Malware Analysis Report

2025-08-06 00:52

Sample ID 230430-sw6jqaab49
Target VoidOfSpace_Stable.2.3.rar
SHA256 5638573bcee7723bde67101a9634c9902f6f0b2d7b398e14687dc3f5bc2666db
Tags
lumma redline infostealer stealer spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5638573bcee7723bde67101a9634c9902f6f0b2d7b398e14687dc3f5bc2666db

Threat Level: Known bad

The file VoidOfSpace_Stable.2.3.rar was found to be: Known bad.

Malicious Activity Summary

lumma redline infostealer stealer spyware

Detects Redline Stealer samples

Lumma Stealer

RedLine

Reads user/profile data of web browsers

Drops startup file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Enumerates physical storage devices

Runs ping.exe

Suspicious use of AdjustPrivilegeToken

Gathers network information

Suspicious use of WriteProcessMemory

Checks processor information in registry

Enumerates processes with tasklist

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-30 15:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-30 15:29

Reported

2023-04-30 15:32

Platform

win7-20230220-en

Max time kernel

28s

Max time network

34s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe"

Signatures

Detects Redline Stealer samples

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

RedLine

infostealer redline

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe

"C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe"

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nst1D62.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nst1D62.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\chrome_100_percent.pak

MD5 acd0fa0a90b43cd1c87a55a991b4fac3
SHA1 17b84e8d24da12501105b87452f86bfa5f9b1b3c
SHA256 ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
SHA512 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\chrome_200_percent.pak

MD5 4610337e3332b7e65b73a6ea738b47df
SHA1 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
SHA256 c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
SHA512 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\icudtl.dat

MD5 d89ce8c00659d8e5d408c696ee087ce3
SHA1 49fc8109960be3bb32c06c3d1256cb66dded19a8
SHA256 9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
SHA512 db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\libEGL.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\libGLESv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\LICENSES.chromium.html

MD5 312446edf757f7e92aad311f625cef2a
SHA1 91102d30d5abcfa7b6ec732e3682fb9c77279ba3
SHA256 c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b
SHA512 dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\resources.pak

MD5 7d5065ecba284ed704040fca1c821922
SHA1 095fcc890154a52ad1998b4b1e318f99b3e5d6b8
SHA256 a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f
SHA512 521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\snapshot_blob.bin

MD5 916127734bc7c5b0db478191a37fc19a
SHA1 f9d868c2578f14513fcb95e109aec795c98dbba3
SHA256 e19ed7fb96e19bb5bfe791df03561d654ea5d52021c3403a2652f439a8d77801
SHA512 d291b26568572d5777b036577ddf30c1b6c6c41e9d53ef2d8af735db001ea5c568371f3907fbffc02feee628f0f29afb718ae5deb32ff245a37947a7b1b9c297

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\v8_context_snapshot.bin

MD5 4f4d00247758c684c295243ddedd2948
SHA1 f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
SHA256 4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
SHA512 2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\af.pak

MD5 7e51349edc7e6aed122bfa00970fab80
SHA1 eb6df68501ecce2090e1af5837b5f15ac3a775eb
SHA256 f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97
SHA512 69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\bg.pak

MD5 a19269683a6347e07c55325b9ecc03a4
SHA1 d42989daf1c11fcfff0978a4fb18f55ec71630ec
SHA256 ad65351a240205e881ef5c4cf30ad1bc6b6e04414343583597086b62d48d8a24
SHA512 1660e487df3f3f4ec1cea81c73dca0ab86aaf121252fbd54c7ac091a43d60e1afd08535b082efd7387c12616672e78aa52dddfca01f833abef244284482f2c76

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\cs.pak

MD5 04a680847c4a66ad9f0a88fb9fb1fc7b
SHA1 2afcdf4234a9644fb128b70182f5a3df1ee05be1
SHA256 1cc44c5fbe1c0525df37c5b6267a677f79c9671f86eda75b6fc13abf5d5356eb
SHA512 3a8a409a3c34149a977dea8a4cb0e0822281aed2b0a75b02479c95109d7d51f6fb2c2772ccf1486ca4296a0ac2212094098f5ce6a1265fa6a7eb941c0cfef83e

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\es.pak

MD5 a36992d320a88002697da97cd6a4f251
SHA1 c1f88f391a40ccf2b8a7b5689320c63d6d42935f
SHA256 c5566b661675b613d69a507cbf98768bc6305b80e6893dc59651a4be4263f39d
SHA512 9719709229a4e8f63247b3efe004ecfeb5127f5a885234a5f78ee2b368f9e6c44eb68a071e26086e02aa0e61798b7e7b9311d35725d3409ffc0e740f3aa3b9b5

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\fi.pak

MD5 d4b776267efebdcb279162c213f3db22
SHA1 7236108af9e293c8341c17539aa3f0751000860a
SHA256 297e3647eaf9b3b95cf833d88239919e371e74cc345a2e48a5033ebe477cd54e
SHA512 1dc7d966d12e0104aacb300fd4e94a88587a347db35ad2327a046ef833fb354fd9cbe31720b6476db6c01cfcb90b4b98ce3cd995e816210b1438a13006624e8f

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\hr.pak

MD5 8f9498d18d90477ad24ea01a97370b08
SHA1 3868791b549fc7369ab90cd27684f129ebd628be
SHA256 846943f77a425f3885689dcf12d62951c5b7646e68eadc533b8b5c2a1373f02e
SHA512 3c66a84592debe522f26c48b55c04198ad8a16c0dcfa05816825656c76c1c6cccf5767b009f20ecb77d5a589ee44b0a0011ec197fec720168a6c72c71ebf77fd

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\lv.pak

MD5 e4f7d9e385cb525e762ece1aa243e818
SHA1 689d784379bac189742b74cd8700c687feeeded1
SHA256 523d141e59095da71a41c14aec8fe9ee667ae4b868e0477a46dd18a80b2007ef
SHA512 e4796134048cd12056d746f6b8f76d9ea743c61fee5993167f607959f11fd3b496429c3e61ed5464551fd1931de4878ab06f23a3788ee34bb56f53db25bcb6df

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\sk.pak

MD5 c6c7396dbfb989f034d50bd053503366
SHA1 089f176b88235cce5bca7abfcc78254e93296d61
SHA256 439f7d6c23217c965179898754edcef8fd1248bdd9b436703bf1ff710701117a
SHA512 1476963f47b45d2d26536706b7eeba34cfae124a3087f7727c4efe0f19610f94393012cda462060b1a654827e41f463d7226afa977654dcd85b27b7f8d1528eb

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\zh-TW.pak

MD5 524711882cbfb5b95a63ef48f884cff0
SHA1 1078037687cfc5d038eeb8b63d295239e0edc47a
SHA256 9e16499cd96a155d410c8df4c812c52ff2a750f8c4db87fd891c1e58c1428c78
SHA512 16d45a81f7f4606eda9d12a8b1da06e3c866b11bdc0c92a4022bfb8d02b885d8f028457cf23e3f7589dfd191ed7f7fbc68c81b6e1411834edfcbc9cc85e0dc4d

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\zh-CN.pak

MD5 20f315d38e3b2edc5832931e7770b62a
SHA1 2390bd585dec1e884873454bb98b6f1467dcf7bb
SHA256 53a803724bbf2e7f40aab860325c348f786eeca1ea5ca39a76b4c4a616e3233f
SHA512 c338e241de3561707c7c275b7d6e0fb16185a8cd7112057c08b74ffce122148ef693fe310c839ff93f102726a78e61de3e68c8e324f445a07a98ee9c4fdd4e13

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

\Users\Admin\AppData\Local\Temp\nst1D62.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\resources\app.asar

MD5 a42dd0974f64631df98a8915d61df624
SHA1 ba29b4c0bc6f7355c25dd250eb9d7b6c25b67628
SHA256 823398a4ee59260c3b5d0b7c951483fbca2d0891ac8e6dcada74dc359528b87e
SHA512 27189bff087b4c546a2e7f7f7cd6651f004538205196863a7261e1c2c7573cb5714ddd284445e1aec0f33f720de01d687e8408b90bf57670bea314ccfef2d8bf

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\vi.pak

MD5 3fe6f90f1f990aed508deda3810ce8c2
SHA1 3b86f00666d55e984b4aca1a5e8319ffa8f411ff
SHA256 5eebb23221aebcf0be01bfc2695f7dd35b17f6769be1e28e5610d35c9717854b
SHA512 9aa9d55f112c8b32aa636086cfd2161d97ea313cac1a44101014128124a03504c992ac8efd265aba4e91787aef7134a14507a600f5ec96ff82df950a8883828c

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\ur.pak

MD5 ff0a23974aef88afc86ecc806dbf1d60
SHA1 e7bae97cbb8692a0d106644dfaa9b7d7ea6fcef0
SHA256 f245ab242aafeef37db736c780476534fad0706aa66dcb8b6b8cd181b4778385
SHA512 aabe8160fac7e0eb8e8eb80963fe995fa4a802147d1b8f605bc0fe3f8e2474463c1d313471c11c85eb5578112232fdc8e89b8a6d43dbe38a328538ff30a78d08

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\uk.pak

MD5 ee70e9f3557b9c8c67bfb8dfcb51384d
SHA1 fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e
SHA256 54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22
SHA512 f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\tr.pak

MD5 3a858619502c68d5f7de599060f96db9
SHA1 80a66d9b5f1e04cda19493ffc4a2f070200e0b62
SHA256 d81f28f69da0036f9d77242b2a58b4a76f0d5c54b3e26ee96872ac54d7abb841
SHA512 39a7ec0dfe62bcb3f69ce40100e952517b5123f70c70b77b4c9be3d98296772f10d3083276bc43e1db66ed4d9bfa385a458e829ca2a7d570825d7a69e8fbb5f4

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\th.pak

MD5 2c41616dfe7fcdb4913cfafe5d097f95
SHA1 cf7d9e8ad3aa47d683e47f116528c0e4a9a159b0
SHA256 f11041c48831c93aa11bbf885d330739a33a42db211daccf80192668e2186ed3
SHA512 97329717e11bc63456c56022a7b7f5da730da133e3fc7b2cc660d63a955b1a639c556b857c039a004f92e5f35be61bf33c035155be0a361e3cd6d87b549df811

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\te.pak

MD5 f809bf5184935c74c8e7086d34ea306c
SHA1 709ab3decff033cf2fa433ecc5892a7ac2e3752e
SHA256 9bbfa7a9f2116281bf0af1e8ffb279d1aa97ac3ed9ebc80c3ade19e922d7e2d4
SHA512 de4b14dd6018fdbdf5033abda4da2cb9f5fcf26493788e35d88c07a538b84fdd663ee20255dfd9c1aac201f0cce846050d2925c55bf42d4029cb78b057930acd

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\ta.pak

MD5 7006691481966109cce413f48a349ff2
SHA1 6bd243d753cf66074359abe28cfae75bcedd2d23
SHA256 24ea4028da66a293a43d27102012235198f42a1e271fe568c7fd78490a3ee647
SHA512 e12c0d1792a28bf4885e77185c2a0c5386438f142275b8f77317eb8a5cee994b3241bb264d9502d60bfbce9cf8b3b9f605c798d67819259f501719d054083bea

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\sw.pak

MD5 39277ae2d91fdc1bd38bea892b388485
SHA1 ff787fb0156c40478d778b2a6856ad7b469bd7cb
SHA256 6d6d095a1b39c38c273be35cd09eb1914bd3a53f05180a3b3eb41a81ae31d5d3
SHA512 be2d8fbedaa957f0c0823e7beb80de570edd0b8e7599cf8f2991dc671bdcbbbe618c15b36705d83be7b6e9a0d32ec00f519fc8543b548422ca8dcf07c0548ab4

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\sv.pak

MD5 502e4a8b3301253abe27c4fd790fbe90
SHA1 17abcd7a84da5f01d12697e0dffc753ffb49991a
SHA256 7d72e3adb35e13ec90f2f4271ad2a9b817a2734da423d972517f3cff299165fd
SHA512 bd270abaf9344c96b0f63fc8cec04f0d0ac9fc343ab5a80f5b47e4b13b8b1c0c4b68f19550573a1d965bb18a27edf29f5dd592944d754b80ea9684dbcedea822

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\sr.pak

MD5 cbb817a58999d754f99582b72e1ae491
SHA1 6ec3fd06dee0b1fe5002cb0a4fe8ec533a51f9fd
SHA256 4bd7e466cb5f5b0a451e1192aa1abaaf9526855a86d655f94c9ce2183ec80c25
SHA512 efef29cedb7b08d37f9df1705d36613f423e994a041b137d5c94d2555319ffb068bb311884c9d4269b0066746dacd508a7d01df40a8561590461d5f02cb52f8b

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\sl.pak

MD5 d4bd9f20fd29519d6b017067e659442c
SHA1 782283b65102de4a0a61b901dea4e52ab6998f22
SHA256 f33afa6b8df235b09b84377fc3c90403c159c87edd8cd8004b7f6edd65c85ce6
SHA512 adf8d8ec17e8b05771f47b19e8027f88237ad61bca42995f424c1f5bd6efa92b23c69d363264714c1550b9cd0d03f66a7cfb792c3fbf9d5c173175b0a8c039dc

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\ru.pak

MD5 ab9902025dcf7d5408bf6377b046272b
SHA1 c9496e5af3e2a43377290a4883c0555e27b1f10f
SHA256 983b15dcc31d0e9a3da78cd6021e5add2a3c2247322aded9454a5d148d127aae
SHA512 d255d5f5b6b09af2cdec7b9c171eebb1de1094cc5b4ddf43a3d4310f8f5f223ac48b8da97a07764d1b44f1d4a14fe3a0c92a0ce6fe9a4ae9a6b4a342e038f842

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\ro.pak

MD5 99eaa3d101354088379771fd85159de1
SHA1 a32db810115d6dcf83a887e71d5b061b5eefe41f
SHA256 33f4c20f7910bc3e636bc3bec78f4807685153242dd4bc77648049772cf47423
SHA512 c6f87da1b5c156aa206dc21a9da3132cbfb0e12e10da7dc3b60363089de9e0124bbad00a233e61325348223fc5953d4f23e46fe47ec8e7ca07702ac73f3fd2e9

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\pt-PT.pak

MD5 6a7232f316358d8376a1667426782796
SHA1 8b70fe0f3ab2d73428f19ecd376c5deba4a0bb6c
SHA256 6a526cd5268b80df24104a7f40f55e4f1068185febbbb5876ba2cb7f78410f84
SHA512 40d24b3d01e20ae150083b00bb6e10bca81737c48219bce22fa88faaad85bdc8c56ac9b1eb01854173b0ed792e34bdfbac26d3605b6a35c14cf2824c000d0da1

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\pt-BR.pak

MD5 0d9dea9e24645c2a3f58e4511c564a36
SHA1 dcd2620a1935c667737eea46ca7bb2bdcb31f3a6
SHA256 ca7b880391fcd319e976fcc9b5780ea71de655492c4a52448c51ab2170eeef3b
SHA512 8fcf871f8be7727e2368df74c05ca927c5f0bc3484c4934f83c0abc98ecaf774ad7aba56e1bf17c92b1076c0b8eb9c076cc949cd5427efcade9ddf14f6b56bc5

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\pl.pak

MD5 18d49d5376237bb8a25413b55751a833
SHA1 0b47a7381de61742ac2184850822c5fa2afa559e
SHA256 1729aa5c8a7e24a0db98febcc91df8b7b5c16f9b6bb13a2b0795038f2a14b981
SHA512 45344a533cc35c8ce05cf29b11da6c0f97d8854dae46cf45ef7d090558ef95c3bd5fdc284d9a7809f0b2bf30985002be2aa6a4749c0d9ae9bdff4ad13de4e570

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\nl.pak

MD5 181d2a0ece4b67281d9d2323e9b9824d
SHA1 e8bdc53757e96c12f3cd256c7812532dd524a0ea
SHA256 6629e68c457806621ed23aa53b3675336c3e643f911f8485118a412ef9ed14ce
SHA512 10d8cc9411ca475c9b659a2cc88d365e811217d957c82d9c144d94843bc7c7a254ee2451a6f485e92385a660fa01577cffa0d64b6e9e658a87bef8fccbbeaf7e

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\nb.pak

MD5 af0fd9179417ba1d7fcca3cc5bee1532
SHA1 f746077bbf6a73c6de272d5855d4f1ca5c3af086
SHA256 e900f6d0dd9d5a05b5297618f1fe1600c189313da931a9cb390ee42383eb070f
SHA512 c94791d6b84200b302073b09357abd2a1d7576b068bae01dccda7bc154a6487145c83c9133848ccf4cb9e6dc6c5a9d4be9d818e5a0c8f440a4e04ae8eabd4a29

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\ms.pak

MD5 9b3e2f3c49897228d51a324ab625eb45
SHA1 8f3daec46e9a99c3b33e3d0e56c03402ccc52b9d
SHA256 61a3daae72558662851b49175c402e9fe6fd1b279e7b9028e49506d9444855c5
SHA512 409681829a861cd4e53069d54c80315e0c8b97e5db4cd74985d06238be434a0f0c387392e3f80916164898af247d17e8747c6538f08c0ef1c5e92a7d1b14f539

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\mr.pak

MD5 c0ef1866167d926fb351e9f9bf13f067
SHA1 6092d04ef3ce62be44c29da5d0d3a04985e2bc04
SHA256 88df231cf2e506db3453f90a797194662a5f85e23bbac2ed3169d91a145d2091
SHA512 9e2b90f3ac1ae5744c22c2442fbcd86a8496afc2c58f6ca060d6dbb08af6f7411ef910a7c8ca5aedee99b5443d4dff709c7935e8322cb32f8b071ee59caee733

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\ml.pak

MD5 8b38c65fc30210c7af9b6fa0424266f4
SHA1 116413710ffcf94fbfa38cb97a47731e43a306f5
SHA256 e8df9a74417c5839c531d7ccab63884a80afb731cc62cbbb3fd141779086ac7d
SHA512 0fd349c644ac1a2e7ed0247e40900d3a9957f5bef1351b872710d02687c934a8e63d3a7585e91f7df78054aeff8f7abd8c93a94fcd20c799779a64278bab2097

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\lt.pak

MD5 980c27fd74cc3560b296fe8e7c77d51f
SHA1 f581efa1b15261f654588e53e709a2692d8bb8a3
SHA256 41e0f3619cda3b00abbbf07b9cd64ec7e4785ed4c8a784c928e582c3b6b8b7db
SHA512 51196f6f633667e849ef20532d57ec81c5f63bab46555cea8fab2963a078acdfa84843eded85c3b30f49ef3ceb8be9e4ef8237e214ef9ecff6373a84d395b407

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\ko.pak

MD5 b4fbff56e4974a7283d564c6fc0365be
SHA1 de68bd097def66d63d5ff04046f3357b7b0e23ac
SHA256 8c9acde13edcd40d5b6eb38ad179cc27aa3677252a9cd47990eba38ad42833e5
SHA512 0698aa058561bb5a8fe565bb0bec21548e246dbb9d38f6010e9b0ad9de0f59bce9e98841033ad3122a163dd321ee4b11ed191277cdcb8e0b455d725593a88aa5

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\kn.pak

MD5 c548a5f1fb5753408e44f3f011588594
SHA1 e064ab403972036dad1b35abe9794e95dbe4cc00
SHA256 890f50a57b862f482d367713201e1e559ac778fc3a36322d1dfbbef2535dd9cb
SHA512 6975e4bb1a90e0906cf6266f79da6cc4ae32f72a6141943bcfcf9b33f791e9751a9aafde9ca537f33f6ba8e4d697125fbc2ec4ffd3bc35851f406567dae7e631

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\ja.pak

MD5 d10d536bcd183030ba07ff5c61bf5e3a
SHA1 44dd78dba9f098ac61222eb9647d111ad1608960
SHA256 2a3d3abc9f80bad52bd6da5769901e7b9e9f052b6a58a7cc95ce16c86a3aa85a
SHA512 c67aede9ded1100093253e350d6137ab8b2a852bd84b6c82ba1853f792e053cecd0ea0519319498aed5759bedc66d75516a4f2f7a07696a0cef24d5f34ef9dd2

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\it.pak

MD5 d58a43068bf847c7cd6284742c2f7823
SHA1 497389765143fac48af2bd7f9a309bfe65f59ed9
SHA256 265d8b1bc479ad64fa7a41424c446139205af8029a2469d558813edd10727f9c
SHA512 547a1581dda28c5c1a0231c736070d8a7b53a085a0ce643a4a1510c63a2d4670ff2632e9823cd25ae2c7cdc87fa65883e0a193853890d4415b38056cb730ab54

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\id.pak

MD5 7b39423028da71b4e776429bb4f27122
SHA1 cb052ab5f734d7a74a160594b25f8a71669c38f2
SHA256 3d95c5819f57a0ad06a118a07e0b5d821032edcf622df9b10a09da9aa974885f
SHA512 e40679b01ab14b6c8dfdce588f3b47bcaff55dbb1539b343f611b3fcbd1d0e7d8c347a2b928215a629f97e5f68d19c51af775ec27c6f906cac131beae646ce1a

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\hu.pak

MD5 f5e1ca8a14c75c6f62d4bff34e27ddb5
SHA1 7aba6bff18bdc4c477da603184d74f054805c78f
SHA256 c0043d9fa0b841da00ec1672d60015804d882d4765a62b6483f2294c3c5b83e0
SHA512 1050f96f4f79f681b3eaf4012ec0e287c5067b75ba7a2cbe89d9b380c07698099b156a0eb2cbc5b8aa336d2daa98e457b089935b534c4d6636987e7e7e32b169

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\hi.pak

MD5 1766a05be4dc634b3321b5b8a142c671
SHA1 b959bcadc3724ae28b5fe141f3b497f51d1e28cf
SHA256 0eee8e751b5b0af1e226106beb09477634f9f80774ff30894c0f5a12b925ac35
SHA512 faec1d6166133674a56b5e38a68f9e235155cc910b5cceb3985981b123cc29eda4cd60b9313ab787ec0a8f73bf715299d9bf068e4d52b766a7ab8808bd146a39

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\he.pak

MD5 6d787dc113adfb6a539674af7d6195db
SHA1 f966461049d54c61cdd1e48ef1ea0d3330177768
SHA256 a976fad1cc4eb29709018c5ffcc310793a7ceb2e69c806454717ccae9cbc4d21
SHA512 6748dad2813fc544b50ddea0481b5ace3eb5055fb2d985ca357403d3b799618d051051b560c4151492928d6d40fce9bb33b167217c020bdcc3ed4cae58f6b676

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\gu.pak

MD5 7b5f52f72d3a93f76337d5cf3168ebd1
SHA1 00d444b5a7f73f566e98abadf867e6bb27433091
SHA256 798ea5d88a57d1d78fa518bf35c5098cbeb1453d2cb02ef98cd26cf85d927707
SHA512 10c6f4faab8ccb930228c1d9302472d0752be19af068ec5917249675b40f22ab24c3e29ec3264062826113b966c401046cff70d91e7e05d8aadcc0b4e07fec9b

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\fr.pak

MD5 0bf28aff31e8887e27c4cd96d3069816
SHA1 b5313cf6b5fbce7e97e32727a3fae58b0f2f5e97
SHA256 2e1d413442def9cae2d93612e3fd04f3afaf3dd61e4ed7f86400d320af5500c2
SHA512 95172b3b1153b31fceb4b53681635a881457723cd1000562463d2f24712267b209b3588c085b89c985476c82d9c27319cb6378619889379da4fae1595cb11992

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\fil.pak

MD5 3165351c55e3408eaa7b661fa9dc8924
SHA1 181bee2a96d2f43d740b865f7e39a1ba06e2ca2b
SHA256 2630a9d5912c8ef023154c6a6fb5c56faf610e1e960af66abef533af19b90caa
SHA512 3b1944ea3cfcbe98d4ce390ea3a8ff1f6730eb8054e282869308efe91a9ddcd118290568c1fc83bd80e8951c4e70a451e984c27b400f2bde8053ea25b9620655

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\fa.pak

MD5 9d273af70eafd1b5d41f157dbfb94fdc
SHA1 da98bde34b59976d4514ff518bd977a713ea4f2e
SHA256 319d1e20150d4e3f496309ba82fce850e91378ee4b0c7119a003a510b14f878b
SHA512 0a892071bea92cc7f1a914654bc4f9da6b9c08e3cb29bb41e9094f6120ddc7a08a257c0d2b475c98e7cdcf604830e582cf2a538cc184056207f196ffc43f29ad

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\et.pak

MD5 a94e1775f91ea8622f82ae5ab5ba6765
SHA1 ff17accdd83ac7fcc630e9141e9114da7de16fdb
SHA256 1606b94aef97047863481928624214b7e0ec2f1e34ec48a117965b928e009163
SHA512 a2575d2bd50494310e8ef9c77d6c1749420dfbe17a91d724984df025c47601976af7d971ecae988c99723d53f240e1a6b3b7650a17f3b845e3daeefaaf9fe9b9

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\es-419.pak

MD5 7f6696cc1e71f84d9ec24e9dc7bd6345
SHA1 36c1c44404ee48fc742b79173f2c7699e1e0301f
SHA256 d1f17508f3a0106848c48a240d49a943130b14bd0feb5ed7ae89605c7b7017d1
SHA512 b226f94f00978f87b7915004a13cdbd23de2401a8afaa2517498538967df89b735f8ecc46870c92e3022cac795218a60ad2b8fff1efad9feea4ec193704a568a

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\en-US.pak

MD5 5e3813e616a101e4a169b05f40879a62
SHA1 615e4d94f69625dda81dfaec7f14e9ee320a2884
SHA256 4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687
SHA512 764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\en-GB.pak

MD5 d59e613e8f17bdafd00e0e31e1520d1f
SHA1 529017d57c4efed1d768ab52e5a2bc929fdfb97c
SHA256 90e585f101cf0bb77091a9a9a28812694cee708421ce4908302bbd1bc24ac6fd
SHA512 29ff3d42e5d0229f3f17bc0ed6576c147d5c61ce2bd9a2e658a222b75d993230de3ce35ca6b06f5afa9ea44cfc67817a30a87f4faf8dc3a5c883b6ee30f87210

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\el.pak

MD5 9528d21e8a3f5bad7ca273999012ebe8
SHA1 58cd673ce472f3f2f961cf8b69b0c8b8c01d457c
SHA256 e79c1e7a47250d88581e8e3baf78dcaf31fe660b74a1e015be0f4bafdfd63e12
SHA512 165822c49ce0bdb82f3c3221e6725dac70f53cfdad722407a508fa29605bc669fb5e5070f825f02d830e0487b28925644438305372a366a3d60b55da039633d7

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\de.pak

MD5 8e6654b89ed4c1dc02e1e2d06764805a
SHA1 ff660bc85bb4a0fa3b2637050d2b2d1aecc37ad8
SHA256 61cbce9a31858ddf70cc9b0c05fb09ce7032bfb8368a77533521722465c57475
SHA512 5ac71eda16f07f3f2b939891eda2969c443440350fd88ab3a9b3180b8b1a3ecb11e79e752cf201f21b3dbfba00bcc2e4f796f347e6137a165c081e86d970ee61

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\da.pak

MD5 1a53d374b9c37f795a462aac7a3f118f
SHA1 154be9cf05042eced098a20ff52fa174798e1fea
SHA256 d0c38eb889ee27d81183a0535762d8ef314f0fdeb90ccca9176a0ce9ab09b820
SHA512 395279c9246bd30a0e45d775d9f9c36353bd11d9463282661c2abd876bdb53be9c9b617bb0c2186592cd154e9353ea39e3feed6b21a07b6850ab8ecd57e1ed29

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\ca.pak

MD5 d259469e94f2adf54380195555154518
SHA1 d69060bbe8e765ca4dc1f7d7c04c3c53c44b8ab5
SHA256 f98b7442befc285398a5dd6a96740cba31d2f5aadadd4d5551a05712d693029b
SHA512 d0bd0201acf4f7daa84e89aa484a3dec7b6a942c3115486716593213be548657ad702ef2bc1d3d95a4a56b0f6e7c33d5375f41d6a863e4ce528f2bd6a318240e

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\bn.pak

MD5 5cdd07fa357c846771058c2db67eb13b
SHA1 deb87fc5c13da03be86f67526c44f144cc65f6f6
SHA256 01c830b0007b8ce6aca46e26d812947c3df818927b826f7d8c5ffd0008a32384
SHA512 2ac29a3aa3278bd9a8fe1ba28e87941f719b14fbf8b52e0b7dc9d66603c9c147b9496bf7be4d9e3aa0231c024694ef102dcc094c80c42be5d68d3894c488098c

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\ar.pak

MD5 47a6d10b4112509852d4794229c0a03b
SHA1 2fb49a0b07fbdf8d4ce51a7b5a7f711f47a34951
SHA256 857fe3ab766b60a8d82b7b6043137e3a7d9f5cfb8ddd942316452838c67d0495
SHA512 5f5b280261195b8894efae9df2bece41c6c6a72199d65ba633c30d50a579f95fa04916a30db77831f517b22449196d364d6f70d10d6c5b435814184b3bcf1667

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\7z-out\locales\am.pak

MD5 2009647c3e7aed2c4c6577ee4c546e19
SHA1 e2bbacf95ec3695daae34835a8095f19a782cbcf
SHA256 6d61e5189438f3728f082ad6f694060d7ee8e571df71240dfd5b77045a62954e
SHA512 996474d73191f2d550c516ed7526c9e2828e2853fcfbe87ca69d8b1242eb0dedf04030bbca3e93236bbd967d39de7f9477c73753af263816faf7d4371f363ba3

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nst1D62.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Analysis: behavioral3

Detonation Overview

Submitted

2023-04-30 15:29

Reported

2023-04-30 15:32

Platform

win10v2004-20230220-en

Max time kernel

105s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe"

Signatures

Detects Redline Stealer samples

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

RedLine

infostealer redline

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ping.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 820 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 820 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 820 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3844 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3844 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 4324 wrote to memory of 3428 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 4324 wrote to memory of 3428 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 4324 wrote to memory of 3428 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3844 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3844 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3844 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 1248 wrote to memory of 2452 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1248 wrote to memory of 2452 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1248 wrote to memory of 2452 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 3844 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3844 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3844 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3620 wrote to memory of 3320 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3620 wrote to memory of 3320 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3620 wrote to memory of 3320 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3844 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3844 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3844 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3988 wrote to memory of 3980 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 3988 wrote to memory of 3980 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 3988 wrote to memory of 3980 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 3980 wrote to memory of 4716 N/A C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\cmd.exe
PID 3980 wrote to memory of 4716 N/A C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe

"C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe"

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "chcp"

C:\Windows\SysWOW64\chcp.com

chcp

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xidxaxbnnenmrnel" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=1908,i,8457507328021492912,6354173399802945263,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xidxaxbnnenmrnel" --mojo-platform-channel-handle=2204 --field-trial-handle=1908,i,8457507328021492912,6354173399802945263,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netstat -r"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -r

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print

C:\Windows\SysWOW64\ROUTE.EXE

C:\Windows\system32\route.exe print

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netstat -nao"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\ping.exe

ping 8.8.8.8 -n 1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -nao

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\system32\netsh.exe" wlan show networks mode=Bssid

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netstat -r"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -r

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print

C:\Windows\SysWOW64\ROUTE.EXE

C:\Windows\system32\route.exe print

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netsh lan show profiles"

C:\Windows\SysWOW64\netsh.exe

netsh lan show profiles

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "ipconfig /all"

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /all

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 93.184.220.29:80 tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 40.125.122.176:443 tcp
US 20.189.173.12:443 tcp
NL 8.238.20.126:80 tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 131.253.33.203:80 tcp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 40.125.122.176:443 tcp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 doenerium.kqnfkpoccicxiudstqonfotuwsrhuxkwhqjjfsbjhonoubrccy.nl udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 188.114.97.0:443 doenerium.kqnfkpoccicxiudstqonfotuwsrhuxkwhqjjfsbjhonoubrccy.nl tcp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 0.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 40.125.122.176:443 tcp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 canary.discord.com udp
US 8.8.8.8:53 doenerium.bbynetwork.nl udp
US 162.159.136.232:443 canary.discord.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 104.21.60.146:443 doenerium.bbynetwork.nl tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 146.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 apiv2.gofile.io udp
FR 51.38.43.18:443 apiv2.gofile.io tcp
US 8.8.8.8:53 store5.gofile.io udp
FR 31.14.70.246:443 store5.gofile.io tcp
US 104.21.60.146:443 doenerium.bbynetwork.nl tcp
US 162.159.136.232:443 canary.discord.com tcp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
US 8.8.8.8:53 246.70.14.31.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\chrome_100_percent.pak

MD5 acd0fa0a90b43cd1c87a55a991b4fac3
SHA1 17b84e8d24da12501105b87452f86bfa5f9b1b3c
SHA256 ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
SHA512 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\chrome_200_percent.pak

MD5 4610337e3332b7e65b73a6ea738b47df
SHA1 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
SHA256 c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
SHA512 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\icudtl.dat

MD5 d89ce8c00659d8e5d408c696ee087ce3
SHA1 49fc8109960be3bb32c06c3d1256cb66dded19a8
SHA256 9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
SHA512 db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\libEGL.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\LICENSES.chromium.html

MD5 312446edf757f7e92aad311f625cef2a
SHA1 91102d30d5abcfa7b6ec732e3682fb9c77279ba3
SHA256 c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b
SHA512 dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\libGLESv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\resources.pak

MD5 7d5065ecba284ed704040fca1c821922
SHA1 095fcc890154a52ad1998b4b1e318f99b3e5d6b8
SHA256 a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f
SHA512 521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\v8_context_snapshot.bin

MD5 4f4d00247758c684c295243ddedd2948
SHA1 f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
SHA256 4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
SHA512 2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\snapshot_blob.bin

MD5 916127734bc7c5b0db478191a37fc19a
SHA1 f9d868c2578f14513fcb95e109aec795c98dbba3
SHA256 e19ed7fb96e19bb5bfe791df03561d654ea5d52021c3403a2652f439a8d77801
SHA512 d291b26568572d5777b036577ddf30c1b6c6c41e9d53ef2d8af735db001ea5c568371f3907fbffc02feee628f0f29afb718ae5deb32ff245a37947a7b1b9c297

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\ar.pak

MD5 47a6d10b4112509852d4794229c0a03b
SHA1 2fb49a0b07fbdf8d4ce51a7b5a7f711f47a34951
SHA256 857fe3ab766b60a8d82b7b6043137e3a7d9f5cfb8ddd942316452838c67d0495
SHA512 5f5b280261195b8894efae9df2bece41c6c6a72199d65ba633c30d50a579f95fa04916a30db77831f517b22449196d364d6f70d10d6c5b435814184b3bcf1667

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\cs.pak

MD5 04a680847c4a66ad9f0a88fb9fb1fc7b
SHA1 2afcdf4234a9644fb128b70182f5a3df1ee05be1
SHA256 1cc44c5fbe1c0525df37c5b6267a677f79c9671f86eda75b6fc13abf5d5356eb
SHA512 3a8a409a3c34149a977dea8a4cb0e0822281aed2b0a75b02479c95109d7d51f6fb2c2772ccf1486ca4296a0ac2212094098f5ce6a1265fa6a7eb941c0cfef83e

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\ca.pak

MD5 d259469e94f2adf54380195555154518
SHA1 d69060bbe8e765ca4dc1f7d7c04c3c53c44b8ab5
SHA256 f98b7442befc285398a5dd6a96740cba31d2f5aadadd4d5551a05712d693029b
SHA512 d0bd0201acf4f7daa84e89aa484a3dec7b6a942c3115486716593213be548657ad702ef2bc1d3d95a4a56b0f6e7c33d5375f41d6a863e4ce528f2bd6a318240e

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\bn.pak

MD5 5cdd07fa357c846771058c2db67eb13b
SHA1 deb87fc5c13da03be86f67526c44f144cc65f6f6
SHA256 01c830b0007b8ce6aca46e26d812947c3df818927b826f7d8c5ffd0008a32384
SHA512 2ac29a3aa3278bd9a8fe1ba28e87941f719b14fbf8b52e0b7dc9d66603c9c147b9496bf7be4d9e3aa0231c024694ef102dcc094c80c42be5d68d3894c488098c

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\bg.pak

MD5 a19269683a6347e07c55325b9ecc03a4
SHA1 d42989daf1c11fcfff0978a4fb18f55ec71630ec
SHA256 ad65351a240205e881ef5c4cf30ad1bc6b6e04414343583597086b62d48d8a24
SHA512 1660e487df3f3f4ec1cea81c73dca0ab86aaf121252fbd54c7ac091a43d60e1afd08535b082efd7387c12616672e78aa52dddfca01f833abef244284482f2c76

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\am.pak

MD5 2009647c3e7aed2c4c6577ee4c546e19
SHA1 e2bbacf95ec3695daae34835a8095f19a782cbcf
SHA256 6d61e5189438f3728f082ad6f694060d7ee8e571df71240dfd5b77045a62954e
SHA512 996474d73191f2d550c516ed7526c9e2828e2853fcfbe87ca69d8b1242eb0dedf04030bbca3e93236bbd967d39de7f9477c73753af263816faf7d4371f363ba3

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\af.pak

MD5 7e51349edc7e6aed122bfa00970fab80
SHA1 eb6df68501ecce2090e1af5837b5f15ac3a775eb
SHA256 f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97
SHA512 69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\de.pak

MD5 8e6654b89ed4c1dc02e1e2d06764805a
SHA1 ff660bc85bb4a0fa3b2637050d2b2d1aecc37ad8
SHA256 61cbce9a31858ddf70cc9b0c05fb09ce7032bfb8368a77533521722465c57475
SHA512 5ac71eda16f07f3f2b939891eda2969c443440350fd88ab3a9b3180b8b1a3ecb11e79e752cf201f21b3dbfba00bcc2e4f796f347e6137a165c081e86d970ee61

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\en-GB.pak

MD5 d59e613e8f17bdafd00e0e31e1520d1f
SHA1 529017d57c4efed1d768ab52e5a2bc929fdfb97c
SHA256 90e585f101cf0bb77091a9a9a28812694cee708421ce4908302bbd1bc24ac6fd
SHA512 29ff3d42e5d0229f3f17bc0ed6576c147d5c61ce2bd9a2e658a222b75d993230de3ce35ca6b06f5afa9ea44cfc67817a30a87f4faf8dc3a5c883b6ee30f87210

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\es-419.pak

MD5 7f6696cc1e71f84d9ec24e9dc7bd6345
SHA1 36c1c44404ee48fc742b79173f2c7699e1e0301f
SHA256 d1f17508f3a0106848c48a240d49a943130b14bd0feb5ed7ae89605c7b7017d1
SHA512 b226f94f00978f87b7915004a13cdbd23de2401a8afaa2517498538967df89b735f8ecc46870c92e3022cac795218a60ad2b8fff1efad9feea4ec193704a568a

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\ja.pak

MD5 d10d536bcd183030ba07ff5c61bf5e3a
SHA1 44dd78dba9f098ac61222eb9647d111ad1608960
SHA256 2a3d3abc9f80bad52bd6da5769901e7b9e9f052b6a58a7cc95ce16c86a3aa85a
SHA512 c67aede9ded1100093253e350d6137ab8b2a852bd84b6c82ba1853f792e053cecd0ea0519319498aed5759bedc66d75516a4f2f7a07696a0cef24d5f34ef9dd2

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\it.pak

MD5 d58a43068bf847c7cd6284742c2f7823
SHA1 497389765143fac48af2bd7f9a309bfe65f59ed9
SHA256 265d8b1bc479ad64fa7a41424c446139205af8029a2469d558813edd10727f9c
SHA512 547a1581dda28c5c1a0231c736070d8a7b53a085a0ce643a4a1510c63a2d4670ff2632e9823cd25ae2c7cdc87fa65883e0a193853890d4415b38056cb730ab54

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\id.pak

MD5 7b39423028da71b4e776429bb4f27122
SHA1 cb052ab5f734d7a74a160594b25f8a71669c38f2
SHA256 3d95c5819f57a0ad06a118a07e0b5d821032edcf622df9b10a09da9aa974885f
SHA512 e40679b01ab14b6c8dfdce588f3b47bcaff55dbb1539b343f611b3fcbd1d0e7d8c347a2b928215a629f97e5f68d19c51af775ec27c6f906cac131beae646ce1a

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\hu.pak

MD5 f5e1ca8a14c75c6f62d4bff34e27ddb5
SHA1 7aba6bff18bdc4c477da603184d74f054805c78f
SHA256 c0043d9fa0b841da00ec1672d60015804d882d4765a62b6483f2294c3c5b83e0
SHA512 1050f96f4f79f681b3eaf4012ec0e287c5067b75ba7a2cbe89d9b380c07698099b156a0eb2cbc5b8aa336d2daa98e457b089935b534c4d6636987e7e7e32b169

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\hr.pak

MD5 8f9498d18d90477ad24ea01a97370b08
SHA1 3868791b549fc7369ab90cd27684f129ebd628be
SHA256 846943f77a425f3885689dcf12d62951c5b7646e68eadc533b8b5c2a1373f02e
SHA512 3c66a84592debe522f26c48b55c04198ad8a16c0dcfa05816825656c76c1c6cccf5767b009f20ecb77d5a589ee44b0a0011ec197fec720168a6c72c71ebf77fd

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\hi.pak

MD5 1766a05be4dc634b3321b5b8a142c671
SHA1 b959bcadc3724ae28b5fe141f3b497f51d1e28cf
SHA256 0eee8e751b5b0af1e226106beb09477634f9f80774ff30894c0f5a12b925ac35
SHA512 faec1d6166133674a56b5e38a68f9e235155cc910b5cceb3985981b123cc29eda4cd60b9313ab787ec0a8f73bf715299d9bf068e4d52b766a7ab8808bd146a39

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\he.pak

MD5 6d787dc113adfb6a539674af7d6195db
SHA1 f966461049d54c61cdd1e48ef1ea0d3330177768
SHA256 a976fad1cc4eb29709018c5ffcc310793a7ceb2e69c806454717ccae9cbc4d21
SHA512 6748dad2813fc544b50ddea0481b5ace3eb5055fb2d985ca357403d3b799618d051051b560c4151492928d6d40fce9bb33b167217c020bdcc3ed4cae58f6b676

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\gu.pak

MD5 7b5f52f72d3a93f76337d5cf3168ebd1
SHA1 00d444b5a7f73f566e98abadf867e6bb27433091
SHA256 798ea5d88a57d1d78fa518bf35c5098cbeb1453d2cb02ef98cd26cf85d927707
SHA512 10c6f4faab8ccb930228c1d9302472d0752be19af068ec5917249675b40f22ab24c3e29ec3264062826113b966c401046cff70d91e7e05d8aadcc0b4e07fec9b

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\fr.pak

MD5 0bf28aff31e8887e27c4cd96d3069816
SHA1 b5313cf6b5fbce7e97e32727a3fae58b0f2f5e97
SHA256 2e1d413442def9cae2d93612e3fd04f3afaf3dd61e4ed7f86400d320af5500c2
SHA512 95172b3b1153b31fceb4b53681635a881457723cd1000562463d2f24712267b209b3588c085b89c985476c82d9c27319cb6378619889379da4fae1595cb11992

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\kn.pak

MD5 c548a5f1fb5753408e44f3f011588594
SHA1 e064ab403972036dad1b35abe9794e95dbe4cc00
SHA256 890f50a57b862f482d367713201e1e559ac778fc3a36322d1dfbbef2535dd9cb
SHA512 6975e4bb1a90e0906cf6266f79da6cc4ae32f72a6141943bcfcf9b33f791e9751a9aafde9ca537f33f6ba8e4d697125fbc2ec4ffd3bc35851f406567dae7e631

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\ko.pak

MD5 b4fbff56e4974a7283d564c6fc0365be
SHA1 de68bd097def66d63d5ff04046f3357b7b0e23ac
SHA256 8c9acde13edcd40d5b6eb38ad179cc27aa3677252a9cd47990eba38ad42833e5
SHA512 0698aa058561bb5a8fe565bb0bec21548e246dbb9d38f6010e9b0ad9de0f59bce9e98841033ad3122a163dd321ee4b11ed191277cdcb8e0b455d725593a88aa5

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\fil.pak

MD5 3165351c55e3408eaa7b661fa9dc8924
SHA1 181bee2a96d2f43d740b865f7e39a1ba06e2ca2b
SHA256 2630a9d5912c8ef023154c6a6fb5c56faf610e1e960af66abef533af19b90caa
SHA512 3b1944ea3cfcbe98d4ce390ea3a8ff1f6730eb8054e282869308efe91a9ddcd118290568c1fc83bd80e8951c4e70a451e984c27b400f2bde8053ea25b9620655

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\fi.pak

MD5 d4b776267efebdcb279162c213f3db22
SHA1 7236108af9e293c8341c17539aa3f0751000860a
SHA256 297e3647eaf9b3b95cf833d88239919e371e74cc345a2e48a5033ebe477cd54e
SHA512 1dc7d966d12e0104aacb300fd4e94a88587a347db35ad2327a046ef833fb354fd9cbe31720b6476db6c01cfcb90b4b98ce3cd995e816210b1438a13006624e8f

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\fa.pak

MD5 9d273af70eafd1b5d41f157dbfb94fdc
SHA1 da98bde34b59976d4514ff518bd977a713ea4f2e
SHA256 319d1e20150d4e3f496309ba82fce850e91378ee4b0c7119a003a510b14f878b
SHA512 0a892071bea92cc7f1a914654bc4f9da6b9c08e3cb29bb41e9094f6120ddc7a08a257c0d2b475c98e7cdcf604830e582cf2a538cc184056207f196ffc43f29ad

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\et.pak

MD5 a94e1775f91ea8622f82ae5ab5ba6765
SHA1 ff17accdd83ac7fcc630e9141e9114da7de16fdb
SHA256 1606b94aef97047863481928624214b7e0ec2f1e34ec48a117965b928e009163
SHA512 a2575d2bd50494310e8ef9c77d6c1749420dfbe17a91d724984df025c47601976af7d971ecae988c99723d53f240e1a6b3b7650a17f3b845e3daeefaaf9fe9b9

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\es.pak

MD5 a36992d320a88002697da97cd6a4f251
SHA1 c1f88f391a40ccf2b8a7b5689320c63d6d42935f
SHA256 c5566b661675b613d69a507cbf98768bc6305b80e6893dc59651a4be4263f39d
SHA512 9719709229a4e8f63247b3efe004ecfeb5127f5a885234a5f78ee2b368f9e6c44eb68a071e26086e02aa0e61798b7e7b9311d35725d3409ffc0e740f3aa3b9b5

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\en-US.pak

MD5 5e3813e616a101e4a169b05f40879a62
SHA1 615e4d94f69625dda81dfaec7f14e9ee320a2884
SHA256 4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687
SHA512 764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\el.pak

MD5 9528d21e8a3f5bad7ca273999012ebe8
SHA1 58cd673ce472f3f2f961cf8b69b0c8b8c01d457c
SHA256 e79c1e7a47250d88581e8e3baf78dcaf31fe660b74a1e015be0f4bafdfd63e12
SHA512 165822c49ce0bdb82f3c3221e6725dac70f53cfdad722407a508fa29605bc669fb5e5070f825f02d830e0487b28925644438305372a366a3d60b55da039633d7

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\da.pak

MD5 1a53d374b9c37f795a462aac7a3f118f
SHA1 154be9cf05042eced098a20ff52fa174798e1fea
SHA256 d0c38eb889ee27d81183a0535762d8ef314f0fdeb90ccca9176a0ce9ab09b820
SHA512 395279c9246bd30a0e45d775d9f9c36353bd11d9463282661c2abd876bdb53be9c9b617bb0c2186592cd154e9353ea39e3feed6b21a07b6850ab8ecd57e1ed29

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\lt.pak

MD5 980c27fd74cc3560b296fe8e7c77d51f
SHA1 f581efa1b15261f654588e53e709a2692d8bb8a3
SHA256 41e0f3619cda3b00abbbf07b9cd64ec7e4785ed4c8a784c928e582c3b6b8b7db
SHA512 51196f6f633667e849ef20532d57ec81c5f63bab46555cea8fab2963a078acdfa84843eded85c3b30f49ef3ceb8be9e4ef8237e214ef9ecff6373a84d395b407

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\resources\app.asar

MD5 a42dd0974f64631df98a8915d61df624
SHA1 ba29b4c0bc6f7355c25dd250eb9d7b6c25b67628
SHA256 823398a4ee59260c3b5d0b7c951483fbca2d0891ac8e6dcada74dc359528b87e
SHA512 27189bff087b4c546a2e7f7f7cd6651f004538205196863a7261e1c2c7573cb5714ddd284445e1aec0f33f720de01d687e8408b90bf57670bea314ccfef2d8bf

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\zh-TW.pak

MD5 524711882cbfb5b95a63ef48f884cff0
SHA1 1078037687cfc5d038eeb8b63d295239e0edc47a
SHA256 9e16499cd96a155d410c8df4c812c52ff2a750f8c4db87fd891c1e58c1428c78
SHA512 16d45a81f7f4606eda9d12a8b1da06e3c866b11bdc0c92a4022bfb8d02b885d8f028457cf23e3f7589dfd191ed7f7fbc68c81b6e1411834edfcbc9cc85e0dc4d

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\zh-CN.pak

MD5 20f315d38e3b2edc5832931e7770b62a
SHA1 2390bd585dec1e884873454bb98b6f1467dcf7bb
SHA256 53a803724bbf2e7f40aab860325c348f786eeca1ea5ca39a76b4c4a616e3233f
SHA512 c338e241de3561707c7c275b7d6e0fb16185a8cd7112057c08b74ffce122148ef693fe310c839ff93f102726a78e61de3e68c8e324f445a07a98ee9c4fdd4e13

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\vi.pak

MD5 3fe6f90f1f990aed508deda3810ce8c2
SHA1 3b86f00666d55e984b4aca1a5e8319ffa8f411ff
SHA256 5eebb23221aebcf0be01bfc2695f7dd35b17f6769be1e28e5610d35c9717854b
SHA512 9aa9d55f112c8b32aa636086cfd2161d97ea313cac1a44101014128124a03504c992ac8efd265aba4e91787aef7134a14507a600f5ec96ff82df950a8883828c

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\ur.pak

MD5 ff0a23974aef88afc86ecc806dbf1d60
SHA1 e7bae97cbb8692a0d106644dfaa9b7d7ea6fcef0
SHA256 f245ab242aafeef37db736c780476534fad0706aa66dcb8b6b8cd181b4778385
SHA512 aabe8160fac7e0eb8e8eb80963fe995fa4a802147d1b8f605bc0fe3f8e2474463c1d313471c11c85eb5578112232fdc8e89b8a6d43dbe38a328538ff30a78d08

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\uk.pak

MD5 ee70e9f3557b9c8c67bfb8dfcb51384d
SHA1 fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e
SHA256 54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22
SHA512 f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\tr.pak

MD5 3a858619502c68d5f7de599060f96db9
SHA1 80a66d9b5f1e04cda19493ffc4a2f070200e0b62
SHA256 d81f28f69da0036f9d77242b2a58b4a76f0d5c54b3e26ee96872ac54d7abb841
SHA512 39a7ec0dfe62bcb3f69ce40100e952517b5123f70c70b77b4c9be3d98296772f10d3083276bc43e1db66ed4d9bfa385a458e829ca2a7d570825d7a69e8fbb5f4

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\th.pak

MD5 2c41616dfe7fcdb4913cfafe5d097f95
SHA1 cf7d9e8ad3aa47d683e47f116528c0e4a9a159b0
SHA256 f11041c48831c93aa11bbf885d330739a33a42db211daccf80192668e2186ed3
SHA512 97329717e11bc63456c56022a7b7f5da730da133e3fc7b2cc660d63a955b1a639c556b857c039a004f92e5f35be61bf33c035155be0a361e3cd6d87b549df811

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\te.pak

MD5 f809bf5184935c74c8e7086d34ea306c
SHA1 709ab3decff033cf2fa433ecc5892a7ac2e3752e
SHA256 9bbfa7a9f2116281bf0af1e8ffb279d1aa97ac3ed9ebc80c3ade19e922d7e2d4
SHA512 de4b14dd6018fdbdf5033abda4da2cb9f5fcf26493788e35d88c07a538b84fdd663ee20255dfd9c1aac201f0cce846050d2925c55bf42d4029cb78b057930acd

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\ta.pak

MD5 7006691481966109cce413f48a349ff2
SHA1 6bd243d753cf66074359abe28cfae75bcedd2d23
SHA256 24ea4028da66a293a43d27102012235198f42a1e271fe568c7fd78490a3ee647
SHA512 e12c0d1792a28bf4885e77185c2a0c5386438f142275b8f77317eb8a5cee994b3241bb264d9502d60bfbce9cf8b3b9f605c798d67819259f501719d054083bea

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\sw.pak

MD5 39277ae2d91fdc1bd38bea892b388485
SHA1 ff787fb0156c40478d778b2a6856ad7b469bd7cb
SHA256 6d6d095a1b39c38c273be35cd09eb1914bd3a53f05180a3b3eb41a81ae31d5d3
SHA512 be2d8fbedaa957f0c0823e7beb80de570edd0b8e7599cf8f2991dc671bdcbbbe618c15b36705d83be7b6e9a0d32ec00f519fc8543b548422ca8dcf07c0548ab4

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\sv.pak

MD5 502e4a8b3301253abe27c4fd790fbe90
SHA1 17abcd7a84da5f01d12697e0dffc753ffb49991a
SHA256 7d72e3adb35e13ec90f2f4271ad2a9b817a2734da423d972517f3cff299165fd
SHA512 bd270abaf9344c96b0f63fc8cec04f0d0ac9fc343ab5a80f5b47e4b13b8b1c0c4b68f19550573a1d965bb18a27edf29f5dd592944d754b80ea9684dbcedea822

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\sr.pak

MD5 cbb817a58999d754f99582b72e1ae491
SHA1 6ec3fd06dee0b1fe5002cb0a4fe8ec533a51f9fd
SHA256 4bd7e466cb5f5b0a451e1192aa1abaaf9526855a86d655f94c9ce2183ec80c25
SHA512 efef29cedb7b08d37f9df1705d36613f423e994a041b137d5c94d2555319ffb068bb311884c9d4269b0066746dacd508a7d01df40a8561590461d5f02cb52f8b

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\sl.pak

MD5 d4bd9f20fd29519d6b017067e659442c
SHA1 782283b65102de4a0a61b901dea4e52ab6998f22
SHA256 f33afa6b8df235b09b84377fc3c90403c159c87edd8cd8004b7f6edd65c85ce6
SHA512 adf8d8ec17e8b05771f47b19e8027f88237ad61bca42995f424c1f5bd6efa92b23c69d363264714c1550b9cd0d03f66a7cfb792c3fbf9d5c173175b0a8c039dc

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\sk.pak

MD5 c6c7396dbfb989f034d50bd053503366
SHA1 089f176b88235cce5bca7abfcc78254e93296d61
SHA256 439f7d6c23217c965179898754edcef8fd1248bdd9b436703bf1ff710701117a
SHA512 1476963f47b45d2d26536706b7eeba34cfae124a3087f7727c4efe0f19610f94393012cda462060b1a654827e41f463d7226afa977654dcd85b27b7f8d1528eb

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\ru.pak

MD5 ab9902025dcf7d5408bf6377b046272b
SHA1 c9496e5af3e2a43377290a4883c0555e27b1f10f
SHA256 983b15dcc31d0e9a3da78cd6021e5add2a3c2247322aded9454a5d148d127aae
SHA512 d255d5f5b6b09af2cdec7b9c171eebb1de1094cc5b4ddf43a3d4310f8f5f223ac48b8da97a07764d1b44f1d4a14fe3a0c92a0ce6fe9a4ae9a6b4a342e038f842

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\ro.pak

MD5 99eaa3d101354088379771fd85159de1
SHA1 a32db810115d6dcf83a887e71d5b061b5eefe41f
SHA256 33f4c20f7910bc3e636bc3bec78f4807685153242dd4bc77648049772cf47423
SHA512 c6f87da1b5c156aa206dc21a9da3132cbfb0e12e10da7dc3b60363089de9e0124bbad00a233e61325348223fc5953d4f23e46fe47ec8e7ca07702ac73f3fd2e9

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\pt-PT.pak

MD5 6a7232f316358d8376a1667426782796
SHA1 8b70fe0f3ab2d73428f19ecd376c5deba4a0bb6c
SHA256 6a526cd5268b80df24104a7f40f55e4f1068185febbbb5876ba2cb7f78410f84
SHA512 40d24b3d01e20ae150083b00bb6e10bca81737c48219bce22fa88faaad85bdc8c56ac9b1eb01854173b0ed792e34bdfbac26d3605b6a35c14cf2824c000d0da1

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\pt-BR.pak

MD5 0d9dea9e24645c2a3f58e4511c564a36
SHA1 dcd2620a1935c667737eea46ca7bb2bdcb31f3a6
SHA256 ca7b880391fcd319e976fcc9b5780ea71de655492c4a52448c51ab2170eeef3b
SHA512 8fcf871f8be7727e2368df74c05ca927c5f0bc3484c4934f83c0abc98ecaf774ad7aba56e1bf17c92b1076c0b8eb9c076cc949cd5427efcade9ddf14f6b56bc5

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\pl.pak

MD5 18d49d5376237bb8a25413b55751a833
SHA1 0b47a7381de61742ac2184850822c5fa2afa559e
SHA256 1729aa5c8a7e24a0db98febcc91df8b7b5c16f9b6bb13a2b0795038f2a14b981
SHA512 45344a533cc35c8ce05cf29b11da6c0f97d8854dae46cf45ef7d090558ef95c3bd5fdc284d9a7809f0b2bf30985002be2aa6a4749c0d9ae9bdff4ad13de4e570

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\nl.pak

MD5 181d2a0ece4b67281d9d2323e9b9824d
SHA1 e8bdc53757e96c12f3cd256c7812532dd524a0ea
SHA256 6629e68c457806621ed23aa53b3675336c3e643f911f8485118a412ef9ed14ce
SHA512 10d8cc9411ca475c9b659a2cc88d365e811217d957c82d9c144d94843bc7c7a254ee2451a6f485e92385a660fa01577cffa0d64b6e9e658a87bef8fccbbeaf7e

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\nb.pak

MD5 af0fd9179417ba1d7fcca3cc5bee1532
SHA1 f746077bbf6a73c6de272d5855d4f1ca5c3af086
SHA256 e900f6d0dd9d5a05b5297618f1fe1600c189313da931a9cb390ee42383eb070f
SHA512 c94791d6b84200b302073b09357abd2a1d7576b068bae01dccda7bc154a6487145c83c9133848ccf4cb9e6dc6c5a9d4be9d818e5a0c8f440a4e04ae8eabd4a29

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\ms.pak

MD5 9b3e2f3c49897228d51a324ab625eb45
SHA1 8f3daec46e9a99c3b33e3d0e56c03402ccc52b9d
SHA256 61a3daae72558662851b49175c402e9fe6fd1b279e7b9028e49506d9444855c5
SHA512 409681829a861cd4e53069d54c80315e0c8b97e5db4cd74985d06238be434a0f0c387392e3f80916164898af247d17e8747c6538f08c0ef1c5e92a7d1b14f539

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\mr.pak

MD5 c0ef1866167d926fb351e9f9bf13f067
SHA1 6092d04ef3ce62be44c29da5d0d3a04985e2bc04
SHA256 88df231cf2e506db3453f90a797194662a5f85e23bbac2ed3169d91a145d2091
SHA512 9e2b90f3ac1ae5744c22c2442fbcd86a8496afc2c58f6ca060d6dbb08af6f7411ef910a7c8ca5aedee99b5443d4dff709c7935e8322cb32f8b071ee59caee733

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\ml.pak

MD5 8b38c65fc30210c7af9b6fa0424266f4
SHA1 116413710ffcf94fbfa38cb97a47731e43a306f5
SHA256 e8df9a74417c5839c531d7ccab63884a80afb731cc62cbbb3fd141779086ac7d
SHA512 0fd349c644ac1a2e7ed0247e40900d3a9957f5bef1351b872710d02687c934a8e63d3a7585e91f7df78054aeff8f7abd8c93a94fcd20c799779a64278bab2097

C:\Users\Admin\AppData\Local\Temp\nsnB5E8.tmp\7z-out\locales\lv.pak

MD5 e4f7d9e385cb525e762ece1aa243e818
SHA1 689d784379bac189742b74cd8700c687feeeded1
SHA256 523d141e59095da71a41c14aec8fe9ee667ae4b868e0477a46dd18a80b2007ef
SHA512 e4796134048cd12056d746f6b8f76d9ea743c61fee5993167f607959f11fd3b496429c3e61ed5464551fd1931de4878ab06f23a3788ee34bb56f53db25bcb6df

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\icudtl.dat

MD5 d89ce8c00659d8e5d408c696ee087ce3
SHA1 49fc8109960be3bb32c06c3d1256cb66dded19a8
SHA256 9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
SHA512 db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\v8_context_snapshot.bin

MD5 4f4d00247758c684c295243ddedd2948
SHA1 f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
SHA256 4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
SHA512 2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\resources\app.asar

MD5 a42dd0974f64631df98a8915d61df624
SHA1 ba29b4c0bc6f7355c25dd250eb9d7b6c25b67628
SHA256 823398a4ee59260c3b5d0b7c951483fbca2d0891ac8e6dcada74dc359528b87e
SHA512 27189bff087b4c546a2e7f7f7cd6651f004538205196863a7261e1c2c7573cb5714ddd284445e1aec0f33f720de01d687e8408b90bf57670bea314ccfef2d8bf

C:\Users\Admin\AppData\Local\Temp\134d35f0-4702-4fa8-86f1-73ad76f272fa.tmp.node

MD5 e218cb94b794e60c15f6657ee71f7a53
SHA1 06ccfe40133736d73cc4a8aa5eaf2eabc227afee
SHA256 4b1552f36d3253b98c2d2b3da3f03d080c419ceb3996b22c04c6fb92bba90293
SHA512 59d5700cd55b28df224cfd5ff67dc84efb0f709c19a60c29031d4748b9cc8d034fc4466af62aec4878f21caeff6cd3b7858676759823cd16a6b43b8ea602258e

C:\Users\Admin\AppData\Local\Temp\257f691e-113d-446d-a503-d34f95201f91.tmp.node

MD5 c09b7e30167c35d52f41ecee2954d3ef
SHA1 cecaa1fd65aefe9be4de23dfe10ca37b6737a0d5
SHA256 decc233a25e7c862c9880826096a854fde6d5b1789c20040964957f574988ce7
SHA512 1bfb05c6af6a4b1dbf25685e3ea1e974206c0698176cc34c5723caa57f2db8f72510e75f5ea19700c40c5963cb4f8458a7b61f78347fd89cfcea766f2cc8a321

C:\Users\Admin\AppData\Local\Temp\60ecdbfb-4ccb-4dc5-b4e5-24b0525beaea.tmp.node

MD5 e8f61500827abc8226e623ae3d10b1ca
SHA1 8caea1db03c3f7d70ed30982835db0c22acfb723
SHA256 63e1d531c5f01947cc62c66cddbceedf36fe8aafd5cd9a10e4e17cfc3f6786e1
SHA512 5ca0590c2c98a69505f04a0d487bcd08c92bd8ab35473ddc90ecff5b7a0c425a9941b5d81d6e0b17f470278deff69fc1ad2ac04eacdc0bfe94ddc986e00f8cf1

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\chrome_100_percent.pak

MD5 acd0fa0a90b43cd1c87a55a991b4fac3
SHA1 17b84e8d24da12501105b87452f86bfa5f9b1b3c
SHA256 ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
SHA512 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\chrome_200_percent.pak

MD5 4610337e3332b7e65b73a6ea738b47df
SHA1 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
SHA256 c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
SHA512 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\resources.pak

MD5 7d5065ecba284ed704040fca1c821922
SHA1 095fcc890154a52ad1998b4b1e318f99b3e5d6b8
SHA256 a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f
SHA512 521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\locales\en-US.pak

MD5 5e3813e616a101e4a169b05f40879a62
SHA1 615e4d94f69625dda81dfaec7f14e9ee320a2884
SHA256 4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687
SHA512 764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libEGL.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libegl.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libGLESv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libglesv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\D3DCompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

memory/3320-711-0x0000000002E70000-0x0000000002EA6000-memory.dmp

memory/3320-712-0x00000000058F0000-0x0000000005F18000-memory.dmp

memory/3320-713-0x0000000002E10000-0x0000000002E20000-memory.dmp

memory/3320-714-0x0000000002E10000-0x0000000002E20000-memory.dmp

memory/3320-715-0x00000000057E0000-0x0000000005802000-memory.dmp

memory/3320-716-0x0000000006090000-0x00000000060F6000-memory.dmp

memory/3320-717-0x0000000006170000-0x00000000061D6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ws53dz5h.oat.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3320-727-0x0000000006790000-0x00000000067AE000-memory.dmp

memory/3320-728-0x0000000006D50000-0x0000000006DE6000-memory.dmp

memory/3320-729-0x0000000006C60000-0x0000000006C7A000-memory.dmp

memory/3320-730-0x0000000006CB0000-0x0000000006CD2000-memory.dmp

memory/3320-731-0x0000000007D50000-0x00000000082F4000-memory.dmp

memory/3320-732-0x0000000007840000-0x00000000078D2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 eedc851ccfb2e8281babb78c2f244c68
SHA1 4df05baf7c1b4f14aad3244aa30e95f234504eaf
SHA256 f8bb083f4072511a1b6c0c2e571a376fb678719fc20890ec96be851d25eaa790
SHA512 643d95f22f271d585f33609fefe30fd17b5b0380613553a86d1e94d5fb602660f2d4b7196915ac5e00f1d17702bbbecf9f4274f5dbb18820745a215b91cbc7ba

memory/1416-741-0x0000000005260000-0x0000000005270000-memory.dmp

memory/1500-740-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

memory/1500-742-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

memory/1712-750-0x0000000004940000-0x0000000004950000-memory.dmp

memory/1416-743-0x0000000005260000-0x0000000005270000-memory.dmp

memory/2668-757-0x0000000005330000-0x0000000005340000-memory.dmp

memory/1712-751-0x0000000004940000-0x0000000004950000-memory.dmp

memory/4944-774-0x0000000000D70000-0x0000000000D80000-memory.dmp

memory/4052-776-0x00000000027D0000-0x00000000027E0000-memory.dmp

memory/4944-761-0x0000000000D70000-0x0000000000D80000-memory.dmp

memory/1400-777-0x0000000002C70000-0x0000000002C80000-memory.dmp

memory/2668-758-0x0000000005330000-0x0000000005340000-memory.dmp

memory/4928-790-0x0000000002AD0000-0x0000000002AE0000-memory.dmp

memory/4928-813-0x0000000002AD0000-0x0000000002AE0000-memory.dmp

memory/3104-826-0x0000000004A20000-0x0000000004A30000-memory.dmp

memory/4020-819-0x0000000002730000-0x0000000002740000-memory.dmp

memory/1004-855-0x0000000004960000-0x0000000004970000-memory.dmp

memory/1004-856-0x0000000004960000-0x0000000004970000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8837ed0ef35dc79a8eed694ffb524038
SHA1 3f28ffab70fc838dd1f5620e1a644b4cfda749e0
SHA256 53dde3c8d7c6769b7f068e7e6bdd164b89758b9ddb7ca57aa022ad878b8f0614
SHA512 a189fe4003aed0b6c755a9d366cefe5183375a7d1fe53cfaac7979f0bdf06b69fd1e6ae7d36da3c46f01cb33d832a7a6837fd819c90ff37da4c61025f9f0f8bf

memory/4052-858-0x0000000006CD0000-0x0000000006D14000-memory.dmp

memory/4052-859-0x0000000006DF0000-0x0000000006E66000-memory.dmp

memory/1712-860-0x0000000007610000-0x0000000007C8A000-memory.dmp

memory/1712-861-0x0000000004940000-0x0000000004950000-memory.dmp

memory/4052-862-0x00000000027D0000-0x00000000027E0000-memory.dmp

memory/1416-863-0x0000000005260000-0x0000000005270000-memory.dmp

memory/2668-864-0x0000000005330000-0x0000000005340000-memory.dmp

memory/1500-865-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

memory/1400-866-0x0000000002C70000-0x0000000002C80000-memory.dmp

memory/4020-867-0x0000000002730000-0x0000000002740000-memory.dmp

memory/1500-883-0x000000006CA70000-0x000000006CABC000-memory.dmp

memory/4052-884-0x000000006CA70000-0x000000006CABC000-memory.dmp

memory/4928-916-0x000000006CA70000-0x000000006CABC000-memory.dmp

memory/4944-906-0x000000006CA70000-0x000000006CABC000-memory.dmp

memory/1416-926-0x000000006CA70000-0x000000006CABC000-memory.dmp

memory/1400-905-0x000000006CA70000-0x000000006CABC000-memory.dmp

memory/1712-895-0x000000006CA70000-0x000000006CABC000-memory.dmp

memory/1500-894-0x00000000076D0000-0x00000000076EE000-memory.dmp

memory/4052-882-0x0000000007090000-0x00000000070C2000-memory.dmp

memory/1500-954-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

memory/1416-955-0x0000000005260000-0x0000000005270000-memory.dmp

memory/1500-956-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

memory/3104-958-0x000000006CA70000-0x000000006CABC000-memory.dmp

memory/1712-960-0x0000000007220000-0x000000000722A000-memory.dmp

memory/1416-959-0x0000000005260000-0x0000000005270000-memory.dmp

memory/4020-957-0x000000006CA70000-0x000000006CABC000-memory.dmp

memory/1712-979-0x0000000004940000-0x0000000004950000-memory.dmp

memory/4928-981-0x0000000007520000-0x000000000754A000-memory.dmp

memory/2668-982-0x0000000005330000-0x0000000005340000-memory.dmp

memory/2668-980-0x0000000005330000-0x0000000005340000-memory.dmp

memory/4928-984-0x0000000007550000-0x0000000007574000-memory.dmp

memory/4944-983-0x0000000000D70000-0x0000000000D80000-memory.dmp

memory/4944-985-0x0000000000D70000-0x0000000000D80000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 86e783725f570d109db093726e73d460
SHA1 2f88a0a19a144c0b958c14a8826598fe4e93bd7d
SHA256 894c4fdd3e48d19452379fdf91adeed2204749526cedf08546ba469e2d23e296
SHA512 d07df3a7dfd950b4a9bf9059f44bc102f2d9d898e4edf8b2a74e8a0fdeebeb7096bb149bad96911877e64539f1831c7305edd0e2b57c3239079835ab869607ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 ccbecf932851a158fb7dccf5e2020f9c
SHA1 582c5e3274649c954b614a1ed7775baff20759dc
SHA256 8af9cecedd64be6b41da2cfda3b9a83ea9a57b45df227800c03b69ce9423d6d2
SHA512 6ce74d7dd97e0ac991124534e54d109e80ec87f08cc7c1b5a4b76f009ff380cfd777e194a0ae710fd9cdc91c5df1f28154a3fadf157bfebae22331f262b152fe

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 a570b9bf19109b4893594251d2089288
SHA1 71eedccae3436fec1653ef8d4c5d5aa22615011e
SHA256 ca6f8cb9a2cffb54380ea7a2ddb6916b4f40253274a9f0713b2512ec5cc2179b
SHA512 3164ce16b5686006aa771d27a05591a6198d5ff77da7350967ea938fd6e617506a123cd4255a95ad21e69f8a69b20ab6bca95a2345f7546d1616abcbd4912811

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 1ee6d259f3c20ac8bf13fe7353fe85b3
SHA1 56036b8e928469959264174df60bda6d99b1e0e0
SHA256 bd75c832e44f845284ca82c7977c7a54b0bfe48ad49eed5b530f9536eb374fb8
SHA512 817342753da4dabcade246ef9c63318ca4841c2ba3819ccf33f6b11f884c9ee6a44a848d554728310542659f7df64d119c5a8ad06e4d53343129eacbe043e5d4

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d258a0234632ea37f5a4e4e675078b1c
SHA1 aaa4490d6cc0c3110f29c33fc258587fd6fed9d8
SHA256 9cf58bed2ac3754aaebde02176ab7b4db88a175b2f071494f2f2fe9336153fc6
SHA512 548c3ef4f6d43bd7c78c3f5a497f2bbd082ca66bb1535343a9d236344af62e1fc166e0595b65c40dbafc61d6313c3eedb82588193041501b102ddfcd9ed1d684

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 e7bc6f748b022e9e00af6527a58699dc
SHA1 1005689e45bf71bee652ea012c9ec6097b8e05a7
SHA256 0e8b1bf8196b8bcc243ab4ad09de600cb90d7d9aaf2499dc98b3925b85f34502
SHA512 ae09f755d36c5b328997e53ba57ea4315fd2ff90f8d6bc3107d18c374c78b946d655b4989697f4666c82c2a6123f64994fa75955cd209b1114019b38a2dccb9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 2a17644ad6be2755236e7ee28fccfbf3
SHA1 f41d8260b75ad80e4ca8ef12d46308e710f18efc
SHA256 2461216bdc7c312e1b4dbaf090d92246c6e23ad671fad1079a377155c8e36caf
SHA512 e9c24ac5205cc30fe24e0ef7df2de12d106219a430b2f8d275a5abb47b100b4058437266ab39127c7732ece7129d7a66ecbfd0025f72a403cdcdd61f6d4b2779

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 609134104cae658eb94d86c073006bf0
SHA1 050f627409f2ae5ea6f3867e2e395db5b4748724
SHA256 6f5ec90df6a8738f234eda97826fbdd6dec90c54f5bbf575987b2b03e4848bd1
SHA512 740f155a70642237170228a24a3e1ace4c640a2edc3264236cff92673c58ca396fb205df370828333596d836b675a5ee3f4bd0bd4ed0480d2b427c604ffecdd5

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 81d61bf4820b0f1b7383303c790e07d7
SHA1 7ef789bd751e2d3bf9dce7711fd78199dbac6a49
SHA256 f40664a0c75772121306fb21c067ec6a9bb5ffef7d6fde71e3b4bebf33bb6ad3
SHA512 9fde7c7c2c622d3f8688d605010eabf9dc41bddf4e153035dc0247c8d966875efacc47aba30c895806f353501e9dad6e6625564eec771c49ef2ce4dad039b186

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 abb45709aaa5bfd6178b909954deb917
SHA1 f7a95fc7fc55c8431e4ac3907deb4a877ee0db08
SHA256 75a7f49bc75c4696aab8cad1217e931c29a25a81765a5cab5a370266bca60166
SHA512 07dd9899df0ded3851ca1e0748f1d2fcf3df7bc798fae662b415d9b6b36f17bec61c9ac2b0f50ad2de26079f8e3f13b00f4bb0a6c07f5ac268adcd7b84325b78

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 abf0e82d08ddac97e06f1283983e9239
SHA1 cb241230dcf4c66f520a8f7fc998a7fb63081a87
SHA256 13247e3b47c0457d0b1b93492130c556b2f5264b8fc929442277c5c9831636b6
SHA512 ea7591f45e027fd4d4f467cc1ab872ea6a66776c799e444114179fe3b1e3eff5e69b4b9ac285326f234a1fea99cc45543291a47b08b9fa8b1c30921f18ef6d33

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 abf0e82d08ddac97e06f1283983e9239
SHA1 cb241230dcf4c66f520a8f7fc998a7fb63081a87
SHA256 13247e3b47c0457d0b1b93492130c556b2f5264b8fc929442277c5c9831636b6
SHA512 ea7591f45e027fd4d4f467cc1ab872ea6a66776c799e444114179fe3b1e3eff5e69b4b9ac285326f234a1fea99cc45543291a47b08b9fa8b1c30921f18ef6d33

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 7f17aea441e6f091bef346b4629e263a
SHA1 489a4a4127beb21244f0bc821cd2b85ce693a406
SHA256 68ec0c8f6d60829840d495c24d34e9f839ef0dfab079488357c29071005255bd
SHA512 46771b4bc45eaa87e3a8169e537c1a767addaee6289473a38a0f93db46c5379da16eb695a9a35c9d544bad7822669de923d4e62a737821a1c5187d3f8e646013

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 068a652d9f583e36ebd99f0b785a1ff5
SHA1 ec759af3ff273875df02576af9d9382c9271f186
SHA256 e8d21b39c65a93464c447167ca08108123b7f79982eec19e4a2d393e67d66019
SHA512 1fae6f9865c17355d87917b074fa26daeef6fcffe193db8c9a0289f2d87ecc5b4fb060ac50304409fd764305d07563712ea77d23177cf9954eea8087a0124734

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 40181beb05ae9c0fe89c4b3c3cacb0af
SHA1 93532a6985ce4cdf003e1fcf7f5d6ed8164b49cb
SHA256 ddace45e3074212ef655d9fffd2b1b189024b75c0009509234957cdc98f02616
SHA512 a8470011f76f552b2074ee4329d59295ffba3c0a5f23c7b1dcc9ee24dbd7533b3aa981760aacd8450bddf16dace73fe49fbb8a59affd86f63706073490ce231a

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 a4bcc333b62b609c5f89bccca1330c72
SHA1 13698336780ee6875463ea78136756b4fa286f99
SHA256 9a2fee1a44044d936f3c84a089b9681366ed4e5289ba3f637840cb740a572597
SHA512 e68e660c51e65c65c8eb9cad8c9c4ab63c0cd5df980d9dbb474430764cc365cfebebcd45b0a836e4070c74c6f6baa96fd241b6a5b7d60de46a65af5c7e681b37

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8ecdaae9110f70d909203b02bbbbfee2
SHA1 9da4e7ddb68c9a1a5661b17d1fff1b8ae3b27a4d
SHA256 7cd72486c47ad5af962f581914896d9b5af6554a5465801b1b73091279c3aeb4
SHA512 1337ef8d942b16a88c5aab6d63375a3464a7b8b53bf91fb418ba7e8feec183ee1ffdb529bba063c0ca52fba8b967696dcc8ff6d521140559fb526c47fd50996f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 5b9c8e3386df6203889c89e9fbb613f0
SHA1 1572f81b586e45f8802c73108bf22415464a3209
SHA256 685cde9d4a3b3d5a316d2c2a7c3d40bf4519a0c1a7b17b4fcd683277c6cecda8
SHA512 8f175f49d72342f59b2b3fb815810b591ea0b40186e403da41a3783253db7ccda3743824c31350fa99e446a51bd23ccadb521be50e53174569193e92e7ee7eac

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3becb6b1e7f1b3ec7444e54bd6af214a
SHA1 1c793d28e2abf011ad027cc4d6d5adae328b90c9
SHA256 0ae11053017b6f364dc8c409a885f94098bfd8dfed499501e2901e9784db7f41
SHA512 d772c49523497845110f8bace433434b22d82b881885568698e35628d907f8937d54d8388ea2477177e9c4d5c4617e060c4d4021cc92d1531a24b3c831b7e769

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d7e58dc7e4e447597c8aef90c8e356c7
SHA1 3dce700178acc3d9fe18dc6ccd01d258218de843
SHA256 becd10cfebe67b34176f069b199032eec1d785f0dc3aa6ba7c2428b4d209cac9
SHA512 a7f26a84c889d82c91ef8dc8a490cb63084417067b0a7bc6986f71c59d4c7a53be872281027129968d2220059b8ce4bc52cd636dc95b4791adb71f33f5fb25e4

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 71f0bbcaa48ba374a86caae621f00802
SHA1 cc6fdf3a71177971abf888f38192f9addc43747f
SHA256 d0f5a73b96eb11ac061df926a6c03b4ceab1e106dc20432dd54ce5bbf9ee3ada
SHA512 1291098b8189e0d483e044326cf0733f55b6bbf91740422b34dcca67e2577b5e6966195a04452c66e69e23abedcb66d2fa885a44ec56654c2f4bc7a7b03588ff

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 a91271de17202e36f61d7b9485e9689c
SHA1 7569195a643fa884361273759e7e169b5d6ef5dd
SHA256 0791e12d62ffdfb07e005c5b8dd10a206059da03ca93cff43946be5d606335bd
SHA512 3d017206f86367933888eaf3bfcc7489d65ce4ac210d5264cb684ac1023775370abf215e731156feba7028d12d6310f51cc3c40d15fd1369ba58e1f98a3844e5

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 598bf42fd9cba9dda028702d9db4dff0
SHA1 ba68cc9b5b26f885874320c9620b13fd4de81ce5
SHA256 48f469c7d54d83e4511fe0dece57f369a1701adee55c031eb6e0d25f0c59e92e
SHA512 2bd801a910767ed6d74c0b495d7c0830d4b52b2195e51ec99e5d6b2e8b69a40c95fe69afeb43c3f9f1005cd4cea789aee057864ee5851d694369ad5847eadd9d

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8c2bd17137d2921f26141f128ff1c37c
SHA1 fa699d6ab39e98a64e667ca78f20ae168884ab75
SHA256 f53363eca458a92cb45a5914125226c365a60ce72f70b9d871d4bcb0aba155b3
SHA512 09a71c3aa648436fb6c3ad7eb60c2fc573199363212b0ccfaed3c4a2ec4075615fc69a41a14c59116dac575d7cdb521524d319dea9b1bbb1e34f6ecd089da6c8

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-30 15:29

Reported

2023-04-30 15:32

Platform

win10-20230220-en

Max time kernel

84s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe"

Signatures

Detects Redline Stealer samples

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

RedLine

infostealer redline

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ping.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3584 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3584 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3584 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3732 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3732 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 1480 wrote to memory of 4772 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 1480 wrote to memory of 4772 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 1480 wrote to memory of 4772 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 3732 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3732 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3732 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3236 wrote to memory of 4892 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 3236 wrote to memory of 4892 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 3236 wrote to memory of 4892 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 3732 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3732 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3732 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 4224 wrote to memory of 5084 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4224 wrote to memory of 5084 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4224 wrote to memory of 5084 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3732 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3732 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3732 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 1760 wrote to memory of 1408 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 1760 wrote to memory of 1408 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 1760 wrote to memory of 1408 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 1408 wrote to memory of 2364 N/A C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\cmd.exe
PID 1408 wrote to memory of 2364 N/A C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe

"C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe"

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "chcp"

C:\Windows\SysWOW64\chcp.com

chcp

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xidxaxbnnenmrnel" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1756,i,8330049199295614725,2383396308241319055,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xidxaxbnnenmrnel" --mojo-platform-channel-handle=2040 --field-trial-handle=1756,i,8330049199295614725,2383396308241319055,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netstat -r"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -r

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print

C:\Windows\SysWOW64\ROUTE.EXE

C:\Windows\system32\route.exe print

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netstat -nao"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\ping.exe

ping 8.8.8.8 -n 1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -nao

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\system32\netsh.exe" wlan show networks mode=Bssid

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netstat -r"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -r

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print

C:\Windows\SysWOW64\ROUTE.EXE

C:\Windows\system32\route.exe print

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

Network

Country Destination Domain Proto
US 20.189.173.12:443 tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 44.8.109.52.in-addr.arpa udp
US 8.8.8.8:53 doenerium.kqnfkpoccicxiudstqonfotuwsrhuxkwhqjjfsbjhonoubrccy.nl udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 188.114.96.0:443 doenerium.kqnfkpoccicxiudstqonfotuwsrhuxkwhqjjfsbjhonoubrccy.nl tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp

Files

\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\chrome_100_percent.pak

MD5 acd0fa0a90b43cd1c87a55a991b4fac3
SHA1 17b84e8d24da12501105b87452f86bfa5f9b1b3c
SHA256 ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
SHA512 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\chrome_200_percent.pak

MD5 4610337e3332b7e65b73a6ea738b47df
SHA1 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
SHA256 c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
SHA512 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\libEGL.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\icudtl.dat

MD5 d89ce8c00659d8e5d408c696ee087ce3
SHA1 49fc8109960be3bb32c06c3d1256cb66dded19a8
SHA256 9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
SHA512 db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\LICENSES.chromium.html

MD5 312446edf757f7e92aad311f625cef2a
SHA1 91102d30d5abcfa7b6ec732e3682fb9c77279ba3
SHA256 c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b
SHA512 dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\libGLESv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\resources.pak

MD5 7d5065ecba284ed704040fca1c821922
SHA1 095fcc890154a52ad1998b4b1e318f99b3e5d6b8
SHA256 a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f
SHA512 521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\v8_context_snapshot.bin

MD5 4f4d00247758c684c295243ddedd2948
SHA1 f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
SHA256 4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
SHA512 2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\snapshot_blob.bin

MD5 916127734bc7c5b0db478191a37fc19a
SHA1 f9d868c2578f14513fcb95e109aec795c98dbba3
SHA256 e19ed7fb96e19bb5bfe791df03561d654ea5d52021c3403a2652f439a8d77801
SHA512 d291b26568572d5777b036577ddf30c1b6c6c41e9d53ef2d8af735db001ea5c568371f3907fbffc02feee628f0f29afb718ae5deb32ff245a37947a7b1b9c297

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\ar.pak

MD5 47a6d10b4112509852d4794229c0a03b
SHA1 2fb49a0b07fbdf8d4ce51a7b5a7f711f47a34951
SHA256 857fe3ab766b60a8d82b7b6043137e3a7d9f5cfb8ddd942316452838c67d0495
SHA512 5f5b280261195b8894efae9df2bece41c6c6a72199d65ba633c30d50a579f95fa04916a30db77831f517b22449196d364d6f70d10d6c5b435814184b3bcf1667

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\bg.pak

MD5 a19269683a6347e07c55325b9ecc03a4
SHA1 d42989daf1c11fcfff0978a4fb18f55ec71630ec
SHA256 ad65351a240205e881ef5c4cf30ad1bc6b6e04414343583597086b62d48d8a24
SHA512 1660e487df3f3f4ec1cea81c73dca0ab86aaf121252fbd54c7ac091a43d60e1afd08535b082efd7387c12616672e78aa52dddfca01f833abef244284482f2c76

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\am.pak

MD5 2009647c3e7aed2c4c6577ee4c546e19
SHA1 e2bbacf95ec3695daae34835a8095f19a782cbcf
SHA256 6d61e5189438f3728f082ad6f694060d7ee8e571df71240dfd5b77045a62954e
SHA512 996474d73191f2d550c516ed7526c9e2828e2853fcfbe87ca69d8b1242eb0dedf04030bbca3e93236bbd967d39de7f9477c73753af263816faf7d4371f363ba3

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\af.pak

MD5 7e51349edc7e6aed122bfa00970fab80
SHA1 eb6df68501ecce2090e1af5837b5f15ac3a775eb
SHA256 f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97
SHA512 69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\cs.pak

MD5 04a680847c4a66ad9f0a88fb9fb1fc7b
SHA1 2afcdf4234a9644fb128b70182f5a3df1ee05be1
SHA256 1cc44c5fbe1c0525df37c5b6267a677f79c9671f86eda75b6fc13abf5d5356eb
SHA512 3a8a409a3c34149a977dea8a4cb0e0822281aed2b0a75b02479c95109d7d51f6fb2c2772ccf1486ca4296a0ac2212094098f5ce6a1265fa6a7eb941c0cfef83e

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\ca.pak

MD5 d259469e94f2adf54380195555154518
SHA1 d69060bbe8e765ca4dc1f7d7c04c3c53c44b8ab5
SHA256 f98b7442befc285398a5dd6a96740cba31d2f5aadadd4d5551a05712d693029b
SHA512 d0bd0201acf4f7daa84e89aa484a3dec7b6a942c3115486716593213be548657ad702ef2bc1d3d95a4a56b0f6e7c33d5375f41d6a863e4ce528f2bd6a318240e

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\bn.pak

MD5 5cdd07fa357c846771058c2db67eb13b
SHA1 deb87fc5c13da03be86f67526c44f144cc65f6f6
SHA256 01c830b0007b8ce6aca46e26d812947c3df818927b826f7d8c5ffd0008a32384
SHA512 2ac29a3aa3278bd9a8fe1ba28e87941f719b14fbf8b52e0b7dc9d66603c9c147b9496bf7be4d9e3aa0231c024694ef102dcc094c80c42be5d68d3894c488098c

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\da.pak

MD5 1a53d374b9c37f795a462aac7a3f118f
SHA1 154be9cf05042eced098a20ff52fa174798e1fea
SHA256 d0c38eb889ee27d81183a0535762d8ef314f0fdeb90ccca9176a0ce9ab09b820
SHA512 395279c9246bd30a0e45d775d9f9c36353bd11d9463282661c2abd876bdb53be9c9b617bb0c2186592cd154e9353ea39e3feed6b21a07b6850ab8ecd57e1ed29

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\en-GB.pak

MD5 d59e613e8f17bdafd00e0e31e1520d1f
SHA1 529017d57c4efed1d768ab52e5a2bc929fdfb97c
SHA256 90e585f101cf0bb77091a9a9a28812694cee708421ce4908302bbd1bc24ac6fd
SHA512 29ff3d42e5d0229f3f17bc0ed6576c147d5c61ce2bd9a2e658a222b75d993230de3ce35ca6b06f5afa9ea44cfc67817a30a87f4faf8dc3a5c883b6ee30f87210

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\fa.pak

MD5 9d273af70eafd1b5d41f157dbfb94fdc
SHA1 da98bde34b59976d4514ff518bd977a713ea4f2e
SHA256 319d1e20150d4e3f496309ba82fce850e91378ee4b0c7119a003a510b14f878b
SHA512 0a892071bea92cc7f1a914654bc4f9da6b9c08e3cb29bb41e9094f6120ddc7a08a257c0d2b475c98e7cdcf604830e582cf2a538cc184056207f196ffc43f29ad

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\ko.pak

MD5 b4fbff56e4974a7283d564c6fc0365be
SHA1 de68bd097def66d63d5ff04046f3357b7b0e23ac
SHA256 8c9acde13edcd40d5b6eb38ad179cc27aa3677252a9cd47990eba38ad42833e5
SHA512 0698aa058561bb5a8fe565bb0bec21548e246dbb9d38f6010e9b0ad9de0f59bce9e98841033ad3122a163dd321ee4b11ed191277cdcb8e0b455d725593a88aa5

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\nl.pak

MD5 181d2a0ece4b67281d9d2323e9b9824d
SHA1 e8bdc53757e96c12f3cd256c7812532dd524a0ea
SHA256 6629e68c457806621ed23aa53b3675336c3e643f911f8485118a412ef9ed14ce
SHA512 10d8cc9411ca475c9b659a2cc88d365e811217d957c82d9c144d94843bc7c7a254ee2451a6f485e92385a660fa01577cffa0d64b6e9e658a87bef8fccbbeaf7e

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\sw.pak

MD5 39277ae2d91fdc1bd38bea892b388485
SHA1 ff787fb0156c40478d778b2a6856ad7b469bd7cb
SHA256 6d6d095a1b39c38c273be35cd09eb1914bd3a53f05180a3b3eb41a81ae31d5d3
SHA512 be2d8fbedaa957f0c0823e7beb80de570edd0b8e7599cf8f2991dc671bdcbbbe618c15b36705d83be7b6e9a0d32ec00f519fc8543b548422ca8dcf07c0548ab4

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\zh-TW.pak

MD5 524711882cbfb5b95a63ef48f884cff0
SHA1 1078037687cfc5d038eeb8b63d295239e0edc47a
SHA256 9e16499cd96a155d410c8df4c812c52ff2a750f8c4db87fd891c1e58c1428c78
SHA512 16d45a81f7f4606eda9d12a8b1da06e3c866b11bdc0c92a4022bfb8d02b885d8f028457cf23e3f7589dfd191ed7f7fbc68c81b6e1411834edfcbc9cc85e0dc4d

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\zh-CN.pak

MD5 20f315d38e3b2edc5832931e7770b62a
SHA1 2390bd585dec1e884873454bb98b6f1467dcf7bb
SHA256 53a803724bbf2e7f40aab860325c348f786eeca1ea5ca39a76b4c4a616e3233f
SHA512 c338e241de3561707c7c275b7d6e0fb16185a8cd7112057c08b74ffce122148ef693fe310c839ff93f102726a78e61de3e68c8e324f445a07a98ee9c4fdd4e13

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\vi.pak

MD5 3fe6f90f1f990aed508deda3810ce8c2
SHA1 3b86f00666d55e984b4aca1a5e8319ffa8f411ff
SHA256 5eebb23221aebcf0be01bfc2695f7dd35b17f6769be1e28e5610d35c9717854b
SHA512 9aa9d55f112c8b32aa636086cfd2161d97ea313cac1a44101014128124a03504c992ac8efd265aba4e91787aef7134a14507a600f5ec96ff82df950a8883828c

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\ur.pak

MD5 ff0a23974aef88afc86ecc806dbf1d60
SHA1 e7bae97cbb8692a0d106644dfaa9b7d7ea6fcef0
SHA256 f245ab242aafeef37db736c780476534fad0706aa66dcb8b6b8cd181b4778385
SHA512 aabe8160fac7e0eb8e8eb80963fe995fa4a802147d1b8f605bc0fe3f8e2474463c1d313471c11c85eb5578112232fdc8e89b8a6d43dbe38a328538ff30a78d08

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\uk.pak

MD5 ee70e9f3557b9c8c67bfb8dfcb51384d
SHA1 fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e
SHA256 54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22
SHA512 f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\tr.pak

MD5 3a858619502c68d5f7de599060f96db9
SHA1 80a66d9b5f1e04cda19493ffc4a2f070200e0b62
SHA256 d81f28f69da0036f9d77242b2a58b4a76f0d5c54b3e26ee96872ac54d7abb841
SHA512 39a7ec0dfe62bcb3f69ce40100e952517b5123f70c70b77b4c9be3d98296772f10d3083276bc43e1db66ed4d9bfa385a458e829ca2a7d570825d7a69e8fbb5f4

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\th.pak

MD5 2c41616dfe7fcdb4913cfafe5d097f95
SHA1 cf7d9e8ad3aa47d683e47f116528c0e4a9a159b0
SHA256 f11041c48831c93aa11bbf885d330739a33a42db211daccf80192668e2186ed3
SHA512 97329717e11bc63456c56022a7b7f5da730da133e3fc7b2cc660d63a955b1a639c556b857c039a004f92e5f35be61bf33c035155be0a361e3cd6d87b549df811

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\te.pak

MD5 f809bf5184935c74c8e7086d34ea306c
SHA1 709ab3decff033cf2fa433ecc5892a7ac2e3752e
SHA256 9bbfa7a9f2116281bf0af1e8ffb279d1aa97ac3ed9ebc80c3ade19e922d7e2d4
SHA512 de4b14dd6018fdbdf5033abda4da2cb9f5fcf26493788e35d88c07a538b84fdd663ee20255dfd9c1aac201f0cce846050d2925c55bf42d4029cb78b057930acd

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\ta.pak

MD5 7006691481966109cce413f48a349ff2
SHA1 6bd243d753cf66074359abe28cfae75bcedd2d23
SHA256 24ea4028da66a293a43d27102012235198f42a1e271fe568c7fd78490a3ee647
SHA512 e12c0d1792a28bf4885e77185c2a0c5386438f142275b8f77317eb8a5cee994b3241bb264d9502d60bfbce9cf8b3b9f605c798d67819259f501719d054083bea

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\sv.pak

MD5 502e4a8b3301253abe27c4fd790fbe90
SHA1 17abcd7a84da5f01d12697e0dffc753ffb49991a
SHA256 7d72e3adb35e13ec90f2f4271ad2a9b817a2734da423d972517f3cff299165fd
SHA512 bd270abaf9344c96b0f63fc8cec04f0d0ac9fc343ab5a80f5b47e4b13b8b1c0c4b68f19550573a1d965bb18a27edf29f5dd592944d754b80ea9684dbcedea822

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\sr.pak

MD5 cbb817a58999d754f99582b72e1ae491
SHA1 6ec3fd06dee0b1fe5002cb0a4fe8ec533a51f9fd
SHA256 4bd7e466cb5f5b0a451e1192aa1abaaf9526855a86d655f94c9ce2183ec80c25
SHA512 efef29cedb7b08d37f9df1705d36613f423e994a041b137d5c94d2555319ffb068bb311884c9d4269b0066746dacd508a7d01df40a8561590461d5f02cb52f8b

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\sl.pak

MD5 d4bd9f20fd29519d6b017067e659442c
SHA1 782283b65102de4a0a61b901dea4e52ab6998f22
SHA256 f33afa6b8df235b09b84377fc3c90403c159c87edd8cd8004b7f6edd65c85ce6
SHA512 adf8d8ec17e8b05771f47b19e8027f88237ad61bca42995f424c1f5bd6efa92b23c69d363264714c1550b9cd0d03f66a7cfb792c3fbf9d5c173175b0a8c039dc

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\sk.pak

MD5 c6c7396dbfb989f034d50bd053503366
SHA1 089f176b88235cce5bca7abfcc78254e93296d61
SHA256 439f7d6c23217c965179898754edcef8fd1248bdd9b436703bf1ff710701117a
SHA512 1476963f47b45d2d26536706b7eeba34cfae124a3087f7727c4efe0f19610f94393012cda462060b1a654827e41f463d7226afa977654dcd85b27b7f8d1528eb

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\ru.pak

MD5 ab9902025dcf7d5408bf6377b046272b
SHA1 c9496e5af3e2a43377290a4883c0555e27b1f10f
SHA256 983b15dcc31d0e9a3da78cd6021e5add2a3c2247322aded9454a5d148d127aae
SHA512 d255d5f5b6b09af2cdec7b9c171eebb1de1094cc5b4ddf43a3d4310f8f5f223ac48b8da97a07764d1b44f1d4a14fe3a0c92a0ce6fe9a4ae9a6b4a342e038f842

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\ro.pak

MD5 99eaa3d101354088379771fd85159de1
SHA1 a32db810115d6dcf83a887e71d5b061b5eefe41f
SHA256 33f4c20f7910bc3e636bc3bec78f4807685153242dd4bc77648049772cf47423
SHA512 c6f87da1b5c156aa206dc21a9da3132cbfb0e12e10da7dc3b60363089de9e0124bbad00a233e61325348223fc5953d4f23e46fe47ec8e7ca07702ac73f3fd2e9

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\pt-PT.pak

MD5 6a7232f316358d8376a1667426782796
SHA1 8b70fe0f3ab2d73428f19ecd376c5deba4a0bb6c
SHA256 6a526cd5268b80df24104a7f40f55e4f1068185febbbb5876ba2cb7f78410f84
SHA512 40d24b3d01e20ae150083b00bb6e10bca81737c48219bce22fa88faaad85bdc8c56ac9b1eb01854173b0ed792e34bdfbac26d3605b6a35c14cf2824c000d0da1

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\pt-BR.pak

MD5 0d9dea9e24645c2a3f58e4511c564a36
SHA1 dcd2620a1935c667737eea46ca7bb2bdcb31f3a6
SHA256 ca7b880391fcd319e976fcc9b5780ea71de655492c4a52448c51ab2170eeef3b
SHA512 8fcf871f8be7727e2368df74c05ca927c5f0bc3484c4934f83c0abc98ecaf774ad7aba56e1bf17c92b1076c0b8eb9c076cc949cd5427efcade9ddf14f6b56bc5

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\pl.pak

MD5 18d49d5376237bb8a25413b55751a833
SHA1 0b47a7381de61742ac2184850822c5fa2afa559e
SHA256 1729aa5c8a7e24a0db98febcc91df8b7b5c16f9b6bb13a2b0795038f2a14b981
SHA512 45344a533cc35c8ce05cf29b11da6c0f97d8854dae46cf45ef7d090558ef95c3bd5fdc284d9a7809f0b2bf30985002be2aa6a4749c0d9ae9bdff4ad13de4e570

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\nb.pak

MD5 af0fd9179417ba1d7fcca3cc5bee1532
SHA1 f746077bbf6a73c6de272d5855d4f1ca5c3af086
SHA256 e900f6d0dd9d5a05b5297618f1fe1600c189313da931a9cb390ee42383eb070f
SHA512 c94791d6b84200b302073b09357abd2a1d7576b068bae01dccda7bc154a6487145c83c9133848ccf4cb9e6dc6c5a9d4be9d818e5a0c8f440a4e04ae8eabd4a29

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\ms.pak

MD5 9b3e2f3c49897228d51a324ab625eb45
SHA1 8f3daec46e9a99c3b33e3d0e56c03402ccc52b9d
SHA256 61a3daae72558662851b49175c402e9fe6fd1b279e7b9028e49506d9444855c5
SHA512 409681829a861cd4e53069d54c80315e0c8b97e5db4cd74985d06238be434a0f0c387392e3f80916164898af247d17e8747c6538f08c0ef1c5e92a7d1b14f539

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\mr.pak

MD5 c0ef1866167d926fb351e9f9bf13f067
SHA1 6092d04ef3ce62be44c29da5d0d3a04985e2bc04
SHA256 88df231cf2e506db3453f90a797194662a5f85e23bbac2ed3169d91a145d2091
SHA512 9e2b90f3ac1ae5744c22c2442fbcd86a8496afc2c58f6ca060d6dbb08af6f7411ef910a7c8ca5aedee99b5443d4dff709c7935e8322cb32f8b071ee59caee733

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\ml.pak

MD5 8b38c65fc30210c7af9b6fa0424266f4
SHA1 116413710ffcf94fbfa38cb97a47731e43a306f5
SHA256 e8df9a74417c5839c531d7ccab63884a80afb731cc62cbbb3fd141779086ac7d
SHA512 0fd349c644ac1a2e7ed0247e40900d3a9957f5bef1351b872710d02687c934a8e63d3a7585e91f7df78054aeff8f7abd8c93a94fcd20c799779a64278bab2097

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\lv.pak

MD5 e4f7d9e385cb525e762ece1aa243e818
SHA1 689d784379bac189742b74cd8700c687feeeded1
SHA256 523d141e59095da71a41c14aec8fe9ee667ae4b868e0477a46dd18a80b2007ef
SHA512 e4796134048cd12056d746f6b8f76d9ea743c61fee5993167f607959f11fd3b496429c3e61ed5464551fd1931de4878ab06f23a3788ee34bb56f53db25bcb6df

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\lt.pak

MD5 980c27fd74cc3560b296fe8e7c77d51f
SHA1 f581efa1b15261f654588e53e709a2692d8bb8a3
SHA256 41e0f3619cda3b00abbbf07b9cd64ec7e4785ed4c8a784c928e582c3b6b8b7db
SHA512 51196f6f633667e849ef20532d57ec81c5f63bab46555cea8fab2963a078acdfa84843eded85c3b30f49ef3ceb8be9e4ef8237e214ef9ecff6373a84d395b407

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\kn.pak

MD5 c548a5f1fb5753408e44f3f011588594
SHA1 e064ab403972036dad1b35abe9794e95dbe4cc00
SHA256 890f50a57b862f482d367713201e1e559ac778fc3a36322d1dfbbef2535dd9cb
SHA512 6975e4bb1a90e0906cf6266f79da6cc4ae32f72a6141943bcfcf9b33f791e9751a9aafde9ca537f33f6ba8e4d697125fbc2ec4ffd3bc35851f406567dae7e631

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\ja.pak

MD5 d10d536bcd183030ba07ff5c61bf5e3a
SHA1 44dd78dba9f098ac61222eb9647d111ad1608960
SHA256 2a3d3abc9f80bad52bd6da5769901e7b9e9f052b6a58a7cc95ce16c86a3aa85a
SHA512 c67aede9ded1100093253e350d6137ab8b2a852bd84b6c82ba1853f792e053cecd0ea0519319498aed5759bedc66d75516a4f2f7a07696a0cef24d5f34ef9dd2

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\it.pak

MD5 d58a43068bf847c7cd6284742c2f7823
SHA1 497389765143fac48af2bd7f9a309bfe65f59ed9
SHA256 265d8b1bc479ad64fa7a41424c446139205af8029a2469d558813edd10727f9c
SHA512 547a1581dda28c5c1a0231c736070d8a7b53a085a0ce643a4a1510c63a2d4670ff2632e9823cd25ae2c7cdc87fa65883e0a193853890d4415b38056cb730ab54

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\id.pak

MD5 7b39423028da71b4e776429bb4f27122
SHA1 cb052ab5f734d7a74a160594b25f8a71669c38f2
SHA256 3d95c5819f57a0ad06a118a07e0b5d821032edcf622df9b10a09da9aa974885f
SHA512 e40679b01ab14b6c8dfdce588f3b47bcaff55dbb1539b343f611b3fcbd1d0e7d8c347a2b928215a629f97e5f68d19c51af775ec27c6f906cac131beae646ce1a

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\hu.pak

MD5 f5e1ca8a14c75c6f62d4bff34e27ddb5
SHA1 7aba6bff18bdc4c477da603184d74f054805c78f
SHA256 c0043d9fa0b841da00ec1672d60015804d882d4765a62b6483f2294c3c5b83e0
SHA512 1050f96f4f79f681b3eaf4012ec0e287c5067b75ba7a2cbe89d9b380c07698099b156a0eb2cbc5b8aa336d2daa98e457b089935b534c4d6636987e7e7e32b169

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\hr.pak

MD5 8f9498d18d90477ad24ea01a97370b08
SHA1 3868791b549fc7369ab90cd27684f129ebd628be
SHA256 846943f77a425f3885689dcf12d62951c5b7646e68eadc533b8b5c2a1373f02e
SHA512 3c66a84592debe522f26c48b55c04198ad8a16c0dcfa05816825656c76c1c6cccf5767b009f20ecb77d5a589ee44b0a0011ec197fec720168a6c72c71ebf77fd

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\hi.pak

MD5 1766a05be4dc634b3321b5b8a142c671
SHA1 b959bcadc3724ae28b5fe141f3b497f51d1e28cf
SHA256 0eee8e751b5b0af1e226106beb09477634f9f80774ff30894c0f5a12b925ac35
SHA512 faec1d6166133674a56b5e38a68f9e235155cc910b5cceb3985981b123cc29eda4cd60b9313ab787ec0a8f73bf715299d9bf068e4d52b766a7ab8808bd146a39

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\he.pak

MD5 6d787dc113adfb6a539674af7d6195db
SHA1 f966461049d54c61cdd1e48ef1ea0d3330177768
SHA256 a976fad1cc4eb29709018c5ffcc310793a7ceb2e69c806454717ccae9cbc4d21
SHA512 6748dad2813fc544b50ddea0481b5ace3eb5055fb2d985ca357403d3b799618d051051b560c4151492928d6d40fce9bb33b167217c020bdcc3ed4cae58f6b676

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\gu.pak

MD5 7b5f52f72d3a93f76337d5cf3168ebd1
SHA1 00d444b5a7f73f566e98abadf867e6bb27433091
SHA256 798ea5d88a57d1d78fa518bf35c5098cbeb1453d2cb02ef98cd26cf85d927707
SHA512 10c6f4faab8ccb930228c1d9302472d0752be19af068ec5917249675b40f22ab24c3e29ec3264062826113b966c401046cff70d91e7e05d8aadcc0b4e07fec9b

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\fr.pak

MD5 0bf28aff31e8887e27c4cd96d3069816
SHA1 b5313cf6b5fbce7e97e32727a3fae58b0f2f5e97
SHA256 2e1d413442def9cae2d93612e3fd04f3afaf3dd61e4ed7f86400d320af5500c2
SHA512 95172b3b1153b31fceb4b53681635a881457723cd1000562463d2f24712267b209b3588c085b89c985476c82d9c27319cb6378619889379da4fae1595cb11992

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\fil.pak

MD5 3165351c55e3408eaa7b661fa9dc8924
SHA1 181bee2a96d2f43d740b865f7e39a1ba06e2ca2b
SHA256 2630a9d5912c8ef023154c6a6fb5c56faf610e1e960af66abef533af19b90caa
SHA512 3b1944ea3cfcbe98d4ce390ea3a8ff1f6730eb8054e282869308efe91a9ddcd118290568c1fc83bd80e8951c4e70a451e984c27b400f2bde8053ea25b9620655

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\fi.pak

MD5 d4b776267efebdcb279162c213f3db22
SHA1 7236108af9e293c8341c17539aa3f0751000860a
SHA256 297e3647eaf9b3b95cf833d88239919e371e74cc345a2e48a5033ebe477cd54e
SHA512 1dc7d966d12e0104aacb300fd4e94a88587a347db35ad2327a046ef833fb354fd9cbe31720b6476db6c01cfcb90b4b98ce3cd995e816210b1438a13006624e8f

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\et.pak

MD5 a94e1775f91ea8622f82ae5ab5ba6765
SHA1 ff17accdd83ac7fcc630e9141e9114da7de16fdb
SHA256 1606b94aef97047863481928624214b7e0ec2f1e34ec48a117965b928e009163
SHA512 a2575d2bd50494310e8ef9c77d6c1749420dfbe17a91d724984df025c47601976af7d971ecae988c99723d53f240e1a6b3b7650a17f3b845e3daeefaaf9fe9b9

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\es.pak

MD5 a36992d320a88002697da97cd6a4f251
SHA1 c1f88f391a40ccf2b8a7b5689320c63d6d42935f
SHA256 c5566b661675b613d69a507cbf98768bc6305b80e6893dc59651a4be4263f39d
SHA512 9719709229a4e8f63247b3efe004ecfeb5127f5a885234a5f78ee2b368f9e6c44eb68a071e26086e02aa0e61798b7e7b9311d35725d3409ffc0e740f3aa3b9b5

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\es-419.pak

MD5 7f6696cc1e71f84d9ec24e9dc7bd6345
SHA1 36c1c44404ee48fc742b79173f2c7699e1e0301f
SHA256 d1f17508f3a0106848c48a240d49a943130b14bd0feb5ed7ae89605c7b7017d1
SHA512 b226f94f00978f87b7915004a13cdbd23de2401a8afaa2517498538967df89b735f8ecc46870c92e3022cac795218a60ad2b8fff1efad9feea4ec193704a568a

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\en-US.pak

MD5 5e3813e616a101e4a169b05f40879a62
SHA1 615e4d94f69625dda81dfaec7f14e9ee320a2884
SHA256 4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687
SHA512 764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\el.pak

MD5 9528d21e8a3f5bad7ca273999012ebe8
SHA1 58cd673ce472f3f2f961cf8b69b0c8b8c01d457c
SHA256 e79c1e7a47250d88581e8e3baf78dcaf31fe660b74a1e015be0f4bafdfd63e12
SHA512 165822c49ce0bdb82f3c3221e6725dac70f53cfdad722407a508fa29605bc669fb5e5070f825f02d830e0487b28925644438305372a366a3d60b55da039633d7

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\locales\de.pak

MD5 8e6654b89ed4c1dc02e1e2d06764805a
SHA1 ff660bc85bb4a0fa3b2637050d2b2d1aecc37ad8
SHA256 61cbce9a31858ddf70cc9b0c05fb09ce7032bfb8368a77533521722465c57475
SHA512 5ac71eda16f07f3f2b939891eda2969c443440350fd88ab3a9b3180b8b1a3ecb11e79e752cf201f21b3dbfba00bcc2e4f796f347e6137a165c081e86d970ee61

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\7z-out\resources\app.asar

MD5 a42dd0974f64631df98a8915d61df624
SHA1 ba29b4c0bc6f7355c25dd250eb9d7b6c25b67628
SHA256 823398a4ee59260c3b5d0b7c951483fbca2d0891ac8e6dcada74dc359528b87e
SHA512 27189bff087b4c546a2e7f7f7cd6651f004538205196863a7261e1c2c7573cb5714ddd284445e1aec0f33f720de01d687e8408b90bf57670bea314ccfef2d8bf

\Users\Admin\AppData\Local\Temp\nsg7DD1.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\v8_context_snapshot.bin

MD5 4f4d00247758c684c295243ddedd2948
SHA1 f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
SHA256 4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
SHA512 2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\icudtl.dat

MD5 d89ce8c00659d8e5d408c696ee087ce3
SHA1 49fc8109960be3bb32c06c3d1256cb66dded19a8
SHA256 9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
SHA512 db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\resources\app.asar

MD5 a42dd0974f64631df98a8915d61df624
SHA1 ba29b4c0bc6f7355c25dd250eb9d7b6c25b67628
SHA256 823398a4ee59260c3b5d0b7c951483fbca2d0891ac8e6dcada74dc359528b87e
SHA512 27189bff087b4c546a2e7f7f7cd6651f004538205196863a7261e1c2c7573cb5714ddd284445e1aec0f33f720de01d687e8408b90bf57670bea314ccfef2d8bf

\Users\Admin\AppData\Local\Temp\3c38b293-70e0-45ca-b5f6-5df176c0be89.tmp.node

MD5 e218cb94b794e60c15f6657ee71f7a53
SHA1 06ccfe40133736d73cc4a8aa5eaf2eabc227afee
SHA256 4b1552f36d3253b98c2d2b3da3f03d080c419ceb3996b22c04c6fb92bba90293
SHA512 59d5700cd55b28df224cfd5ff67dc84efb0f709c19a60c29031d4748b9cc8d034fc4466af62aec4878f21caeff6cd3b7858676759823cd16a6b43b8ea602258e

\Users\Admin\AppData\Local\Temp\ded043b7-ffad-4f63-9693-f2d18b2de674.tmp.node

MD5 c09b7e30167c35d52f41ecee2954d3ef
SHA1 cecaa1fd65aefe9be4de23dfe10ca37b6737a0d5
SHA256 decc233a25e7c862c9880826096a854fde6d5b1789c20040964957f574988ce7
SHA512 1bfb05c6af6a4b1dbf25685e3ea1e974206c0698176cc34c5723caa57f2db8f72510e75f5ea19700c40c5963cb4f8458a7b61f78347fd89cfcea766f2cc8a321

\Users\Admin\AppData\Local\Temp\7a000e23-9f0b-4f0d-9846-9e71f7844471.tmp.node

MD5 e8f61500827abc8226e623ae3d10b1ca
SHA1 8caea1db03c3f7d70ed30982835db0c22acfb723
SHA256 63e1d531c5f01947cc62c66cddbceedf36fe8aafd5cd9a10e4e17cfc3f6786e1
SHA512 5ca0590c2c98a69505f04a0d487bcd08c92bd8ab35473ddc90ecff5b7a0c425a9941b5d81d6e0b17f470278deff69fc1ad2ac04eacdc0bfe94ddc986e00f8cf1

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\chrome_100_percent.pak

MD5 acd0fa0a90b43cd1c87a55a991b4fac3
SHA1 17b84e8d24da12501105b87452f86bfa5f9b1b3c
SHA256 ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
SHA512 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\chrome_200_percent.pak

MD5 4610337e3332b7e65b73a6ea738b47df
SHA1 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
SHA256 c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
SHA512 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\locales\en-US.pak

MD5 5e3813e616a101e4a169b05f40879a62
SHA1 615e4d94f69625dda81dfaec7f14e9ee320a2884
SHA256 4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687
SHA512 764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\resources.pak

MD5 7d5065ecba284ed704040fca1c821922
SHA1 095fcc890154a52ad1998b4b1e318f99b3e5d6b8
SHA256 a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f
SHA512 521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\D3DCompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libglesv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libEGL.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libegl.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libGLESv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

memory/5084-702-0x0000000006670000-0x00000000066A6000-memory.dmp

memory/5084-703-0x0000000006DE0000-0x0000000007408000-memory.dmp

memory/5084-704-0x00000000067A0000-0x00000000067B0000-memory.dmp

memory/5084-705-0x00000000067A0000-0x00000000067B0000-memory.dmp

memory/5084-706-0x0000000006C70000-0x0000000006C92000-memory.dmp

memory/5084-707-0x0000000007660000-0x00000000076C6000-memory.dmp

memory/5084-708-0x0000000007480000-0x00000000074E6000-memory.dmp

memory/5084-709-0x0000000007750000-0x0000000007AA0000-memory.dmp

memory/5084-710-0x0000000007630000-0x000000000764C000-memory.dmp

memory/5084-711-0x0000000007B60000-0x0000000007BAB000-memory.dmp

memory/5084-712-0x0000000007E00000-0x0000000007E76000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xwz4gsy5.yb3.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/5084-727-0x0000000008F20000-0x0000000008FB4000-memory.dmp

memory/5084-728-0x0000000008C20000-0x0000000008C3A000-memory.dmp

memory/5084-729-0x0000000008E80000-0x0000000008EA2000-memory.dmp

memory/5084-730-0x0000000009510000-0x0000000009A0E000-memory.dmp

memory/5084-731-0x00000000090B0000-0x0000000009142000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 1b7f2d0c97746c57ef6693e1ffc972c5
SHA1 625624baeae6d019b41e20335f2eab9da9af06ba
SHA256 25755533a50bb3934dc069ffde969f9895914edfb55f7ff800183a7d04460794
SHA512 c9ca27871eeca5e318420403010eb3ec497a588e5ffd6da4de9be6864a290a91b85a4b264919e22ababf445b909f57bb3d332399998342313278ceeb68e88f0b

memory/2188-760-0x0000000008230000-0x0000000008580000-memory.dmp

memory/164-763-0x0000000006770000-0x0000000006780000-memory.dmp

memory/3996-762-0x00000000045D0000-0x00000000045E0000-memory.dmp

memory/2188-764-0x00000000074D0000-0x00000000074E0000-memory.dmp

memory/3996-761-0x00000000045D0000-0x00000000045E0000-memory.dmp

memory/164-765-0x0000000006770000-0x0000000006780000-memory.dmp

memory/168-767-0x0000000004980000-0x0000000004990000-memory.dmp

memory/2188-766-0x00000000074D0000-0x00000000074E0000-memory.dmp

memory/168-768-0x0000000004980000-0x0000000004990000-memory.dmp

memory/212-769-0x0000000004E60000-0x0000000004E70000-memory.dmp

memory/212-771-0x0000000004E60000-0x0000000004E70000-memory.dmp

memory/216-773-0x0000000004A30000-0x0000000004A40000-memory.dmp

memory/4944-774-0x0000000006B10000-0x0000000006B20000-memory.dmp

memory/216-775-0x0000000004A30000-0x0000000004A40000-memory.dmp

memory/4944-776-0x0000000006B10000-0x0000000006B20000-memory.dmp

memory/1892-777-0x00000000075A0000-0x00000000075B0000-memory.dmp

memory/192-778-0x0000000006780000-0x0000000006790000-memory.dmp

memory/1892-779-0x00000000075A0000-0x00000000075B0000-memory.dmp

memory/192-780-0x0000000006780000-0x0000000006790000-memory.dmp

memory/2580-781-0x00000000046A0000-0x00000000046B0000-memory.dmp

memory/2580-782-0x00000000046A0000-0x00000000046B0000-memory.dmp

memory/5080-783-0x0000000006900000-0x0000000006910000-memory.dmp

memory/164-784-0x0000000007C30000-0x0000000007C7B000-memory.dmp

memory/5080-785-0x0000000006900000-0x0000000006910000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 044fda2dc651938262d9153aabf29b7a
SHA1 29c73b99559c5e753868b9a62bec46077ce49a4a
SHA256 070b0ab9944b971548cae955643a7fb8077575b0e6c68d08957ee43735536ff6
SHA512 91b6e7983b8c6f0eb091066fd6121f30a87e0d2222b3d7d028e3d53d340e42c91ed0041276b683e8379c253fd140d390db851c3d19a43a9b8ea407e39f14efb6

memory/2188-845-0x0000000009760000-0x000000000979C000-memory.dmp

memory/4944-1104-0x0000000006B10000-0x0000000006B20000-memory.dmp

memory/164-1115-0x00000000097D0000-0x0000000009E48000-memory.dmp

memory/3996-1129-0x00000000045D0000-0x00000000045E0000-memory.dmp

memory/3996-1131-0x00000000045D0000-0x00000000045E0000-memory.dmp

memory/164-1132-0x0000000006770000-0x0000000006780000-memory.dmp

memory/164-1137-0x0000000006770000-0x0000000006780000-memory.dmp

memory/2188-1134-0x00000000074D0000-0x00000000074E0000-memory.dmp

memory/2188-1144-0x00000000074D0000-0x00000000074E0000-memory.dmp

memory/168-1148-0x0000000004980000-0x0000000004990000-memory.dmp

memory/168-1151-0x0000000004980000-0x0000000004990000-memory.dmp

memory/212-1155-0x0000000004E60000-0x0000000004E70000-memory.dmp

memory/212-1154-0x0000000004E60000-0x0000000004E70000-memory.dmp

memory/216-1156-0x0000000004A30000-0x0000000004A40000-memory.dmp

memory/4944-1160-0x0000000006B10000-0x0000000006B20000-memory.dmp

memory/216-1159-0x0000000004A30000-0x0000000004A40000-memory.dmp

memory/192-1166-0x0000000006780000-0x0000000006790000-memory.dmp

memory/1892-1164-0x00000000075A0000-0x00000000075B0000-memory.dmp

memory/192-1172-0x0000000006780000-0x0000000006790000-memory.dmp

memory/1892-1168-0x00000000075A0000-0x00000000075B0000-memory.dmp

memory/2580-1176-0x00000000046A0000-0x00000000046B0000-memory.dmp

memory/2580-1180-0x00000000046A0000-0x00000000046B0000-memory.dmp

memory/164-1229-0x00000000092D0000-0x0000000009303000-memory.dmp

memory/3996-1230-0x0000000008F20000-0x0000000008F3E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 182f3840ba0246982eedef7333faa84e
SHA1 6e862b77d1fa7970417349e71adf7528771d060f
SHA256 24df85d4818317c62ea191dc081277957718f86bd4dcc9c0dedda77c869bf1f5
SHA512 859ae61c2a6738407d8adc81ee75bced044db4de23209314e8b80bfa991918b2ed928d49944f5453dcd3754b29c62167e95681186979c7bf25e668b70137659f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 9d4238d8b7ba672a344229a7cb5eee69
SHA1 0804e8bde3bd5d4923a3055caa9e04d5b02dfb23
SHA256 bf7c7dc754ef6ccb41f1e0e95e24b421cc19a9c2e61d5dc940609aca6f1dfb37
SHA512 60d7e0842c9fe6bbb78a60069eb387dd96a6c7b50db825e8a1f75849ab65ac78857ede9210d2af3ea09b9b99720016841fc372b7db7f3d971c5bfe5207b9380b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 44d524ceb334c286ecc3444b17c5e9c4
SHA1 0d3016311f7774155a6599eab21440158102b1fa
SHA256 9bc27a18a1ea549f2b6bcf34d97794690c74ea9b2109a645a4234506bb04553c
SHA512 d3ab290c20f6bae58c37714e2e7e4945691ce1755b11024bedf4d24b38c7678d9bca26f4f3d1622a1896035843690cc550488f7b8956c83973b1c2196eb24bdf

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 eb7603e5efc7ef20120c3f81cb1bf1fb
SHA1 7aa2474d1c5450b0f9f293719059cb7f23cb36c7
SHA256 2ebb5eedc178231bbe3b7967e3beaf8330bb15e8e2c28af9c3cbe66d88d0a6ce
SHA512 3c1ff1fd2740d59d7803b7c921cb7b4e3f3692b3f35cc35016798b912128ec9494126c68f77aba8b48b099a1c6129c4e84a94795fd0bc5c498a257b336e196ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 b7342c56f9bf7b2b1b0aa92f69810981
SHA1 1adf6d2aebbcdd3dda8f091268b974dc99d8389a
SHA256 52c74f2875544e44459668a1d7c0e8ba5fa05d8bdceeb40c9f7c80f04cb3f538
SHA512 ee34a9438b20c97ce66898559f0fc508a36be5319a8ed533d4233e0562d01f1ec260c540981c726a675eca3e04e7bad045f8f12268382ab74017d73170c32705

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 cc36fc106ffc3666954d66bf6c4c239a
SHA1 896be4e8519614972f2a84059ed5d4dcc010fda2
SHA256 390fd9937917dd8291353bdbffc8433d5938afe4ac7229dcfe45418003b8af06
SHA512 ba3a121f8355b26b7c9901be46f6c96c1a77de85111b88f7bb276b15ccdfbc83cb7ecfac799183f29f687f3d24963150a6ab77edced21ddbb057e3b4af597b34

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 fd550dc90e6b445d63f1d44d70e67bef
SHA1 4abcc005c94fb70afe919afc00934a6f01482cab
SHA256 788d907e6c5f82785625c9d03551c985e080218df26cd632f3de29e0c4560f8f
SHA512 95ed2a7dadab102e04fcaa38ef3a6b0e5129aede9426c08603274576acac253dc27d596f44928fe3ae84c52268f8933e0522c075c23d08c92b69991971e2e298

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 fd550dc90e6b445d63f1d44d70e67bef
SHA1 4abcc005c94fb70afe919afc00934a6f01482cab
SHA256 788d907e6c5f82785625c9d03551c985e080218df26cd632f3de29e0c4560f8f
SHA512 95ed2a7dadab102e04fcaa38ef3a6b0e5129aede9426c08603274576acac253dc27d596f44928fe3ae84c52268f8933e0522c075c23d08c92b69991971e2e298

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 7f880e753a0a570b59d9a8f446e92309
SHA1 677f031b85559c0c77e61c45ddc1bbb19c56fd27
SHA256 9d55902a2580cd532d989db6b4fb36d18703d47fc6857c406e0d4cf9ca6864eb
SHA512 fc1502a9b235a1c2c3ab80289548d64883f19b8f337f167016ebf2fdb3a3d0f79377f57424505bff043ee71f6a316b50265a5648d2cc07c5ddebdf589da90e06

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 6d95bae440a0ff17de843c5e7360fab6
SHA1 c1441cdce11a77ad6c5fd90b23bdee711e756c64
SHA256 7c0311b55ca93c26fd2c620ac4063e19219a48d348005f5ef3555d83f21cba9a
SHA512 ef8fd5be3b063ff5bc63bf0955239bb459458b800ed8527eb21e51e5db80153f844d42689a3a6d22675bc4335398069f33d143138fb8d588c9c9f8ca1f431d02