Analysis Overview
SHA256
44edac9277c8ee32c755b9f808266f870efed0ba025c8de914b16b1b9e347952
Threat Level: Known bad
The file GalaxySwapperV2.exe was found to be: Known bad.
Malicious Activity Summary
Irata
Irata payload
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Unsigned PE
Enumerates physical storage devices
Runs net.exe
Suspicious use of AdjustPrivilegeToken
Collects information from the system
Suspicious use of WriteProcessMemory
Detects videocard installed
Enumerates processes with tasklist
Suspicious behavior: EnumeratesProcesses
Views/modifies file attributes
Creates scheduled task(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-15 00:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-15 00:02
Reported
2023-12-15 00:03
Platform
win10-20231129-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-15 00:02
Reported
2023-12-15 00:05
Platform
win10v2004-20231130-en
Max time kernel
8s
Max time network
149s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe | N/A |
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe
"C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe"
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
"C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1932 --field-trial-handle=1728,6252493025236185712,16239321457997488944,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
"C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1728,6252493025236185712,16239321457997488944,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=2600 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2600 get ExecutablePath"
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\more.com
more +1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2600 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=2600 get ExecutablePath
C:\Windows\system32\cmd.exe
cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupC58Cbq /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupC58Cbq /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\"""
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn WindowsDriverSetupC58Cbq /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupC58Cbq /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupC58Cbq /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe /f"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 3.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\ffmpeg.dll
| MD5 | bebfd2ddc464c14b2a983c120b9f4a6e |
| SHA1 | 34083c0996703b507770f3c41c450dd86fd11fac |
| SHA256 | dbce8fe1e3f3011970055b960898eea6fe9206d8253823d53a8271a1aa89fe23 |
| SHA512 | b58fe3c5bd493633933b595a4011272c300af010618593d55707657dff16f7854b47ba29ebcdaaf95f7362bda321650bec371ffdc1b94b3ae4ab07c71273b2eb |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\d3dcompiler_47.dll
| MD5 | a11ce6c51e1e33b786ea210347cc4563 |
| SHA1 | fbd5955d588fc32c9c1164e3024a6343332fa398 |
| SHA256 | 845f5c4945ad7a09727084144913e2fef20c6f256095e758e35b1a5729f773b7 |
| SHA512 | d134f0782d46744d81405c561813bf7021e1bebd67027b62845c116447eb5522b2b80a5b027e38f34d0d86aea79ffd9dfd321b78fdd329ee5e271cf5c15da152 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\LICENSES.chromium.html
| MD5 | be703b85688f71415fbba3a1934b7d64 |
| SHA1 | cfe07b3412716bb8ca179633adc579862264bd64 |
| SHA256 | febbe2e055a913e36f252040c12511588ea2be4a5549d99647e7312a9b157845 |
| SHA512 | 7cc81d6f2745b1c0230ad617557277da946ace9c39b520fbc97c92d7d68a05777535f09407fcb7890907f2b1bee89aab142f7a3dc7edd766095f99857308b2b6 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libGLESv2.dll
| MD5 | 6621ff5571e79d942bc88114a7ad3509 |
| SHA1 | 38e4b8e474f8943a4933ac5d12cbe7af355dc678 |
| SHA256 | beca11a03b42219f16ebda2818bc303e3f6052526ff9bce17ae6e7e36a137bb7 |
| SHA512 | c462a93dd51937f08d9724403f33f7868d815150707a22675f538eb4ca7dfd163afcb3373c38375b1fb18bfad0977679715a761e63d44df32c3237ac9a1fa9bf |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\libEGL.dll
| MD5 | c4c1fdf68c51a59adc1fd80f0efdc115 |
| SHA1 | 13ff581fb97d596311cb422ceb35df910dd0e15c |
| SHA256 | 83958c5205f4ce7da1145a2898f6dbf69656ea9caa5ce8b147dfc00d09f8cd1d |
| SHA512 | 88f3238207c9082814b1dcd7a092cf276f9a08851af882ab3a3756a230f7f86df7c1345f48081c6f3da1d844e7e0eb8b34f1f7f46cc85c204b615aa9cfdb8f8c |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\icudtl.dat
| MD5 | a8aab5509839c0e2637dd94db6cd44fe |
| SHA1 | c40ab81429922cf45169371e26681060a1508740 |
| SHA256 | 9fca348cf598f2f4be8c7b1245c37097c09b4de054cfe80c7c11523cc1d3cd93 |
| SHA512 | b1aec1547f58f81f4cc363e44d3f5386cf36c4098b2095c4308678f98b92ee923852a673210c80e41b5a48513febe9634b6d1a94feb0d42d8ab17eb4fa0a9a3d |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\GalaxySwapperV2.exe
| MD5 | 4d0564d874952d01a2df733ea3269bc6 |
| SHA1 | 0e24dd3c25c306f70b17995d0a252438e1d28287 |
| SHA256 | ec2af80449de1dcb39a79ab8bd2f630b97f2690b6d47f40f7d1a1209c492a8f8 |
| SHA512 | e872eb7908705427bbdb7650ac680ce4df8b8da1c81dfdd5f705c072826a9a5777ae9286f7a33ef16c85523a923599f74c58223f499f480573ee40938c025b95 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources.pak
| MD5 | 21a4a69e94c3c386539d1724d387f5b1 |
| SHA1 | a8b0580d123b08e6dfada4e44042be51627c9fb6 |
| SHA256 | bc3d32c387076b57177cd3fa36b057c573f3a1f1997dd8c975eef930189fa662 |
| SHA512 | 13b9184126f7987e119d4a917b1d4c3d14036833d8c23964fd768d1f1b1bbbe9afb0db6c4c318d5f37a9b82f76a2f36c3ffd42d12f5cfe282687ca2e12ec2879 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\snapshot_blob.bin
| MD5 | d2927252b77d7a6fb6f5502acbb9cc11 |
| SHA1 | 13721cec94359bed2d92db39f8b70d2ccf1cd06a |
| SHA256 | 44c7942819e3772a820c700a94039becec21d5194ea4ec651b5253b4630f7a4a |
| SHA512 | 4f042c74333c7bcda69707eaa6fe9bad8ce3018febed1586b4efeef5550268ac47c0bf48ef5867b028e49e28df369a3f9d47cf2f9e6874a3cfcf379ee0881b12 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\v8_context_snapshot.bin
| MD5 | aae5e8f956d94e714217355ec0dda3e3 |
| SHA1 | 4b71750f719e83f007c73243f94c4adc81af910a |
| SHA256 | b0662f3e7fb126ac3a83224a87d0332b487b69ce234fa52cb9be1888fd1cd420 |
| SHA512 | 86551e210457c4ec26770e4fc6fafed753db9f1fd761d97d10cec2648bbbf14da76c317593b47913156333cff8c3ce22890e122608612a228deaedb219d35843 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\vk_swiftshader.dll
| MD5 | ec3ba6f370457ca57686ec838ec3ea23 |
| SHA1 | 4439d546efb2a0a31cf775584fef7fcdcf568015 |
| SHA256 | 2b9852ecd9827dbb0abd2d0ae05557b4d9c4b0125cb70e44c40a422070dd3099 |
| SHA512 | b4041085c27dbe9dba9c51ca2a0a40579d3b54df1654eb607b1be3bc43751cdbe53de84b93bf5f3538d02b613dad4b41959349fc65ffac1d2987337863dd85d4 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\vulkan-1.dll
| MD5 | e0695182937b7353db4a6c741c90eeb9 |
| SHA1 | 880bfe0bcac0f411881fcd3714a90c9646e6ccc3 |
| SHA256 | 6fc689ecf8a7452cda8fef4781a34e5895460304bdc2f5b29c3ea9f662213550 |
| SHA512 | 5fe092b2729abc6aefbb058e316fae6e951d37d054f4a18e7b9213167d8adb17beaf24eb9488fe287f024ad3de333ee4ba0016eabf57e10a5820a38b0fb09b67 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ca.pak
| MD5 | feb8cb531565838eb22f1554e7615d61 |
| SHA1 | 301b8db7fb8477701e54266140d4fd68e1e672b5 |
| SHA256 | c5c31034bdcc71cc09f1186cacc18f26249f5828445183ef4689777a4cb8fc10 |
| SHA512 | 71ec30fc48478c6a8523aabed81b7d970933f47ba13820e555db92622a72d41742db9d4b29395adaff7cd690aa382a6800656aa5a42751c0ee135165f275fcf3 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\cs.pak
| MD5 | 644b106d4dedc3b84cb3142d1815a850 |
| SHA1 | d913172304ffe09402b04d0eca9892ea32630286 |
| SHA256 | e510bd42e9a1c97ca7f09c530669a1218a7a032d76499dd96d3c8ed1d73c9693 |
| SHA512 | 87177a3a6be027f2f15d0c7edfa9d23e74e48a07f27a39fb183ea03cd5ac4daa904f6df57ba6c240e0166ee065e70d0291067629a4aec14b7dfd0c19b4e12ba1 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\bn.pak
| MD5 | 000f41092c7640026db6d6f7356debba |
| SHA1 | 06ce93bac7d51344cd1004ccda71d640a7ae2ee3 |
| SHA256 | 0d8000bae6e39f70de5c68fef19a39af1efe128477994987ab3068530b22d00c |
| SHA512 | 1ed686e40645054b77b92c3a8400b855ea1333e8c98616b6d46dfbd3ac7a44ce516630a9e186c7c3f785768d473d31c28a24157e6e067629d67043376c191e6b |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\bg.pak
| MD5 | 8de4cc84c194271f0225220cc673a6ac |
| SHA1 | 8cb8c50325e0e5a496f64d3876a315f174409752 |
| SHA256 | 033f6be704d1ea79ee1005d71afced185eabba940a8655f84073365d87c0caaa |
| SHA512 | 6c2b3c9758bfeeb08fdf298746dd2339d87623e0b794a8061dbdc3719d8e6136edb7285ed85821415ebc8a6347044c483c4787993211fe54a4627f653354020d |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ar.pak
| MD5 | 1779815c073d5699e0790f3a520dfe1c |
| SHA1 | 946e230a4f0d6646d93bebc20385dfd0dc8bfec0 |
| SHA256 | 7599509e15537e61ffba734f402d97a00a67a88416fb34911598839d4ca29fba |
| SHA512 | 9731ad1945e0084826cea4322b6b7d5358382eb37b329661dbb6c821e966e289d1d475f1f0c08d83a7362e72c6e9de4e6d3057f071ed6344852f76291d81037b |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\am.pak
| MD5 | 957431a656a583d8f13b2e3289e0bc1e |
| SHA1 | 100a3b0ab0a568e76e3464a1f45776456a431391 |
| SHA256 | bedeea021133c61ef76d1afd8fad7b195aa652082842bebfdb459c4d49ae311f |
| SHA512 | 8b5e85ebc4e323549f1dbf3834dd81479fdf64a7efb32d6eafab22448ac4ffcd74f6b8a64d14f2919c811ff3a8da61ba775fdb4fc501ec78aea04dd0c5d20ffe |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\de.pak
| MD5 | b923a326bd7b4e16cdd4a5693ea78a79 |
| SHA1 | 8f95081552f13724ef7e577b3d434715de175a78 |
| SHA256 | 17f442aaa0167d2736206da02ceaafd872841ead0cc32dd55b512a3cba9227b8 |
| SHA512 | cd11a6bcaa6a5d4ad8bab4dba9c387391c61a14119abe985dc560985d2fbbd7f1b6b7b710b168f868b6dceeb9fcc9cc06582210024d2af71405fbfadd1a8e993 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\el.pak
| MD5 | 1a49b6a84e171eeeb3e8fe31ff149e26 |
| SHA1 | a0edf70255bcf3ed1e5bfa493350b1e8f095e77b |
| SHA256 | 5c231333a28f02e1772b8cdd5fe1d784f61e2991a8fb4e8d0306b283a4a052e4 |
| SHA512 | 52ebf6581228c2f79fae34dbde5182f0d4a1d757989912f29598a8d7242149ee35ccd14a45111884307911101940b99af4a701827b3663df4ba5e53bbe2e7dd2 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\da.pak
| MD5 | 891783b7b5fc434c0bde82d13f259da2 |
| SHA1 | 0795c50fac20d69e00b16c27a3dd7ff84fb4c8d2 |
| SHA256 | f12576031985b141e6230e63d5c073ae125ce347fe4d29098e5ec702901cc702 |
| SHA512 | 1f66e9432691e0ea1680d9364a12bd34e5a327494c7d5c89f8b7a4bac7e11042e297f3be6b29a7258b14229f0080eebecdd3198ef2eeac154cb83d59598280d7 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\en-GB.pak
| MD5 | 9d73eb0d73c818c4fb5dcf1bbaa0fdb8 |
| SHA1 | 245960919f78e0aa34ae5119e24010ed6c098979 |
| SHA256 | 05b527bb8536c779e375ae4589534fd41e961beca90dacce3a9a370ee6d8210b |
| SHA512 | a67016d60bf7b548a39266bf9057d80f04f09e4629ec137a25843039242ff8742d9a046010bddba1a8c2bf27c13550cd128284678f71a074d71193c01731d296 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\hu.pak
| MD5 | c7b4357a2688275507c8dc5c305ef405 |
| SHA1 | 65f76a53b29c7eb61d747b206803d7748c7991ac |
| SHA256 | 56315c5a9ca0c9ca3aad35977420f7ee1507677b1f86bf3fa96e020e6506926d |
| SHA512 | 4958acbe7d3fd6e7e35889c0452554344c33043364924f49e1e9d0f43751e553ae59e6d60bce4d55d393fe586542c9902d62163dcc129e914ff3cfc583049c86 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\id.pak
| MD5 | 056fe100ffbaaaf4f8014109541d7f78 |
| SHA1 | e87e619d1ab3775dd96c49ffa589aa6ef07f732d |
| SHA256 | 935f7ae40ef090ddf9476009f627819f93a163147fd091b1b7992f9ca17b75ff |
| SHA512 | a7f296c4e5a337f2aba8d27c84391aae1ccd90f1dbe2dd526e25de02ca1b06dc76e09f1c0f8e30dca2856ca1f72f0040c15fd8ec734929d084847fd3354777be |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\lt.pak
| MD5 | bd0b6de1444d6e4dce4cc0cca5919e25 |
| SHA1 | 047a8e6a358206f874be4a7cfae714cb1eb4bc57 |
| SHA256 | cccf7b35f1fd534c824cc92305c400ecc0439395906b31f29643adb050d31615 |
| SHA512 | d93428437dd01961f9d6872c1a5b45ea53e73f9f96a42e1b366fc12e43eae1f78db2b10a2e9c4c0d2cb2b46d51fd7032e221e0343dd6f23461058f2ef3518122 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ko.pak
| MD5 | 540ab4ed05846ada64e60ead8735b6c8 |
| SHA1 | 501570684dd820b6216fe11cc9650c6de173422a |
| SHA256 | da1b0f4cd0940c616e69cd37fd236c414bc5720a727f35cf4966aa90f714a6d2 |
| SHA512 | daa327baf69fd80c89d3d0717128ef8e5b1c8a98c750aa241c80a13f12502fbd5b7dd6bf8733eea9348e42d3ff7dbf1f1ab487cc38a6f232cda73b898d181e9b |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\kn.pak
| MD5 | a381ebb36aec61b86689b51f827bbbd9 |
| SHA1 | 200ba0cc244768608d4dae0c29089698629bf894 |
| SHA256 | a392072a41ce7853394210cf1c8ba9eb4a5dec6a3fb71decf914ec35f9e80f67 |
| SHA512 | b935b9acf1eaa68c2494029020c42476d913ce26b867c9cd10700b2219ddc7a95bb21c69f98e0240a4beeecefabe696d8a76f7cfced2f8cff5ae1810b3806872 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ja.pak
| MD5 | 0535d996b9fc46415d792537eed18565 |
| SHA1 | 5219f79f5f51560a2ab1f87352151bd34e0ef570 |
| SHA256 | f87c1f838611d1715021eb81fdda5f99093ef805b7774b2c708149864239cab7 |
| SHA512 | 5a4990b7d1552629a3a686e991bb0de95a17e57530a4fb3724273fc84a4120e93b08d8535066cdda58beb584a62b8baf5fbae17c877a444a885daa1ccf805a73 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\it.pak
| MD5 | 576d97679d79e131d5e8e3aeb2011322 |
| SHA1 | 87c92f17620e9700b60844d683a67877edf08224 |
| SHA256 | 86c7f97b5df7c0bfafb6f660d1a4a931a7346439d318da3174a4b3867d59469e |
| SHA512 | ee436b95dc1c737ff0deb2c5c35d92484e20c3e8377402ec3a7f2729142c1bb37990e6571f5735d5866e95c38416a6707f1f9b8f45f28ca511a377e4aeb2501c |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\hr.pak
| MD5 | ab1ce6b0ebbc6b6e33d88e6f279e5761 |
| SHA1 | 4f3572857f0c8528f39145b7a2bef4cc9635eb80 |
| SHA256 | 087e34145c02fd15f99582fff8c9555bd132f98a000244cf58fb930a51dd294f |
| SHA512 | c087838b10e5ad308b61f00b0f2405e4d227d78bb0ab87a8556c717a3be9913d023e93e3dbada2dbdfc96059d6450342aac1c6254aa7d131943bc89ea41f132f |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\hi.pak
| MD5 | 036555a4c2bdce7aa4a7673004a61ddf |
| SHA1 | 77d755082b46ed17f55ad23a39f6d1fd2b952003 |
| SHA256 | 64da243792e53910a38a78a04df34b5803ac3d51b0ea0b3460fdd3be01922046 |
| SHA512 | 07d97b09798be4d67cd1a9013a2539b4ef16a7b9ac7e7bc7a2a2843559e7e37470eb70304ac7cdca85c717ceb5f5748b8e5c51213ee3e9fc8ea65a81571e1565 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\he.pak
| MD5 | 1758934bf862895d6d6e1558cd29a8de |
| SHA1 | cacccc7180e1d357243bc894f7ee814a4f62d080 |
| SHA256 | 5d02bfe3ca8527edfba220308f10d25ae49c4270504f25f15b6414eaafe8f7c8 |
| SHA512 | fa2bf5325ae00bc4def903964662399cd9cc0cf82b8de5f698c0ed5f9505d4adbd3e12193779ed2ec326138baf05dea9fe3d9dfeef4ea019e0faef4de2b48561 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\gu.pak
| MD5 | 93a012a3df6544f1ca44c46323b11b13 |
| SHA1 | baa35720f8e655203de9a66262c91fc04ed00444 |
| SHA256 | b265e4d736c631058e06004e9d759e9c1d0700405b4dee1434768b35bca7d163 |
| SHA512 | 901fadd4a84c4c2d143a51a2aeeb9e202122d551847a7669539b9018804e27f11c5ace62eba7abeb34b7bbf4299f98f7a11290abcf2849613a60593436dc589b |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\fr.pak
| MD5 | 03634471d8ada7d1acf8d91483fe94a4 |
| SHA1 | 210daf6c2c8afa06bd2a3a78285a391c0ef909c0 |
| SHA256 | 9f7a46d0a42e8d77a7bd055783672045a99dec94c1739b78441312f96cf29352 |
| SHA512 | e12902e35b2d61379728f5c33e3f9119a392b0778793b2b2b8922f6950277471255f5da7d6ed93426bfc473f147373f3eca819ce5a86f71d612cd5e579cff98a |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\mr.pak
| MD5 | 4396f8ca88fe4e84aec4abdd97bde74f |
| SHA1 | 219cb76a0bb59d07384da51d731bef85258445eb |
| SHA256 | fe8e6b8f2b0b547e9d8bf0be897b3e971ceeed4ab8a6afa70d89023f6fce999a |
| SHA512 | 7b27912d3f9ac66940a74d9f62eb538f8388c746be6cae3c60822fb1afeb1f2a09f459f17a1ee5ef656914ffccbd057f76708a49f9fc6cbfb1705156571c8af9 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ml.pak
| MD5 | b38566178d744fcc81ed1ba4e1db8f9c |
| SHA1 | 87208eabde42a43906ec5b35354f90dd7b6743a6 |
| SHA256 | 2a3724d296772786f70f09f7b75549ffb55db873ccab2708871c2cbaa0a637c9 |
| SHA512 | 6993773531f31e6686693587071d554e06a39bd940ae86c24770e47f5ce694f6239306d70f517b647f8050ee976e3e7bd66fd97e344bebb0b63c7808527c1689 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\lv.pak
| MD5 | c0670b5f84adedfc09de597e2e4fd46e |
| SHA1 | e1f949fd90654aebee0352ea3fadf314fa3730be |
| SHA256 | bea938e3f78ffb7487196f60014a80654683787b7cf761d13cd817b5c85eba1a |
| SHA512 | b53417360b10a69fa75520bd8383452b22353964b2776a36b45459548ace03821e476012fe5e3e40f2d8d2c0aca30706f91b232f760f971f8d582d25cc2a5fb3 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\fil.pak
| MD5 | 502426d24de1eace36db0e9929e04b95 |
| SHA1 | 490a30e0d07732fd3e999db2bbfdf4773d04ac05 |
| SHA256 | 59d5226aa8dee2d1f8718d5d2933f3e7152c7b23c3875c0d0135c48f259fdf1f |
| SHA512 | a4b5126d3d054f8f73103acaf82d942dd383e9daa33e8142f8dfd5053469a4f30f5f48d9019f2323fc6709f0e0c23cf59801032b6398a3c8d04b6259ca105c6a |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\fi.pak
| MD5 | 73a1b2faac979c443a8134a90834ecea |
| SHA1 | 9d8e6fbbf21968e70949fadfbda0b485a3a05ec2 |
| SHA256 | 1f0b2cbbb1b85612ded7b04e2bea5a81244774ac272df7d32ae8ea046c4bc4af |
| SHA512 | cc4cdb3da9a7839c31d30af80ed6040cd99045e80344400ed3886040b95087e19d95db7ec392a8e4c737f1079e46d3d3e2b6bee6cdecd7af4b2e8bcec594a0ed |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\et.pak
| MD5 | 0deaad24f897d8a7d58c02349fceccfe |
| SHA1 | 00c26f43e22478652c21d33965af9cbf8de4e078 |
| SHA256 | c15d32bd4efdab3de2f3b4aa372b6339e915ae07125ad1e81654214dc93dc5f0 |
| SHA512 | fa02363759ed04903ecc178e7d46b49aa4028b131cd4cf34d5ce3e6e5989649c48846c43aa6822ce4580dbc0f3b37ff578ed172fde2dfe4383107eb272814b56 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\es.pak
| MD5 | 18effe24e1af2a82bd244fdc7335b924 |
| SHA1 | 1a746a2f0271f9b15f11fc2870027c07657b17c4 |
| SHA256 | dde744edfc386245ead9e45806d50a4e520cbcabfd31dcc25d06c88cd7034c2d |
| SHA512 | 51154f6f6afc62a9eb691811d4f1f0d64be851efbc41fd165ba13d16a39c7e1e0491d4eccee413dcfa835da4a915b6b424678429de3fd7ec32e56cb3859f1560 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\locales\es-419.pak
| MD5 | 16fdf08940ab9a6798b65ed8e86c2869 |
| SHA1 | 7bbcee9742931838bc80f12c36f37fa2caa913b2 |
| SHA256 | 82ceccb51c51859c8c29bb2dabc325a426f034113a4e4a1aa94de514d9a9842b |
| SHA512 | 89c6022345d003e031dea2bf21fc2bfb45e2db3646d842da73eac9c7a34543fb5bd9d68f10af0ab6b324deffd2aa113fb510ac5f85a2796f8342e6124faa8f6c |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\fa.pak
| MD5 | 13ba8738fd68a28a9f0dd2c821bc4c11 |
| SHA1 | 75e19bae5a651662a4ab4776cc032e84ac968cea |
| SHA256 | 8df1290756801dbab2d229c694f9d64fe5a9b3c46f5e108cfc6b0604bfebb08e |
| SHA512 | 8078a9f4b7bfc12fb27613f85bbe563025f5bb8ff147b9b9c348e17db65a2c098214fb7f169b7e07ccce97f56e82731b95260b2d337479c56a090963467f42c9 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\en-US.pak
| MD5 | c7a35b4792b419b89953f9c93fcf68ec |
| SHA1 | 310b96c8b3b6c03cae195ee765be4a465294dba1 |
| SHA256 | 3d4b7bb473690c2aca5d010dee88add647d0f2c670d248fa0250f3b0d72f58fb |
| SHA512 | 42ef25f8e151101d9b59a5717ba503be6dca4bb1521551b20ed7f5f7887e55d7cda0b1b623689dd1875963e8ff1352902906e27fec805d423348b70d36894a4c |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sk.pak
| MD5 | dda8a9a7dd97eb50fecd7f72c6a788e4 |
| SHA1 | ac602545cd474f0f41c8f74f67d4d5bd1020a404 |
| SHA256 | b7fcea875d0339a4a634f2cce5c4133b1e5db6f27e391ac9b489f75bac43d0f1 |
| SHA512 | d553ab1f7f47d4fc2397e92b4ac8b3366edb09afa811c360f04dd2bd5a707368fc826d59afa84098212fe6339ed6d5078493b26fea12c23097c30932e8a5e1a5 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ru.pak
| MD5 | 0e5e6b8274a70e22f0f54587e048ca89 |
| SHA1 | a7d64da07d79014d6fe6085132d8780e68f31d13 |
| SHA256 | 9cf93e69989bccd0a7c81fe77e1cb46a8f4227a649c9c936ba018edc5084dbe6 |
| SHA512 | f9a6832273cd496e7d4d094f0ca72a063f8aa93b2e09c3d812c650195a8bea63ea5af1f53e58d2530f464b837bd8b2be6c23c86e4c7d5a346d2166e1dde0b389 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ro.pak
| MD5 | d80c55c2c0867e6592b412b65a3726d4 |
| SHA1 | 0f98dc09e3be4e114b8a75504a1761c7c9c4773f |
| SHA256 | 0614f6aa99f2dba0ec85dfe4befdb587d456c82407747225818c4bf3cf8aa2c9 |
| SHA512 | eeb501c3835474d07877bd2b1f8e707e68f9101bc2d280d80fca9ef63a28907fa6a94bdae361278ae1c572409e3a47ff2db2dd2aab95419d4a0afa0e62e1e60f |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\pt-PT.pak
| MD5 | bdb1329f28c6b461a8892d772a402779 |
| SHA1 | 5b69ebb29a3b09bef41c1cb8df23e8f2cff401b5 |
| SHA256 | 467752d9766a15704a1e4943c02ae902816d17e80c4c1ea4aa35408e06d40203 |
| SHA512 | 0e3ab8703597cbc685d5e299dff2fb34a4132d726bb8ee4f80694bf304bb2470814aa690cf291ba88383266710bf2a0e546e749ff04c885dfbde9d656e8814a2 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\pt-BR.pak
| MD5 | 755e9c396a99a03ac26034ef5d499616 |
| SHA1 | e67976093894894439716381f7568fac65fbec9c |
| SHA256 | 32dcd6a79627e945fbe4440b8a58e3a82537f60d04a08be55074cae9ba1e3806 |
| SHA512 | 977dec2f7e46648fdc0607a17564f28751db511d989bf9d0dfeba4f33194399970985eda28f3fca59c46bfe821b4e313993ad2d0abcd37ec265a613058573728 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\pl.pak
| MD5 | aab77ed1d9366ab6c862b52a8803ec8a |
| SHA1 | 6c027f72f361468ebcfe14a2dfaa26d5705d236e |
| SHA256 | 2f7b4e04d699b13f3e8b160ad0db1383b028bcee345cfef3bba5f0b6a0eb310b |
| SHA512 | ad65bb962bb766d9df1198a244f4290a4c2b24eb84867bfdb4daecaf84d9c6e66c374805f8649eb0cdebf5cfc5f7a0aca77390f08bc80767ad78cd152847770a |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\nl.pak
| MD5 | cea5de4e70e45fcaf313026fe2a285f3 |
| SHA1 | 935bea86dc63fd5cf4e75dbd6268caa3ae769860 |
| SHA256 | d25dad0b33f7ee117a93664c63c3f785cb6c0640e284af71e7af8f3ee962681b |
| SHA512 | a137d8b1499cbaed99979f3e99fa11f85e590e03e274270745faa6f902d9b60de91d843211a7eb7277814135a3d3bf859e5ec0b861654d82e5e58b0b0a81fa81 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\nb.pak
| MD5 | 1cd6be56f8271889e73e72ad27148522 |
| SHA1 | 7325a1d9de25fe7bca73334581e46e7588da3522 |
| SHA256 | 4541a661f7cee95e2fabe92808ddbe886f34b6a15b5b89fe6966526d1f9fe303 |
| SHA512 | a955683ac01f24349c9166dd7ac11942dd2941149a345ce38fc40493f0b7068bb6b052047b9cb24f5fa85b58a5e380176bb555f2949c718e2e524305f52e42db |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ms.pak
| MD5 | 59a17c1547fd0c2d7442a57125de1e63 |
| SHA1 | 472cd3d7087be0bd9cd6ac77f978db65d6a8607f |
| SHA256 | d4b0b5180342cf9dd09d3abe84e1d805f83f39d0e10437a88799babdc5cc0898 |
| SHA512 | 730685533295cc67211e49b58e1899a122e5927d69851b62b7456ddcc90ac894bac1168040b169d13fb3d83f48f9f7b84753a9460332b9e50c95ffa5acf6fa7c |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sl.pak
| MD5 | 93c3d2c7759b86e3b0e41dc11322239c |
| SHA1 | 8c74a9f0a4ae5569f3096c7b79ded49237799b60 |
| SHA256 | 27504bc51a42d9e1f3eb6c64529b90e9f07741e5f6bfb5a7d898c78bda1662d0 |
| SHA512 | de8a8182390efb40016e046d5d64f4d7c9efe50d714a9a1ced58531081cafa16a3adba47bc0fce95f64172602050fe7d52dc13cc56c9e098381e8cbb837de664 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\te.pak
| MD5 | 7f0446d5531b88d82bfa144a5b67bf74 |
| SHA1 | e391f0d14b4cc483244bb0618765bfd823f49390 |
| SHA256 | 38d8c7df6e5eb1195fa117c339237ebf774228ffd4440e76757f4185f7d352b4 |
| SHA512 | 84ef87f7906a570b7272d4b2842e37e4b3c13f91612d13d8393916496d5b057929d10c27604f72e353836037f0697e40b3d91abbc2408e62b48970acc20ad50f |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ta.pak
| MD5 | cec17c2599d8da8b266759be6011200b |
| SHA1 | dd41acb9f60062f1b84fea596d3c88a3791445f0 |
| SHA256 | f958dec5ce1801c38ac437ff5858d27dae34210ba0001097425af29cfc4ed776 |
| SHA512 | b23f1f9f8cd02af79f970f3144a69e8c4e820f0c9f9860904512c59dc279f4ea06640c284267e52b698080445aed7fa9e9440023a0af338514956639f5e464f7 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sw.pak
| MD5 | 75d0fe3eccfdd6e9cbdbcf1f760d41d5 |
| SHA1 | f28a8ff5770095486134f75c6155ec2e8317f479 |
| SHA256 | e5ab3bf2251d8bdcc106f4469df1ae4e38dc504e9be361c6addc8a89c44e11f1 |
| SHA512 | c2c153fedc7df8bc6d41f91e4e622472dfeeec32fcedb9a8b4bbb53a740aaf94c190b63995041ab17e77b9b3c23d49fe3e0c903f520c2c2dde4f9bb2ed6a596a |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sv.pak
| MD5 | 0876161bbd746e71017012007f8a50a3 |
| SHA1 | 9156de3372f0f66b3fda80972af6581ac09a33e1 |
| SHA256 | 97bf4024eb0df00d94cf536d4acd0785a0d038d4c587b3a1b464f85cadc2096e |
| SHA512 | be5974e75df2d92705282eef1904e90231b35d902fe34ea1cc2d97f6fb28a8eb6e238e0ee626a20254fad9cbe093649dbf1550a301f3c8b5c6a538affa589145 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sr.pak
| MD5 | ef2e0ff7ce55e44a4a0318a16065a469 |
| SHA1 | 10e3fdd0eafc3ef2f28880e1c9c39b98fbf6c9e0 |
| SHA256 | c14900b94257f1668ee52752d3b8facd838effa298d9e6d6eaea4b5e883a6ebd |
| SHA512 | 398d0a4e3f5b455cd1ea26f83bc4d32e64d9db3d8ff92e1c82e47ac4fde55caca1f7fd7bdd9e3e9f2ab6915caef7a61269aea346eff81ce9e19f483ae278f142 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\zh-TW.pak
| MD5 | 94886deab8e5fb5e9636c322019d7d9c |
| SHA1 | 04a7102024bd4aa1b35f703c0a01958fd1e06da2 |
| SHA256 | dbdc642c4b6ed716ca512510d7a1d8ed1a0013f8cab99d4a6f9d48bfaf0bc184 |
| SHA512 | 884096da6309c32440e62cd6063f213fe2532bcfca96d155292ae48b0e9e1486cd0cbfd4d9f06f12581822fbbcbb9520bc5f4f7601258d6189fe68f72976ae75 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\zh-CN.pak
| MD5 | 6c0f347c156016452a2c89f1f012ef1d |
| SHA1 | 931fa57efba787d42d898d57df5b2f80cabab106 |
| SHA256 | 90ee10fbaee2b3b847349f1f16913e72634587d467ad8b1339313101c06e7b66 |
| SHA512 | c99d6c0354b0d8f7412a6fab4bda4d85a94136857ffa29b2b01d3cf4760a17d10e11293ffba39dff8fa0386e9ff58ec7498aecb64816a969b8b2f673da61d870 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\vi.pak
| MD5 | 548eb71042087cf19e2ce3ae7ae7196f |
| SHA1 | 0162ec7bfe2cdc0746daef2ed6dfeac297e1f6ed |
| SHA256 | 97dc5406d7f63748742b53b812acf72867aac55907d857d8e8d8136fd312008a |
| SHA512 | 8751ce072ca166ab8a1306f9fffc73d528e97681b1543a0cfcb2dcd7dddc8f00cad8aabab89bed67f38ff6bc8f8b63c15cd704782ee80d181b39f6da09f11414 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\uk.pak
| MD5 | 4fc85705ad86d6f1cd63560c845667ff |
| SHA1 | 460cd483784fab3776fba45e5d028dfde05fddb1 |
| SHA256 | d3a14b1453a4396ab6c7bbd1ec5c20047231163e9812434221c0ec56b13e8646 |
| SHA512 | ffde9b149695b3910b497dc31cea872ac5337cb53b7ae6ce753701fe5f5dbdddc6c21375345a7d5e3cddef5b3f7ed684864afea553c7b10eabcd1c15b05a9599 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\locales\tr.pak
| MD5 | 84b12208819e7793ca426fef7efce801 |
| SHA1 | 7a8f471513a2d8dfc29315d8f4e148a17e22b0c8 |
| SHA256 | eb10e679837bdd7578fe2479627b85edc761ade571541dd435332cb9b62c64e4 |
| SHA512 | 45ba46f1e35fa4631244a73486079542911dc785e3b0457bf55e98975f8d246daac2da3ce80e7f51f6160c0efb58c3e7e8c247c2b6a1dea15d25404cce509d99 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\th.pak
| MD5 | c3d450324fd006b44cc8d76c8608b140 |
| SHA1 | 84550adfc47e2d58c4f7eeb44fa695441c40c642 |
| SHA256 | f80e2b809cf96f51bcf7f45fe6dfaec5fde29a69c1c46b38290c4ee71172da89 |
| SHA512 | be98fc1a3a30fa537fbcdedaaa5805f06767490cfbba4c038109678234129048f369d3d9f5f3600b9d89869e9c28dae52bc6a455b32a6e9584f5e00fb211b92a |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | b23874b9c5770daa110619bbc5f07271 |
| SHA1 | d50e628f436d3ebbe50cd304f25ecaa1d67d9d62 |
| SHA256 | 89a638cbc81b13f98aaba321470dd2510be06cab03262daee4681c3832b6298f |
| SHA512 | 52d8b6334cdaa7b7e5958379d28f8a3511c99f06682dfa7015438b3e7c870c48f90069d6bbd4e5c1e8a7301172681e7d7e64ced6e133cb0e7d79bbafed1f7819 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | f49c1a7aa9bf4761bf251804f42e5b59 |
| SHA1 | e48c1f45c949ff79ea2fc467debba868aca8f739 |
| SHA256 | 370d168a0760ffa618936ca6114711bd854ac687c501ab7aac2c10e0bb924c37 |
| SHA512 | 6fba5856346829c87177b9370dafc14492d63639de14a05fff1fd3e88a1dd703050b2ea03f4393349d8fb8e6eb257ce10a8b9170e1f86d050bfed3a21d8c48cf |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | 2ca0ce3e997601e2a65f94de3d172d1d |
| SHA1 | 16640f185c7a1ffd0e0f871f39decd90d4a9285e |
| SHA256 | 11869154ddab8965dd326e132ce8337c04611a0372a3c47f6aa93f598a65e548 |
| SHA512 | c5322c2bf1ee4112f6b92bef9fec896f27f0f291156e6894db2f24466fb6c5bc5a3e333eff9c4da4fc9010facbccb6f40e17789803a1d8cbf00d9038eef95794 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\elevate.exe
| MD5 | f8eb6a997fd56d6873a14fdf6c62389d |
| SHA1 | cd4b9ebd9429d9e6b89b825ca5eb763a9df47845 |
| SHA256 | 8fb23831e60a0a2e627f158f4ec7998293442a1b7bc217baafc6f6a1ec9eb2a5 |
| SHA512 | e50aefb49ffdac7963e75383aa362c313cabb0271d3366d6800c3ece32078302935306d5759d8f37418c5b7aef40b9ce18a14a5b5ef09c68f774b8dac6794aa5 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar
| MD5 | 6c51fadcd5f9a3c34648cac3acbf3a6e |
| SHA1 | c4308e2f3aaa07ca44d6b5cadb1c2ab94a63bf60 |
| SHA256 | e98d6fe8c36098bf8ee6f16f30b6a66ceb741d35aa2bede1acdbabb34ea008ef |
| SHA512 | 2b3d2b6c2d8773afe66c8ad6207d6980be3183a57d1419af711bf941dd4d03cde925225bcfd6b5cf4bfcab94aedb1f67ef3e15c44c3aa2bb50042f36915bb4dd |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\StdUtils.dll
| MD5 | 128281e985062c77e890dd7c5ac4c0cb |
| SHA1 | ae3f8209f3949a10d61690f5231e74f6aab3adf5 |
| SHA256 | 1649cabb8070b494cbacaf0a001547cb6ccfe23a8ecdcfba2c0080ba4357dbfc |
| SHA512 | 1833a166ceae053fc6415341dedbe6b2d0c3cc84582457ec2bcef5c9ea9220e5654dbc7d2c5caf28e42620bfe0b64b76ff3c248ee3ae7932887100c98e3c14e4 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | 00b7cf42127f7e7b3b0d8d69b92842d6 |
| SHA1 | 8d33a3d75f1f972832b111142987050013ed766d |
| SHA256 | 852f1e91580fa6c3888ce9edfc51b74b8a4ae4bb8e6a2440245757d5f7414d46 |
| SHA512 | 5676fdd5ecd67985303039040998c945ab1a36cc8c764ac56da87f49d9d9ad3d5794de7bd0824e72321629cefb5f15270c96b10d390c7e899d83a6c012e296e1 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll
| MD5 | 36a75c72db9d827aec0c06085a733d9a |
| SHA1 | 3105ca92d418ed1244b5a64dc964187c85cd0f2e |
| SHA256 | 8e7bf3fad23084a9fc048208b1075a37f7aac05a250045e4ee06a1242cf88d42 |
| SHA512 | 71bdcad6d785b5fd5255ed6453fac3d6b39b06bab119f9c7002c76a5d3ccb11da176f69977e135332ecaa6476551c36efef05c31beebe00b5da7a8c294bc0c42 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
| MD5 | 80ce77b04d05a99471a04a045e336e3f |
| SHA1 | 0e5ec3908935b5f4d33926a6c420cf48aed47f3d |
| SHA256 | 6a7d99a7daa1a948aa7da716f39f434a39d3e4b25c39c656d82c982288c9f4f7 |
| SHA512 | 5a2b2c5e2c7868c79a56a92c1972a65fb4869570185f07c93e4798f073003711fc4cfd19a47e97aaeade4188b76b8a64dbf141f3aa1fa3a4825d59dfa413cb8a |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll
| MD5 | ccbdab53ead240092d6b92a33f449a62 |
| SHA1 | 315437c9da345c5e1a934d788180989063b0ef1d |
| SHA256 | c0a4830435c4a0cd50747f106565a2bd7b4f9de7940f2742d3d2c72ea336bca4 |
| SHA512 | b255bfabda04fe734a4d924e3e0f225b81a2f6a1ae74dee7054783b97497f06d62738381dd867dc74fc9db8832cbf7226d53cacd9a20d7fa1949208549ced50f |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\v8_context_snapshot.bin
| MD5 | ec9ddb931b1c7c3c8f494a84db3c880c |
| SHA1 | c9fa2a3cf0566fd2e2692dc2bca1da6dfb7b1a38 |
| SHA256 | baf759b7cb95dad400b1910d4bbf8c5d63beebb87bf7daf7c54dfd8050d09b2e |
| SHA512 | 0ec43f311639f873275c157ea20588abbd38808e1e581b99376f3d70f2bbfa23a00bece904e8e8fbf354d04c164c6059e4a78d8edc30e2924c9d7328f595059c |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\icudtl.dat
| MD5 | c4cc4f390ed96115a5f011de41fd78c7 |
| SHA1 | 4af3e72db95284aab286f12372dd17cfcdbf3a6a |
| SHA256 | 56c577672c1a8b9b1cded8c67cde2bb600b3b4ff0024a4080d25440b56a69f51 |
| SHA512 | 1a89fe7188618ad344e441ff131f6a45acdb64e6df9cb0f7f2147d8c8710ca379a711bcf7e01ff794b587e98e72c703b41dbbc83dbc2382a986f2631f6bd6ff6 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources\app.asar
| MD5 | 5a5803313556d2bcae3bda0284d01fa0 |
| SHA1 | 08c40906bde2075db5d1c11d6fc55d6bf2ead756 |
| SHA256 | b777e2e9384164771ab03a90b3950e57be90aa2e9cebe5392345ecb8c95708e8 |
| SHA512 | 64844867e531b7f7b3a2760ba23a616505120db575add300a0952cb3c2255f63f0fdfb492f0a7b70ea49abe5c31194e55bcba4330abfb674e172a36d11f54ea2 |
C:\Users\Admin\AppData\Local\Temp\aa3a16f5-7a17-4151-b21a-8f8d44aca0a0.tmp.node
| MD5 | 8a3e5332bba15fb3d45acb98623b90ca |
| SHA1 | 7c994f6b46385bc25c82d5751b5a3be9876e4d6b |
| SHA256 | 4fdb0cc4a5e79cf80446fab73f4a7fe3c9e89c33fd06936e95d906de8f89ecb4 |
| SHA512 | 54803c5bd4933e4d488e5531ae3c23d69ec5f5b1b7ba8f00ec2d108b53fb2e874d183722035989ee8a30c2fb767b9df2af9a5f6afc46da36ce39c354ef6d4879 |
C:\Users\Admin\AppData\Local\Temp\aa3e900a-f271-4195-9ef9-66c4103b4e31.tmp.node
| MD5 | 45901c22456863370cc6e8ffe72cc508 |
| SHA1 | aa48720921abe40cf209e4c8896d4af4b489a356 |
| SHA256 | e91b456f4432cccdf280c29fe2c095536e356b7949fb31622e81b864bfc8ac00 |
| SHA512 | fe22b49fa07b6f9691679781f04f66f94fe520c787dc8a4d6f05b86634a26671a0cd603a9959905bb1ca29f0f6fc81fcfcc442fccf913abe406e69099b6be3cc |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
| MD5 | 08dbfedbb2a3ee24e0b9d195906c2f92 |
| SHA1 | 1da4e8baae806ab395b6b11bf1ad6f4e74644a16 |
| SHA256 | 39dc4a6fd77a20e7cd864752c24b534e62ca3a66ebe750cd02fd1d87144b885e |
| SHA512 | 6ff534cf20fb934789cdc817312a6f67a675af2b0192d93900b6297a03febc4374f1ebbd04d98161250df1ad46bc8753d17cec98db46e17d24d8d16b2682225d |
memory/2712-578-0x00007FFEA2210000-0x00007FFEA2211000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libEGL.dll
| MD5 | 42c47c397c44e3f9e5b38f11288a3066 |
| SHA1 | 5e1754c5932a0764a31fd863424e24bf1fcf8fc0 |
| SHA256 | 5f1d8ab15a80f07752e409d3f4b7c216c1a14c0a595858c376f42fc8d4757e70 |
| SHA512 | 92d220b7cf3ad1f30e23ccbce8f4f56f643b8182a10ef44744d34042580e3677255f2e9309f80442f0f30a3a97264e03f11f7cf174ec0d0ead46682c1c920866 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libegl.dll
| MD5 | 7adc6deaef03a7f9d7d76a8e7dde6eed |
| SHA1 | 1c1be65e66d67534a15de500056de702914fda03 |
| SHA256 | 47bd73d8d1aaf28232e41b89e9fe14ca1d26800ec3555ed0612fcd49151b5b0a |
| SHA512 | bbc032336ede336cc7fcdb1f1cb9a4d22479677d1f723cb879170bd86e4b291221fc55261c339d228f77be21489ecd9ebd3bdc10e7b42d61cab0201fc49af0a4 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libGLESv2.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libglesv2.dll
| MD5 | c28b74bddb5c56bc08cee2cdfba24591 |
| SHA1 | 8b073fbdb9f5552f4c4333b20e8ff4063dd1518e |
| SHA256 | 8bec94018614cb57f0856c89e5cb26d5c0fccff08c3f8c5edba95a0d98129e0f |
| SHA512 | 964d39400b1e08d87aba4a7131ec5c856817a01927910beec6e1122989099483279dda39682c2d233b86dabaf945bb8915304d32ecca0e60bf73a334faa93c69 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
| MD5 | 427266f9bf3d5423186ad83cec8164bc |
| SHA1 | 2613bb474daea8e43aa5f354d7e9b94dd112697e |
| SHA256 | 3e2f9b83a3fc2d293bb30f208c62c48884bab5c8f672fd4fac3f6cbf8eec4cf7 |
| SHA512 | 389ec5dcddfcbf9b5b2312efe30f823ca399650b27838beaf25146d1aa43e022769c1ebf8ad45e44d753eb793f26b4f5ed741ead3742f3f1a488a9a8c08264d1 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll
| MD5 | ab115280e4856856149468f0f0d96c6b |
| SHA1 | 989d3313bae6c533c775f0a9a2a59ffea85f0e98 |
| SHA256 | 0a9349b4f64d832f7b86ce8ecec8471df55a11b6a806aa0630a79a6300f5a9be |
| SHA512 | dc6b58c882b39400c9a0ad11676868a5159796d0bcfd1e596ab752757cce4a24c95b3b2b8e949bce8623d76842ed469dd01e908b7a11c23ab54c2a5b91370e98 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\d3dcompiler_47.dll
| MD5 | d88cb6193aaa879977bffb313cc2360a |
| SHA1 | 2493fd7edb62673b19c7ff5877fd14e3902b48d0 |
| SHA256 | e2b0311b45d8fcde947a6af36c40be0ab0231111cf0dfd18553501e945e6b284 |
| SHA512 | 53c16b0dcf05e7092ec3830967409088161b65d070010e23d8b51724e6b9f8974a7f328c2615842e88472742b07d67198e3d58f62693dbc6f6d55ad298512f75 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\D3DCompiler_47.dll
| MD5 | 4d6ff1e43e825c9a3582a11ee739628e |
| SHA1 | a2168711d9b383cbc089eeff92380d6975724035 |
| SHA256 | 19e1eb9cff39699f951ef9ab0e3b67cc404094fc4176e08c33ee89c56c9fd771 |
| SHA512 | 513fda623e189307fc1188ae7211530193760726e0d83faf1a2d3a6e47cfa5c62366c1326ffa31270c9768441f2fd2a624a64ef14a0c38bddab1fb75e0e7bed0 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
| MD5 | c175f17ad440a044120fbf146351dcee |
| SHA1 | 3289f95e22680216eb0451552e386c7c979a9c7d |
| SHA256 | 08bace9928bc46b39b5e41f7ec01ef22afe4a6ff3eb425833138ecf54117be31 |
| SHA512 | ffac702a573090eb0d01b4fa5a09bc0a8df3ae1d1d3a808dc03e9b3d073994abafae34ba393d53a19b73bf4e31768466a5877eb15cfd40860952a7324a7ad382 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll
| MD5 | 4e7df27e996dd526be7bfb42f842c7ea |
| SHA1 | a4294b8b81a5a29004c9200d59af05a1c0f429aa |
| SHA256 | b35cce4a2fd8d52d6a37cae07fd37adbe55cd39919f2241621bacf56e078c463 |
| SHA512 | ee4e2b2707a0fe42ee9d622b8cdd04840d06ccf6e94dffc874065b04edaaac3f6d551fabb3b01e1ef02166d961b716c1ca4328342e77d9e29cdbb14e064be53f |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources.pak
| MD5 | a3bf5f44c6f13759e381de1f4df4c284 |
| SHA1 | 018a4f38c5b807e271929565b6bbe8f9c5b276ef |
| SHA256 | e3cc193a0483dc171696450d979c310a72404bdd3c15b5119b6bc3d94fbf4cf4 |
| SHA512 | 49b5f02e9b553ac7f28d542f815277f56aa9c05a83e160422c6689173bfa8eb41c9c3668eaff8ea1715f2c912774c5d8d2cfdc46c69bc522352e9b1c18f246f9 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\locales\en-US.pak
| MD5 | 1763f36cc066155149f51fef404d966c |
| SHA1 | b7f53b3da2fb4554942d51c7448153a8a0e2e92a |
| SHA256 | 32e4181edf0e5fea01f91264ff25ad19d407a775ceb6a4e5e5bd7a311769a3c3 |
| SHA512 | 6b2976386ae92e0520149f0f867840983116e632e2c8b7488fd72909b7fad202f3ae6a9ddae30922d24295f71721f0df78018ec3a57ae31f842ec2446f833157 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_100_percent.pak
| MD5 | 5b5c3fd2d7d4de2f09d81f80e40f185f |
| SHA1 | e012359becdf21025159e7f596c7a25b90d2a42d |
| SHA256 | a124bdbc3113cd48afd60671bc7e855a24d44a288040e9897e95c90755e05593 |
| SHA512 | 897a176f0efdf77a292996298d42d328937956d3caec1810c07d5d16b653b52d46b917860aa97e67ddaa7e30df9a6bde58d542925c5ae485ff420f204999f897 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_200_percent.pak
| MD5 | b5992632033008899e6804a017a5be38 |
| SHA1 | d05271e21ca331d864e42228289725eb4acbde46 |
| SHA256 | 1e6032aa09532d063eacfcd6f3f66d4a9623d4e08cbdea01a46f27add54681db |
| SHA512 | e2740e8f79e82b6881c365564e50b2c7cdd31f8d2eaf861764e3bb9bf3f5d5bee54f1c5960cc58209a8ee4f03c51469dfc0e72af933416db6672ccedf66d0b9d |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ipkl23tj.ong.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2860-601-0x0000024D96100000-0x0000024D96122000-memory.dmp
memory/2860-617-0x00007FFE80CB0000-0x00007FFE81771000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 6cf293cb4d80be23433eecf74ddb5503 |
| SHA1 | 24fe4752df102c2ef492954d6b046cb5512ad408 |
| SHA256 | b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8 |
| SHA512 | 0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d8b9a260789a22d72263ef3bb119108c |
| SHA1 | 376a9bd48726f422679f2cd65003442c0b6f6dd5 |
| SHA256 | d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc |
| SHA512 | 550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b |
memory/3696-631-0x000001BF53550000-0x000001BF53560000-memory.dmp
memory/3696-630-0x000001BF53550000-0x000001BF53560000-memory.dmp
memory/3696-629-0x00007FFE80BF0000-0x00007FFE816B1000-memory.dmp
memory/2860-613-0x0000024D96130000-0x0000024D96140000-memory.dmp
memory/3696-635-0x00007FFE80BF0000-0x00007FFE816B1000-memory.dmp
memory/2860-612-0x0000024D96130000-0x0000024D96140000-memory.dmp
memory/2860-611-0x00007FFE80CB0000-0x00007FFE81771000-memory.dmp
memory/972-650-0x00007FFE80B50000-0x00007FFE81611000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
memory/972-652-0x0000023926780000-0x0000023926790000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe
| MD5 | ab327a5d8922106711f9215d1faf66e6 |
| SHA1 | 6c3abd283d0192dbf9ac5e873c452e9167c06bac |
| SHA256 | 27a45ecab96dc6edf0d912e2929b04f78c3f1fc3edd9361006543103574dd44f |
| SHA512 | 1e5182e292dcf9dd1abae258f6712afb64959e24afe7684842e17ff8e9a48e0f08cc0f2188d450aed6c90bb894b30187457b2a58cb5d45039c58cab00158d1a8 |
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\StdUtils.dll
| MD5 | 11a15b5c4cdf372558f58f21ebeb3b5b |
| SHA1 | e32f56ebcda428542918285b8b473e9fdd6d4583 |
| SHA256 | 1032bfa13ca7ad5b7e4c3469c5432f51622cd1ef952c29755ba47c471703a384 |
| SHA512 | dadc6c361db895316f6e36e8e1b69fbd87a27a0f4883d9e71809357896195d0d41339f282b984caa3cccfb18fd66f0cd10940bf4edb412ad7f51b91cd8d86345 |
memory/972-656-0x00007FFE80B50000-0x00007FFE81611000-memory.dmp
memory/972-651-0x0000023926780000-0x0000023926790000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-15 00:02
Reported
2023-12-15 00:06
Platform
win11-20231129-en
Max time kernel
7s
Max time network
130s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe
"C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe"
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
"C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1904 --field-trial-handle=1688,7470208076938658598,858066748977709269,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
"C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1688,7470208076938658598,858066748977709269,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=3132 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=3132 get ExecutablePath"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\net.exe
net session
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=3132 get ExecutablePath
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupFJZw0b /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe /f
C:\Windows\system32\cmd.exe
cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupFJZw0b /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupFJZw0b /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupFJZw0b /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe /f"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\"""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn WindowsDriverSetupFJZw0b /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=3132 get ExecutablePath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\d3dcompiler_47.dll
| MD5 | e32a10b5b2b577e36ecf14bba343d5e6 |
| SHA1 | 933491deccc4e7d73bbb62160c51f84a0a6d4128 |
| SHA256 | a34d29073217e4b77d7f5dc49302aded1a91e234ca192af13332aadce3b24839 |
| SHA512 | e4a37568451f904ef8bd0dcd61502f43e2561ca7dc65c4f4cb317ff06380a095cfe3b93f954ecb1c462620cb5eb85bd3d9f85b007b85f5ec751b6288299cd185 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\ffmpeg.dll
| MD5 | 9665e264766df5fe30e55898ff7b3526 |
| SHA1 | a7d510949b03cfce98b5e17777a281b18b895b50 |
| SHA256 | f9d6234e316d8ce8808de3c7bb7b52046e7f5f194afae2c3ff1b9f6361059452 |
| SHA512 | 24dcd5ca1e8626e0ca18e7afcb48ff06bad6f1645aa69d84336bb60fed45b71959c30a991a8d2d176bead5809cc242835ef0537e058c2fe639f4258916987e36 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\GalaxySwapperV2.exe
| MD5 | 8fe4b571b4d1d9ebc99f22f9b14f2001 |
| SHA1 | 72114b6ee98addc1fd7a58b88202f9bf1202ab73 |
| SHA256 | 793f41c4e422f35d68bf6cd3b5915066ec0355a7f02c891b5eee96169d9a678d |
| SHA512 | 4aa04253233efde9d0c8dbeb19f75239a7c36345ec6ee353c11c5219195c7409a50d7904ef055d15456b0c45c9a3219b686d0d7c87dc45480b9e8f58760cbcbf |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\libEGL.dll
| MD5 | abff041fbf78c5424ae3ce0c7b4eec5f |
| SHA1 | ebe1da9e4fa531259c58894e7175b0083bfd58c0 |
| SHA256 | 4215a83013086b0ead2af69d299d9d99e121cde102128566ec467ccfbfc6c4bb |
| SHA512 | 4cc4e274def9374bfb16a01e0899963a502a7726ad8eef0e4851642d76948ac74449505f410000ea65735daca2bd67a8ec034e8449428b3b38afd9a11d78ba83 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\icudtl.dat
| MD5 | 017fa9c05b86441b15fdd65a132673bc |
| SHA1 | d51507e2a5943f8c5a621e4448f43ba8117de4e7 |
| SHA256 | b9adddb5e043239d9e20bfcc8a2e38a2606e09b0e714007ff6426d7b697cf408 |
| SHA512 | ee64f9664c73f8f3e612c1b0e8901ea25fdfefb7b9f32f4e0536813715f1d891347fce2ec2be7ea357af27b46d2153bf5b9a6342cf053ac5836d319b323fdb16 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\libGLESv2.dll
| MD5 | 246bb822045e8e07075eb4a10147c5b3 |
| SHA1 | be85355f44fbeb468fd047240cef9beeaeee9634 |
| SHA256 | ba131bcb1192c2bf0c333c19533648abf8e169f9541f158b8d967fcecbba03ba |
| SHA512 | 4f7aabaafc16fe5fdc127e8a761c91e40db47f9fe2460b256dd6eb23e16364782ac96fbb569d5697e0a9c626c0d79a79a94a39162bdba9b97ba5b018758dbd82 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\vk_swiftshader.dll
| MD5 | efde1654f7283fcb85286386146b68b6 |
| SHA1 | 286f859956f03bdc7409002e08f57235fab14169 |
| SHA256 | e7fd44cf1d5461817127cb2d3c967d4aeb06dc8b6e8efe509aa2726ab4c127fc |
| SHA512 | 5ce8ca9639ec281d72e397d72c7a58062cb0ab63133471a66030d61e0c49d07d18b7908fa13340bd1167fd6c5c74a19f1eb0ac25d3fc1eb38d7063e8d39b6531 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\v8_context_snapshot.bin
| MD5 | b1f7a0fd969ffc754e26df3aef375741 |
| SHA1 | cb687091aae12b697d0f3972515dbf3b6a89aee5 |
| SHA256 | 542d35c13f114946c31b9782fc2cb6043bfb7c8b4024fa42e537291eafccef0f |
| SHA512 | 21dbdd39aa2d78fee7c3c73a42a8c34f3493a3d8c590c62a819f7f8a4910d972edf4437765ced0217d6ffa77ef73602e4116be9a4692b9c2c641862827ab8196 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\snapshot_blob.bin
| MD5 | 7f8eb26c51d3b294f78833021360ef50 |
| SHA1 | aad6846ceb51d93a327d71e0de642825a579fab9 |
| SHA256 | 0a0245a0bf383392be309ab1680ae0c9b2b529d6ea58692e00f0c45be09c42f1 |
| SHA512 | 2414a839e695b0f19784ba50e7439e58a09e9830a37556c29c2ae68e7ac6276a8660c99f4995ce3905cd67cf969fb26fb84f4da2125c1cdd6200c266052fe295 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources.pak
| MD5 | a2584f1ae93104e49c10225d0ad8a345 |
| SHA1 | f3b7a4d5aaac0418b3deebf1a052f7e3dfc610aa |
| SHA256 | 3196b1b13c9d695ab8d64d3eb24eedf73032bb87f689f8cb2111aa086ae2fcea |
| SHA512 | 44009298275e2e01137c13efbde37ec5431e12af07467a39d1744697b84f08248917f9d5274da8384fc7fb64d380c092ae581d795acf48813978a60fcc569e32 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\LICENSES.chromium.html
| MD5 | ec671de48a929593d65c359db4b13aca |
| SHA1 | 01f05dd16eed482a8f43d36e5313d6576e172732 |
| SHA256 | 227ed10d7755248078536adf64d57c9b6701e9d8b88ad6deccbdb5e7bd3fc893 |
| SHA512 | 6b11c3b88a4239d885a1e42607ef4a37cc150e779a1e355abe11f1c7db60dff17e6559d6b5d73673b31d8d193c98ff920d370f7f2a053650e1d426fcabb21959 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ca.pak
| MD5 | f7b33a51d3e32bbb732a9c11c1783cf5 |
| SHA1 | f219a81d39360a1e6e8c9f7b50a220b556594ac8 |
| SHA256 | 5acdb5c9bc617fba554cc3125c9509351538daa32c22763dcec1147c9657af78 |
| SHA512 | bfe4aa7242d666a374fd7cf314a9ea5ca212c5859e531dc4a7bcd562c0f8cfaef5c39d9974ae3c9e25c0383c349ffbcd0213d9a06a4ae0df5fea1d35b2eca6df |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\bn.pak
| MD5 | 5bf255bba43c88d7422efd287d9eaa3f |
| SHA1 | 2c9e1a110e3f0dd40984e3bc98f628c93ff57ab2 |
| SHA256 | dd767c50f234926f364c7d0d3ea60427509359d404972d5e6f59671ef89fe3f5 |
| SHA512 | f614d6180b97da811c5aaefb93494642931007cf6d72fa16e87b20bf6c84c78acaab9cd3cd407063d084c441069f99e98b087811148d330fb452e15516fb20a6 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\bg.pak
| MD5 | be18e246fea4a8d988f80159f2a50eaa |
| SHA1 | b8a4216707d47e1002a55f76526c778b8ee7e84a |
| SHA256 | 2003141371a2d274fcf3816d7de4e4e479641d363b6fce6092bf7e29d6364f92 |
| SHA512 | 3dab7e1e3fd9f0939a0553fa049478b742adb7747e5633c7aedb6b3f74d6f25026f655257bc30fa89bae2f6eaf44f81f73f57f070e66ce267eb96edf10446cc8 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ar.pak
| MD5 | 59890b3c38a6d69696014242c6d28068 |
| SHA1 | 750441fa38f59426cb30ac7932d487e8535ece57 |
| SHA256 | 92af511f791175dbc9f262ad3caf2ca8d989736fb4c1d477323625c2e41259e0 |
| SHA512 | 613602ab12a41c15fb4f2056a009dc7213dc0999b3cdc4458a1e76ec063027155ef3f2be97a6a47bd4d5002069dbf76dcfe5043303818e35b9e03b3a3b4a5820 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\am.pak
| MD5 | dc4811667d35a61f9ef5076fad456962 |
| SHA1 | 3f10589460d395084f5eb0b58c62e416a4986ce2 |
| SHA256 | 00b347804ebad0437ef2cb186ea2025d38195f22d39a24dbfadac0ffd1ab9196 |
| SHA512 | ee459a243a88649c9bbc22da31e6eadbe50ed78ae9e99e6f01fb2d3e5b3185d3d7e130543de59225e03b85583e0cd777b31b7554f2d06ca963eadd5c157f1f70 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\vulkan-1.dll
| MD5 | fa8b904ca8806616efe808085b924e1b |
| SHA1 | 2e0ddc360bb1e4f42e0d6a80e137e455f992ab5b |
| SHA256 | 235873bf196cdcee083c6d4bf93bb85bd68c990bcf7d106bf26cf1e490f5e10b |
| SHA512 | f3ebe3bdb325f0b911923d8f51997bc5447551ecaa6d4ed14e1d93f69c8f3fd0fe2679c9428177ed2ffc3863321a025c755a15f3f19d54e0a2f0f7bea9ea9a59 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\fi.pak
| MD5 | 542587f564a1c1823bfdd1a00e28d74b |
| SHA1 | dba74bf8251470d8a1323baeb0f6bcae7411193c |
| SHA256 | 1c6665f5617aeea07447cab2020b2b6564a6439aef69f6f11f665554710afa76 |
| SHA512 | 9018c93179620e21350ecbf3c5fe3012bfccae90f0ac180cbcfd192ea3796990cea535137994881bd0aefc362711c133cc77dfe8d35fc90b4ef94e1201492fdf |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\fa.pak
| MD5 | 0a6cbff531ee0d00c8875828c7036f23 |
| SHA1 | b109cac70ea1290f2fea27a1926cb1f24cb24a7d |
| SHA256 | 3156d85c9b2154565d1f7a9e13acb3fa1b3fed0f3c8b00a9e99312ad4d9fbae7 |
| SHA512 | 1b6d2cc0ffe83097fe4a4df509a69fa5e700b7554bd9e230892fd1974fdd1a8a0d521fbb28295b5009c9adc737385f396b5d307b4f90b995944b5f718c922c5b |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\et.pak
| MD5 | 09da98bd1c63b373b518549f23d49749 |
| SHA1 | b2fbdd2dd5874839a582665ac75832af033eee63 |
| SHA256 | faa3aea8ddde7b2e857cbc04456e72b3a2d57d1e45b5f8cf7c0410a487d12600 |
| SHA512 | 82aad23091eb6c5f8dfec483faea789ad0913c60c988e4c922e8f22212394b90cff969f20c2ba3a58837cf69c51abbe713d8dee3e292eb33bbb8e0be8710c206 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\es.pak
| MD5 | bfc9d682757ce53ebb5ce6b57665334a |
| SHA1 | a405b38326eb8cbce2f0241ffa9c45a74dac17e4 |
| SHA256 | a7120028ea9ac01925a6109af3bbfaadf1c62dc993c8a92dcc5ae247fce5bf96 |
| SHA512 | 3f4d8754c4645246abd214caef17328598d91cd0d222936843f2e325770780d905793a96ec40ce73c8f97315b630174ff85f658d4fbfbdd581b4ebe6ef33f6c5 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\es-419.pak
| MD5 | db0e8ddc7525b3cc283c6d7fb4ebe38e |
| SHA1 | 19c93df53e6ba85d36d9b6b8cf5a19ac3400a847 |
| SHA256 | f1cf476a5a4c9293a2910792510ba596c9bf292c74ebd00cbe698df0adf1caed |
| SHA512 | 892e03616b9bafca4f1bad77e907c7dc0dd78477ce10da0dbff1b4cd85c80d130b3daeeb4fcf804818832063f1a9753831115b0999a8a527e7a57f278faf59b6 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\en-US.pak
| MD5 | 488414d0f7f000dcb2ae9d1417dd4819 |
| SHA1 | 285d408ac1570344e325641db37b8896ceeb1eaf |
| SHA256 | 23bfe80f78fe64c5e20b0052c86743536726c97936571de87acc36f07ee3e461 |
| SHA512 | 9908d2087b61c1afd89b5ac4329ac3330d8008336ccd7000185875dbb537aee5308f14d9286114b388f2c1d7835b10c127249dcc088414dada9eec1dcbf6567d |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\el.pak
| MD5 | 1c33df55cf729a4a13127054729599c7 |
| SHA1 | 55a8b5e2dd65a564132a12ba8b16ee38a511ef9e |
| SHA256 | c2e90fa5708655255378f34fa97e1d19bb112dcebf3149e00de07a4843b10610 |
| SHA512 | 32c670301ad817493447904faaa6e30e51d1951048fa24a685dc1014e68ab6b9f561aad0aa45dc0d71d91ff16d6d74c482e37d9278a324ecdcd301af9664433b |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\de.pak
| MD5 | ef70bd9336ae5862c2bba6ed84acffcc |
| SHA1 | d4cb4cb029276d3b18e083ada0685af7bcb4d557 |
| SHA256 | 363286e856e15fc90501fee60937a34c2f03af08a7dc3dc1f7856f89f4c46407 |
| SHA512 | 871f3bb3f8ac7979436816ce1f01394eeba6c5654050335ac95173efcdea2f7977d33ef88e22e81e303af77cf9389725a8380c2017a6a83ea9112ebbc3d78790 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\hu.pak
| MD5 | 19f0d67ba565f0a3efb86ac8843ce9ab |
| SHA1 | f4285b2e613cc1970056c30676606b8a25a47ba9 |
| SHA256 | 2bb8f81908d4e62f41063027aefdff26996c506d6c593d25afd68fab1158042d |
| SHA512 | 07e62cd97c4c73549184c86e3280002160022b89fb69082153779fab236ae8f68a5d91d50556b3bc673e9fd7c978e2ff1c63b0796fe592059ca9019fbdd218cb |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\id.pak
| MD5 | 6c0476689c4f2318adc304eedd19b463 |
| SHA1 | 33cbc905fceeff0601c677e24cc161f6b1b0d809 |
| SHA256 | 64bf8febf4848e452021d2ed8c36b85ca9e012f2ef3d887d7c3de99bcb8ec74c |
| SHA512 | e64fb1e40d296c91552fe8de71b6177c925a33d95f6a0e13848383742d54b5ca201e99c032019aa6d84832ac5db7ff7781ebc6eed96f6851b1338bf7c6869dc4 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\hr.pak
| MD5 | d44fdef9e76525c08452ed5d6940aa42 |
| SHA1 | 6e52c2338846c29c2ef4af239b1a5c5a70401a8a |
| SHA256 | 998f2448c58c0851f1e9658849e2c8e5eb437d19051b53c9a61f4581af309770 |
| SHA512 | b6b084214d92363e01654fe10254f5515e413dca27a643410302358a58e105e37fae3a45fb6b3482595052663d60ba389520d1f4de4976c16f6952b12a84a8dc |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\hi.pak
| MD5 | 527780cedbf5ebf5db93c4aef9108628 |
| SHA1 | e47c4e7d049f016b6638d4e67341f71a38c97c19 |
| SHA256 | b5aff145e1392bb986960612fdbabf9d1ee3d52e23ed145718880e7326afad18 |
| SHA512 | fcdbc6b2df201920619ae7f95997f306df65b553449cdeaa5d5f0750c4d4b15c0070ebeeeca563ea09b965fc0adaaecc814017a5cb4b60ea680791f7164af4a0 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\he.pak
| MD5 | 71f882975d69c50d97503bdfa52a9c57 |
| SHA1 | cfc4f778620052647e4dce68ee42435b9efe17cb |
| SHA256 | 5163ffc9522f52b9c2d4e91c8b4027900e67b988653086b6d109ab2ea811e069 |
| SHA512 | 4e161809077fa8454cb689a93e20e0c9e421dd6f9fe65539396de4134019084ece58b956ec20f180aeffb584c4ae8e057a0c4c782080cddf6e78ea4752b3edb4 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\gu.pak
| MD5 | 72db0fc7b5456c88fce2fb855cddfcd5 |
| SHA1 | e89ca15c3e850b77da6205f44ebd06910129a854 |
| SHA256 | 93cd990f288891e09ebde2f43da96b9a9dd58783d767e262c37652984e8d172f |
| SHA512 | 7bb6b880791a4d2f2e9e631c2f6f96fb83b7ffe27ac0746cd09cd4b963866abcdfeb746cd4c4139585ab1db7bc123a6c96586d20f307a194b78d1e62d20b034a |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\fr.pak
| MD5 | d77cc5b3a9eef858c0d71f1020904d9f |
| SHA1 | 9701c8608b6cb3cb9891aa259d12cb5acba21f88 |
| SHA256 | 90cb143f0d8dfe1ddb318413cf3513f93f505a8241349518f9e41d320022d4be |
| SHA512 | 86b65da19728a2b6b4f469b2ad3d3e98cd0b026479c53eca3da3433b224f46728ac810edbd6e55c9d3a4785fc26aa33735cc9b250448b11bfa71cfa998af6080 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\fil.pak
| MD5 | 19d24eafda16fe774aa15aa70a60268d |
| SHA1 | f615fa4c1a800c397529705be3e3fdac90765aca |
| SHA256 | eef7cf0707b06be9e0f186f857b4316ac7c0e9916a39b258d292b01789eaa16a |
| SHA512 | 251f3e2a268b19f1724003f150a17f6572a856acf1560b3a94baa305a3534d1a40336fa75d33f41dc9d73ea1e52859906b66609e997fc3409249a651cbf89e25 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ml.pak
| MD5 | b9df755aa732ed4b39e8f2882608dbd9 |
| SHA1 | 1b6dee18da13c50e9ce6540b08c6664ade3c0b46 |
| SHA256 | 146b2708ca90f89a844daf833d01de96d5a6332225b9d3ad20ea6cc02b2ecd7d |
| SHA512 | d9af405c074cd7758045f59cfea209fb19060490969fb26e10b4d484966e9306ba7a3ba21195729af69758e3c4a594252899f702ed235a1da397f80ee48f5f83 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\lv.pak
| MD5 | 337a53ccdd87fde67f3dbb60d1dd91fb |
| SHA1 | d21af54f1506a1363b134761321cff84227a81a4 |
| SHA256 | f48d37352318cc367dda6de99b06ba2636a1d4ee73b6aa206954b0a37404f665 |
| SHA512 | e660505a437d25a47f4285b20e99af314fdc494b7070499389d3bd2189595c6fa253fee0e8bd9bdf0581213d7ae45637f3783b0206810f418427030449c4f4a4 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\lt.pak
| MD5 | b0bd397a8d848e45f3eeba20319e59aa |
| SHA1 | 643eb84f82b2a3d69d934ae989418b266dc1adcf |
| SHA256 | 012bf4f874d328165a471358652902f3c4bde25ef02cb1b8c367cec431c94a82 |
| SHA512 | ea18e23f794b8703777f3ad692516341bf9a26d7307754a925eb4323657611450f56d4e33ecfcb6b8f571b28b1acc3530b2b4e9c02386fd5464eebaa2457063d |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ko.pak
| MD5 | bc657ffae0c19d53c209759db483328c |
| SHA1 | 20264cb118d02fff6ea36bd7554c2c1cad3114db |
| SHA256 | fa7b05d1fb196783cb324509bd9286afac4972e8b12128b90eb0335076831eea |
| SHA512 | 9295b7232e3b08d52398ff545f8899a94c0d8fefb557acf9ac081dd56371a8d6828f4054b0536393fb03abedd5a78db80b8d30d8864bd491386f36e069a979df |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\kn.pak
| MD5 | b87f395fbcde7982df162b0ed6c6564b |
| SHA1 | 7357e82c40141363f3a566f1b4eb9a156a7c0c76 |
| SHA256 | 8b131a9e49b4c6e726f444fa7663a7153f0b20b24b823b19c62cac2626c61565 |
| SHA512 | e7ba68bad2f9a096bc46aea78b3ccd4a87e4a6f5e2d0cdd5c9df43ade17e4e71bf69c5cdffab8399224f7ec8ae71269463e659d7f8649849a8ecab7dcca1fb59 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ja.pak
| MD5 | 65a1423af5ffccdb80c424605620d9b1 |
| SHA1 | e210ddcf99994add81d9348d05a5327763c0788d |
| SHA256 | 055c1eacfaa8409336a411977d4da6f9067d570235289674f02e27398e1edf26 |
| SHA512 | e656da4b9242a7ee912aafd09c6c09c9ed9498141a71f598778e0763385ba0c5f7108355ce4f814118f6a5c6c1c96896f0f1f850a092192941ab698c73ed9683 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\pl.pak
| MD5 | 9e2de6b5009b40c72eb8932d711bac92 |
| SHA1 | 56a0aea6539699d6120bade928df08130205c0fb |
| SHA256 | 443b9cc0ea3e0dd999a205d08e79489ea8c7167c2a9fea9800d39c4cbbd91e90 |
| SHA512 | 0aede71d7369cd5b6d36b938827cb11c97ddee73c6e6351a205e6aef6e4f377a76eacf4d6cfed8b7e17ff129b7bc2243a66632ec67aa20668238605d8a6f29a6 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\nb.pak
| MD5 | 9242234d2974cea9c7994c0a21767d01 |
| SHA1 | 249b6277062c0dfb66d735d7d93664a51a14e02f |
| SHA256 | 26af05118d09b5812f149d4f47906c63eef2ea1312f830133bac12dd2d192d09 |
| SHA512 | 0a8daa683ce84dd7223cd1b4f827b3c41dc445ec714323bc1da8f68218ff0ce5cc36a05783a991ac54ffaa42ae2cff289a39a9acdb61d6dd3eab9dbfbf83acc7 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ms.pak
| MD5 | 3f167b00cb563d2c015c67fec11bbcea |
| SHA1 | c3a77459accf4778fd05a91bbed1e19a40b0e48a |
| SHA256 | ecea5c1db547db33ecc9f0938fa7d9a0522524dbf73584215b089ee491f2441e |
| SHA512 | 5068b06d8b78455db3c1070487a55e10559155be6fba7ae793083efa8518a1977c3ef6ca6b257148e462fa660f89a8f54dea61f17abbf36cb6cb4bc67316eb34 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\mr.pak
| MD5 | 9eca06ffc201e3df935c20ee727cae1b |
| SHA1 | c55b47458ad4359938b8470dedaf101092ea5f60 |
| SHA256 | 3f3c76081e15a7b99143c5789af8a09513482be3fa8307cd3a517a6aa574a9c3 |
| SHA512 | 03380b1f2f3c703c0658ecf9bbadd6a5edc29fb6775d1dc9c526aff0a3f4e5bcb5b01a9f8ff146c37ed1dc1dfcc913345c946bb331d6d96f0c5c5ef9bdc492ac |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\pt-BR.pak
| MD5 | c9b6929d9081fcd18e6f93dd47cae9fc |
| SHA1 | 8ead20aed13f3c3daa82380f071614aa1198db52 |
| SHA256 | 270f2dc067c9f5b316f1f5ea66cb038c31f039b4ae62a7e7b1af8b621d1b9338 |
| SHA512 | 206077513abf3147b6ad31b7c2b7caea0f2bb83b7978707cc91973bc1b539a5a2991ecb682824d1fa8d53ef1aef3d28dec28805960584a91922b3c7b562b98cb |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\th.pak
| MD5 | cbe593e6129d0facc64b23d3cdd741aa |
| SHA1 | b2ab64853491b423392530de3fac88733d977d99 |
| SHA256 | 7d597f74e181e3fe28b204b6471d9b8e77315feeb1c861e4387a123a79d77a9f |
| SHA512 | d8732be2fe460331904daefcda34f13769f48b125ab104ac64cb01ebba4bacf0a666d0cf5ce8531985da6c74a88144e71ee2d56d44a39eaf045d3f63d133e733 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\te.pak
| MD5 | 80f78a18a5cf28b7dbc28ac57f940aea |
| SHA1 | cce71bbd2293989d7c84c042946a3f19c71ba063 |
| SHA256 | 4e13a79b177fa2315d44738a2dcc11b6501706f6883df2e7a6881917f98679a1 |
| SHA512 | 7c76bafa586d1746a589e7925ac5e6ecfa3fdf652d00aa7c94bc9fbda4c2baaf556d60f063c46141024177d0b0fd309b4c2b9dc5e1290b516a1dc94bd6245db4 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ta.pak
| MD5 | 55bf48b63aeb01ed61c7e222e312c332 |
| SHA1 | 98f84f98aacd1f89825cbb267e8e773be0038205 |
| SHA256 | 95afffe6a3184708428a7746af2d8c6d0b4a54da39ce6bf4851ef459530dce10 |
| SHA512 | d5b5b6791c6d2c00b51c10c502170f88c59cd29c92b03cf64e20b468b811b1b65a2160c2b5020d973e288f4d4b987fb0140576d998007fc58cce234e19f621e5 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\sw.pak
| MD5 | f8f611ed575d2807573f5af8157e84a1 |
| SHA1 | cc328ed255ece400e961e8228f5c05dc59e6962e |
| SHA256 | 130e815110642b2533493cac4a5409cd73e065b4979bc4f6837c3656d4ea1639 |
| SHA512 | ac3684094f09a26a892aa0d599b10819056286bb6ec5daa53c6e129462dbf5ee5823dcf1cbd15f5a20ce266260c2689846637d28326932bdf80a0d57e51be6cf |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\sv.pak
| MD5 | 1e7e94ff2df01c6c75d518d0ff9ef373 |
| SHA1 | 1164ef9aad44b51d54ed9fcb9a6ab804416b2ab6 |
| SHA256 | 6ef74edd0f3a39e1b4360425a07cf6f6e685535bb7e742ef66003f06e29f51cd |
| SHA512 | a86a7f0a8ec2ffd14d4603ba74db2bd71b058d4c3bf948ef607d5a2b302df190d09ca8f66ad9e6fd1d3c3af4c50c5182a3a37077e5f9e7448a4e95bb176fd103 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\sr.pak
| MD5 | 0e1f2258cdc234371e344bf7fedefa62 |
| SHA1 | 76f8353b1f750bb23368817b4976c55ffd79e353 |
| SHA256 | 4fbeae901b1899028c954a2b22d016be8640becd056d813e2b534900a8df3157 |
| SHA512 | 8e9056d894c1492b988c27c0b71e67e96208e0c07b981a392721c5965735155aa346a87318f3a0f9f25737c52b668fd1ecc8c925c8e26a4decb1e6befe8be31f |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\sl.pak
| MD5 | 4fc2b83dd1dcca7adcf20f73716f5017 |
| SHA1 | 85b96547722754a27f1f0dda2e0efd3ea1f3fcf0 |
| SHA256 | 945ada1c7bb0c5b3bcb1c0042fc9f4743c1ad649fe09b8f1fcacccf81a82f5a0 |
| SHA512 | 953d5781eca370bbaa7431c828906aa3592d1f94adc213b1970aba1b4ec49655083bc707e1389471e4d491eac342e88cf48979d103fc86972dd5b39c112663d5 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\sk.pak
| MD5 | 7fc41c7ad3b29c84a5ccc7b3c708e5cf |
| SHA1 | 10e8db5f7d9eca9c15516370df72afb850f2dd8f |
| SHA256 | 249f8784289be6e6c9f1fadc6d719846a69d27888054e3e4665f2edcb5a033db |
| SHA512 | 5d30fcfbcedd0bb70ea61108957f30e13cc3432966f796cac266fb96dd3a4d78609e38b1bd783a8924c028d2abaa56aac291aa0f6757b0e77d41893cc17285ad |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\tr.pak
| MD5 | cc028ae17449280ddf37a5e4843bd622 |
| SHA1 | 7e7fdfeff439eecb025eb6f1996cf3cbd2304c9b |
| SHA256 | 684617b194e1f17cdc502a709be10f35aea05a0c0d4677f3fc4bddc2f9f57aa1 |
| SHA512 | 3478c5e8f3bb5395344c0b0ecc41b4444b1adfc7b3be802223105f60f4968010d8e7c4a91317e5fccaede70d85ae8f79294227bde183d4f617988a291f030925 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ru.pak
| MD5 | cd779169f1efc62237d7eb8d04ae30d3 |
| SHA1 | 8a4eb3dcd3e61be170438794e88896f911a9effd |
| SHA256 | f60ed616fb7fe7aa6a17b3aa4b11dfb3363378b7e374daa6cad4f300748d1c0a |
| SHA512 | dce4502acdbda017da9c20fc916a7084481dc563d56247a30bc8223a4f71b152c3d1a4f705fab14db6aa22a1eae7897647ab9b905bebc81c551e3e4e7ef748ec |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ro.pak
| MD5 | 3f44b20e96dcb255a92e28837be0954b |
| SHA1 | e667622de4a5c5fb21ee8994d6614a0c9b577251 |
| SHA256 | ec301c090ccc24ddee245549588b1be1961d9d7d11b4bcabddfd37f4eda82d7d |
| SHA512 | de2f0d958c93c75d8f8d1b31c1eac7f40045c8bf8215d1f1c560d3dfad38bcedb573ef23d2d771604655d32c45cdb6213fb91ab8425dcd0018f751e6f34b787a |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\pt-PT.pak
| MD5 | 18a9a839c47ce698a547d8039cf29770 |
| SHA1 | d86163aed020fdd2f43a65f395e40818b6c509be |
| SHA256 | 49c8dea180854f256eebd7007a3507a1125ec39f56681c6a6589af8873542dfc |
| SHA512 | 8336054781937458a56b86e9d9c44d6f5bd86c592e22104e97a964999908e0e44cf1b3ade67fe5bf72fb12003fb3565642eca90ed47236c753a29b7c3feb9330 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\zh-TW.pak
| MD5 | d65f9d6eb0d1c6eb14b494d93d9ab2bd |
| SHA1 | ca835746ca005a905ed9be4104085dad58fbd33c |
| SHA256 | f8a74b84bab4278baef9f01f93a634b2231683905bca73ddbd7825885c8951e0 |
| SHA512 | b5c8a2f88643e49f9d210ee67b117e6447597527e81bf8f4dcec97aa398f68b1793fdda166f2ca2dd4f3ab64b8a4c292c8eb197a28a24cdd13ea33ede06bb3fd |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\zh-CN.pak
| MD5 | 8364b32e73c8f1bfa649296d369985cb |
| SHA1 | 5e943a0f38d9e8e7ecca46f88a91f3399e8a824f |
| SHA256 | 802729d656e7eee2731d2290f2a9daff4c21dcbbe98d616338f3a3a94474a26c |
| SHA512 | 2bf1572b1d9b27fff4f9eeee61590d7bad724233cbf9d9577af5e350662a7606fdfd4236296037287432ceecc9a20c0fbbc40cd95d54222c7f9bebcc7576c6e2 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\vi.pak
| MD5 | 6b28cae4e2c869bcc1172d47f3b4d8fa |
| SHA1 | d358ca4c288145709b5ac20aafe71595be28d0a4 |
| SHA256 | 7b4eaeeb06bc3f30d9202d0d6dd22a2c86f2a433ef25e7923a2999cf6623b124 |
| SHA512 | 387e2eee1a0d09e68d87e4d41f7c0e77375a4e79f0a5ae910149d4aa6ed2d6c53beb7b2704d94605eab9a34707659c10ad6476cac8c63cf2713f27265e7ff3ce |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\uk.pak
| MD5 | e1798d6182aa4de2fa74262d19cd9c9c |
| SHA1 | de557f946b8200027bde99844a9ac353c7a48836 |
| SHA256 | 9d3e8c197abccf8e8a1fc54a628e95c7ae820bc88b825829be702f301a326bcb |
| SHA512 | 22c84b24d0da28777df4e49d62fcf7931257031c978417e84c23ee72bbb8fb0152a4d4df77f8ffa99664298e2f1e183f92ec57284d72a1b70cbc66ed09b5b6ed |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | 9d1c7d25a07f03dfa7a8425d7ef22ed5 |
| SHA1 | ef4644819a98624100d85c9dd698ceda6cde9f93 |
| SHA256 | 2f7c9da9d9fd30db19d031d18537de552cfaefc1dd718bbe92d5207ae3ff3e77 |
| SHA512 | 89aab8feb01ea8b82e7223309f6670ec1c1a46310a16bf14464cfffacccc069b2a87dfd524947e95766cec4292a5287fed7c5980584f84fb10ad83647f0c318d |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources\elevate.exe
| MD5 | c3f48ef0f52abee576650fedcb2390ad |
| SHA1 | 1d25e9e284c85cb55245c80490accdb0da32b024 |
| SHA256 | 075cfd3ae537860e7b0a7cf4a9fd579135ed43762a273051316c4edfcfee71cc |
| SHA512 | a5f9337335f9b082059c0b451f1d3b33e53257b8e1e793f18f72bec1d2fcb5f5c5330159d4aa23d424385003060c0a6761213813fab78db761a3eee1a622d9b9 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources\app.asar
| MD5 | 236b8742e516b8e74240d6d9efb87cd2 |
| SHA1 | 1f75db6cd0d5c9e06086b66ecbe9e6ab46d9f970 |
| SHA256 | 83c817017855dbaab80eeda252f8869c4d2d98b6d1637bd59feabc2ca912b5f9 |
| SHA512 | d768f3307d26722f445b5734f44923492d1c60607d23a239ae796bd3ccecc5c551d109d5f2903896a8f1e782c5850651117607b76c952c0184aa0afa8ad9761d |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\StdUtils.dll
| MD5 | 971cef820a6cff849b07f9c7520cc938 |
| SHA1 | 9b95eba2bc646bf5a24df54b75ff6465919f6b83 |
| SHA256 | 2301331af81308d1a8f5d82ea26845dd2a1225160fcd0f1f69e38f6aafa64c75 |
| SHA512 | 9ca971cfe4a54aa3072cbfedef53a2c87bf04d7532e31456aad2ccbabe54b9844db69f3aa6e7a45524bf4ea427e6dbd1558c4afb58c78d2ba3ac003ccb0e4d1b |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | b11590f9fa59b203db9f13e60a1d068c |
| SHA1 | 3924feecde85f95310ab5a77e2b014cc783450e7 |
| SHA256 | d4c79972bae8aeda98b8f86797252a20797dd1dc754af65131d5c2c5f08cbed1 |
| SHA512 | dd6fbeaeac1541145ba07fb57e4abf180f6c6fccbfb5ddf201e055d39189430fca23bdd6037282bf6fa5e686dca688f45d3b4f78a0982a88ea667a93d50711a2 |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 2846b51d32455c8118ddc00dc87332ee |
| SHA1 | 17df8c7cb3782dafd8e9cb451a2e5ef1dcc246fb |
| SHA256 | 75e9b0cd7103523a1771d8b10932a73a5166e0f26de6f8fbeabfe3955ee7fb88 |
| SHA512 | 8ab00ad17986cd882af4b2c6ccc396685e61237c5c04e8b618fea52454fda568788fde06df9b32be5aeafb2fb75c90b08dd69062cbe9bb7fbc0847a9954d6e1c |
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | bdec2dcc14f4126e0be3a0a3e07f86de |
| SHA1 | 37385be24af8251340ef49f4464aada7eecad1cc |
| SHA256 | 75d8a96dbba4dd12f8ee8c8bd018f0d62fa304cf47db481482ef52591e2afa49 |
| SHA512 | 143193648c9a51d218a3334c85244469d05ec6b2553b3b0d7642b33fff19de439cc390b8e5a0422019bda1f2319ccff3d2e19397adb4713da06d8f69d84a0cec |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\v8_context_snapshot.bin
| MD5 | 0cf49718e2e4b5f5516b499417f505c5 |
| SHA1 | d8554366fb1086668779694b4f7a389bdc0e5e38 |
| SHA256 | 3624d6c92859fbe7dfe5f328586f4a6c465b200ffcd98a0034b0400a5b6f292e |
| SHA512 | 4ffd7c5ac4f4d78f7c054defc513939db4dc8fd689a668a13d57e5aaa351a95aa4001b183fb33b03992c4e9a0a1f7b5333b5dc2e7ed1b1cdd385d79294f845f3 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\icudtl.dat
| MD5 | 9bd7d26a7af5d4480c462cbcb99f1d88 |
| SHA1 | 9fe9d92bc2d862041b58eb83dc08fd69eb7b794d |
| SHA256 | d1272f5308990559b9d3189a60a9dbc006e30f78b23dc2c7eb4b29082918ed76 |
| SHA512 | b7897ed1853fe074b62614579e5a255886fa6975a5d411b0ff97af200596d91747b253e5daadeed5622b7eb577547da88204a827751df9b419dd62de69b26278 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll
| MD5 | 19419c5867af8de22cbc41b45feb1ab0 |
| SHA1 | a038f7dcebf3e80ea53b134f2fc01a452f5ac10d |
| SHA256 | 3e70c19d8a34a6641baa817926c51cbb6844d5db9fc4a3c6b0faf674ecec4f6a |
| SHA512 | a42c3e2902cd5e880ee0ac006a6b01f801fdc4bf4914fbb18702d0c39565fcccb01c46f8dc47123e9cf0b2967b871f0eff38b8d262a7eaa9ecc5c9839b0e2a7a |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll
| MD5 | 95a00c535ac6d6cfb404fa38480d5d78 |
| SHA1 | 2d9f71758d1c2e72ae1a76db6d66894deea7d91e |
| SHA256 | 73c4d805020c6a6ce948d331ecb3689c98315b415d3b2e7d4c90a6cf212052d6 |
| SHA512 | 442fdef661e8525b47268c74fda2ffb89b10f612ec3e1c5e300697eae899e1039121da739837113de291bd2e6a0b6ec7c8693735339345cedfde6759aad64720 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
| MD5 | 011970ceaa9f27e09d558da1b6e4f3f9 |
| SHA1 | 85f687938c4b69aa3f1de76c203b3766efa4a517 |
| SHA256 | 6eef9f143b79d64b821d4df1e90399541ab7edba6e9b80301ef323759e134574 |
| SHA512 | 03b68ba4f1426b4d9fe6ef3d6464032a1f6e3ebcf7dc16e1b6759429785364ae14e8ad4923fc5c60a2e5b293038f594c4490a583a101fb7c8433e66b12d0d74b |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources\app.asar
| MD5 | bcd234d5a3956500f99886f05764a982 |
| SHA1 | 3035aca7104cb14ff5551eb59e7094a729d25890 |
| SHA256 | 4e63899502078258b8136ebe43ffcfe6b816a96b94c804b2c0b0a0ca707ec508 |
| SHA512 | 8250166b97ba20ea8988489b340ce6df79c8c08afc0c4f9781989a9acc79612c292bddd7d0883c1be246e213b79ff8a3b629faf94a7178751ee7700c666cc687 |
C:\Users\Admin\AppData\Local\Temp\30d27bdd-6c7b-413a-97b1-d31275b44f39.tmp.node
| MD5 | 30e1c7e2ca5ec7a0cabbd87cd7268e30 |
| SHA1 | 9251f2f00ff0ddb918952be3b2b25813e50c106f |
| SHA256 | e3116f6212bebfc1c5e42cb94032fb5b31d694829842130540202d84a97a53db |
| SHA512 | 8f1b500ea82229ce3228727a731e169e5dff0d251f3756a2a342b37427e2ed5a5819d22a8d39a1f064675dbe87af8acca0032b6210da9a1f4508ba121e469012 |
C:\Users\Admin\AppData\Local\Temp\a492164e-ed87-4e44-8c6d-5e75463c0a5e.tmp.node
| MD5 | 2303efc3a7b37db5cb580a6d00a900c4 |
| SHA1 | 2ec524e53ffa3b75a75f35bda9ea5eb6a381b0df |
| SHA256 | 1f8be4cd7f3da2f6e53d54c5f0fcd7893cea7e7d8a3591fd95ac43a734486fa1 |
| SHA512 | c4af0a2f80a5cb5f9626d56a9e8323a36e93ed52c47fd1f13314c0a2402a517aa7f7715dd504361f7bdd65dbf8e56978f59e68a8e5e30018924cdea1451c6e8e |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_100_percent.pak
| MD5 | 2167b6b3b9947a85ffe2e46c208b4390 |
| SHA1 | 9a70414e99d545a3b269d04e8184738a29ffc676 |
| SHA256 | 76f260a51da5c6887a92934354f6562ef81ab5386da8172cc8d15be31981786a |
| SHA512 | 4e5cd237cc98135e04cecfc2249e82853ef6a60bdbc546abdf2dc68fcd1828234363f77152b1bc5ae7a04fc5533ffd5f8b145540488a2ed499ae71c453655afa |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources.pak
| MD5 | 141bc756e5d12b845598ea1d88df11bc |
| SHA1 | 25cd040d102f9944bafceae397eb583be0dff406 |
| SHA256 | 492b4738b865746edee4ee41cadc71c5e830fd5c1aa67ae467c9e5399cc42b6d |
| SHA512 | 56ef550b1d3e78b26c20ed5e953a994c9191c030078b9e362edaa7dff8d13d90f5b52e7d5106b62bb7a321a5a52d46bf2847be8c32e03f63bc36ea05bcc21c9d |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll
| MD5 | 6c8e6d02673ab12aa5f87f3a1e948276 |
| SHA1 | d06481c1105fdaf96f984455f1bec24bf982368c |
| SHA256 | 9d98d634a9ca6b1d9a85d1b0d1130c5a5e00651c2101b5045b1f2e13f84a19f2 |
| SHA512 | 0501a1332d127d6baf91226ed47475660bb561d1b2fadd93b585572e4ff96e5452572ad2f6ca19202fec16e7d6afc97a2677b101484ce48d4e6de23d0fd2ccb0 |
memory/3808-578-0x00007FFDE14F0000-0x00007FFDE14F1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll
| MD5 | e732eef51091131b58e512f48c42b357 |
| SHA1 | 164046b2a8b446325ea48cb5bffbe5479311662e |
| SHA256 | f7981a6c1fe848adb2ba02bdfc391c2dfc6722f804ec5ee4a8e2abc3295e6ade |
| SHA512 | 43ec51355424175d2d2a44c82f7e22dc80beaa597043d213189cb90e891f9da3a7d62bab3879820f044e2afaab84c43b0f4f5adab352e28ab49f0a374435885d |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
| MD5 | aa8542457941c501f7c13e7d4b69c85d |
| SHA1 | 1963b1bfeb820735a29e4176ca91e8d177792dfa |
| SHA256 | 0aa99773334e132e73350e494ae643f816d073907b0643166b04ef1467fc9be0 |
| SHA512 | e6922963e4c030ac32c934086e6c96b44cefe438413228acdca575efe89ff01128a0717a77695a6e8fb824c7702365cd4ea2e4c8638d27f5f165e0ab8be38e0f |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libEGL.dll
| MD5 | 46894826c99929733f0463d04d508464 |
| SHA1 | dacf35683ba5988cdcdcbbbb02af9afb96e2be32 |
| SHA256 | 8182b21ad32fb3c0a335183b3c1dbb8066dd8be915030b8a48192db18fcc29be |
| SHA512 | 8ed0b6806e6e2a9182b133848c17d1297bdc61efe7be246d8d93420fe44283e96a194d34f7f5735be4b8fdffe20e7ba6bb513d3606585f49f6ca9546d86646d4 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libegl.dll
| MD5 | 2d31b806863aaed87be82d13c52cfa43 |
| SHA1 | e4adb38c965f07507505f88de982b22f574c849f |
| SHA256 | 80e13b6822ba82dc7cba862958a1e2c1ea3932a40fef2f65c413a6708dff2a84 |
| SHA512 | bcbf71e67a0908f770f0b60665bd89716f91875846d579a2bb68c649a4e05e7a9aacb3af078b4e12899a0eaae01290e2a519859ec1749e0535422f813ffe6856 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libGLESv2.dll
| MD5 | c2c36412b5a54d61cb4a61e7f29f8f02 |
| SHA1 | af5d76b5e5233f90c1765341d197f569244bf928 |
| SHA256 | 3635f499df211b1968ab0f5d89f097ca2494275eff854fb51584a8f9594d47bd |
| SHA512 | 504816bace02d91cbc6bdd8c144f192e1b7d87233c6fb8610bddd602cfa8c9dff7a6b0e416a8cea1199ac490c9dc9ac1088c8e98f14296d1889c369f1f957945 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libglesv2.dll
| MD5 | 0e335b487e73dcb478602982e9850918 |
| SHA1 | fb1475a73cde2b9d784753b5355c1f6f8f9af2f6 |
| SHA256 | 102cd1c8680b377e1a399953e89c50176103120d212698a20b972b1862b63fb3 |
| SHA512 | f51ea08c50049c8f46146fef272a56b041e6ece768109b8578cb5d9fe09a4e7e2aaec55d9c9f981cdccaf52fa2ed8a0e0fefb3e581883aedf703286ed919ee29 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\d3dcompiler_47.dll
| MD5 | 32222062e7d71d7b626a87b1d200db6e |
| SHA1 | 765e6ff92d382ce07b7b07db1d294c71b0031cde |
| SHA256 | 3211b45bf248b7e77be492d966669735f69c5098d6aca8f95d720a8f6feb6a95 |
| SHA512 | c9ad5851d08943ace46ef66edfb204af6adf790580a5b2c090f79b713d289914502f9cd3d794ac6d13da84a82765cc02115ad0a009639d44d34fc361d04f1e8c |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\D3DCompiler_47.dll
| MD5 | dd11aa65b5e86e01b3d731bd4e202630 |
| SHA1 | 8d10a5b191a5a17afc4a8d5862c53e56abb8fe96 |
| SHA256 | 700e164194deb145853d3c3f8d3c8d311a45fa69ebe910eeb9951c97197d8761 |
| SHA512 | df77c70446fa455b588ee88dab6279b4e93e5ec30860358a4a1df3bc1504831e4211730633d3e5fbb57c0107a6c07f96250016ae7fbaf6bfff5534e27903ee93 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
| MD5 | fcfaefdabd22be345f73fa31aac03bb1 |
| SHA1 | 83ebc1ee0558b7217f42ac3819a1403521967f43 |
| SHA256 | 6087553fa857bda44cb60c2801d32313eb453ba2ca3b93daeaece287251d8be2 |
| SHA512 | 769de1cd9914c9534379a535d016f0a864afc64a4779a8a4b202f7a5bc0f3eff82d76067ff7b72c5dba9b6f00367db777961697dd03574973ed3ac8cfb5acb62 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
| MD5 | 9ffcd34c1299b03eee904af62b5d8f08 |
| SHA1 | edce8b998f7d5877147f75d75b7199040697e229 |
| SHA256 | 6057879bcb383ed74a4dd31cf45841f6b7f8f380c1f7f73a800bac9469ad868e |
| SHA512 | d05b6b997f7efaf544eeccb84d26d1b0b78f49caf87fb9255af68d67642a4dbae1929eeb5e52409b1634432a8279b54398a02e63b52b5bd8f6523ba6b95c721c |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_200_percent.pak
| MD5 | 00da54e27f67c99cf78f84cf74185b2f |
| SHA1 | 7b1c2c58a906825c10c977a93970ed510e7fe913 |
| SHA256 | 8937f6f75cb137328f7801daeae8854d8f7e127ab9c5e6941bdc8c8ffd286c06 |
| SHA512 | e422d1b5d6443298a2f1917f75ad4cf3a9933a41ded38cb5a161cde05be3017521083d6fe5067791495dd946164b0aff40ecf37cb3b49a01d6c30c8c88bb3923 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rjujtgy5.czi.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2464-610-0x00007FFDBEC50000-0x00007FFDBF712000-memory.dmp
memory/2464-603-0x000001FDFAE00000-0x000001FDFAE22000-memory.dmp
memory/2464-613-0x000001FDFB410000-0x000001FDFB420000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 88dc70c361a22feac57b031dd9c1f02f |
| SHA1 | a9b4732260c2a323750022a73480f229ce25d46d |
| SHA256 | 43244c0820ec5074e654ecd149fa744f51b2c1522e90285567713dae64b62f59 |
| SHA512 | 19c0532741ebc9751390e6c5ca593a81493652f25c74c8cab29a8b5b1f1efef8d511254a04f50b0c4a20724bae10d96d52af7a76b0c85ddc5f020d4cac41100c |
memory/4984-629-0x00007FFDBEC50000-0x00007FFDBF712000-memory.dmp
memory/4984-631-0x000002D5EF0E0000-0x000002D5EF0F0000-memory.dmp
memory/4984-630-0x000002D5EF0E0000-0x000002D5EF0F0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d8b9a260789a22d72263ef3bb119108c |
| SHA1 | 376a9bd48726f422679f2cd65003442c0b6f6dd5 |
| SHA256 | d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc |
| SHA512 | 550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b |
memory/2464-617-0x00007FFDBEC50000-0x00007FFDBF712000-memory.dmp
memory/2464-612-0x000001FDFB410000-0x000001FDFB420000-memory.dmp
memory/2464-611-0x000001FDFB410000-0x000001FDFB420000-memory.dmp
memory/4984-634-0x00007FFDBEC50000-0x00007FFDBF712000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
memory/2960-651-0x000002345DEC0000-0x000002345DED0000-memory.dmp
memory/2960-655-0x00007FFDBEC50000-0x00007FFDBF712000-memory.dmp
memory/3808-659-0x0000020036A70000-0x000002003721E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\StdUtils.dll
| MD5 | 45d4db67553b4422938494f16f985394 |
| SHA1 | 73588f1c28d36f3f79ea78297138674d7d34b5aa |
| SHA256 | e3d6576cf6e12c72e45268260c84ebff32d61d6fbaad51e299351a8efe37a10d |
| SHA512 | fa15ea3e10b147158051fbabaed5f13c5fce880780d723aa5868739a909dc78a3c852d33610fbc27a5b47ed4e00fdeee9d3038998c1d72f57222cc3ba4390078 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe
| MD5 | d240384f02571144b5c0dd99ae694028 |
| SHA1 | 7ab638d4c44856d7ecb4915aff66766e06550386 |
| SHA256 | 17d89004d6da74d210525fa9f5e24e06a9e6bfb343baf90cc1e51a3fa2497f0f |
| SHA512 | b019466f1ceee4a3643b3cb0f676199c106bfb3b1406e92f27154ec70b8663ceb913d422f712145f0be78a89d3762bf81b567e15e27b7be6c48b8f7cf1777806 |
memory/2960-652-0x000002345DEC0000-0x000002345DED0000-memory.dmp
memory/2960-650-0x000002345DEC0000-0x000002345DED0000-memory.dmp
memory/2960-649-0x00007FFDBEC50000-0x00007FFDBF712000-memory.dmp