Analysis

  • max time kernel
    8s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-12-2023 00:02

General

  • Target

    GalaxySwapperV2.exe

  • Size

    70.8MB

  • MD5

    26c02fda1e66814635174b6bb39b9c22

  • SHA1

    44c2ca89cdf244056b0141ffcdfad428f788d7d5

  • SHA256

    44edac9277c8ee32c755b9f808266f870efed0ba025c8de914b16b1b9e347952

  • SHA512

    26672e1e4aea4ed82762c3d2873c410721eb8af4a8a3705182928dc457c32a52681758ddf20779e2759d859c66754cb37fa8471750c4fef4dcf7499d49e09174

  • SSDEEP

    1572864:T4/4rzOchPCslEsOTcwjASvEDtqJQZbXj9hCbB9MvNgqgK7:MkqcdCszCD7o4JijEcNgqd7

Malware Config

Signatures

  • Irata

    Irata is an Iranian remote access trojan Android malware first seen in August 2022.

  • Irata payload 2 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 11 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Collects information from the system 1 TTPs 1 IoCs

    Uses WMIC.exe to find detailed system information.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Detects videocard installed 1 TTPs 1 IoCs

    Uses WMIC.exe to determine videocard installed.

  • Enumerates processes with tasklist 1 TTPs 51 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe
    "C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
      C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:532
      • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
        "C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1932 --field-trial-handle=1728,6252493025236185712,16239321457997488944,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4304
      • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
        "C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1728,6252493025236185712,16239321457997488944,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2712
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2600 get ExecutablePath"
        3⤵
          PID:3412
          • C:\Windows\system32\tasklist.exe
            tasklist
            4⤵
            • Enumerates processes with tasklist
            PID:6316
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources\app.asar.unpacked\bind\main.exe"
          3⤵
            PID:4920
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /d /s /c "net session"
            3⤵
              PID:924
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
              3⤵
                PID:4244
                • C:\Windows\system32\tasklist.exe
                  tasklist
                  4⤵
                  • Enumerates processes with tasklist
                  PID:6688
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                3⤵
                  PID:2908
                  • C:\Windows\system32\more.com
                    more +1
                    4⤵
                      PID:4988
                    • C:\Windows\System32\Wbem\WMIC.exe
                      wmic cpu get name
                      4⤵
                        PID:3112
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
                      3⤵
                        PID:4272
                      • C:\Windows\system32\cmd.exe
                        C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
                        3⤵
                          PID:3964
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
                          3⤵
                            PID:4880
                            • C:\Windows\system32\tasklist.exe
                              tasklist
                              4⤵
                              • Enumerates processes with tasklist
                              PID:6264
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
                            3⤵
                              PID:2908
                              • C:\Windows\system32\tasklist.exe
                                tasklist
                                4⤵
                                • Enumerates processes with tasklist
                                PID:6712
                            • C:\Windows\system32\cmd.exe
                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                              3⤵
                                PID:3248
                                • C:\Windows\system32\tasklist.exe
                                  tasklist
                                  4⤵
                                  • Enumerates processes with tasklist
                                  PID:3112
                                • C:\Windows\system32\tasklist.exe
                                  tasklist
                                  4⤵
                                  • Enumerates processes with tasklist
                                  PID:6340
                              • C:\Windows\system32\cmd.exe
                                C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2600 get ExecutablePath"
                                3⤵
                                  PID:2952
                                  • C:\Windows\System32\Wbem\WMIC.exe
                                    wmic process where processid=2600 get ExecutablePath
                                    4⤵
                                      PID:620
                                      • C:\Windows\system32\tasklist.exe
                                        tasklist
                                        5⤵
                                        • Enumerates processes with tasklist
                                        PID:6732
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
                                    3⤵
                                      PID:5172
                                      • C:\Windows\system32\reg.exe
                                        C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
                                        4⤵
                                          PID:6744
                                      • C:\Windows\system32\cmd.exe
                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                        3⤵
                                          PID:5164
                                          • C:\Windows\system32\tasklist.exe
                                            tasklist
                                            4⤵
                                            • Enumerates processes with tasklist
                                            PID:6472
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                          3⤵
                                            PID:5156
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                            3⤵
                                              PID:5148
                                            • C:\Windows\system32\cmd.exe
                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                              3⤵
                                                PID:5132
                                              • C:\Windows\system32\cmd.exe
                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                3⤵
                                                  PID:4624
                                                • C:\Windows\system32\cmd.exe
                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                  3⤵
                                                    PID:3320
                                                  • C:\Windows\system32\cmd.exe
                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                    3⤵
                                                      PID:3660
                                                    • C:\Windows\system32\cmd.exe
                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                      3⤵
                                                        PID:3792
                                                      • C:\Windows\system32\cmd.exe
                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                        3⤵
                                                          PID:4184
                                                        • C:\Windows\system32\cmd.exe
                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                          3⤵
                                                            PID:2948
                                                          • C:\Windows\system32\cmd.exe
                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                            3⤵
                                                              PID:1944
                                                            • C:\Windows\system32\cmd.exe
                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                              3⤵
                                                                PID:944
                                                              • C:\Windows\system32\cmd.exe
                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                3⤵
                                                                  PID:3048
                                                                • C:\Windows\system32\cmd.exe
                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                  3⤵
                                                                    PID:224
                                                                  • C:\Windows\system32\cmd.exe
                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                    3⤵
                                                                      PID:2060
                                                                    • C:\Windows\system32\cmd.exe
                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                      3⤵
                                                                        PID:3036
                                                                        • C:\Windows\System32\Wbem\WMIC.exe
                                                                          wmic csproduct get uuid
                                                                          4⤵
                                                                            PID:4808
                                                                        • C:\Windows\system32\cmd.exe
                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                          3⤵
                                                                            PID:1552
                                                                          • C:\Windows\system32\cmd.exe
                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                            3⤵
                                                                              PID:1744
                                                                            • C:\Windows\system32\cmd.exe
                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              3⤵
                                                                                PID:1280
                                                                              • C:\Windows\system32\cmd.exe
                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                3⤵
                                                                                  PID:4244
                                                                                • C:\Windows\system32\cmd.exe
                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                  3⤵
                                                                                    PID:5016
                                                                                  • C:\Windows\system32\cmd.exe
                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                    3⤵
                                                                                      PID:4900
                                                                                    • C:\Windows\system32\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                      3⤵
                                                                                        PID:4512
                                                                                      • C:\Windows\system32\cmd.exe
                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                        3⤵
                                                                                          PID:3440
                                                                                        • C:\Windows\system32\cmd.exe
                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                          3⤵
                                                                                            PID:4508
                                                                                          • C:\Windows\system32\cmd.exe
                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                            3⤵
                                                                                              PID:620
                                                                                            • C:\Windows\system32\cmd.exe
                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                              3⤵
                                                                                                PID:4296
                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                3⤵
                                                                                                  PID:3836
                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                  3⤵
                                                                                                    PID:4908
                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                    3⤵
                                                                                                    • Suspicious use of WriteProcessMemory
                                                                                                    PID:2908
                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                    3⤵
                                                                                                      PID:3248
                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                      3⤵
                                                                                                        PID:4772
                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                        3⤵
                                                                                                          PID:3412
                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                          3⤵
                                                                                                            PID:1568
                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                            3⤵
                                                                                                              PID:4148
                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                              3⤵
                                                                                                                PID:3856
                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                3⤵
                                                                                                                  PID:4248
                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                  3⤵
                                                                                                                    PID:2232
                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                    3⤵
                                                                                                                      PID:1084
                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                      3⤵
                                                                                                                        PID:628
                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                        3⤵
                                                                                                                          PID:4880
                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                          3⤵
                                                                                                                            PID:5044
                                                                                                                            • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                              wmic computersystem get totalphysicalmemory
                                                                                                                              4⤵
                                                                                                                                PID:4792
                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                              3⤵
                                                                                                                                PID:4064
                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                3⤵
                                                                                                                                  PID:3232
                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                  3⤵
                                                                                                                                    PID:5000
                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                    3⤵
                                                                                                                                      PID:2664
                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                      3⤵
                                                                                                                                        PID:2380
                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                        3⤵
                                                                                                                                          PID:752
                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\"""
                                                                                                                                          3⤵
                                                                                                                                            PID:1260
                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                            C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupC58Cbq /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest"
                                                                                                                                            3⤵
                                                                                                                                              PID:2728
                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupC58Cbq /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe /f"
                                                                                                                                              3⤵
                                                                                                                                                PID:3888
                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
                                                                                                                                                3⤵
                                                                                                                                                  PID:1348
                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
                                                                                                                                                  3⤵
                                                                                                                                                    PID:1552
                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
                                                                                                                                                    3⤵
                                                                                                                                                      PID:3036
                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
                                                                                                                                                      3⤵
                                                                                                                                                        PID:5044
                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
                                                                                                                                                        3⤵
                                                                                                                                                          PID:4048
                                                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                      1⤵
                                                                                                                                                        PID:4868
                                                                                                                                                      • C:\Windows\system32\tasklist.exe
                                                                                                                                                        tasklist
                                                                                                                                                        1⤵
                                                                                                                                                        • Enumerates processes with tasklist
                                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                        PID:4156
                                                                                                                                                      • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                                        wmic process where processid=2600 get ExecutablePath
                                                                                                                                                        1⤵
                                                                                                                                                          PID:4452
                                                                                                                                                        • C:\Windows\system32\net.exe
                                                                                                                                                          net session
                                                                                                                                                          1⤵
                                                                                                                                                            PID:4908
                                                                                                                                                            • C:\Windows\system32\net1.exe
                                                                                                                                                              C:\Windows\system32\net1 session
                                                                                                                                                              2⤵
                                                                                                                                                                PID:4272
                                                                                                                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
                                                                                                                                                                  3⤵
                                                                                                                                                                    PID:2860
                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                  tasklist
                                                                                                                                                                  2⤵
                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                  PID:7000
                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                tasklist
                                                                                                                                                                1⤵
                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                PID:2584
                                                                                                                                                              • C:\Windows\system32\more.com
                                                                                                                                                                more +1
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:3448
                                                                                                                                                                • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                                                  wmic logicaldisk get size
                                                                                                                                                                  1⤵
                                                                                                                                                                  • Collects information from the system
                                                                                                                                                                  PID:5000
                                                                                                                                                                  • C:\Windows\system32\tasklist.exe
                                                                                                                                                                    tasklist
                                                                                                                                                                    2⤵
                                                                                                                                                                    • Enumerates processes with tasklist
                                                                                                                                                                    PID:6488
                                                                                                                                                                • C:\Windows\system32\more.com
                                                                                                                                                                  more +1
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:4868
                                                                                                                                                                  • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                                                    wmic OS get caption, osarchitecture
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:4440
                                                                                                                                                                    • C:\Windows\system32\more.com
                                                                                                                                                                      more +1
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:2660
                                                                                                                                                                      • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                                                        wmic PATH Win32_VideoController get name
                                                                                                                                                                        1⤵
                                                                                                                                                                        • Detects videocard installed
                                                                                                                                                                        PID:732
                                                                                                                                                                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:3696
                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                          cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupC58Cbq /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:3644
                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                            C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupC58Cbq /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe /f
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:780
                                                                                                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                              powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\""
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:972
                                                                                                                                                                                • C:\Windows\system32\attrib.exe
                                                                                                                                                                                  "C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe
                                                                                                                                                                                  2⤵
                                                                                                                                                                                  • Views/modifies file attributes
                                                                                                                                                                                  PID:820
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6228
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6456
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6520
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6640
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6632
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6852
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6844
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:7012
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:7148
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:7080
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:7072
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:7064
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:7040
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6992
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6968
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6920
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6904
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6896
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6836
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6780
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6772
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6764
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6752
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6624
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6616
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6608
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6588
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6532
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6480
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6448
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6424
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6416
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6408
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6400
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6392
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6360
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6352
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6304
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                PID:6220
                                                                                                                                                                              • C:\Windows\system32\schtasks.exe
                                                                                                                                                                                schtasks /create /sc onlogon /tn WindowsDriverSetupC58Cbq /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest
                                                                                                                                                                                1⤵
                                                                                                                                                                                • Creates scheduled task(s)
                                                                                                                                                                                PID:1872

                                                                                                                                                                              Network

                                                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                                                              Replay Monitor

                                                                                                                                                                              Loading Replay Monitor...

                                                                                                                                                                              Downloads

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

                                                                                                                                                                                Filesize

                                                                                                                                                                                2KB

                                                                                                                                                                                MD5

                                                                                                                                                                                6cf293cb4d80be23433eecf74ddb5503

                                                                                                                                                                                SHA1

                                                                                                                                                                                24fe4752df102c2ef492954d6b046cb5512ad408

                                                                                                                                                                                SHA256

                                                                                                                                                                                b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8

                                                                                                                                                                                SHA512

                                                                                                                                                                                0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                Filesize

                                                                                                                                                                                64B

                                                                                                                                                                                MD5

                                                                                                                                                                                d8b9a260789a22d72263ef3bb119108c

                                                                                                                                                                                SHA1

                                                                                                                                                                                376a9bd48726f422679f2cd65003442c0b6f6dd5

                                                                                                                                                                                SHA256

                                                                                                                                                                                d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc

                                                                                                                                                                                SHA512

                                                                                                                                                                                550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                Filesize

                                                                                                                                                                                64B

                                                                                                                                                                                MD5

                                                                                                                                                                                446dd1cf97eaba21cf14d03aebc79f27

                                                                                                                                                                                SHA1

                                                                                                                                                                                36e4cc7367e0c7b40f4a8ace272941ea46373799

                                                                                                                                                                                SHA256

                                                                                                                                                                                a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf

                                                                                                                                                                                SHA512

                                                                                                                                                                                a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\D3DCompiler_47.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                31KB

                                                                                                                                                                                MD5

                                                                                                                                                                                4d6ff1e43e825c9a3582a11ee739628e

                                                                                                                                                                                SHA1

                                                                                                                                                                                a2168711d9b383cbc089eeff92380d6975724035

                                                                                                                                                                                SHA256

                                                                                                                                                                                19e1eb9cff39699f951ef9ab0e3b67cc404094fc4176e08c33ee89c56c9fd771

                                                                                                                                                                                SHA512

                                                                                                                                                                                513fda623e189307fc1188ae7211530193760726e0d83faf1a2d3a6e47cfa5c62366c1326ffa31270c9768441f2fd2a624a64ef14a0c38bddab1fb75e0e7bed0

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

                                                                                                                                                                                Filesize

                                                                                                                                                                                78KB

                                                                                                                                                                                MD5

                                                                                                                                                                                80ce77b04d05a99471a04a045e336e3f

                                                                                                                                                                                SHA1

                                                                                                                                                                                0e5ec3908935b5f4d33926a6c420cf48aed47f3d

                                                                                                                                                                                SHA256

                                                                                                                                                                                6a7d99a7daa1a948aa7da716f39f434a39d3e4b25c39c656d82c982288c9f4f7

                                                                                                                                                                                SHA512

                                                                                                                                                                                5a2b2c5e2c7868c79a56a92c1972a65fb4869570185f07c93e4798f073003711fc4cfd19a47e97aaeade4188b76b8a64dbf141f3aa1fa3a4825d59dfa413cb8a

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

                                                                                                                                                                                Filesize

                                                                                                                                                                                9KB

                                                                                                                                                                                MD5

                                                                                                                                                                                08dbfedbb2a3ee24e0b9d195906c2f92

                                                                                                                                                                                SHA1

                                                                                                                                                                                1da4e8baae806ab395b6b11bf1ad6f4e74644a16

                                                                                                                                                                                SHA256

                                                                                                                                                                                39dc4a6fd77a20e7cd864752c24b534e62ca3a66ebe750cd02fd1d87144b885e

                                                                                                                                                                                SHA512

                                                                                                                                                                                6ff534cf20fb934789cdc817312a6f67a675af2b0192d93900b6297a03febc4374f1ebbd04d98161250df1ad46bc8753d17cec98db46e17d24d8d16b2682225d

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

                                                                                                                                                                                Filesize

                                                                                                                                                                                41KB

                                                                                                                                                                                MD5

                                                                                                                                                                                c175f17ad440a044120fbf146351dcee

                                                                                                                                                                                SHA1

                                                                                                                                                                                3289f95e22680216eb0451552e386c7c979a9c7d

                                                                                                                                                                                SHA256

                                                                                                                                                                                08bace9928bc46b39b5e41f7ec01ef22afe4a6ff3eb425833138ecf54117be31

                                                                                                                                                                                SHA512

                                                                                                                                                                                ffac702a573090eb0d01b4fa5a09bc0a8df3ae1d1d3a808dc03e9b3d073994abafae34ba393d53a19b73bf4e31768466a5877eb15cfd40860952a7324a7ad382

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

                                                                                                                                                                                Filesize

                                                                                                                                                                                20KB

                                                                                                                                                                                MD5

                                                                                                                                                                                427266f9bf3d5423186ad83cec8164bc

                                                                                                                                                                                SHA1

                                                                                                                                                                                2613bb474daea8e43aa5f354d7e9b94dd112697e

                                                                                                                                                                                SHA256

                                                                                                                                                                                3e2f9b83a3fc2d293bb30f208c62c48884bab5c8f672fd4fac3f6cbf8eec4cf7

                                                                                                                                                                                SHA512

                                                                                                                                                                                389ec5dcddfcbf9b5b2312efe30f823ca399650b27838beaf25146d1aa43e022769c1ebf8ad45e44d753eb793f26b4f5ed741ead3742f3f1a488a9a8c08264d1

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_100_percent.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                138KB

                                                                                                                                                                                MD5

                                                                                                                                                                                9c1b859b611600201ccf898f1eff2476

                                                                                                                                                                                SHA1

                                                                                                                                                                                87d5d9a5fcc2496b48bb084fdf04331823dd1699

                                                                                                                                                                                SHA256

                                                                                                                                                                                53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b

                                                                                                                                                                                SHA512

                                                                                                                                                                                1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_100_percent.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                22KB

                                                                                                                                                                                MD5

                                                                                                                                                                                5b5c3fd2d7d4de2f09d81f80e40f185f

                                                                                                                                                                                SHA1

                                                                                                                                                                                e012359becdf21025159e7f596c7a25b90d2a42d

                                                                                                                                                                                SHA256

                                                                                                                                                                                a124bdbc3113cd48afd60671bc7e855a24d44a288040e9897e95c90755e05593

                                                                                                                                                                                SHA512

                                                                                                                                                                                897a176f0efdf77a292996298d42d328937956d3caec1810c07d5d16b653b52d46b917860aa97e67ddaa7e30df9a6bde58d542925c5ae485ff420f204999f897

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_200_percent.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                26KB

                                                                                                                                                                                MD5

                                                                                                                                                                                b5992632033008899e6804a017a5be38

                                                                                                                                                                                SHA1

                                                                                                                                                                                d05271e21ca331d864e42228289725eb4acbde46

                                                                                                                                                                                SHA256

                                                                                                                                                                                1e6032aa09532d063eacfcd6f3f66d4a9623d4e08cbdea01a46f27add54681db

                                                                                                                                                                                SHA512

                                                                                                                                                                                e2740e8f79e82b6881c365564e50b2c7cdd31f8d2eaf861764e3bb9bf3f5d5bee54f1c5960cc58209a8ee4f03c51469dfc0e72af933416db6672ccedf66d0b9d

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\d3dcompiler_47.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                3KB

                                                                                                                                                                                MD5

                                                                                                                                                                                d88cb6193aaa879977bffb313cc2360a

                                                                                                                                                                                SHA1

                                                                                                                                                                                2493fd7edb62673b19c7ff5877fd14e3902b48d0

                                                                                                                                                                                SHA256

                                                                                                                                                                                e2b0311b45d8fcde947a6af36c40be0ab0231111cf0dfd18553501e945e6b284

                                                                                                                                                                                SHA512

                                                                                                                                                                                53c16b0dcf05e7092ec3830967409088161b65d070010e23d8b51724e6b9f8974a7f328c2615842e88472742b07d67198e3d58f62693dbc6f6d55ad298512f75

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                29KB

                                                                                                                                                                                MD5

                                                                                                                                                                                36a75c72db9d827aec0c06085a733d9a

                                                                                                                                                                                SHA1

                                                                                                                                                                                3105ca92d418ed1244b5a64dc964187c85cd0f2e

                                                                                                                                                                                SHA256

                                                                                                                                                                                8e7bf3fad23084a9fc048208b1075a37f7aac05a250045e4ee06a1242cf88d42

                                                                                                                                                                                SHA512

                                                                                                                                                                                71bdcad6d785b5fd5255ed6453fac3d6b39b06bab119f9c7002c76a5d3ccb11da176f69977e135332ecaa6476551c36efef05c31beebe00b5da7a8c294bc0c42

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                10KB

                                                                                                                                                                                MD5

                                                                                                                                                                                ccbdab53ead240092d6b92a33f449a62

                                                                                                                                                                                SHA1

                                                                                                                                                                                315437c9da345c5e1a934d788180989063b0ef1d

                                                                                                                                                                                SHA256

                                                                                                                                                                                c0a4830435c4a0cd50747f106565a2bd7b4f9de7940f2742d3d2c72ea336bca4

                                                                                                                                                                                SHA512

                                                                                                                                                                                b255bfabda04fe734a4d924e3e0f225b81a2f6a1ae74dee7054783b97497f06d62738381dd867dc74fc9db8832cbf7226d53cacd9a20d7fa1949208549ced50f

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                55KB

                                                                                                                                                                                MD5

                                                                                                                                                                                4e7df27e996dd526be7bfb42f842c7ea

                                                                                                                                                                                SHA1

                                                                                                                                                                                a4294b8b81a5a29004c9200d59af05a1c0f429aa

                                                                                                                                                                                SHA256

                                                                                                                                                                                b35cce4a2fd8d52d6a37cae07fd37adbe55cd39919f2241621bacf56e078c463

                                                                                                                                                                                SHA512

                                                                                                                                                                                ee4e2b2707a0fe42ee9d622b8cdd04840d06ccf6e94dffc874065b04edaaac3f6d551fabb3b01e1ef02166d961b716c1ca4328342e77d9e29cdbb14e064be53f

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                50KB

                                                                                                                                                                                MD5

                                                                                                                                                                                ab115280e4856856149468f0f0d96c6b

                                                                                                                                                                                SHA1

                                                                                                                                                                                989d3313bae6c533c775f0a9a2a59ffea85f0e98

                                                                                                                                                                                SHA256

                                                                                                                                                                                0a9349b4f64d832f7b86ce8ecec8471df55a11b6a806aa0630a79a6300f5a9be

                                                                                                                                                                                SHA512

                                                                                                                                                                                dc6b58c882b39400c9a0ad11676868a5159796d0bcfd1e596ab752757cce4a24c95b3b2b8e949bce8623d76842ed469dd01e908b7a11c23ab54c2a5b91370e98

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\icudtl.dat

                                                                                                                                                                                Filesize

                                                                                                                                                                                41KB

                                                                                                                                                                                MD5

                                                                                                                                                                                c4cc4f390ed96115a5f011de41fd78c7

                                                                                                                                                                                SHA1

                                                                                                                                                                                4af3e72db95284aab286f12372dd17cfcdbf3a6a

                                                                                                                                                                                SHA256

                                                                                                                                                                                56c577672c1a8b9b1cded8c67cde2bb600b3b4ff0024a4080d25440b56a69f51

                                                                                                                                                                                SHA512

                                                                                                                                                                                1a89fe7188618ad344e441ff131f6a45acdb64e6df9cb0f7f2147d8c8710ca379a711bcf7e01ff794b587e98e72c703b41dbbc83dbc2382a986f2631f6bd6ff6

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libEGL.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                22KB

                                                                                                                                                                                MD5

                                                                                                                                                                                42c47c397c44e3f9e5b38f11288a3066

                                                                                                                                                                                SHA1

                                                                                                                                                                                5e1754c5932a0764a31fd863424e24bf1fcf8fc0

                                                                                                                                                                                SHA256

                                                                                                                                                                                5f1d8ab15a80f07752e409d3f4b7c216c1a14c0a595858c376f42fc8d4757e70

                                                                                                                                                                                SHA512

                                                                                                                                                                                92d220b7cf3ad1f30e23ccbce8f4f56f643b8182a10ef44744d34042580e3677255f2e9309f80442f0f30a3a97264e03f11f7cf174ec0d0ead46682c1c920866

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libGLESv2.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                73KB

                                                                                                                                                                                MD5

                                                                                                                                                                                6621ff5571e79d942bc88114a7ad3509

                                                                                                                                                                                SHA1

                                                                                                                                                                                38e4b8e474f8943a4933ac5d12cbe7af355dc678

                                                                                                                                                                                SHA256

                                                                                                                                                                                beca11a03b42219f16ebda2818bc303e3f6052526ff9bce17ae6e7e36a137bb7

                                                                                                                                                                                SHA512

                                                                                                                                                                                c462a93dd51937f08d9724403f33f7868d815150707a22675f538eb4ca7dfd163afcb3373c38375b1fb18bfad0977679715a761e63d44df32c3237ac9a1fa9bf

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libegl.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                41KB

                                                                                                                                                                                MD5

                                                                                                                                                                                7adc6deaef03a7f9d7d76a8e7dde6eed

                                                                                                                                                                                SHA1

                                                                                                                                                                                1c1be65e66d67534a15de500056de702914fda03

                                                                                                                                                                                SHA256

                                                                                                                                                                                47bd73d8d1aaf28232e41b89e9fe14ca1d26800ec3555ed0612fcd49151b5b0a

                                                                                                                                                                                SHA512

                                                                                                                                                                                bbc032336ede336cc7fcdb1f1cb9a4d22479677d1f723cb879170bd86e4b291221fc55261c339d228f77be21489ecd9ebd3bdc10e7b42d61cab0201fc49af0a4

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libglesv2.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                2KB

                                                                                                                                                                                MD5

                                                                                                                                                                                c28b74bddb5c56bc08cee2cdfba24591

                                                                                                                                                                                SHA1

                                                                                                                                                                                8b073fbdb9f5552f4c4333b20e8ff4063dd1518e

                                                                                                                                                                                SHA256

                                                                                                                                                                                8bec94018614cb57f0856c89e5cb26d5c0fccff08c3f8c5edba95a0d98129e0f

                                                                                                                                                                                SHA512

                                                                                                                                                                                964d39400b1e08d87aba4a7131ec5c856817a01927910beec6e1122989099483279dda39682c2d233b86dabaf945bb8915304d32ecca0e60bf73a334faa93c69

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\locales\en-US.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                11KB

                                                                                                                                                                                MD5

                                                                                                                                                                                1763f36cc066155149f51fef404d966c

                                                                                                                                                                                SHA1

                                                                                                                                                                                b7f53b3da2fb4554942d51c7448153a8a0e2e92a

                                                                                                                                                                                SHA256

                                                                                                                                                                                32e4181edf0e5fea01f91264ff25ad19d407a775ceb6a4e5e5bd7a311769a3c3

                                                                                                                                                                                SHA512

                                                                                                                                                                                6b2976386ae92e0520149f0f867840983116e632e2c8b7488fd72909b7fad202f3ae6a9ddae30922d24295f71721f0df78018ec3a57ae31f842ec2446f833157

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\locales\es-419.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                55KB

                                                                                                                                                                                MD5

                                                                                                                                                                                16fdf08940ab9a6798b65ed8e86c2869

                                                                                                                                                                                SHA1

                                                                                                                                                                                7bbcee9742931838bc80f12c36f37fa2caa913b2

                                                                                                                                                                                SHA256

                                                                                                                                                                                82ceccb51c51859c8c29bb2dabc325a426f034113a4e4a1aa94de514d9a9842b

                                                                                                                                                                                SHA512

                                                                                                                                                                                89c6022345d003e031dea2bf21fc2bfb45e2db3646d842da73eac9c7a34543fb5bd9d68f10af0ab6b324deffd2aa113fb510ac5f85a2796f8342e6124faa8f6c

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\locales\tr.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                17KB

                                                                                                                                                                                MD5

                                                                                                                                                                                84b12208819e7793ca426fef7efce801

                                                                                                                                                                                SHA1

                                                                                                                                                                                7a8f471513a2d8dfc29315d8f4e148a17e22b0c8

                                                                                                                                                                                SHA256

                                                                                                                                                                                eb10e679837bdd7578fe2479627b85edc761ade571541dd435332cb9b62c64e4

                                                                                                                                                                                SHA512

                                                                                                                                                                                45ba46f1e35fa4631244a73486079542911dc785e3b0457bf55e98975f8d246daac2da3ce80e7f51f6160c0efb58c3e7e8c247c2b6a1dea15d25404cce509d99

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                76KB

                                                                                                                                                                                MD5

                                                                                                                                                                                a3bf5f44c6f13759e381de1f4df4c284

                                                                                                                                                                                SHA1

                                                                                                                                                                                018a4f38c5b807e271929565b6bbe8f9c5b276ef

                                                                                                                                                                                SHA256

                                                                                                                                                                                e3cc193a0483dc171696450d979c310a72404bdd3c15b5119b6bc3d94fbf4cf4

                                                                                                                                                                                SHA512

                                                                                                                                                                                49b5f02e9b553ac7f28d542f815277f56aa9c05a83e160422c6689173bfa8eb41c9c3668eaff8ea1715f2c912774c5d8d2cfdc46c69bc522352e9b1c18f246f9

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources\app.asar

                                                                                                                                                                                Filesize

                                                                                                                                                                                48KB

                                                                                                                                                                                MD5

                                                                                                                                                                                5a5803313556d2bcae3bda0284d01fa0

                                                                                                                                                                                SHA1

                                                                                                                                                                                08c40906bde2075db5d1c11d6fc55d6bf2ead756

                                                                                                                                                                                SHA256

                                                                                                                                                                                b777e2e9384164771ab03a90b3950e57be90aa2e9cebe5392345ecb8c95708e8

                                                                                                                                                                                SHA512

                                                                                                                                                                                64844867e531b7f7b3a2760ba23a616505120db575add300a0952cb3c2255f63f0fdfb492f0a7b70ea49abe5c31194e55bcba4330abfb674e172a36d11f54ea2

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\v8_context_snapshot.bin

                                                                                                                                                                                Filesize

                                                                                                                                                                                16KB

                                                                                                                                                                                MD5

                                                                                                                                                                                ec9ddb931b1c7c3c8f494a84db3c880c

                                                                                                                                                                                SHA1

                                                                                                                                                                                c9fa2a3cf0566fd2e2692dc2bca1da6dfb7b1a38

                                                                                                                                                                                SHA256

                                                                                                                                                                                baf759b7cb95dad400b1910d4bbf8c5d63beebb87bf7daf7c54dfd8050d09b2e

                                                                                                                                                                                SHA512

                                                                                                                                                                                0ec43f311639f873275c157ea20588abbd38808e1e581b99376f3d70f2bbfa23a00bece904e8e8fbf354d04c164c6059e4a78d8edc30e2924c9d7328f595059c

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ipkl23tj.ong.ps1

                                                                                                                                                                                Filesize

                                                                                                                                                                                60B

                                                                                                                                                                                MD5

                                                                                                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                SHA1

                                                                                                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                SHA256

                                                                                                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                SHA512

                                                                                                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\aa3a16f5-7a17-4151-b21a-8f8d44aca0a0.tmp.node

                                                                                                                                                                                Filesize

                                                                                                                                                                                34KB

                                                                                                                                                                                MD5

                                                                                                                                                                                8a3e5332bba15fb3d45acb98623b90ca

                                                                                                                                                                                SHA1

                                                                                                                                                                                7c994f6b46385bc25c82d5751b5a3be9876e4d6b

                                                                                                                                                                                SHA256

                                                                                                                                                                                4fdb0cc4a5e79cf80446fab73f4a7fe3c9e89c33fd06936e95d906de8f89ecb4

                                                                                                                                                                                SHA512

                                                                                                                                                                                54803c5bd4933e4d488e5531ae3c23d69ec5f5b1b7ba8f00ec2d108b53fb2e874d183722035989ee8a30c2fb767b9df2af9a5f6afc46da36ce39c354ef6d4879

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\aa3e900a-f271-4195-9ef9-66c4103b4e31.tmp.node

                                                                                                                                                                                Filesize

                                                                                                                                                                                90KB

                                                                                                                                                                                MD5

                                                                                                                                                                                45901c22456863370cc6e8ffe72cc508

                                                                                                                                                                                SHA1

                                                                                                                                                                                aa48720921abe40cf209e4c8896d4af4b489a356

                                                                                                                                                                                SHA256

                                                                                                                                                                                e91b456f4432cccdf280c29fe2c095536e356b7949fb31622e81b864bfc8ac00

                                                                                                                                                                                SHA512

                                                                                                                                                                                fe22b49fa07b6f9691679781f04f66f94fe520c787dc8a4d6f05b86634a26671a0cd603a9959905bb1ca29f0f6fc81fcfcc442fccf913abe406e69099b6be3cc

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\GalaxySwapperV2.exe

                                                                                                                                                                                Filesize

                                                                                                                                                                                65KB

                                                                                                                                                                                MD5

                                                                                                                                                                                4d0564d874952d01a2df733ea3269bc6

                                                                                                                                                                                SHA1

                                                                                                                                                                                0e24dd3c25c306f70b17995d0a252438e1d28287

                                                                                                                                                                                SHA256

                                                                                                                                                                                ec2af80449de1dcb39a79ab8bd2f630b97f2690b6d47f40f7d1a1209c492a8f8

                                                                                                                                                                                SHA512

                                                                                                                                                                                e872eb7908705427bbdb7650ac680ce4df8b8da1c81dfdd5f705c072826a9a5777ae9286f7a33ef16c85523a923599f74c58223f499f480573ee40938c025b95

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\LICENSE.electron.txt

                                                                                                                                                                                Filesize

                                                                                                                                                                                1KB

                                                                                                                                                                                MD5

                                                                                                                                                                                4d42118d35941e0f664dddbd83f633c5

                                                                                                                                                                                SHA1

                                                                                                                                                                                2b21ec5f20fe961d15f2b58efb1368e66d202e5c

                                                                                                                                                                                SHA256

                                                                                                                                                                                5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

                                                                                                                                                                                SHA512

                                                                                                                                                                                3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\LICENSES.chromium.html

                                                                                                                                                                                Filesize

                                                                                                                                                                                81KB

                                                                                                                                                                                MD5

                                                                                                                                                                                be703b85688f71415fbba3a1934b7d64

                                                                                                                                                                                SHA1

                                                                                                                                                                                cfe07b3412716bb8ca179633adc579862264bd64

                                                                                                                                                                                SHA256

                                                                                                                                                                                febbe2e055a913e36f252040c12511588ea2be4a5549d99647e7312a9b157845

                                                                                                                                                                                SHA512

                                                                                                                                                                                7cc81d6f2745b1c0230ad617557277da946ace9c39b520fbc97c92d7d68a05777535f09407fcb7890907f2b1bee89aab142f7a3dc7edd766095f99857308b2b6

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\chrome_200_percent.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                202KB

                                                                                                                                                                                MD5

                                                                                                                                                                                b51a78961b1dbb156343e6e024093d41

                                                                                                                                                                                SHA1

                                                                                                                                                                                51298bfe945a9645311169fc5bb64a2a1f20bc38

                                                                                                                                                                                SHA256

                                                                                                                                                                                4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9

                                                                                                                                                                                SHA512

                                                                                                                                                                                23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\d3dcompiler_47.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                511KB

                                                                                                                                                                                MD5

                                                                                                                                                                                a11ce6c51e1e33b786ea210347cc4563

                                                                                                                                                                                SHA1

                                                                                                                                                                                fbd5955d588fc32c9c1164e3024a6343332fa398

                                                                                                                                                                                SHA256

                                                                                                                                                                                845f5c4945ad7a09727084144913e2fef20c6f256095e758e35b1a5729f773b7

                                                                                                                                                                                SHA512

                                                                                                                                                                                d134f0782d46744d81405c561813bf7021e1bebd67027b62845c116447eb5522b2b80a5b027e38f34d0d86aea79ffd9dfd321b78fdd329ee5e271cf5c15da152

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\ffmpeg.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                497KB

                                                                                                                                                                                MD5

                                                                                                                                                                                bebfd2ddc464c14b2a983c120b9f4a6e

                                                                                                                                                                                SHA1

                                                                                                                                                                                34083c0996703b507770f3c41c450dd86fd11fac

                                                                                                                                                                                SHA256

                                                                                                                                                                                dbce8fe1e3f3011970055b960898eea6fe9206d8253823d53a8271a1aa89fe23

                                                                                                                                                                                SHA512

                                                                                                                                                                                b58fe3c5bd493633933b595a4011272c300af010618593d55707657dff16f7854b47ba29ebcdaaf95f7362bda321650bec371ffdc1b94b3ae4ab07c71273b2eb

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\icudtl.dat

                                                                                                                                                                                Filesize

                                                                                                                                                                                122KB

                                                                                                                                                                                MD5

                                                                                                                                                                                a8aab5509839c0e2637dd94db6cd44fe

                                                                                                                                                                                SHA1

                                                                                                                                                                                c40ab81429922cf45169371e26681060a1508740

                                                                                                                                                                                SHA256

                                                                                                                                                                                9fca348cf598f2f4be8c7b1245c37097c09b4de054cfe80c7c11523cc1d3cd93

                                                                                                                                                                                SHA512

                                                                                                                                                                                b1aec1547f58f81f4cc363e44d3f5386cf36c4098b2095c4308678f98b92ee923852a673210c80e41b5a48513febe9634b6d1a94feb0d42d8ab17eb4fa0a9a3d

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\libEGL.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                101KB

                                                                                                                                                                                MD5

                                                                                                                                                                                c4c1fdf68c51a59adc1fd80f0efdc115

                                                                                                                                                                                SHA1

                                                                                                                                                                                13ff581fb97d596311cb422ceb35df910dd0e15c

                                                                                                                                                                                SHA256

                                                                                                                                                                                83958c5205f4ce7da1145a2898f6dbf69656ea9caa5ce8b147dfc00d09f8cd1d

                                                                                                                                                                                SHA512

                                                                                                                                                                                88f3238207c9082814b1dcd7a092cf276f9a08851af882ab3a3756a230f7f86df7c1345f48081c6f3da1d844e7e0eb8b34f1f7f46cc85c204b615aa9cfdb8f8c

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\am.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                55KB

                                                                                                                                                                                MD5

                                                                                                                                                                                957431a656a583d8f13b2e3289e0bc1e

                                                                                                                                                                                SHA1

                                                                                                                                                                                100a3b0ab0a568e76e3464a1f45776456a431391

                                                                                                                                                                                SHA256

                                                                                                                                                                                bedeea021133c61ef76d1afd8fad7b195aa652082842bebfdb459c4d49ae311f

                                                                                                                                                                                SHA512

                                                                                                                                                                                8b5e85ebc4e323549f1dbf3834dd81479fdf64a7efb32d6eafab22448ac4ffcd74f6b8a64d14f2919c811ff3a8da61ba775fdb4fc501ec78aea04dd0c5d20ffe

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ar.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                53KB

                                                                                                                                                                                MD5

                                                                                                                                                                                1779815c073d5699e0790f3a520dfe1c

                                                                                                                                                                                SHA1

                                                                                                                                                                                946e230a4f0d6646d93bebc20385dfd0dc8bfec0

                                                                                                                                                                                SHA256

                                                                                                                                                                                7599509e15537e61ffba734f402d97a00a67a88416fb34911598839d4ca29fba

                                                                                                                                                                                SHA512

                                                                                                                                                                                9731ad1945e0084826cea4322b6b7d5358382eb37b329661dbb6c821e966e289d1d475f1f0c08d83a7362e72c6e9de4e6d3057f071ed6344852f76291d81037b

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\bg.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                89KB

                                                                                                                                                                                MD5

                                                                                                                                                                                8de4cc84c194271f0225220cc673a6ac

                                                                                                                                                                                SHA1

                                                                                                                                                                                8cb8c50325e0e5a496f64d3876a315f174409752

                                                                                                                                                                                SHA256

                                                                                                                                                                                033f6be704d1ea79ee1005d71afced185eabba940a8655f84073365d87c0caaa

                                                                                                                                                                                SHA512

                                                                                                                                                                                6c2b3c9758bfeeb08fdf298746dd2339d87623e0b794a8061dbdc3719d8e6136edb7285ed85821415ebc8a6347044c483c4787993211fe54a4627f653354020d

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\bn.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                40KB

                                                                                                                                                                                MD5

                                                                                                                                                                                000f41092c7640026db6d6f7356debba

                                                                                                                                                                                SHA1

                                                                                                                                                                                06ce93bac7d51344cd1004ccda71d640a7ae2ee3

                                                                                                                                                                                SHA256

                                                                                                                                                                                0d8000bae6e39f70de5c68fef19a39af1efe128477994987ab3068530b22d00c

                                                                                                                                                                                SHA512

                                                                                                                                                                                1ed686e40645054b77b92c3a8400b855ea1333e8c98616b6d46dfbd3ac7a44ce516630a9e186c7c3f785768d473d31c28a24157e6e067629d67043376c191e6b

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ca.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                90KB

                                                                                                                                                                                MD5

                                                                                                                                                                                feb8cb531565838eb22f1554e7615d61

                                                                                                                                                                                SHA1

                                                                                                                                                                                301b8db7fb8477701e54266140d4fd68e1e672b5

                                                                                                                                                                                SHA256

                                                                                                                                                                                c5c31034bdcc71cc09f1186cacc18f26249f5828445183ef4689777a4cb8fc10

                                                                                                                                                                                SHA512

                                                                                                                                                                                71ec30fc48478c6a8523aabed81b7d970933f47ba13820e555db92622a72d41742db9d4b29395adaff7cd690aa382a6800656aa5a42751c0ee135165f275fcf3

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\cs.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                93KB

                                                                                                                                                                                MD5

                                                                                                                                                                                644b106d4dedc3b84cb3142d1815a850

                                                                                                                                                                                SHA1

                                                                                                                                                                                d913172304ffe09402b04d0eca9892ea32630286

                                                                                                                                                                                SHA256

                                                                                                                                                                                e510bd42e9a1c97ca7f09c530669a1218a7a032d76499dd96d3c8ed1d73c9693

                                                                                                                                                                                SHA512

                                                                                                                                                                                87177a3a6be027f2f15d0c7edfa9d23e74e48a07f27a39fb183ea03cd5ac4daa904f6df57ba6c240e0166ee065e70d0291067629a4aec14b7dfd0c19b4e12ba1

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\da.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                67KB

                                                                                                                                                                                MD5

                                                                                                                                                                                891783b7b5fc434c0bde82d13f259da2

                                                                                                                                                                                SHA1

                                                                                                                                                                                0795c50fac20d69e00b16c27a3dd7ff84fb4c8d2

                                                                                                                                                                                SHA256

                                                                                                                                                                                f12576031985b141e6230e63d5c073ae125ce347fe4d29098e5ec702901cc702

                                                                                                                                                                                SHA512

                                                                                                                                                                                1f66e9432691e0ea1680d9364a12bd34e5a327494c7d5c89f8b7a4bac7e11042e297f3be6b29a7258b14229f0080eebecdd3198ef2eeac154cb83d59598280d7

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\de.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                                MD5

                                                                                                                                                                                b923a326bd7b4e16cdd4a5693ea78a79

                                                                                                                                                                                SHA1

                                                                                                                                                                                8f95081552f13724ef7e577b3d434715de175a78

                                                                                                                                                                                SHA256

                                                                                                                                                                                17f442aaa0167d2736206da02ceaafd872841ead0cc32dd55b512a3cba9227b8

                                                                                                                                                                                SHA512

                                                                                                                                                                                cd11a6bcaa6a5d4ad8bab4dba9c387391c61a14119abe985dc560985d2fbbd7f1b6b7b710b168f868b6dceeb9fcc9cc06582210024d2af71405fbfadd1a8e993

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\el.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                40KB

                                                                                                                                                                                MD5

                                                                                                                                                                                1a49b6a84e171eeeb3e8fe31ff149e26

                                                                                                                                                                                SHA1

                                                                                                                                                                                a0edf70255bcf3ed1e5bfa493350b1e8f095e77b

                                                                                                                                                                                SHA256

                                                                                                                                                                                5c231333a28f02e1772b8cdd5fe1d784f61e2991a8fb4e8d0306b283a4a052e4

                                                                                                                                                                                SHA512

                                                                                                                                                                                52ebf6581228c2f79fae34dbde5182f0d4a1d757989912f29598a8d7242149ee35ccd14a45111884307911101940b99af4a701827b3663df4ba5e53bbe2e7dd2

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\en-GB.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                45KB

                                                                                                                                                                                MD5

                                                                                                                                                                                9d73eb0d73c818c4fb5dcf1bbaa0fdb8

                                                                                                                                                                                SHA1

                                                                                                                                                                                245960919f78e0aa34ae5119e24010ed6c098979

                                                                                                                                                                                SHA256

                                                                                                                                                                                05b527bb8536c779e375ae4589534fd41e961beca90dacce3a9a370ee6d8210b

                                                                                                                                                                                SHA512

                                                                                                                                                                                a67016d60bf7b548a39266bf9057d80f04f09e4629ec137a25843039242ff8742d9a046010bddba1a8c2bf27c13550cd128284678f71a074d71193c01731d296

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\en-US.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                24KB

                                                                                                                                                                                MD5

                                                                                                                                                                                c7a35b4792b419b89953f9c93fcf68ec

                                                                                                                                                                                SHA1

                                                                                                                                                                                310b96c8b3b6c03cae195ee765be4a465294dba1

                                                                                                                                                                                SHA256

                                                                                                                                                                                3d4b7bb473690c2aca5d010dee88add647d0f2c670d248fa0250f3b0d72f58fb

                                                                                                                                                                                SHA512

                                                                                                                                                                                42ef25f8e151101d9b59a5717ba503be6dca4bb1521551b20ed7f5f7887e55d7cda0b1b623689dd1875963e8ff1352902906e27fec805d423348b70d36894a4c

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\es.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                61KB

                                                                                                                                                                                MD5

                                                                                                                                                                                18effe24e1af2a82bd244fdc7335b924

                                                                                                                                                                                SHA1

                                                                                                                                                                                1a746a2f0271f9b15f11fc2870027c07657b17c4

                                                                                                                                                                                SHA256

                                                                                                                                                                                dde744edfc386245ead9e45806d50a4e520cbcabfd31dcc25d06c88cd7034c2d

                                                                                                                                                                                SHA512

                                                                                                                                                                                51154f6f6afc62a9eb691811d4f1f0d64be851efbc41fd165ba13d16a39c7e1e0491d4eccee413dcfa835da4a915b6b424678429de3fd7ec32e56cb3859f1560

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\et.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                48KB

                                                                                                                                                                                MD5

                                                                                                                                                                                0deaad24f897d8a7d58c02349fceccfe

                                                                                                                                                                                SHA1

                                                                                                                                                                                00c26f43e22478652c21d33965af9cbf8de4e078

                                                                                                                                                                                SHA256

                                                                                                                                                                                c15d32bd4efdab3de2f3b4aa372b6339e915ae07125ad1e81654214dc93dc5f0

                                                                                                                                                                                SHA512

                                                                                                                                                                                fa02363759ed04903ecc178e7d46b49aa4028b131cd4cf34d5ce3e6e5989649c48846c43aa6822ce4580dbc0f3b37ff578ed172fde2dfe4383107eb272814b56

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\fa.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                38KB

                                                                                                                                                                                MD5

                                                                                                                                                                                13ba8738fd68a28a9f0dd2c821bc4c11

                                                                                                                                                                                SHA1

                                                                                                                                                                                75e19bae5a651662a4ab4776cc032e84ac968cea

                                                                                                                                                                                SHA256

                                                                                                                                                                                8df1290756801dbab2d229c694f9d64fe5a9b3c46f5e108cfc6b0604bfebb08e

                                                                                                                                                                                SHA512

                                                                                                                                                                                8078a9f4b7bfc12fb27613f85bbe563025f5bb8ff147b9b9c348e17db65a2c098214fb7f169b7e07ccce97f56e82731b95260b2d337479c56a090963467f42c9

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\fi.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                45KB

                                                                                                                                                                                MD5

                                                                                                                                                                                73a1b2faac979c443a8134a90834ecea

                                                                                                                                                                                SHA1

                                                                                                                                                                                9d8e6fbbf21968e70949fadfbda0b485a3a05ec2

                                                                                                                                                                                SHA256

                                                                                                                                                                                1f0b2cbbb1b85612ded7b04e2bea5a81244774ac272df7d32ae8ea046c4bc4af

                                                                                                                                                                                SHA512

                                                                                                                                                                                cc4cdb3da9a7839c31d30af80ed6040cd99045e80344400ed3886040b95087e19d95db7ec392a8e4c737f1079e46d3d3e2b6bee6cdecd7af4b2e8bcec594a0ed

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\fil.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                                MD5

                                                                                                                                                                                502426d24de1eace36db0e9929e04b95

                                                                                                                                                                                SHA1

                                                                                                                                                                                490a30e0d07732fd3e999db2bbfdf4773d04ac05

                                                                                                                                                                                SHA256

                                                                                                                                                                                59d5226aa8dee2d1f8718d5d2933f3e7152c7b23c3875c0d0135c48f259fdf1f

                                                                                                                                                                                SHA512

                                                                                                                                                                                a4b5126d3d054f8f73103acaf82d942dd383e9daa33e8142f8dfd5053469a4f30f5f48d9019f2323fc6709f0e0c23cf59801032b6398a3c8d04b6259ca105c6a

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\fr.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                57KB

                                                                                                                                                                                MD5

                                                                                                                                                                                03634471d8ada7d1acf8d91483fe94a4

                                                                                                                                                                                SHA1

                                                                                                                                                                                210daf6c2c8afa06bd2a3a78285a391c0ef909c0

                                                                                                                                                                                SHA256

                                                                                                                                                                                9f7a46d0a42e8d77a7bd055783672045a99dec94c1739b78441312f96cf29352

                                                                                                                                                                                SHA512

                                                                                                                                                                                e12902e35b2d61379728f5c33e3f9119a392b0778793b2b2b8922f6950277471255f5da7d6ed93426bfc473f147373f3eca819ce5a86f71d612cd5e579cff98a

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\gu.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                36KB

                                                                                                                                                                                MD5

                                                                                                                                                                                93a012a3df6544f1ca44c46323b11b13

                                                                                                                                                                                SHA1

                                                                                                                                                                                baa35720f8e655203de9a66262c91fc04ed00444

                                                                                                                                                                                SHA256

                                                                                                                                                                                b265e4d736c631058e06004e9d759e9c1d0700405b4dee1434768b35bca7d163

                                                                                                                                                                                SHA512

                                                                                                                                                                                901fadd4a84c4c2d143a51a2aeeb9e202122d551847a7669539b9018804e27f11c5ace62eba7abeb34b7bbf4299f98f7a11290abcf2849613a60593436dc589b

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\he.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                21KB

                                                                                                                                                                                MD5

                                                                                                                                                                                1758934bf862895d6d6e1558cd29a8de

                                                                                                                                                                                SHA1

                                                                                                                                                                                cacccc7180e1d357243bc894f7ee814a4f62d080

                                                                                                                                                                                SHA256

                                                                                                                                                                                5d02bfe3ca8527edfba220308f10d25ae49c4270504f25f15b6414eaafe8f7c8

                                                                                                                                                                                SHA512

                                                                                                                                                                                fa2bf5325ae00bc4def903964662399cd9cc0cf82b8de5f698c0ed5f9505d4adbd3e12193779ed2ec326138baf05dea9fe3d9dfeef4ea019e0faef4de2b48561

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\hi.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                23KB

                                                                                                                                                                                MD5

                                                                                                                                                                                036555a4c2bdce7aa4a7673004a61ddf

                                                                                                                                                                                SHA1

                                                                                                                                                                                77d755082b46ed17f55ad23a39f6d1fd2b952003

                                                                                                                                                                                SHA256

                                                                                                                                                                                64da243792e53910a38a78a04df34b5803ac3d51b0ea0b3460fdd3be01922046

                                                                                                                                                                                SHA512

                                                                                                                                                                                07d97b09798be4d67cd1a9013a2539b4ef16a7b9ac7e7bc7a2a2843559e7e37470eb70304ac7cdca85c717ceb5f5748b8e5c51213ee3e9fc8ea65a81571e1565

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\hr.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                32KB

                                                                                                                                                                                MD5

                                                                                                                                                                                ab1ce6b0ebbc6b6e33d88e6f279e5761

                                                                                                                                                                                SHA1

                                                                                                                                                                                4f3572857f0c8528f39145b7a2bef4cc9635eb80

                                                                                                                                                                                SHA256

                                                                                                                                                                                087e34145c02fd15f99582fff8c9555bd132f98a000244cf58fb930a51dd294f

                                                                                                                                                                                SHA512

                                                                                                                                                                                c087838b10e5ad308b61f00b0f2405e4d227d78bb0ab87a8556c717a3be9913d023e93e3dbada2dbdfc96059d6450342aac1c6254aa7d131943bc89ea41f132f

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\hu.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                51KB

                                                                                                                                                                                MD5

                                                                                                                                                                                c7b4357a2688275507c8dc5c305ef405

                                                                                                                                                                                SHA1

                                                                                                                                                                                65f76a53b29c7eb61d747b206803d7748c7991ac

                                                                                                                                                                                SHA256

                                                                                                                                                                                56315c5a9ca0c9ca3aad35977420f7ee1507677b1f86bf3fa96e020e6506926d

                                                                                                                                                                                SHA512

                                                                                                                                                                                4958acbe7d3fd6e7e35889c0452554344c33043364924f49e1e9d0f43751e553ae59e6d60bce4d55d393fe586542c9902d62163dcc129e914ff3cfc583049c86

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\id.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                30KB

                                                                                                                                                                                MD5

                                                                                                                                                                                056fe100ffbaaaf4f8014109541d7f78

                                                                                                                                                                                SHA1

                                                                                                                                                                                e87e619d1ab3775dd96c49ffa589aa6ef07f732d

                                                                                                                                                                                SHA256

                                                                                                                                                                                935f7ae40ef090ddf9476009f627819f93a163147fd091b1b7992f9ca17b75ff

                                                                                                                                                                                SHA512

                                                                                                                                                                                a7f296c4e5a337f2aba8d27c84391aae1ccd90f1dbe2dd526e25de02ca1b06dc76e09f1c0f8e30dca2856ca1f72f0040c15fd8ec734929d084847fd3354777be

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\it.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                11KB

                                                                                                                                                                                MD5

                                                                                                                                                                                576d97679d79e131d5e8e3aeb2011322

                                                                                                                                                                                SHA1

                                                                                                                                                                                87c92f17620e9700b60844d683a67877edf08224

                                                                                                                                                                                SHA256

                                                                                                                                                                                86c7f97b5df7c0bfafb6f660d1a4a931a7346439d318da3174a4b3867d59469e

                                                                                                                                                                                SHA512

                                                                                                                                                                                ee436b95dc1c737ff0deb2c5c35d92484e20c3e8377402ec3a7f2729142c1bb37990e6571f5735d5866e95c38416a6707f1f9b8f45f28ca511a377e4aeb2501c

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ja.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                32KB

                                                                                                                                                                                MD5

                                                                                                                                                                                0535d996b9fc46415d792537eed18565

                                                                                                                                                                                SHA1

                                                                                                                                                                                5219f79f5f51560a2ab1f87352151bd34e0ef570

                                                                                                                                                                                SHA256

                                                                                                                                                                                f87c1f838611d1715021eb81fdda5f99093ef805b7774b2c708149864239cab7

                                                                                                                                                                                SHA512

                                                                                                                                                                                5a4990b7d1552629a3a686e991bb0de95a17e57530a4fb3724273fc84a4120e93b08d8535066cdda58beb584a62b8baf5fbae17c877a444a885daa1ccf805a73

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\kn.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                20KB

                                                                                                                                                                                MD5

                                                                                                                                                                                a381ebb36aec61b86689b51f827bbbd9

                                                                                                                                                                                SHA1

                                                                                                                                                                                200ba0cc244768608d4dae0c29089698629bf894

                                                                                                                                                                                SHA256

                                                                                                                                                                                a392072a41ce7853394210cf1c8ba9eb4a5dec6a3fb71decf914ec35f9e80f67

                                                                                                                                                                                SHA512

                                                                                                                                                                                b935b9acf1eaa68c2494029020c42476d913ce26b867c9cd10700b2219ddc7a95bb21c69f98e0240a4beeecefabe696d8a76f7cfced2f8cff5ae1810b3806872

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ko.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                33KB

                                                                                                                                                                                MD5

                                                                                                                                                                                540ab4ed05846ada64e60ead8735b6c8

                                                                                                                                                                                SHA1

                                                                                                                                                                                501570684dd820b6216fe11cc9650c6de173422a

                                                                                                                                                                                SHA256

                                                                                                                                                                                da1b0f4cd0940c616e69cd37fd236c414bc5720a727f35cf4966aa90f714a6d2

                                                                                                                                                                                SHA512

                                                                                                                                                                                daa327baf69fd80c89d3d0717128ef8e5b1c8a98c750aa241c80a13f12502fbd5b7dd6bf8733eea9348e42d3ff7dbf1f1ab487cc38a6f232cda73b898d181e9b

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\lt.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                57KB

                                                                                                                                                                                MD5

                                                                                                                                                                                bd0b6de1444d6e4dce4cc0cca5919e25

                                                                                                                                                                                SHA1

                                                                                                                                                                                047a8e6a358206f874be4a7cfae714cb1eb4bc57

                                                                                                                                                                                SHA256

                                                                                                                                                                                cccf7b35f1fd534c824cc92305c400ecc0439395906b31f29643adb050d31615

                                                                                                                                                                                SHA512

                                                                                                                                                                                d93428437dd01961f9d6872c1a5b45ea53e73f9f96a42e1b366fc12e43eae1f78db2b10a2e9c4c0d2cb2b46d51fd7032e221e0343dd6f23461058f2ef3518122

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\lv.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                57KB

                                                                                                                                                                                MD5

                                                                                                                                                                                c0670b5f84adedfc09de597e2e4fd46e

                                                                                                                                                                                SHA1

                                                                                                                                                                                e1f949fd90654aebee0352ea3fadf314fa3730be

                                                                                                                                                                                SHA256

                                                                                                                                                                                bea938e3f78ffb7487196f60014a80654683787b7cf761d13cd817b5c85eba1a

                                                                                                                                                                                SHA512

                                                                                                                                                                                b53417360b10a69fa75520bd8383452b22353964b2776a36b45459548ace03821e476012fe5e3e40f2d8d2c0aca30706f91b232f760f971f8d582d25cc2a5fb3

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ml.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                40KB

                                                                                                                                                                                MD5

                                                                                                                                                                                b38566178d744fcc81ed1ba4e1db8f9c

                                                                                                                                                                                SHA1

                                                                                                                                                                                87208eabde42a43906ec5b35354f90dd7b6743a6

                                                                                                                                                                                SHA256

                                                                                                                                                                                2a3724d296772786f70f09f7b75549ffb55db873ccab2708871c2cbaa0a637c9

                                                                                                                                                                                SHA512

                                                                                                                                                                                6993773531f31e6686693587071d554e06a39bd940ae86c24770e47f5ce694f6239306d70f517b647f8050ee976e3e7bd66fd97e344bebb0b63c7808527c1689

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\mr.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                22KB

                                                                                                                                                                                MD5

                                                                                                                                                                                4396f8ca88fe4e84aec4abdd97bde74f

                                                                                                                                                                                SHA1

                                                                                                                                                                                219cb76a0bb59d07384da51d731bef85258445eb

                                                                                                                                                                                SHA256

                                                                                                                                                                                fe8e6b8f2b0b547e9d8bf0be897b3e971ceeed4ab8a6afa70d89023f6fce999a

                                                                                                                                                                                SHA512

                                                                                                                                                                                7b27912d3f9ac66940a74d9f62eb538f8388c746be6cae3c60822fb1afeb1f2a09f459f17a1ee5ef656914ffccbd057f76708a49f9fc6cbfb1705156571c8af9

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ms.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                77KB

                                                                                                                                                                                MD5

                                                                                                                                                                                59a17c1547fd0c2d7442a57125de1e63

                                                                                                                                                                                SHA1

                                                                                                                                                                                472cd3d7087be0bd9cd6ac77f978db65d6a8607f

                                                                                                                                                                                SHA256

                                                                                                                                                                                d4b0b5180342cf9dd09d3abe84e1d805f83f39d0e10437a88799babdc5cc0898

                                                                                                                                                                                SHA512

                                                                                                                                                                                730685533295cc67211e49b58e1899a122e5927d69851b62b7456ddcc90ac894bac1168040b169d13fb3d83f48f9f7b84753a9460332b9e50c95ffa5acf6fa7c

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\nb.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                52KB

                                                                                                                                                                                MD5

                                                                                                                                                                                1cd6be56f8271889e73e72ad27148522

                                                                                                                                                                                SHA1

                                                                                                                                                                                7325a1d9de25fe7bca73334581e46e7588da3522

                                                                                                                                                                                SHA256

                                                                                                                                                                                4541a661f7cee95e2fabe92808ddbe886f34b6a15b5b89fe6966526d1f9fe303

                                                                                                                                                                                SHA512

                                                                                                                                                                                a955683ac01f24349c9166dd7ac11942dd2941149a345ce38fc40493f0b7068bb6b052047b9cb24f5fa85b58a5e380176bb555f2949c718e2e524305f52e42db

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\nl.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                26KB

                                                                                                                                                                                MD5

                                                                                                                                                                                cea5de4e70e45fcaf313026fe2a285f3

                                                                                                                                                                                SHA1

                                                                                                                                                                                935bea86dc63fd5cf4e75dbd6268caa3ae769860

                                                                                                                                                                                SHA256

                                                                                                                                                                                d25dad0b33f7ee117a93664c63c3f785cb6c0640e284af71e7af8f3ee962681b

                                                                                                                                                                                SHA512

                                                                                                                                                                                a137d8b1499cbaed99979f3e99fa11f85e590e03e274270745faa6f902d9b60de91d843211a7eb7277814135a3d3bf859e5ec0b861654d82e5e58b0b0a81fa81

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\pl.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                28KB

                                                                                                                                                                                MD5

                                                                                                                                                                                aab77ed1d9366ab6c862b52a8803ec8a

                                                                                                                                                                                SHA1

                                                                                                                                                                                6c027f72f361468ebcfe14a2dfaa26d5705d236e

                                                                                                                                                                                SHA256

                                                                                                                                                                                2f7b4e04d699b13f3e8b160ad0db1383b028bcee345cfef3bba5f0b6a0eb310b

                                                                                                                                                                                SHA512

                                                                                                                                                                                ad65bb962bb766d9df1198a244f4290a4c2b24eb84867bfdb4daecaf84d9c6e66c374805f8649eb0cdebf5cfc5f7a0aca77390f08bc80767ad78cd152847770a

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\pt-BR.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                34KB

                                                                                                                                                                                MD5

                                                                                                                                                                                755e9c396a99a03ac26034ef5d499616

                                                                                                                                                                                SHA1

                                                                                                                                                                                e67976093894894439716381f7568fac65fbec9c

                                                                                                                                                                                SHA256

                                                                                                                                                                                32dcd6a79627e945fbe4440b8a58e3a82537f60d04a08be55074cae9ba1e3806

                                                                                                                                                                                SHA512

                                                                                                                                                                                977dec2f7e46648fdc0607a17564f28751db511d989bf9d0dfeba4f33194399970985eda28f3fca59c46bfe821b4e313993ad2d0abcd37ec265a613058573728

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\pt-PT.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                32KB

                                                                                                                                                                                MD5

                                                                                                                                                                                bdb1329f28c6b461a8892d772a402779

                                                                                                                                                                                SHA1

                                                                                                                                                                                5b69ebb29a3b09bef41c1cb8df23e8f2cff401b5

                                                                                                                                                                                SHA256

                                                                                                                                                                                467752d9766a15704a1e4943c02ae902816d17e80c4c1ea4aa35408e06d40203

                                                                                                                                                                                SHA512

                                                                                                                                                                                0e3ab8703597cbc685d5e299dff2fb34a4132d726bb8ee4f80694bf304bb2470814aa690cf291ba88383266710bf2a0e546e749ff04c885dfbde9d656e8814a2

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ro.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                23KB

                                                                                                                                                                                MD5

                                                                                                                                                                                d80c55c2c0867e6592b412b65a3726d4

                                                                                                                                                                                SHA1

                                                                                                                                                                                0f98dc09e3be4e114b8a75504a1761c7c9c4773f

                                                                                                                                                                                SHA256

                                                                                                                                                                                0614f6aa99f2dba0ec85dfe4befdb587d456c82407747225818c4bf3cf8aa2c9

                                                                                                                                                                                SHA512

                                                                                                                                                                                eeb501c3835474d07877bd2b1f8e707e68f9101bc2d280d80fca9ef63a28907fa6a94bdae361278ae1c572409e3a47ff2db2dd2aab95419d4a0afa0e62e1e60f

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ru.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                83KB

                                                                                                                                                                                MD5

                                                                                                                                                                                0e5e6b8274a70e22f0f54587e048ca89

                                                                                                                                                                                SHA1

                                                                                                                                                                                a7d64da07d79014d6fe6085132d8780e68f31d13

                                                                                                                                                                                SHA256

                                                                                                                                                                                9cf93e69989bccd0a7c81fe77e1cb46a8f4227a649c9c936ba018edc5084dbe6

                                                                                                                                                                                SHA512

                                                                                                                                                                                f9a6832273cd496e7d4d094f0ca72a063f8aa93b2e09c3d812c650195a8bea63ea5af1f53e58d2530f464b837bd8b2be6c23c86e4c7d5a346d2166e1dde0b389

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sk.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                58KB

                                                                                                                                                                                MD5

                                                                                                                                                                                dda8a9a7dd97eb50fecd7f72c6a788e4

                                                                                                                                                                                SHA1

                                                                                                                                                                                ac602545cd474f0f41c8f74f67d4d5bd1020a404

                                                                                                                                                                                SHA256

                                                                                                                                                                                b7fcea875d0339a4a634f2cce5c4133b1e5db6f27e391ac9b489f75bac43d0f1

                                                                                                                                                                                SHA512

                                                                                                                                                                                d553ab1f7f47d4fc2397e92b4ac8b3366edb09afa811c360f04dd2bd5a707368fc826d59afa84098212fe6339ed6d5078493b26fea12c23097c30932e8a5e1a5

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sl.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                51KB

                                                                                                                                                                                MD5

                                                                                                                                                                                93c3d2c7759b86e3b0e41dc11322239c

                                                                                                                                                                                SHA1

                                                                                                                                                                                8c74a9f0a4ae5569f3096c7b79ded49237799b60

                                                                                                                                                                                SHA256

                                                                                                                                                                                27504bc51a42d9e1f3eb6c64529b90e9f07741e5f6bfb5a7d898c78bda1662d0

                                                                                                                                                                                SHA512

                                                                                                                                                                                de8a8182390efb40016e046d5d64f4d7c9efe50d714a9a1ced58531081cafa16a3adba47bc0fce95f64172602050fe7d52dc13cc56c9e098381e8cbb837de664

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sr.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                                MD5

                                                                                                                                                                                ef2e0ff7ce55e44a4a0318a16065a469

                                                                                                                                                                                SHA1

                                                                                                                                                                                10e3fdd0eafc3ef2f28880e1c9c39b98fbf6c9e0

                                                                                                                                                                                SHA256

                                                                                                                                                                                c14900b94257f1668ee52752d3b8facd838effa298d9e6d6eaea4b5e883a6ebd

                                                                                                                                                                                SHA512

                                                                                                                                                                                398d0a4e3f5b455cd1ea26f83bc4d32e64d9db3d8ff92e1c82e47ac4fde55caca1f7fd7bdd9e3e9f2ab6915caef7a61269aea346eff81ce9e19f483ae278f142

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sv.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                36KB

                                                                                                                                                                                MD5

                                                                                                                                                                                0876161bbd746e71017012007f8a50a3

                                                                                                                                                                                SHA1

                                                                                                                                                                                9156de3372f0f66b3fda80972af6581ac09a33e1

                                                                                                                                                                                SHA256

                                                                                                                                                                                97bf4024eb0df00d94cf536d4acd0785a0d038d4c587b3a1b464f85cadc2096e

                                                                                                                                                                                SHA512

                                                                                                                                                                                be5974e75df2d92705282eef1904e90231b35d902fe34ea1cc2d97f6fb28a8eb6e238e0ee626a20254fad9cbe093649dbf1550a301f3c8b5c6a538affa589145

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sw.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                72KB

                                                                                                                                                                                MD5

                                                                                                                                                                                75d0fe3eccfdd6e9cbdbcf1f760d41d5

                                                                                                                                                                                SHA1

                                                                                                                                                                                f28a8ff5770095486134f75c6155ec2e8317f479

                                                                                                                                                                                SHA256

                                                                                                                                                                                e5ab3bf2251d8bdcc106f4469df1ae4e38dc504e9be361c6addc8a89c44e11f1

                                                                                                                                                                                SHA512

                                                                                                                                                                                c2c153fedc7df8bc6d41f91e4e622472dfeeec32fcedb9a8b4bbb53a740aaf94c190b63995041ab17e77b9b3c23d49fe3e0c903f520c2c2dde4f9bb2ed6a596a

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ta.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                34KB

                                                                                                                                                                                MD5

                                                                                                                                                                                cec17c2599d8da8b266759be6011200b

                                                                                                                                                                                SHA1

                                                                                                                                                                                dd41acb9f60062f1b84fea596d3c88a3791445f0

                                                                                                                                                                                SHA256

                                                                                                                                                                                f958dec5ce1801c38ac437ff5858d27dae34210ba0001097425af29cfc4ed776

                                                                                                                                                                                SHA512

                                                                                                                                                                                b23f1f9f8cd02af79f970f3144a69e8c4e820f0c9f9860904512c59dc279f4ea06640c284267e52b698080445aed7fa9e9440023a0af338514956639f5e464f7

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\te.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                22KB

                                                                                                                                                                                MD5

                                                                                                                                                                                7f0446d5531b88d82bfa144a5b67bf74

                                                                                                                                                                                SHA1

                                                                                                                                                                                e391f0d14b4cc483244bb0618765bfd823f49390

                                                                                                                                                                                SHA256

                                                                                                                                                                                38d8c7df6e5eb1195fa117c339237ebf774228ffd4440e76757f4185f7d352b4

                                                                                                                                                                                SHA512

                                                                                                                                                                                84ef87f7906a570b7272d4b2842e37e4b3c13f91612d13d8393916496d5b057929d10c27604f72e353836037f0697e40b3d91abbc2408e62b48970acc20ad50f

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\th.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                75KB

                                                                                                                                                                                MD5

                                                                                                                                                                                c3d450324fd006b44cc8d76c8608b140

                                                                                                                                                                                SHA1

                                                                                                                                                                                84550adfc47e2d58c4f7eeb44fa695441c40c642

                                                                                                                                                                                SHA256

                                                                                                                                                                                f80e2b809cf96f51bcf7f45fe6dfaec5fde29a69c1c46b38290c4ee71172da89

                                                                                                                                                                                SHA512

                                                                                                                                                                                be98fc1a3a30fa537fbcdedaaa5805f06767490cfbba4c038109678234129048f369d3d9f5f3600b9d89869e9c28dae52bc6a455b32a6e9584f5e00fb211b92a

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\uk.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                60KB

                                                                                                                                                                                MD5

                                                                                                                                                                                4fc85705ad86d6f1cd63560c845667ff

                                                                                                                                                                                SHA1

                                                                                                                                                                                460cd483784fab3776fba45e5d028dfde05fddb1

                                                                                                                                                                                SHA256

                                                                                                                                                                                d3a14b1453a4396ab6c7bbd1ec5c20047231163e9812434221c0ec56b13e8646

                                                                                                                                                                                SHA512

                                                                                                                                                                                ffde9b149695b3910b497dc31cea872ac5337cb53b7ae6ce753701fe5f5dbdddc6c21375345a7d5e3cddef5b3f7ed684864afea553c7b10eabcd1c15b05a9599

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\vi.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                52KB

                                                                                                                                                                                MD5

                                                                                                                                                                                548eb71042087cf19e2ce3ae7ae7196f

                                                                                                                                                                                SHA1

                                                                                                                                                                                0162ec7bfe2cdc0746daef2ed6dfeac297e1f6ed

                                                                                                                                                                                SHA256

                                                                                                                                                                                97dc5406d7f63748742b53b812acf72867aac55907d857d8e8d8136fd312008a

                                                                                                                                                                                SHA512

                                                                                                                                                                                8751ce072ca166ab8a1306f9fffc73d528e97681b1543a0cfcb2dcd7dddc8f00cad8aabab89bed67f38ff6bc8f8b63c15cd704782ee80d181b39f6da09f11414

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\zh-CN.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                27KB

                                                                                                                                                                                MD5

                                                                                                                                                                                6c0f347c156016452a2c89f1f012ef1d

                                                                                                                                                                                SHA1

                                                                                                                                                                                931fa57efba787d42d898d57df5b2f80cabab106

                                                                                                                                                                                SHA256

                                                                                                                                                                                90ee10fbaee2b3b847349f1f16913e72634587d467ad8b1339313101c06e7b66

                                                                                                                                                                                SHA512

                                                                                                                                                                                c99d6c0354b0d8f7412a6fab4bda4d85a94136857ffa29b2b01d3cf4760a17d10e11293ffba39dff8fa0386e9ff58ec7498aecb64816a969b8b2f673da61d870

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\zh-TW.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                54KB

                                                                                                                                                                                MD5

                                                                                                                                                                                94886deab8e5fb5e9636c322019d7d9c

                                                                                                                                                                                SHA1

                                                                                                                                                                                04a7102024bd4aa1b35f703c0a01958fd1e06da2

                                                                                                                                                                                SHA256

                                                                                                                                                                                dbdc642c4b6ed716ca512510d7a1d8ed1a0013f8cab99d4a6f9d48bfaf0bc184

                                                                                                                                                                                SHA512

                                                                                                                                                                                884096da6309c32440e62cd6063f213fe2532bcfca96d155292ae48b0e9e1486cd0cbfd4d9f06f12581822fbbcbb9520bc5f4f7601258d6189fe68f72976ae75

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources.pak

                                                                                                                                                                                Filesize

                                                                                                                                                                                57KB

                                                                                                                                                                                MD5

                                                                                                                                                                                21a4a69e94c3c386539d1724d387f5b1

                                                                                                                                                                                SHA1

                                                                                                                                                                                a8b0580d123b08e6dfada4e44042be51627c9fb6

                                                                                                                                                                                SHA256

                                                                                                                                                                                bc3d32c387076b57177cd3fa36b057c573f3a1f1997dd8c975eef930189fa662

                                                                                                                                                                                SHA512

                                                                                                                                                                                13b9184126f7987e119d4a917b1d4c3d14036833d8c23964fd768d1f1b1bbbe9afb0db6c4c318d5f37a9b82f76a2f36c3ffd42d12f5cfe282687ca2e12ec2879

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar

                                                                                                                                                                                Filesize

                                                                                                                                                                                31KB

                                                                                                                                                                                MD5

                                                                                                                                                                                6c51fadcd5f9a3c34648cac3acbf3a6e

                                                                                                                                                                                SHA1

                                                                                                                                                                                c4308e2f3aaa07ca44d6b5cadb1c2ab94a63bf60

                                                                                                                                                                                SHA256

                                                                                                                                                                                e98d6fe8c36098bf8ee6f16f30b6a66ceb741d35aa2bede1acdbabb34ea008ef

                                                                                                                                                                                SHA512

                                                                                                                                                                                2b3d2b6c2d8773afe66c8ad6207d6980be3183a57d1419af711bf941dd4d03cde925225bcfd6b5cf4bfcab94aedb1f67ef3e15c44c3aa2bb50042f36915bb4dd

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                40KB

                                                                                                                                                                                MD5

                                                                                                                                                                                2ca0ce3e997601e2a65f94de3d172d1d

                                                                                                                                                                                SHA1

                                                                                                                                                                                16640f185c7a1ffd0e0f871f39decd90d4a9285e

                                                                                                                                                                                SHA256

                                                                                                                                                                                11869154ddab8965dd326e132ce8337c04611a0372a3c47f6aa93f598a65e548

                                                                                                                                                                                SHA512

                                                                                                                                                                                c5322c2bf1ee4112f6b92bef9fec896f27f0f291156e6894db2f24466fb6c5bc5a3e333eff9c4da4fc9010facbccb6f40e17789803a1d8cbf00d9038eef95794

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

                                                                                                                                                                                Filesize

                                                                                                                                                                                394B

                                                                                                                                                                                MD5

                                                                                                                                                                                067e233b0609d56ff4756bedd8c0efe0

                                                                                                                                                                                SHA1

                                                                                                                                                                                96419d05adc4b6674948b4ac14f8ab5bb3ce4380

                                                                                                                                                                                SHA256

                                                                                                                                                                                6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74

                                                                                                                                                                                SHA512

                                                                                                                                                                                94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

                                                                                                                                                                                Filesize

                                                                                                                                                                                24KB

                                                                                                                                                                                MD5

                                                                                                                                                                                471b15abc9f2e98fb7ed7361d3f045eb

                                                                                                                                                                                SHA1

                                                                                                                                                                                95b5798d80a9410872f6ed485ae2b43ca3745540

                                                                                                                                                                                SHA256

                                                                                                                                                                                7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004

                                                                                                                                                                                SHA512

                                                                                                                                                                                5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

                                                                                                                                                                                Filesize

                                                                                                                                                                                10KB

                                                                                                                                                                                MD5

                                                                                                                                                                                f49c1a7aa9bf4761bf251804f42e5b59

                                                                                                                                                                                SHA1

                                                                                                                                                                                e48c1f45c949ff79ea2fc467debba868aca8f739

                                                                                                                                                                                SHA256

                                                                                                                                                                                370d168a0760ffa618936ca6114711bd854ac687c501ab7aac2c10e0bb924c37

                                                                                                                                                                                SHA512

                                                                                                                                                                                6fba5856346829c87177b9370dafc14492d63639de14a05fff1fd3e88a1dd703050b2ea03f4393349d8fb8e6eb257ce10a8b9170e1f86d050bfed3a21d8c48cf

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\elevate.exe

                                                                                                                                                                                Filesize

                                                                                                                                                                                11KB

                                                                                                                                                                                MD5

                                                                                                                                                                                f8eb6a997fd56d6873a14fdf6c62389d

                                                                                                                                                                                SHA1

                                                                                                                                                                                cd4b9ebd9429d9e6b89b825ca5eb763a9df47845

                                                                                                                                                                                SHA256

                                                                                                                                                                                8fb23831e60a0a2e627f158f4ec7998293442a1b7bc217baafc6f6a1ec9eb2a5

                                                                                                                                                                                SHA512

                                                                                                                                                                                e50aefb49ffdac7963e75383aa362c313cabb0271d3366d6800c3ece32078302935306d5759d8f37418c5b7aef40b9ce18a14a5b5ef09c68f774b8dac6794aa5

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\snapshot_blob.bin

                                                                                                                                                                                Filesize

                                                                                                                                                                                81KB

                                                                                                                                                                                MD5

                                                                                                                                                                                d2927252b77d7a6fb6f5502acbb9cc11

                                                                                                                                                                                SHA1

                                                                                                                                                                                13721cec94359bed2d92db39f8b70d2ccf1cd06a

                                                                                                                                                                                SHA256

                                                                                                                                                                                44c7942819e3772a820c700a94039becec21d5194ea4ec651b5253b4630f7a4a

                                                                                                                                                                                SHA512

                                                                                                                                                                                4f042c74333c7bcda69707eaa6fe9bad8ce3018febed1586b4efeef5550268ac47c0bf48ef5867b028e49e28df369a3f9d47cf2f9e6874a3cfcf379ee0881b12

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\swiftshader\libEGL.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                66KB

                                                                                                                                                                                MD5

                                                                                                                                                                                b23874b9c5770daa110619bbc5f07271

                                                                                                                                                                                SHA1

                                                                                                                                                                                d50e628f436d3ebbe50cd304f25ecaa1d67d9d62

                                                                                                                                                                                SHA256

                                                                                                                                                                                89a638cbc81b13f98aaba321470dd2510be06cab03262daee4681c3832b6298f

                                                                                                                                                                                SHA512

                                                                                                                                                                                52d8b6334cdaa7b7e5958379d28f8a3511c99f06682dfa7015438b3e7c870c48f90069d6bbd4e5c1e8a7301172681e7d7e64ced6e133cb0e7d79bbafed1f7819

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\swiftshader\libGLESv2.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                47KB

                                                                                                                                                                                MD5

                                                                                                                                                                                00b7cf42127f7e7b3b0d8d69b92842d6

                                                                                                                                                                                SHA1

                                                                                                                                                                                8d33a3d75f1f972832b111142987050013ed766d

                                                                                                                                                                                SHA256

                                                                                                                                                                                852f1e91580fa6c3888ce9edfc51b74b8a4ae4bb8e6a2440245757d5f7414d46

                                                                                                                                                                                SHA512

                                                                                                                                                                                5676fdd5ecd67985303039040998c945ab1a36cc8c764ac56da87f49d9d9ad3d5794de7bd0824e72321629cefb5f15270c96b10d390c7e899d83a6c012e296e1

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\v8_context_snapshot.bin

                                                                                                                                                                                Filesize

                                                                                                                                                                                81KB

                                                                                                                                                                                MD5

                                                                                                                                                                                aae5e8f956d94e714217355ec0dda3e3

                                                                                                                                                                                SHA1

                                                                                                                                                                                4b71750f719e83f007c73243f94c4adc81af910a

                                                                                                                                                                                SHA256

                                                                                                                                                                                b0662f3e7fb126ac3a83224a87d0332b487b69ce234fa52cb9be1888fd1cd420

                                                                                                                                                                                SHA512

                                                                                                                                                                                86551e210457c4ec26770e4fc6fafed753db9f1fd761d97d10cec2648bbbf14da76c317593b47913156333cff8c3ce22890e122608612a228deaedb219d35843

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\vk_swiftshader.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                84KB

                                                                                                                                                                                MD5

                                                                                                                                                                                ec3ba6f370457ca57686ec838ec3ea23

                                                                                                                                                                                SHA1

                                                                                                                                                                                4439d546efb2a0a31cf775584fef7fcdcf568015

                                                                                                                                                                                SHA256

                                                                                                                                                                                2b9852ecd9827dbb0abd2d0ae05557b4d9c4b0125cb70e44c40a422070dd3099

                                                                                                                                                                                SHA512

                                                                                                                                                                                b4041085c27dbe9dba9c51ca2a0a40579d3b54df1654eb607b1be3bc43751cdbe53de84b93bf5f3538d02b613dad4b41959349fc65ffac1d2987337863dd85d4

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                                                                                                Filesize

                                                                                                                                                                                106B

                                                                                                                                                                                MD5

                                                                                                                                                                                8642dd3a87e2de6e991fae08458e302b

                                                                                                                                                                                SHA1

                                                                                                                                                                                9c06735c31cec00600fd763a92f8112d085bd12a

                                                                                                                                                                                SHA256

                                                                                                                                                                                32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

                                                                                                                                                                                SHA512

                                                                                                                                                                                f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\vulkan-1.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                61KB

                                                                                                                                                                                MD5

                                                                                                                                                                                e0695182937b7353db4a6c741c90eeb9

                                                                                                                                                                                SHA1

                                                                                                                                                                                880bfe0bcac0f411881fcd3714a90c9646e6ccc3

                                                                                                                                                                                SHA256

                                                                                                                                                                                6fc689ecf8a7452cda8fef4781a34e5895460304bdc2f5b29c3ea9f662213550

                                                                                                                                                                                SHA512

                                                                                                                                                                                5fe092b2729abc6aefbb058e316fae6e951d37d054f4a18e7b9213167d8adb17beaf24eb9488fe287f024ad3de333ee4ba0016eabf57e10a5820a38b0fb09b67

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\StdUtils.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                27KB

                                                                                                                                                                                MD5

                                                                                                                                                                                128281e985062c77e890dd7c5ac4c0cb

                                                                                                                                                                                SHA1

                                                                                                                                                                                ae3f8209f3949a10d61690f5231e74f6aab3adf5

                                                                                                                                                                                SHA256

                                                                                                                                                                                1649cabb8070b494cbacaf0a001547cb6ccfe23a8ecdcfba2c0080ba4357dbfc

                                                                                                                                                                                SHA512

                                                                                                                                                                                1833a166ceae053fc6415341dedbe6b2d0c3cc84582457ec2bcef5c9ea9220e5654dbc7d2c5caf28e42620bfe0b64b76ff3c248ee3ae7932887100c98e3c14e4

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\StdUtils.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                                MD5

                                                                                                                                                                                11a15b5c4cdf372558f58f21ebeb3b5b

                                                                                                                                                                                SHA1

                                                                                                                                                                                e32f56ebcda428542918285b8b473e9fdd6d4583

                                                                                                                                                                                SHA256

                                                                                                                                                                                1032bfa13ca7ad5b7e4c3469c5432f51622cd1ef952c29755ba47c471703a384

                                                                                                                                                                                SHA512

                                                                                                                                                                                dadc6c361db895316f6e36e8e1b69fbd87a27a0f4883d9e71809357896195d0d41339f282b984caa3cccfb18fd66f0cd10940bf4edb412ad7f51b91cd8d86345

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\System.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                12KB

                                                                                                                                                                                MD5

                                                                                                                                                                                0d7ad4f45dc6f5aa87f606d0331c6901

                                                                                                                                                                                SHA1

                                                                                                                                                                                48df0911f0484cbe2a8cdd5362140b63c41ee457

                                                                                                                                                                                SHA256

                                                                                                                                                                                3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

                                                                                                                                                                                SHA512

                                                                                                                                                                                c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\nsis7z.dll

                                                                                                                                                                                Filesize

                                                                                                                                                                                424KB

                                                                                                                                                                                MD5

                                                                                                                                                                                80e44ce4895304c6a3a831310fbf8cd0

                                                                                                                                                                                SHA1

                                                                                                                                                                                36bd49ae21c460be5753a904b4501f1abca53508

                                                                                                                                                                                SHA256

                                                                                                                                                                                b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

                                                                                                                                                                                SHA512

                                                                                                                                                                                c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe

                                                                                                                                                                                Filesize

                                                                                                                                                                                191KB

                                                                                                                                                                                MD5

                                                                                                                                                                                ab327a5d8922106711f9215d1faf66e6

                                                                                                                                                                                SHA1

                                                                                                                                                                                6c3abd283d0192dbf9ac5e873c452e9167c06bac

                                                                                                                                                                                SHA256

                                                                                                                                                                                27a45ecab96dc6edf0d912e2929b04f78c3f1fc3edd9361006543103574dd44f

                                                                                                                                                                                SHA512

                                                                                                                                                                                1e5182e292dcf9dd1abae258f6712afb64959e24afe7684842e17ff8e9a48e0f08cc0f2188d450aed6c90bb894b30187457b2a58cb5d45039c58cab00158d1a8

                                                                                                                                                                              • memory/972-650-0x00007FFE80B50000-0x00007FFE81611000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                10.8MB

                                                                                                                                                                              • memory/972-651-0x0000023926780000-0x0000023926790000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                              • memory/972-656-0x00007FFE80B50000-0x00007FFE81611000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                10.8MB

                                                                                                                                                                              • memory/972-652-0x0000023926780000-0x0000023926790000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                              • memory/2712-578-0x00007FFEA2210000-0x00007FFEA2211000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                              • memory/2860-617-0x00007FFE80CB0000-0x00007FFE81771000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                10.8MB

                                                                                                                                                                              • memory/2860-613-0x0000024D96130000-0x0000024D96140000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                              • memory/2860-612-0x0000024D96130000-0x0000024D96140000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                              • memory/2860-611-0x00007FFE80CB0000-0x00007FFE81771000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                10.8MB

                                                                                                                                                                              • memory/2860-601-0x0000024D96100000-0x0000024D96122000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                136KB

                                                                                                                                                                              • memory/3696-635-0x00007FFE80BF0000-0x00007FFE816B1000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                10.8MB

                                                                                                                                                                              • memory/3696-631-0x000001BF53550000-0x000001BF53560000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                              • memory/3696-630-0x000001BF53550000-0x000001BF53560000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                              • memory/3696-629-0x00007FFE80BF0000-0x00007FFE816B1000-memory.dmp

                                                                                                                                                                                Filesize

                                                                                                                                                                                10.8MB