6b57b4b4fadcec13baeabc3f72d54cd5ff9da5f99c52e289e7d831eb
SHA512 6671de92ece80775bd7bee023b310c9a0df11571bce1ed2e36f0ac4f3e168daafb1e296d7f802b177f2f5b47582489f2c36d6768b1767697194eee5f69e23672

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nso985B.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-30 21:56

Reported

2023-04-30 22:15

Platform

win10v2004-20230220-en

Max time kernel

154s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe"

Signatures

Detects Redline Stealer samples

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

RedLine

infostealer redline

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet C:\Windows\SysWOW64\reg.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\SysWOW64\reg.exe N/A

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
N/A N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
N/A N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Gathers system information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\systeminfo.exe N/A
N/A N/A C:\Windows\SysWOW64\systeminfo.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\bluebook\URL Protocol C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\bluebook\ = "URL:bluebook" C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\bluebook\shell\open\command C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\bluebook\shell C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\bluebook\shell\open C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\bluebook\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluebook\\Bluebook.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\bluebook C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
N/A N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\cmd.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1452 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe C:\Windows\SysWOW64\cmd.exe
PID 1452 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe C:\Windows\SysWOW64\cmd.exe
PID 1452 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe C:\Windows\SysWOW64\cmd.exe
PID 1732 wrote to memory of 3260 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1732 wrote to memory of 3260 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1732 wrote to memory of 3260 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1732 wrote to memory of 4648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 1732 wrote to memory of 4648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 1732 wrote to memory of 4648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 3868 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3928 wrote to memory of 1280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3928 wrote to memory of 1280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3928 wrote to memory of 1280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3868 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe
PID 3868 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe
PID 3868 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe
PID 3868 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 4304 wrote to memory of 1752 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\systeminfo.exe
PID 4304 wrote to memory of 1752 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\systeminfo.exe
PID 4304 wrote to memory of 1752 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\systeminfo.exe
PID 3868 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3868 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\System32\Conhost.exe
PID 3868 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\System32\Conhost.exe
PID 3868 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe C:\Windows\System32\Conhost.exe
PID 1072 wrote to memory of 2616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 1072 wrote to memory of 2616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 1072 wrote to memory of 2616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 1072 wrote to memory of 4140 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\wbem\WMIC.exe
PID 1072 wrote to memory of 4140 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\wbem\WMIC.exe
PID 1072 wrote to memory of 4140 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\wbem\WMIC.exe
PID 4924 wrote to memory of 2784 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com

Processes

C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe

"C:\Users\Admin\AppData\Local\Temp\Bluebook Setup 0.9.162.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Bluebook.exe" | %SYSTEMROOT%\System32\find.exe "Bluebook.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Bluebook.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Bluebook.exe"

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

"C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "chcp"

C:\Windows\SysWOW64\chcp.com

chcp

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\bluebook /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\bluebook\Crashpad --url=https://f.a.k/e --annotation=_productName=bluebook --annotation=_version=0.9.162 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=23.1.1 --initial-client-data=0x4a0,0x4b4,0x498,0x494,0x4ac,0x83b5df8,0x83b5e08,0x83b5e14

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "systeminfo"

C:\Windows\SysWOW64\systeminfo.exe

systeminfo

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe os get /value"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "reg query "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v FeatureSet"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe csproduct get /value"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe os get /value

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe path win32_desktopmonitor get /value"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe path win32_VideoController get /value"

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe path win32_desktopmonitor get /value

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe path win32_VideoController get /value

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\reg.exe

reg query "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v FeatureSet

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe csproduct get /value

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

"C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluebook" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2024 --field-trial-handle=2148,i,17163237249785530329,5007676862510971333,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

"C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluebook" --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes=app --fetch-schemes=app --service-worker-schemes=app --streaming-schemes --mojo-platform-channel-handle=2476 --field-trial-handle=2148,i,17163237249785530329,5007676862510971333,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

"C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluebook" --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes=app --fetch-schemes=app --service-worker-schemes=app --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\bluebook\resources\app.asar" --enable-sandbox --first-renderer-process --js-flags=--max-old-space-size=3072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2892 --field-trial-handle=2148,i,17163237249785530329,5007676862510971333,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\systeminfo.exe

systeminfo

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "systeminfo"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe cpu get /value"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe path Win32_CacheMemory get CacheType,InstalledSize,Purpose"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe /namespace:\\root\wmi path MS_SystemInformation get /value"

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe cpu get /value

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\findstr.exe

findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe path Win32_CacheMemory get CacheType,InstalledSize,Purpose

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe /namespace:\\root\wmi path MS_SystemInformation get /value

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe bios get Version, SerialNumber, SMBIOSBIOSVersion"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe bios get Version, SerialNumber, SMBIOSBIOSVersion

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe process get /value"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe logicaldisk get Caption,FileSystem,FreeSpace,Size"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe pagefile get AllocatedBaseSize, CurrentUsage"

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe process get /value

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe pagefile get AllocatedBaseSize, CurrentUsage

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe logicaldisk get Caption,FileSystem,FreeSpace,Size

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe process get /value"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe logicaldisk get Caption,FileSystem,FreeSpace,Size"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe pagefile get AllocatedBaseSize, CurrentUsage"

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe pagefile get AllocatedBaseSize, CurrentUsage

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe process get /value

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe process get /value"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe logicaldisk get Caption,FileSystem,FreeSpace,Size"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe pagefile get AllocatedBaseSize, CurrentUsage"

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe logicaldisk get Caption,FileSystem,FreeSpace,Size

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe process get /value

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe pagefile get AllocatedBaseSize, CurrentUsage

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe logicaldisk get Caption,FileSystem,FreeSpace,Size

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe Path Win32_Battery Get BatteryStatus, DesignCapacity, EstimatedChargeRemaining, DesignVoltage, FullChargeCapacity /value"

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe Path Win32_Battery Get BatteryStatus, DesignCapacity, EstimatedChargeRemaining, DesignVoltage, FullChargeCapacity /value

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\chcp.com 65001 | C:\Windows\system32\wbem\wmic.exe Path Win32_Battery Get BatteryStatus, DesignCapacity, EstimatedChargeRemaining, DesignVoltage, FullChargeCapacity /value"

C:\Windows\SysWOW64\chcp.com

C:\Windows\system32\chcp.com 65001

C:\Windows\SysWOW64\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe Path Win32_Battery Get BatteryStatus, DesignCapacity, EstimatedChargeRemaining, DesignVoltage, FullChargeCapacity /value

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 104.208.16.90:443 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 polyfill.io udp
US 8.8.8.8:53 polyfill.io udp
US 151.101.193.26:443 polyfill.io tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 26.193.101.151.in-addr.arpa udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 240.232.18.117.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
US 34.120.195.249:443 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 bluebook.app.collegeboard.org udp
US 8.8.8.8:53 bluebook.app.collegeboard.org udp
DE 18.66.97.70:443 bluebook.app.collegeboard.org tcp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 8.8.8.8:53 70.97.66.18.in-addr.arpa udp
US 104.18.5.40:443 tcp
US 8.8.8.8:53 40.5.18.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\chrome_200_percent.pak

MD5 48515d600258d60019c6b9c6421f79f6
SHA1 0ef0b44641d38327a360aa6954b3b6e5aab2af16
SHA256 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce
SHA512 b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\chrome_100_percent.pak

MD5 8626e1d68e87f86c5b4dabdf66591913
SHA1 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c
SHA256 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59
SHA512 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\ffmpeg.dll

MD5 7b33115a739876682c124953fa49c6c5
SHA1 c20dac43f981c66c01bfed5149ae2fba6b1beab0
SHA256 b51c5c4b6b57b4b4fadcec13baeabc3f72d54cd5ff9da5f99c52e289e7d831eb
SHA512 6671de92ece80775bd7bee023b310c9a0df11571bce1ed2e36f0ac4f3e168daafb1e296d7f802b177f2f5b47582489f2c36d6768b1767697194eee5f69e23672

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\icudtl.dat

MD5 2c367970ac87a9275eeec5629bb6fc3d
SHA1 399324d1aeee5e74747a6873501a1ee5aac005ee
SHA256 17d57b17d12dc5cfbf06413d68a06f45ccf245f4abdf5429f30256977c4ed6de
SHA512 f788a0d35f9e4bebe641ee67fff14968b62891f52d05bf638cd2c845df87f2e107c42a32bbe62f389f05e5673fe55cbdb85258571e698325400705cd7b16db01

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\libEGL.dll

MD5 2f912eb3edb25e584d85c2c1f395c02d
SHA1 f75909f678c37bcecb0dfa8a250e24392db9e941
SHA256 0fe74cda75a901c3569c7deec0b275277bf61b948e6d7eb8efa5d004909c88ac
SHA512 16d358330ff9c09cc3378aa9449879facae8c7c25a066c133a9a99b7039a6222115b1698275c03fd5f580667bda448c9d9590d6af9d9debc9b303a649024fa5a

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\libGLESv2.dll

MD5 06ef5cb407f79e4f45e6e5d58527969e
SHA1 0132a3b7cf4e25d8e5923b2a48aa4520c93a6913
SHA256 883bd36f3bf96507030e6c58c830c05c4a8c9ed01d4ddd22c6754ed046cdf28c
SHA512 0bc6ff29bcd0bec82563750f53fd98f4c43f71d02e1994e6499a1574686701419ce0c1ff3bd08bd6ce70261c350aedec2c7d85f47e5f7631b595cbe03878e92d

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\LICENSES.chromium.html

MD5 c3528648bedbde1223a2faab1a3f9af3
SHA1 934d3c8f184258338ff380964ed89053ce69ac5b
SHA256 57b8e5a3f2cd62805001aefca035c7348b4d1abac157e6df3d798bb31f2ec3d2
SHA512 3e3cc0fd7a55f67ee0afff9696beef33bdc9524375bbe9d8e8f7660fd408c756c1156ca0b02ecccdc22799c7b8e74dbde012732ad6b3ebe0a3cfc54ff5132b35

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\v8_context_snapshot.bin

MD5 36bf4b67900f0e4c934c991b1c917007
SHA1 9325a5c9594e8d72e7a1a802f0d0e81aecbdbda2
SHA256 67eb082e6a3bbcb9f34775b85eaae08d5955ded252887c0ca6674fbc48514c88
SHA512 b339196623bca2d3c3f6cdf59a9d6370c33f7a2fc86ed1ad164f4bdebe9f6b30dd488a6e5a75d9b656ca81f252e588bf2a021e364f67632af43ad4444c5fd8a6

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\resources.pak

MD5 f2c3793223ff3f191e19bd79d9945bde
SHA1 bf18661d4a94f851c8679e82b5b41d605fddd6b1
SHA256 714dd8d8fcaa42ea5bf31a927a86811d93031f838abd0396a86addee3dc98e18
SHA512 243e18f07b29e1390d33000ad49e9041b63c7606ffbd8e3d5b0bea309e7f2931a88c08d51254737f12ac39301089b92a2681b1273aa5e21bbccb18b05f5cf098

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\vulkan-1.dll

MD5 d893b340d9a66fd1714219ea05877eb1
SHA1 c70ec1ddf7805034377bfaed8064b1706c3d6c78
SHA256 d3d558cb0b33fb1a568c1ed37b0c762fd8c836d8a7d0e19fd0d7407088370e8a
SHA512 0e89deddc64bd36b4d89fe7ff45467a3393869fbd89b14b636a9ffa105840d561f9f07a675d47fba305169a69b1d392830ccecf5604d7b1c55faba1674f4cdec

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\vk_swiftshader.dll

MD5 fc31797666ee0936343748f7b238a594
SHA1 7a087b5206cbcd4acca92cb3ed0c888faf146d67
SHA256 25db511d7a02f3ab4e4ba76092f01a03236d86a378927e9b41e48c795a5c518e
SHA512 8c52c3b2fce4d1193d42aebe457730217a997c7e6dd57cbb2ca2946c9449e25a4874d1bc91f2402edeb2b8b12f2ce542b3faeb56831bdd070fc98f4e08c51e26

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\snapshot_blob.bin

MD5 bcea5afff895e9501351afbf2a5538a8
SHA1 d12145d6d3ac0aa876a7756be810400374c367b5
SHA256 fc08355e14aa572686c1fb0739ca422a9c2011a74a89bf418f57196da758bdd6
SHA512 9a89da743292428db4881986b297567e182d809804959985b2dfdc71d75f4fc211d1ea51f89c5c8e9718683762cb8f113b59744bb6f56f6151112b369d602eab

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\af.pak

MD5 464e5eeaba5eff8bc93995ba2cb2d73f
SHA1 3b216e0c5246c874ad0ad7d3e1636384dad2255d
SHA256 0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1
SHA512 726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\ar.pak

MD5 6352905a290802a05dd3a64d22216f6e
SHA1 11adb10f0678079c8f73779bb039e12329bcaac7
SHA256 00861d9fa5763cc5c3152edb4a5c956c6bc4f56311ce2ed9e6b496181624ab5e
SHA512 0b0dbad8201ebd1a7dc2cfb11325c509efbcced3ac3d337915cf2972defe2304ea9f8af91d9362cb51333459900a80b714e7302a6483ad58fd64404f8410b6ea

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\am.pak

MD5 2c933f084d960f8094e24bee73fa826c
SHA1 91dfddc2cff764275872149d454a8397a1a20ab1
SHA256 fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450
SHA512 3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\bg.pak

MD5 38bcabb6a0072b3a5f8b86b693eb545d
SHA1 d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89
SHA256 898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1
SHA512 002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\el.pak

MD5 e66a75680f21ce281995f37099045714
SHA1 d553e80658ee1eea5b0912db1ecc4e27b0ed4790
SHA256 21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f
SHA512 d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\de.pak

MD5 1b928ff4831916bbe39e4b2e08f52267
SHA1 dd8788bb4d386f7d0b8e685a09cc9ca361b7c31e
SHA256 9c335a4e85b4ac58ed386d89d284be053ef288b2706a4cae433d91625ec1b31e
SHA512 95dc4ecd45708277618a913bd07073a7cc61b642ae14fecc91ac0548898771a522a0672ee67399e5f5c8ca3006c37aa878b74af1f41717b9607c00f49e40124a

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\da.pak

MD5 7ff057b530184205100dbea8635a29a7
SHA1 f6e22b2e37e6d7bf0ca9bec220650f01d1a4a091
SHA256 40b32636ffb813574d8a063ce7e74860ab06b93a9b16dd56b5b6aa602b5e6943
SHA512 09b7b6c280d98f21beeddf1b9e5834462f29d299a64276c198ef3eab466b352695172d2ff118664c34e51a2b73e21949f203ba35b0bb6d3e031ac770e3e6b451

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\cs.pak

MD5 f36f1b2ff12fb87a578c36f73f5aac83
SHA1 73f61f7b6f191468ff4d9566a0bb6eccf1069cac
SHA256 877a0a3dcb5d393365b2f775faff0d3593dd84b380a27dc72025597061a50ba7
SHA512 c61a38f937dcc90c7dd5b87d9514147b6362d339d9af85bcb3677bb12ae5715d05426f6e67ffd3b441cc41530883a227096b4135b98f2d5c73f51612e0a0e4c9

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\ca.pak

MD5 83f9f785483cd92a73843ed98e674f86
SHA1 70e223dba0ecc5cf3f5fcf32278d97ff864c8024
SHA256 f7f54b55a917a0f68e4b7ed7a3e6feabb224c52d09786b939712607ebe8ab0ea
SHA512 df231f6774a9568cc4b85ad18d13c31cfb4de78830c72900ebd613d580e914e85eff85330ac9aa85246a0e4949891fdfb224ac615a03fcb0ce05b989391963e8

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\bn.pak

MD5 9340520696e7cb3c2495a78893e50add
SHA1 eed5aeef46131e4c70cd578177c527b656d08586
SHA256 1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39
SHA512 62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\en-GB.pak

MD5 e0c79cf2e5b790386e44b125d8e1a5fc
SHA1 1b75baf8035b81d6494f9f36930bbc8c512e1dbf
SHA256 6b0e81b2198e025eae1e2f6d5d3a33ccce034d1f4bc59e4cade1b5f5adb99f1a
SHA512 e4feb64ce7edf416422127280cf87967a5e6b20436a8ed33932b1bade73f0691ac819449d38fa0d8a81b888d6319f0b3167aa16e225999dfd6e7800d2365f2a6

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\gu.pak

MD5 9e189d21ad5843b69c352466c94cdc4c
SHA1 99af98cc510abe726b54f28488f647ea6f7d4c91
SHA256 9c210e3143f99df59bebea6bdb6e30959f8520d59a20fffd437f7029840bb3a9
SHA512 c3007f45ec20c3c3e763f20be1a5557f548a28757cb032617c20fe7d44b7524368b75b8182de243048aa56b939b2a790b5b85cf359b009c4c20c41089e8992e8

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\it.pak

MD5 8cde7372fc5095e581bf64fb77e04d61
SHA1 0d30e0ae2c401a06ffb4056bab44d2b5d3970492
SHA256 d011fd39c3cbab740a7944a60a8dd48d6f76c563ea473cfd1f569c5e6fc9fa4e
SHA512 83778880ad95b39b5746d512aa116b05928f580f0c5e75b45cddcb80addb24cf079f73f65771e1d75ca18925ea6fdb86283aa060af2cd1308dee53ee728f76e8

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\id.pak

MD5 366d1b2c3759d6ff9c588f53ec9a7c5b
SHA1 e9d5c6e8311c6f7b7c4ad997db0cec5c11cfd754
SHA256 0853a5543923b7a8db5989ebb8ebe8f9fb6271bfa59b94f5843f97de4401e2d8
SHA512 879e72625fd112cec85a6489c590d7e89c65753d2beee259f7393e7377729d40bbb8cd0a2a9fcfde93d14c2cc9a97879312e60ab26035970a632e36d2f8d9e53

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\hu.pak

MD5 2aa0a175df21583a68176742400c6508
SHA1 3c25ba31c2b698e0c88e7d01b2cc241f0916e79a
SHA256 b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72
SHA512 03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\hr.pak

MD5 cbca0ad35cfa5c4b852cc8f556706b0b
SHA1 608d2e11a40e5e15a2840e248a249d1562ba9846
SHA256 6ea4b1a28cf567cca73ccdb7eec631fffba3b49acc41e3c88b448514578d80da
SHA512 5b6f01c10d613f278d507d43fb0c708b32fd486d9b5a5f31a9837d0b1025da6ff85772b8f39e192cd8625d363be570565fd4eaf0f8d11c17ad6cbd956893022b

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\hi.pak

MD5 bc777a1010c846906d05d75d82f5dea9
SHA1 73bbeeda37164845ca3f4f2827165b4023f8a194
SHA256 ccf7a557d0f8353ff3d656d4c2a4fca2d462ed2cc3d18c599d98f4d57b23c615
SHA512 e6a01b80adfa31fa93d48fc4f1ba9222d21b8ed7734e664e4f274843b46d826ec8863483c0e8647e39ad85988dfe0a2848d32a26ce1fdd8a0eb85e4fe64be292

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\he.pak

MD5 c6937badd93ff4ae6f6a2c9e31f678d5
SHA1 b3175d7bebe340ab08e0d8e85d550a076b073c55
SHA256 3cd4440501bc67d0b2e33e1346ba133fb9a09a8762f2334732f8cc349cd840b7
SHA512 db232d7da04b4a854fd399fa04779469ec6fd0a752c4da7b2eed6d1aeaca4a096130fe326c91d777131d1a8ba32637d884e518f1522e9658d233a35e5eef9397

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\fr.pak

MD5 3a5bb07820cf46c0f4a81a25724fe870
SHA1 dbc296c1fc516c60d453253ee341ca4d31554230
SHA256 b62c51b85545b3f5d70ac9c684a111689044636eafaeb196f5d52760e0f96f91
SHA512 0222f7a8bf3a6f77fcb9ab7eb0d03509d15bb8634d556547ed55141d550af241a525cc99eb13957744fe2e6d4732b9dbe4d078cb3555b16af6c13e20b9f4e8a1

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\fil.pak

MD5 d7df2ea381f37d6c92e4f18290c6ffe0
SHA1 7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4
SHA256 db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a
SHA512 96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\fi.pak

MD5 7243727348009668ded33dd0109118c3
SHA1 aa19e2e340c8328132d12ff79d8fd6b02c512a48
SHA256 6581fca26336f66d8ba898ec1253b237db30e7cd1a25fc788290d7ace96fa6e1
SHA512 e890346915c0891a9f49640f232f6633e25655b969911a6697adfea709cec59bb925678e0b97424936c59d523c3ee9e2dc23f115e20c45ca3ed51ae691d0d7f0

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\fa.pak

MD5 e861a65f12b38a3def1fe9e933cae275
SHA1 8d083b5902a15a63ef11c7783f12e088d333fcf5
SHA256 f9a8e3b9bbc809f11cc3dc32811940e033bd78a31ec154d28321473f8efa1e4d
SHA512 d1fe91c693c794b4a4d60560800c919977654832e8f6e34fb1ec0ffbf5c411cf35b0a0e22e036dca48a246ab8d6bea0427c5ceb232d460e9c59cf4163d55314c

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\et.pak

MD5 8b3cb5e4b8ac769bde84e5c375c1774e
SHA1 53665908d6ec12095abd766911d8abcc84c6da58
SHA256 c351b84558214420495bed6d882d37496483cc66b0e10400ca872e3fc4145b66
SHA512 b0dff640d32e5c277f2d3441abf823e8859f28f215cfc63fde8a968cbc9b9531aa0394e10fa98284d186323e3357ea2265d762dc034be86bb50f5c55630ab4c5

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\es.pak

MD5 e42486833449ea57261d5bbdabb8b4e2
SHA1 09734ed71302c7a3bf5f84dee1dfab7732bc0745
SHA256 d539c88c4493cb1d9eae600611e3119fe129ec95149049f4b62fc3a97d78ca61
SHA512 8ad283323c3f2e7a9d2e33eb86c371be6a9e29d9243e0d74d5936606692367212f81825d5c313a8859ff8de84eb6d23cbfc577ca47185392da803717f29e8b24

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\es-419.pak

MD5 a510ff6703676bacde7e528823878018
SHA1 6551a7dac1c3fcd839b8d7c6ca92470f30a93d0d
SHA256 77114f519743741a488a9b57cdc7190f0507c37dc3b29811704a048172ba6736
SHA512 e9b75bc92eb077db57f906ef544b2339c4eb4f6eddf65d2570c36a00ab4b8a167a53e869d81150a7d097ecbf4ba19625ad4228f133392cc850352fe66fea47e0

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\en-US.pak

MD5 19d18f8181a4201d542c7195b1e9ff81
SHA1 7debd3cf27bbe200c6a90b34adacb7394cb5929c
SHA256 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb
SHA512 af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\kn.pak

MD5 fccd5d8ad5e1c774771b19dda55d9b9a
SHA1 fabbaf469e4aec44342a7e6f74b837cde2203b71
SHA256 47c77fdf73267865a025a54027865a8d67e26943264a43c6e794ccbd6eec549b
SHA512 c9dc6cf0ff5a4094cc07ce4881319778a076b44651b16a220940d7a587ffaa92b6b80f7264605a3c8e6dd780e9c3d8e4d403d01cd8f94e0122ac19cd4d636aac

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\pt-BR.pak

MD5 3701247a5ac607053278aea185ee6616
SHA1 8cb40ddd4865347677f8d327792c6edb69012f76
SHA256 7f41c3a58d08d98f21232e7c85839c9dec0053b447bb4dae867d2faadb278d45
SHA512 637070ebc4411fb92bef5ff75eff46602db8ed59021f37f1a0d8201093f047419c558ec1af49c4dbbb4f58e7169e2f2cf04af7e1d11a57d39ab1cf036cb8497c

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\sk.pak

MD5 07498676ad49df5cb1a14d91e2fc2353
SHA1 da344ebcc2ed566b45668c8ff5b950cb921af71f
SHA256 b7ba1d08ac8498ea6a37186a51b30d6d0db17136ac734982af4dab97f4a6cd9a
SHA512 548dd27e98700681941ac13e6cf90a70c66520f70df51c75ecfbb32391805ee536a34f3e90400c1cfb34b750c9415378e1a75233db614c94a057da64d3369d91

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\sr.pak

MD5 c68c235d8e696c098cf66191e648196b
SHA1 5c967fbbd90403a755d6c4b2411e359884dc8317
SHA256 ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b
SHA512 34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\ur.pak

MD5 1ca4fa13bd0089d65da7cd2376feb4c6
SHA1 b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c
SHA256 3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f
SHA512 d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\uk.pak

MD5 88d51b6df9f3cec54eda732dcf2c63fa
SHA1 a826200f112d5c69f1aa5837bc40d4c423515029
SHA256 e914b8956745a14d9d64f12698805e0910f9d3581dd380468949b54576fad2a6
SHA512 3ed8f2090497597d4e2583901993331de19f9dc787ea886dabdaf22a79aefa2956e63501c9a50be34fabf7287b6751f50d9a5105e4f16a579961ebc0d6eff14e

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\tr.pak

MD5 1525dd38ca529c56f9d3e08293385690
SHA1 e0dfb9d60a3469d701dcb9ead8f8cd2cfe6fd604
SHA256 5a7e1c8b572f67ed40e9d5107ddd6f8791b03138bb9933cfb26f1678b2c4a9cd
SHA512 195ffc165e45a51c12b03252759c5e1ff684e57b5994aeca608d40ef6799f29812add6fb2479e8e8c1655799f4dbf29e47272324b857b9161ad43a1b271eddfd

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\th.pak

MD5 f9ff2275865f2cdebb9b0d19d4fb57a1
SHA1 e83c6c8e0005bf34771af3f1c0c9d8ebaa822f95
SHA256 3d4556bc0f26b89d090a8a779a8fda8f6fbe157a23181cbfb1d6c67a6212b864
SHA512 96f596bb564e62bbafe62774fba1cefa644feff47a331e54cd7dc9b85b29f2a2e8e785e85d90cccc27f9a1c735b0a8c6dbe01fa244601f1359194f64a49ee6d0

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\te.pak

MD5 41e49a1ef6850d90e0cbdc720c45ea5a
SHA1 a2fbe1585a1b653ac6acccaf6184ae2de3e007af
SHA256 aa2b9d1ad8591e91872c3fee62b111b74d6e7e890a47d0bcc388947ae5245290
SHA512 687ff66471248104f8780f142e1810ccc7275857e4bd188447d01cecbe74ebac4070ab135d4a7111bc5f4ae17247dd865f21a2d3e73031534dac1f5117bc4570

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\ta.pak

MD5 292f763cb8eb588659eb7cc25cf57d2e
SHA1 dc42622f272843cb3afce9968146b85a98485237
SHA256 d5bfe0699342b8bba6c4c73c115b1c7f3f903c4ed95d77461c34369f2f60d5ee
SHA512 100ec32914f0d140baa414180cb2ba34e95f75ab73a0c036d6d5ebb64cc69b2b7c62b9e3f9de192bab8ddac3b387b953bed2ca1fd3bf0aab0198b9c1f2911151

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\sw.pak

MD5 67a443a5c2eaad32625edb5f8deb7852
SHA1 a6137841e8e7736c5ede1d0dc0ce3a44dc41013f
SHA256 41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd
SHA512 e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\sv.pak

MD5 251682c6f4238bef8ab5471870a5454b
SHA1 2bf36466446abe39d487c61898d335901bbb09b0
SHA256 e1cbce672de3ba3a01272b9b763dcfd8229fba0883df2b4117ac6b0f9916c073
SHA512 de1e507b24e71f60c298253aacff49724b6a8c6336455d8dfcc6e939e53ed5e7a95dc5574e66a7fae38b6666446ac9cd83e5ad1b794b4ffa38d06052663c1f45

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\sl.pak

MD5 83ef046784c1b113e827cb744bcb8656
SHA1 f6f3e0e975e7d3ca8e06f1988cb8a1c182eea734
SHA256 ab2079923e2baa27c220df2f1559af8edc785f8e9fe2e12c8ecb0e0e7e7d0a09
SHA512 f62f7e1eee91f5d42d591abbc7cb0fdf639834090824e7ab7f4dffb1e6c108c540074fdbadd5e153caecdb37b722ed9f737f13cbab387685013781949b9ee321

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\ru.pak

MD5 e582616cb61afb76688aa7669936bbff
SHA1 cd2e894a59238ce90be527156243546b4a3fc53e
SHA256 e4edec80c9e29357bcf31eda5d8b046c6c9fbc6434a0b5594b6a906d5f1407d1
SHA512 a5346390b6ec966d75839fb84e8d7284db55065b1a032ecd869a06555cdf116caaad73f9b059c92c17d5a5fb310a41c5f3b2461eee531b231adacb1b3d3d6cec

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\ro.pak

MD5 d8b831a4896af7c78c534f1e8676ae37
SHA1 175da19445b975b24a1e7bc8ffafa93d456ed10c
SHA256 3a58f2275ea6a2baa68924b1dab6b0f06abf8b6657a878dea94b0060a95e38f0
SHA512 e7e75dc7f92eb28759b567ec395f2a951c0e71284c75b9e2c4efd92209dda5767d51d51cdf591d04baddcfe88fbc2c8e6851a904d631b69bd801b9568767d948

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\pl.pak

MD5 fbc79131a645b3853b4fa97c2b589a07
SHA1 91c6d4386384efa9074956b9e811a0aac385aa4e
SHA256 0948238576efb502327af4040c1d9eb1346fbf1bdcee35cd46746b170a7ea6a7
SHA512 0559d787bb7e4fa32a70c19cf0d1b2962d3869363904c13f345ef733f1193c73a13bad9600d7a5ffacf60b92cd97c27e27f7c4b7e143d0925fb358498c92f8cf

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\nl.pak

MD5 285f965bdfd40491c0669f41a1c9e2f5
SHA1 b5c17191ab4d152c7793b6dec0a2e8f1fc298a89
SHA256 b20178135b9f21feef0315fb2f2bc574c2876385e607a539ff0ce6ae7faf707b
SHA512 03de0c35bc75fb96cc5871b5d06a49d99b92864541a3a03816c1245bef567401b260ed94b99818f81273395b1ec60a9f6cae22084ef34e01a95cc41da4fbd1b7

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\nb.pak

MD5 55d5ad4eacb12824cfcd89470664c856
SHA1 f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673
SHA256 4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261
SHA512 555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\ms.pak

MD5 aee105366a1870b9d10f0f897e9295db
SHA1 eee9d789a8eeafe593ce77a7c554f92a26a2296f
SHA256 c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939
SHA512 240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\mr.pak

MD5 5657d67f6d21b507aab24ff62b0d4701
SHA1 b685a327c525b7e42eece306984e6d88dd803a29
SHA256 671c3cb2a805a63a275ad608d37d0577c6a2813dd67fb6c2b70f8232323aac04
SHA512 637c60834edc6f31c80692274af05e3f78466cd5ddb2fd7c79315b0f54939f41f25c3b30c86fd10751d032def1f99cb853c3186128a76a3a82a6989eaf14a835

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\pt-PT.pak

MD5 e032c0d39df2b7bfc71ece3bfe694039
SHA1 6664f303bae983a1bffcba22e9df712bb3cb59d6
SHA256 60a5a7f03d4d54397ca04be0c89d1f67a496b72807c0bd660c076bc945b40339
SHA512 3f12ed39848ad76411d4d84b2ccef59e2346d40c8e7ddbf6e333a2323df737d864126777fb54a15e90283ced2e7f04a7dda561fa2ebe13b30e082988b13e1406

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\ml.pak

MD5 038b9eb34737bf472fde68b91a40f122
SHA1 64771e91d4fdac0b909c6f446cc2f310be7d1320
SHA256 27b7947e36a521403de094cc563d5eced1e46f98e4d6b872fd424352f798e84d
SHA512 3c96b42ab838f2ad5434e719f5906427a5fb327967d04c8498f3af4e913de833ac9cce6545fcfe0de2dc920cdf54c8b31c1d1527f609f90bcf9728d7bdbaac7d

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\lv.pak

MD5 4468d6a6114d5a7ea3c1173ae9a8250d
SHA1 ef664a6a140fb7a244bce44ff8c73250856d8061
SHA256 0ff66161377be2fb8b2b456a64dd910d8375a2b9f1f6f22333540a77111903d6
SHA512 db4179b53cd44f297f5455a167ceccdd2a384c5296311346fa53f15ef5acab76cd166df13dbdf22b0c85a66455f22218e88c02fda2c5e2f863b9f4e7ea6e9a56

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\lt.pak

MD5 64b08ffc40a605fe74ecc24c3024ee3b
SHA1 516296e8a3114ddbf77601a11faf4326a47975ab
SHA256 8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e
SHA512 05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\ko.pak

MD5 54ace51d8b687e36a66a2bfde258a550
SHA1 1b2fe7c62e3f2c7deede2034e44980e02afa3b4d
SHA256 8d131066e2fa004e11f9128162bfc354d3254381059d6c852bf88a55859ae3e8
SHA512 50b825a88d646a32a4d620bcdf5ce490c8dfbea628c5256a6918dc647c42385f955396ec5d3b32cfdb50153897cf303cd517bc9f62663b14def2dae42229f640

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\ja.pak

MD5 e9133185d2339d0a2f68c4c739eb3615
SHA1 cfa6db85ec99bb38b734254b7d4a83d12ee5cd00
SHA256 ba2acb635671a48ed0bf8cdc6e0a0318cfb33eb74b4171c6b483b95f2a167bc5
SHA512 e89c886a601943d2089bad27ce9458f95929fd39fd2f88da0545f71e9d18a678eafc303630d0f94ab3af7c77ad19fabdb2616a2d004151232bc6ce1ae8e4c46e

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\zh-TW.pak

MD5 c651e23053764c38a4e8a7f34317f19b
SHA1 93cd303c91024748d283c3779f11402cfb4f5c0b
SHA256 9689ba3f2dc7248a3ab5db3b97d473e29464afbc7f2d1c7035f7e8e9a1c05aa4
SHA512 1b7951fc4dcc2c08811dd3449fe2ce1302286b3eca21675adefa25a806ae7dcf91c565a111032fc5fda4dd9f5231875f0c77cdfd22ecc7d435450080d853a503

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\zh-CN.pak

MD5 0d5b72258b56c584113a022e16777387
SHA1 77f91e8c36befb818229ef8fef068e97f60ecf0f
SHA256 539f0bfdb461bf777aab14a4baaf47c8c32ae1856cc4ac93b23ce73dc50ba02a
SHA512 632c4ca60529c717fb2ba700d8f12017d097e67045639e2c30144a0372cecf595a2727d3505f019b91e8a15fe3259f2727bfb24e970dea8080a11e1a3dfa2068

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\locales\vi.pak

MD5 ebb5db1dbb64895b1a25120d5ac9b5e4
SHA1 810fa53a97fe42994f8a68698d582651d69cfd51
SHA256 ef3ddadb90dc73b73e25e9608626ce68d6778445812b8bd2f6c81e1f1e4bff16
SHA512 fba594183c7b672204330ca698f1e195026fc51d4e05db2c49e58a896c3b5e11e23286be0d6ffae3ec321e6c08322544df3c876dbce3c2e69a951985a84a2c91

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\resources\app-update.yml

MD5 e874af7a21ab440d77cd696b9ecfea29
SHA1 1eed6047c66c91834dc1f4ff74028eca08e21929
SHA256 4511d3a0293bf26467328b8413816f3f5fffc95c311cc2cccdaf2432e0d74943
SHA512 d0d57fd7de0a8edac70f2ddee60bc026076266a047f2d12ab698fb781388ad384df6f7c17a9541d279ba2f530333cf32b127ee28ffe84a74797b56218c8f7d42

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\7z-out\resources\app.asar

MD5 f42fcc70db7d2cc1cb5b65a8662c3133
SHA1 1b91e14aebdb1e4a9c3475efdbef751d2ee6893d
SHA256 55d741a60e676c5bda52e8388a2f302a3cc05ee7a0b3ff6268efd6086cd02e39
SHA512 f71d6e57166b551e638411c001074bb67be633e96695a64539a2228947d8f0893bec3a4c322086d49db0f345b540b977cb51495e99b575c0d778330474546634

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

C:\Users\Admin\AppData\Local\Programs\bluebook\ffmpeg.dll

MD5 7b33115a739876682c124953fa49c6c5
SHA1 c20dac43f981c66c01bfed5149ae2fba6b1beab0
SHA256 b51c5c4b6b57b4b4fadcec13baeabc3f72d54cd5ff9da5f99c52e289e7d831eb
SHA512 6671de92ece80775bd7bee023b310c9a0df11571bce1ed2e36f0ac4f3e168daafb1e296d7f802b177f2f5b47582489f2c36d6768b1767697194eee5f69e23672

C:\Users\Admin\AppData\Local\Programs\bluebook\ffmpeg.dll

MD5 7b33115a739876682c124953fa49c6c5
SHA1 c20dac43f981c66c01bfed5149ae2fba6b1beab0
SHA256 b51c5c4b6b57b4b4fadcec13baeabc3f72d54cd5ff9da5f99c52e289e7d831eb
SHA512 6671de92ece80775bd7bee023b310c9a0df11571bce1ed2e36f0ac4f3e168daafb1e296d7f802b177f2f5b47582489f2c36d6768b1767697194eee5f69e23672

C:\Users\Admin\AppData\Local\Programs\bluebook\v8_context_snapshot.bin

MD5 36bf4b67900f0e4c934c991b1c917007
SHA1 9325a5c9594e8d72e7a1a802f0d0e81aecbdbda2
SHA256 67eb082e6a3bbcb9f34775b85eaae08d5955ded252887c0ca6674fbc48514c88
SHA512 b339196623bca2d3c3f6cdf59a9d6370c33f7a2fc86ed1ad164f4bdebe9f6b30dd488a6e5a75d9b656ca81f252e588bf2a021e364f67632af43ad4444c5fd8a6

C:\Users\Admin\AppData\Local\Temp\nsiA9B3.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Programs\bluebook\icudtl.dat

MD5 2c367970ac87a9275eeec5629bb6fc3d
SHA1 399324d1aeee5e74747a6873501a1ee5aac005ee
SHA256 17d57b17d12dc5cfbf06413d68a06f45ccf245f4abdf5429f30256977c4ed6de
SHA512 f788a0d35f9e4bebe641ee67fff14968b62891f52d05bf638cd2c845df87f2e107c42a32bbe62f389f05e5673fe55cbdb85258571e698325400705cd7b16db01

C:\Users\Admin\AppData\Local\Programs\bluebook\resources\app.asar

MD5 f42fcc70db7d2cc1cb5b65a8662c3133
SHA1 1b91e14aebdb1e4a9c3475efdbef751d2ee6893d
SHA256 55d741a60e676c5bda52e8388a2f302a3cc05ee7a0b3ff6268efd6086cd02e39
SHA512 f71d6e57166b551e638411c001074bb67be633e96695a64539a2228947d8f0893bec3a4c322086d49db0f345b540b977cb51495e99b575c0d778330474546634

C:\Users\Admin\AppData\Local\Temp\ec0c48d5-2d42-4983-8aa8-7ed4249f105c.tmp.node

MD5 12ec9fff67594ce2b3611ee2ae43cfe0
SHA1 e35352fd4fd46a8591d9dd41a163f4b2aa0b5bc4
SHA256 c19fa9a13590e85b15db5bfab4b31505027eac5eaa4a1d1a10c8e8ed3e5849b4
SHA512 bd4410a5f86a24bee3262fcd504b1b55276bdf4d3c4663a26d9e5406968a7ef4152547e4e645055ae7c9bfd224270953cf1e0f84a6be6b541e18d3db1c197a30

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

C:\Users\Admin\AppData\Local\Programs\bluebook\ffmpeg.dll

MD5 7b33115a739876682c124953fa49c6c5
SHA1 c20dac43f981c66c01bfed5149ae2fba6b1beab0
SHA256 b51c5c4b6b57b4b4fadcec13baeabc3f72d54cd5ff9da5f99c52e289e7d831eb
SHA512 6671de92ece80775bd7bee023b310c9a0df11571bce1ed2e36f0ac4f3e168daafb1e296d7f802b177f2f5b47582489f2c36d6768b1767697194eee5f69e23672

C:\Users\Admin\AppData\Local\Programs\bluebook\resources.pak

MD5 f2c3793223ff3f191e19bd79d9945bde
SHA1 bf18661d4a94f851c8679e82b5b41d605fddd6b1
SHA256 714dd8d8fcaa42ea5bf31a927a86811d93031f838abd0396a86addee3dc98e18
SHA512 243e18f07b29e1390d33000ad49e9041b63c7606ffbd8e3d5b0bea309e7f2931a88c08d51254737f12ac39301089b92a2681b1273aa5e21bbccb18b05f5cf098

C:\Users\Admin\AppData\Local\Programs\bluebook\locales\en-US.pak

MD5 19d18f8181a4201d542c7195b1e9ff81
SHA1 7debd3cf27bbe200c6a90b34adacb7394cb5929c
SHA256 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb
SHA512 af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

C:\Users\Admin\AppData\Local\Programs\bluebook\chrome_200_percent.pak

MD5 48515d600258d60019c6b9c6421f79f6
SHA1 0ef0b44641d38327a360aa6954b3b6e5aab2af16
SHA256 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce
SHA512 b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

C:\Users\Admin\AppData\Local\Programs\bluebook\chrome_100_percent.pak

MD5 8626e1d68e87f86c5b4dabdf66591913
SHA1 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c
SHA256 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59
SHA512 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

C:\Users\Admin\AppData\Local\Programs\bluebook\ffmpeg.dll

MD5 7b33115a739876682c124953fa49c6c5
SHA1 c20dac43f981c66c01bfed5149ae2fba6b1beab0
SHA256 b51c5c4b6b57b4b4fadcec13baeabc3f72d54cd5ff9da5f99c52e289e7d831eb
SHA512 6671de92ece80775bd7bee023b310c9a0df11571bce1ed2e36f0ac4f3e168daafb1e296d7f802b177f2f5b47582489f2c36d6768b1767697194eee5f69e23672

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

C:\Users\Admin\AppData\Local\Programs\bluebook\ffmpeg.dll

MD5 7b33115a739876682c124953fa49c6c5
SHA1 c20dac43f981c66c01bfed5149ae2fba6b1beab0
SHA256 b51c5c4b6b57b4b4fadcec13baeabc3f72d54cd5ff9da5f99c52e289e7d831eb
SHA512 6671de92ece80775bd7bee023b310c9a0df11571bce1ed2e36f0ac4f3e168daafb1e296d7f802b177f2f5b47582489f2c36d6768b1767697194eee5f69e23672

\??\pipe\crashpad_3868_ZQPUCRGZRHQESTHD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

C:\Users\Admin\AppData\Local\Programs\bluebook\D3DCompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

memory/3752-904-0x0000000002C70000-0x0000000002CA6000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\bluebook\vk_swiftshader.dll

MD5 fc31797666ee0936343748f7b238a594
SHA1 7a087b5206cbcd4acca92cb3ed0c888faf146d67
SHA256 25db511d7a02f3ab4e4ba76092f01a03236d86a378927e9b41e48c795a5c518e
SHA512 8c52c3b2fce4d1193d42aebe457730217a997c7e6dd57cbb2ca2946c9449e25a4874d1bc91f2402edeb2b8b12f2ce542b3faeb56831bdd070fc98f4e08c51e26

C:\Users\Admin\AppData\Local\Programs\bluebook\ffmpeg.dll

MD5 7b33115a739876682c124953fa49c6c5
SHA1 c20dac43f981c66c01bfed5149ae2fba6b1beab0
SHA256 b51c5c4b6b57b4b4fadcec13baeabc3f72d54cd5ff9da5f99c52e289e7d831eb
SHA512 6671de92ece80775bd7bee023b310c9a0df11571bce1ed2e36f0ac4f3e168daafb1e296d7f802b177f2f5b47582489f2c36d6768b1767697194eee5f69e23672

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Programs\bluebook\Bluebook.exe

MD5 8c163b60d87417b8e51c4a12d4dafc50
SHA1 b122dcffe8fe4dd7beee0f4315a5bc72a5f44b00
SHA256 63a76bc3c3ad7ad7037ff912e5c6e07e05bf48042d8bf15c2c1fbba1fb38ae78
SHA512 00fe9a4cae1e1536b4db03adcbe9d39364f8cb95b4d11a251565a1eb5702094c3334e1dbdc0dd6d47ffb007de0c23b2f51418bcb2e2209701e7b64522d1e36cb

memory/2020-947-0x0000000005730000-0x0000000005D58000-memory.dmp

memory/2020-950-0x00000000050F0000-0x0000000005100000-memory.dmp

memory/5108-951-0x00000000051B0000-0x00000000051C0000-memory.dmp

memory/1816-953-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/5108-955-0x00000000051B0000-0x00000000051C0000-memory.dmp

memory/3752-957-0x00000000053A0000-0x00000000053C2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_llcsllfl.a4j.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4268-956-0x0000000005060000-0x0000000005070000-memory.dmp

memory/2020-954-0x00000000050F0000-0x0000000005100000-memory.dmp

memory/1816-952-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/5108-994-0x00000000060F0000-0x0000000006156000-memory.dmp

memory/2020-986-0x0000000006030000-0x0000000006096000-memory.dmp

memory/4268-949-0x0000000005060000-0x0000000005070000-memory.dmp

memory/3752-948-0x00000000028A0000-0x00000000028B0000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\bluebook\vk_swiftshader.dll

MD5 fc31797666ee0936343748f7b238a594
SHA1 7a087b5206cbcd4acca92cb3ed0c888faf146d67
SHA256 25db511d7a02f3ab4e4ba76092f01a03236d86a378927e9b41e48c795a5c518e
SHA512 8c52c3b2fce4d1193d42aebe457730217a997c7e6dd57cbb2ca2946c9449e25a4874d1bc91f2402edeb2b8b12f2ce542b3faeb56831bdd070fc98f4e08c51e26

C:\Users\Admin\AppData\Local\Programs\bluebook\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Programs\bluebook\vulkan-1.dll

MD5 d893b340d9a66fd1714219ea05877eb1
SHA1 c70ec1ddf7805034377bfaed8064b1706c3d6c78
SHA256 d3d558cb0b33fb1a568c1ed37b0c762fd8c836d8a7d0e19fd0d7407088370e8a
SHA512 0e89deddc64bd36b4d89fe7ff45467a3393869fbd89b14b636a9ffa105840d561f9f07a675d47fba305169a69b1d392830ccecf5604d7b1c55faba1674f4cdec

C:\Users\Admin\AppData\Local\Programs\bluebook\vulkan-1.dll

MD5 d893b340d9a66fd1714219ea05877eb1
SHA1 c70ec1ddf7805034377bfaed8064b1706c3d6c78
SHA256 d3d558cb0b33fb1a568c1ed37b0c762fd8c836d8a7d0e19fd0d7407088370e8a
SHA512 0e89deddc64bd36b4d89fe7ff45467a3393869fbd89b14b636a9ffa105840d561f9f07a675d47fba305169a69b1d392830ccecf5604d7b1c55faba1674f4cdec

C:\Users\Admin\AppData\Local\Programs\bluebook\libEGL.dll

MD5 2f912eb3edb25e584d85c2c1f395c02d
SHA1 f75909f678c37bcecb0dfa8a250e24392db9e941
SHA256 0fe74cda75a901c3569c7deec0b275277bf61b948e6d7eb8efa5d004909c88ac
SHA512 16d358330ff9c09cc3378aa9449879facae8c7c25a066c133a9a99b7039a6222115b1698275c03fd5f580667bda448c9d9590d6af9d9debc9b303a649024fa5a

C:\Users\Admin\AppData\Local\Programs\bluebook\libegl.dll

MD5 2f912eb3edb25e584d85c2c1f395c02d
SHA1 f75909f678c37bcecb0dfa8a250e24392db9e941
SHA256 0fe74cda75a901c3569c7deec0b275277bf61b948e6d7eb8efa5d004909c88ac
SHA512 16d358330ff9c09cc3378aa9449879facae8c7c25a066c133a9a99b7039a6222115b1698275c03fd5f580667bda448c9d9590d6af9d9debc9b303a649024fa5a

C:\Users\Admin\AppData\Local\Programs\bluebook\libGLESv2.dll

MD5 06ef5cb407f79e4f45e6e5d58527969e
SHA1 0132a3b7cf4e25d8e5923b2a48aa4520c93a6913
SHA256 883bd36f3bf96507030e6c58c830c05c4a8c9ed01d4ddd22c6754ed046cdf28c
SHA512 0bc6ff29bcd0bec82563750f53fd98f4c43f71d02e1994e6499a1574686701419ce0c1ff3bd08bd6ce70261c350aedec2c7d85f47e5f7631b595cbe03878e92d

C:\Users\Admin\AppData\Local\Programs\bluebook\libglesv2.dll

MD5 06ef5cb407f79e4f45e6e5d58527969e
SHA1 0132a3b7cf4e25d8e5923b2a48aa4520c93a6913
SHA256 883bd36f3bf96507030e6c58c830c05c4a8c9ed01d4ddd22c6754ed046cdf28c
SHA512 0bc6ff29bcd0bec82563750f53fd98f4c43f71d02e1994e6499a1574686701419ce0c1ff3bd08bd6ce70261c350aedec2c7d85f47e5f7631b595cbe03878e92d

memory/3752-1005-0x00000000061F0000-0x000000000620E000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\bluebook\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

memory/3752-1011-0x00000000066E0000-0x0000000006724000-memory.dmp

memory/2020-1012-0x0000000007930000-0x00000000079A6000-memory.dmp

memory/3752-1013-0x00000000028A0000-0x00000000028B0000-memory.dmp

memory/5108-1014-0x00000000051B0000-0x00000000051C0000-memory.dmp

memory/2020-1016-0x00000000050F0000-0x0000000005100000-memory.dmp

memory/1816-1015-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/4268-1017-0x0000000005060000-0x0000000005070000-memory.dmp

memory/3752-1018-0x0000000007BC0000-0x000000000823A000-memory.dmp

memory/1816-1019-0x0000000007490000-0x00000000074AA000-memory.dmp

memory/4268-1020-0x0000000008C50000-0x00000000091F4000-memory.dmp

memory/3752-1021-0x000000007F8E0000-0x000000007F8F0000-memory.dmp

memory/4268-1023-0x0000000007BE0000-0x0000000007C72000-memory.dmp

memory/3752-1025-0x0000000007750000-0x0000000007782000-memory.dmp

memory/3752-1026-0x0000000073B90000-0x0000000073BDC000-memory.dmp

memory/3752-1036-0x0000000007730000-0x000000000774E000-memory.dmp

memory/2020-1024-0x0000000007AD0000-0x0000000007AF2000-memory.dmp

memory/2020-1022-0x0000000007B40000-0x0000000007BD6000-memory.dmp

memory/1816-1037-0x0000000073B90000-0x0000000073BDC000-memory.dmp

memory/1816-1049-0x00000000077A0000-0x00000000077AA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 6ef1ee07865201ee53d9998ed1ec394e
SHA1 d33f4b751c38a0bc6c20516ec3c131b17b72a68f
SHA256 ca596afc4b092d0fc06d63d64b8e98790e3246b975763b72bfd2c185dbf546a3
SHA512 13315a7f1defdba4284f7e7a2250f3757f693f2891ca221ff251b4fe517c91866929f1b6992aea92ca7cdc96bc91ecb62b68f0e766d6d6a8ff5fad7041dc91d7

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 65a472799d66d8e3263f298ad1033a78
SHA1 08002ebdecfe8a83a290356ff3a800c6e2a2792b
SHA256 71b0aa249ec8f8b8d89e84f41a47576326b3e3aeb13cfdf5baeb1e7a390cb50f
SHA512 903f23da96e56f1a7cfa3ecb1c8ae2a8c168c6ba0b187ea6466752f79d208518356dbe97cad1e42874ff35d2fdf0d10fe1930eabf1670feca4a22acb9dea8d4a

memory/3752-1053-0x00000000078C0000-0x00000000078EA000-memory.dmp

memory/1816-1055-0x0000000007810000-0x0000000007834000-memory.dmp

memory/3752-1054-0x00000000028A0000-0x00000000028B0000-memory.dmp

memory/2020-1056-0x00000000050F0000-0x0000000005100000-memory.dmp

memory/1816-1057-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/1816-1059-0x000000006C580000-0x000000006C8D4000-memory.dmp

memory/1816-1060-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/3752-1058-0x000000006C580000-0x000000006C8D4000-memory.dmp

memory/3752-1062-0x00000000028A0000-0x00000000028B0000-memory.dmp

memory/2020-1061-0x00000000050F0000-0x0000000005100000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 690f251ce8d3fb94946f1bf1a1182d92
SHA1 354efe811c20dd9dd17d1fa0dab3cbf97836b777
SHA256 07516f9eafd79c10e37c10c3ae633a7694eb33543d0488a2f233fd2a3f078e40
SHA512 a153d645e05a16c2f6496161ae92c7065fa661181a55deeab48d7f8d0af2049a3c6c595b17a36d75f30968a0bb88373a1c37eb750ae85e257a60e12c7e35ce47

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 1c86f6de278cdfc08d243a20b3262f08
SHA1 e8b78b846733a9677b33957c647614edd7a84d18
SHA256 a73b37ed3162d118b1e24d9844e69ffb5d6e01e43337bb34ca1a43270e65c692
SHA512 de2d0e64665fa65ad16a287c922add7b571c9ff0a14fd03cf59ca4057338be140b8395168bc03c545edcaf79b0933eedb01e27c693a3fb32f52179115d27cd9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 1c86f6de278cdfc08d243a20b3262f08
SHA1 e8b78b846733a9677b33957c647614edd7a84d18
SHA256 a73b37ed3162d118b1e24d9844e69ffb5d6e01e43337bb34ca1a43270e65c692
SHA512 de2d0e64665fa65ad16a287c922add7b571c9ff0a14fd03cf59ca4057338be140b8395168bc03c545edcaf79b0933eedb01e27c693a3fb32f52179115d27cd9f

C:\Users\Admin\AppData\Local\Programs\bluebook\resources\app-update.yml

MD5 e874af7a21ab440d77cd696b9ecfea29
SHA1 1eed6047c66c91834dc1f4ff74028eca08e21929
SHA256 4511d3a0293bf26467328b8413816f3f5fffc95c311cc2cccdaf2432e0d74943
SHA512 d0d57fd7de0a8edac70f2ddee60bc026076266a047f2d12ab698fb781388ad384df6f7c17a9541d279ba2f530333cf32b127ee28ffe84a74797b56218c8f7d42

C:\Users\Admin\AppData\Roaming\bluebook\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\bluebook\Network\TransportSecurity

MD5 e38d083949ea45b1fa836af2ecba2a54
SHA1 6e28ee76464864bb1d0a9150e24d3b5c0b2de408
SHA256 8e9a671377a0b61b4ef104f073dec40c20e7493e7949037719966569c3e3448f
SHA512 49401d59371198677655cc455a2ee1bcbcbbe75864ab71079001cabb295d8a456e939afe4589df2d4a38fa9929089d1b0e67ff98882abaa6e2328c433f029895

C:\Users\Admin\AppData\Roaming\bluebook\Network\TransportSecurity~RFe580952.TMP

MD5 95e476f7954ff6304a0ae5cbbb52dd56
SHA1 b20c7d22407edacea014a1201e9938ff8555dab5
SHA256 5c77148852df548a0d0e28c53126cecfd324e96c5dc043c28cfa6d086b6f33c3
SHA512 d65fb02eed46e28704c6016a91bdc4c9c6896da9fcee6be4b5864dfe18b5bf96c6306021bfc463f16335e4e0fdd68b1949a74ba027b9f1c42a87e8d86441b741

C:\Users\Admin\AppData\Roaming\bluebook\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\bluebook\Service Worker\ScriptCache\index-dir\the-real-index

MD5 bb040e038bcc0a3e65bf5f3313071f4c
SHA1 a6fd1a530e9d88b71588bd5bf4fd2ecd8695c925
SHA256 10275078af280eebf4564d939d78626625d350fbdd22e47e2d750458c850b065
SHA512 4068e5c1fdf9ce94d09c7bd53c01f7f9e4af351186995ca5c920d3631fdff145405fd5bc71bfc937f2a8ea2aa1a69d64e43d761fa21e2890ce300d469aae2379

C:\Users\Admin\AppData\Roaming\bluebook\Service Worker\ScriptCache\index-dir\the-real-index~RFe5831f8.TMP

MD5 94da3cb686a58e64757d41a7706fa8a8
SHA1 4f703fb6c0abd4394620b2232d109fe833d4fce4
SHA256 c3ca10d59ccce4707cef7380afff8ee3e82de2e1aebfd4c04a1f849626bcca63
SHA512 41fb95575faa4573bdb4072e5fc78c9b2468af8de6e6a84d28a58db9fb3cfce61210d43acddbaf8e7e513005d1316b992fa90a591ad911dd660ce5c3b2d5bf15

C:\Users\Admin\AppData\Roaming\bluebook\Service Worker\CacheStorage\a2d304792ac571bc0b1014f5174f68ee3185f28e\index.txt~RFe583217.TMP

MD5 c44f81e770906ee69db28d764a7132d0
SHA1 4ba42dae081f23e0b3055f9706f4572ff756c0d2
SHA256 81f32a5d3f0543d4a70ee5fddffd557439f3a7bcc428292513784b16fc8cd523
SHA512 1decc2648cfb8aa11fb17e623c1524b2b2e146baf5f7895fe2b712fe16fb7280a2c9c944f0c297676404567dd06ebf34d3af6d8aebbd27c9f4d161065f65c2a2

C:\Users\Admin\AppData\Roaming\bluebook\Service Worker\CacheStorage\a2d304792ac571bc0b1014f5174f68ee3185f28e\index.txt

MD5 3c50c4a7fd7ed3a02b740448fbdf8b1b
SHA1 092e46b8b2825691434eaa2dbeffd26192dde52e
SHA256 b4b461431a96921d562c72138fa2f67aef3aafc69420d358fd49b50908b949a7
SHA512 ba05c49ebb4a6174268d0b5f6869966dd90cb18c46471d5f6d2f90b4fd015a06d5452eda659fef51ce7e125bfb0cd8ce1af9eaaec09e547414984cd83371bcf3

C:\Users\Admin\AppData\Roaming\bluebook\Network\Network Persistent State~RFe587942.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\bluebook\Network\Network Persistent State

MD5 746f35397dcff28ed795994194725a38
SHA1 3f3b1b02e875f06d25d95f1d86945abeb58afa8b
SHA256 0d64675dae7d2bbe30c624e7a94f7d94924435e63cd34e7ea8360ce8a7a79ddc
SHA512 adbedf4f924b956611bb530925d980586b4c62e680c4e4c8fc159ede4e71107daeb711e0cb0e9b3fde2d4b2672b7557a0b4989d2693f8ae591b07d58023ad3c5