Malware Analysis Report

2025-01-19 06:04

Sample ID 231215-abqcwsafa4
Target GalaxySwapperV2.exe
SHA256 44edac9277c8ee32c755b9f808266f870efed0ba025c8de914b16b1b9e347952
Tags
irata infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

44edac9277c8ee32c755b9f808266f870efed0ba025c8de914b16b1b9e347952

Threat Level: Known bad

The file GalaxySwapperV2.exe was found to be: Known bad.

Malicious Activity Summary

irata infostealer rat trojan

Irata

Irata payload

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Unsigned PE

Enumerates physical storage devices

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Collects information from the system

Suspicious use of WriteProcessMemory

Detects videocard installed

Enumerates processes with tasklist

Suspicious behavior: EnumeratesProcesses

Views/modifies file attributes

Creates scheduled task(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-15 00:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-15 00:02

Reported

2023-12-15 00:03

Platform

win10-20231129-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-15 00:02

Reported

2023-12-15 00:05

Platform

win10v2004-20231130-en

Max time kernel

8s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe"

Signatures

Irata

trojan infostealer rat irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2600 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2600 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Windows\system32\cmd.exe
PID 532 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Windows\system32\cmd.exe
PID 2908 wrote to memory of 4156 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2908 wrote to memory of 4156 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 532 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe

"C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe"

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

"C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1932 --field-trial-handle=1728,6252493025236185712,16239321457997488944,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

"C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1728,6252493025236185712,16239321457997488944,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=2600 get ExecutablePath

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2600 get ExecutablePath"

C:\Windows\system32\net.exe

net session

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "net session"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

C:\Windows\system32\more.com

more +1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\System32\Wbem\WMIC.exe

wmic PATH Win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2600 get ExecutablePath"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=2600 get ExecutablePath

C:\Windows\system32\cmd.exe

cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupC58Cbq /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupC58Cbq /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\attrib.exe

"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\"""

C:\Windows\system32\schtasks.exe

schtasks /create /sc onlogon /tn WindowsDriverSetupC58Cbq /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupC58Cbq /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupC58Cbq /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe /f"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 3.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 34.117.59.81:443 ipinfo.io tcp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\ffmpeg.dll

MD5 bebfd2ddc464c14b2a983c120b9f4a6e
SHA1 34083c0996703b507770f3c41c450dd86fd11fac
SHA256 dbce8fe1e3f3011970055b960898eea6fe9206d8253823d53a8271a1aa89fe23
SHA512 b58fe3c5bd493633933b595a4011272c300af010618593d55707657dff16f7854b47ba29ebcdaaf95f7362bda321650bec371ffdc1b94b3ae4ab07c71273b2eb

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\d3dcompiler_47.dll

MD5 a11ce6c51e1e33b786ea210347cc4563
SHA1 fbd5955d588fc32c9c1164e3024a6343332fa398
SHA256 845f5c4945ad7a09727084144913e2fef20c6f256095e758e35b1a5729f773b7
SHA512 d134f0782d46744d81405c561813bf7021e1bebd67027b62845c116447eb5522b2b80a5b027e38f34d0d86aea79ffd9dfd321b78fdd329ee5e271cf5c15da152

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\LICENSES.chromium.html

MD5 be703b85688f71415fbba3a1934b7d64
SHA1 cfe07b3412716bb8ca179633adc579862264bd64
SHA256 febbe2e055a913e36f252040c12511588ea2be4a5549d99647e7312a9b157845
SHA512 7cc81d6f2745b1c0230ad617557277da946ace9c39b520fbc97c92d7d68a05777535f09407fcb7890907f2b1bee89aab142f7a3dc7edd766095f99857308b2b6

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libGLESv2.dll

MD5 6621ff5571e79d942bc88114a7ad3509
SHA1 38e4b8e474f8943a4933ac5d12cbe7af355dc678
SHA256 beca11a03b42219f16ebda2818bc303e3f6052526ff9bce17ae6e7e36a137bb7
SHA512 c462a93dd51937f08d9724403f33f7868d815150707a22675f538eb4ca7dfd163afcb3373c38375b1fb18bfad0977679715a761e63d44df32c3237ac9a1fa9bf

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\libEGL.dll

MD5 c4c1fdf68c51a59adc1fd80f0efdc115
SHA1 13ff581fb97d596311cb422ceb35df910dd0e15c
SHA256 83958c5205f4ce7da1145a2898f6dbf69656ea9caa5ce8b147dfc00d09f8cd1d
SHA512 88f3238207c9082814b1dcd7a092cf276f9a08851af882ab3a3756a230f7f86df7c1345f48081c6f3da1d844e7e0eb8b34f1f7f46cc85c204b615aa9cfdb8f8c

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\icudtl.dat

MD5 a8aab5509839c0e2637dd94db6cd44fe
SHA1 c40ab81429922cf45169371e26681060a1508740
SHA256 9fca348cf598f2f4be8c7b1245c37097c09b4de054cfe80c7c11523cc1d3cd93
SHA512 b1aec1547f58f81f4cc363e44d3f5386cf36c4098b2095c4308678f98b92ee923852a673210c80e41b5a48513febe9634b6d1a94feb0d42d8ab17eb4fa0a9a3d

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\GalaxySwapperV2.exe

MD5 4d0564d874952d01a2df733ea3269bc6
SHA1 0e24dd3c25c306f70b17995d0a252438e1d28287
SHA256 ec2af80449de1dcb39a79ab8bd2f630b97f2690b6d47f40f7d1a1209c492a8f8
SHA512 e872eb7908705427bbdb7650ac680ce4df8b8da1c81dfdd5f705c072826a9a5777ae9286f7a33ef16c85523a923599f74c58223f499f480573ee40938c025b95

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources.pak

MD5 21a4a69e94c3c386539d1724d387f5b1
SHA1 a8b0580d123b08e6dfada4e44042be51627c9fb6
SHA256 bc3d32c387076b57177cd3fa36b057c573f3a1f1997dd8c975eef930189fa662
SHA512 13b9184126f7987e119d4a917b1d4c3d14036833d8c23964fd768d1f1b1bbbe9afb0db6c4c318d5f37a9b82f76a2f36c3ffd42d12f5cfe282687ca2e12ec2879

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\snapshot_blob.bin

MD5 d2927252b77d7a6fb6f5502acbb9cc11
SHA1 13721cec94359bed2d92db39f8b70d2ccf1cd06a
SHA256 44c7942819e3772a820c700a94039becec21d5194ea4ec651b5253b4630f7a4a
SHA512 4f042c74333c7bcda69707eaa6fe9bad8ce3018febed1586b4efeef5550268ac47c0bf48ef5867b028e49e28df369a3f9d47cf2f9e6874a3cfcf379ee0881b12

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\v8_context_snapshot.bin

MD5 aae5e8f956d94e714217355ec0dda3e3
SHA1 4b71750f719e83f007c73243f94c4adc81af910a
SHA256 b0662f3e7fb126ac3a83224a87d0332b487b69ce234fa52cb9be1888fd1cd420
SHA512 86551e210457c4ec26770e4fc6fafed753db9f1fd761d97d10cec2648bbbf14da76c317593b47913156333cff8c3ce22890e122608612a228deaedb219d35843

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\vk_swiftshader.dll

MD5 ec3ba6f370457ca57686ec838ec3ea23
SHA1 4439d546efb2a0a31cf775584fef7fcdcf568015
SHA256 2b9852ecd9827dbb0abd2d0ae05557b4d9c4b0125cb70e44c40a422070dd3099
SHA512 b4041085c27dbe9dba9c51ca2a0a40579d3b54df1654eb607b1be3bc43751cdbe53de84b93bf5f3538d02b613dad4b41959349fc65ffac1d2987337863dd85d4

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\vulkan-1.dll

MD5 e0695182937b7353db4a6c741c90eeb9
SHA1 880bfe0bcac0f411881fcd3714a90c9646e6ccc3
SHA256 6fc689ecf8a7452cda8fef4781a34e5895460304bdc2f5b29c3ea9f662213550
SHA512 5fe092b2729abc6aefbb058e316fae6e951d37d054f4a18e7b9213167d8adb17beaf24eb9488fe287f024ad3de333ee4ba0016eabf57e10a5820a38b0fb09b67

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ca.pak

MD5 feb8cb531565838eb22f1554e7615d61
SHA1 301b8db7fb8477701e54266140d4fd68e1e672b5
SHA256 c5c31034bdcc71cc09f1186cacc18f26249f5828445183ef4689777a4cb8fc10
SHA512 71ec30fc48478c6a8523aabed81b7d970933f47ba13820e555db92622a72d41742db9d4b29395adaff7cd690aa382a6800656aa5a42751c0ee135165f275fcf3

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\cs.pak

MD5 644b106d4dedc3b84cb3142d1815a850
SHA1 d913172304ffe09402b04d0eca9892ea32630286
SHA256 e510bd42e9a1c97ca7f09c530669a1218a7a032d76499dd96d3c8ed1d73c9693
SHA512 87177a3a6be027f2f15d0c7edfa9d23e74e48a07f27a39fb183ea03cd5ac4daa904f6df57ba6c240e0166ee065e70d0291067629a4aec14b7dfd0c19b4e12ba1

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\bn.pak

MD5 000f41092c7640026db6d6f7356debba
SHA1 06ce93bac7d51344cd1004ccda71d640a7ae2ee3
SHA256 0d8000bae6e39f70de5c68fef19a39af1efe128477994987ab3068530b22d00c
SHA512 1ed686e40645054b77b92c3a8400b855ea1333e8c98616b6d46dfbd3ac7a44ce516630a9e186c7c3f785768d473d31c28a24157e6e067629d67043376c191e6b

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\bg.pak

MD5 8de4cc84c194271f0225220cc673a6ac
SHA1 8cb8c50325e0e5a496f64d3876a315f174409752
SHA256 033f6be704d1ea79ee1005d71afced185eabba940a8655f84073365d87c0caaa
SHA512 6c2b3c9758bfeeb08fdf298746dd2339d87623e0b794a8061dbdc3719d8e6136edb7285ed85821415ebc8a6347044c483c4787993211fe54a4627f653354020d

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ar.pak

MD5 1779815c073d5699e0790f3a520dfe1c
SHA1 946e230a4f0d6646d93bebc20385dfd0dc8bfec0
SHA256 7599509e15537e61ffba734f402d97a00a67a88416fb34911598839d4ca29fba
SHA512 9731ad1945e0084826cea4322b6b7d5358382eb37b329661dbb6c821e966e289d1d475f1f0c08d83a7362e72c6e9de4e6d3057f071ed6344852f76291d81037b

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\am.pak

MD5 957431a656a583d8f13b2e3289e0bc1e
SHA1 100a3b0ab0a568e76e3464a1f45776456a431391
SHA256 bedeea021133c61ef76d1afd8fad7b195aa652082842bebfdb459c4d49ae311f
SHA512 8b5e85ebc4e323549f1dbf3834dd81479fdf64a7efb32d6eafab22448ac4ffcd74f6b8a64d14f2919c811ff3a8da61ba775fdb4fc501ec78aea04dd0c5d20ffe

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\de.pak

MD5 b923a326bd7b4e16cdd4a5693ea78a79
SHA1 8f95081552f13724ef7e577b3d434715de175a78
SHA256 17f442aaa0167d2736206da02ceaafd872841ead0cc32dd55b512a3cba9227b8
SHA512 cd11a6bcaa6a5d4ad8bab4dba9c387391c61a14119abe985dc560985d2fbbd7f1b6b7b710b168f868b6dceeb9fcc9cc06582210024d2af71405fbfadd1a8e993

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\el.pak

MD5 1a49b6a84e171eeeb3e8fe31ff149e26
SHA1 a0edf70255bcf3ed1e5bfa493350b1e8f095e77b
SHA256 5c231333a28f02e1772b8cdd5fe1d784f61e2991a8fb4e8d0306b283a4a052e4
SHA512 52ebf6581228c2f79fae34dbde5182f0d4a1d757989912f29598a8d7242149ee35ccd14a45111884307911101940b99af4a701827b3663df4ba5e53bbe2e7dd2

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\da.pak

MD5 891783b7b5fc434c0bde82d13f259da2
SHA1 0795c50fac20d69e00b16c27a3dd7ff84fb4c8d2
SHA256 f12576031985b141e6230e63d5c073ae125ce347fe4d29098e5ec702901cc702
SHA512 1f66e9432691e0ea1680d9364a12bd34e5a327494c7d5c89f8b7a4bac7e11042e297f3be6b29a7258b14229f0080eebecdd3198ef2eeac154cb83d59598280d7

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\en-GB.pak

MD5 9d73eb0d73c818c4fb5dcf1bbaa0fdb8
SHA1 245960919f78e0aa34ae5119e24010ed6c098979
SHA256 05b527bb8536c779e375ae4589534fd41e961beca90dacce3a9a370ee6d8210b
SHA512 a67016d60bf7b548a39266bf9057d80f04f09e4629ec137a25843039242ff8742d9a046010bddba1a8c2bf27c13550cd128284678f71a074d71193c01731d296

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\hu.pak

MD5 c7b4357a2688275507c8dc5c305ef405
SHA1 65f76a53b29c7eb61d747b206803d7748c7991ac
SHA256 56315c5a9ca0c9ca3aad35977420f7ee1507677b1f86bf3fa96e020e6506926d
SHA512 4958acbe7d3fd6e7e35889c0452554344c33043364924f49e1e9d0f43751e553ae59e6d60bce4d55d393fe586542c9902d62163dcc129e914ff3cfc583049c86

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\id.pak

MD5 056fe100ffbaaaf4f8014109541d7f78
SHA1 e87e619d1ab3775dd96c49ffa589aa6ef07f732d
SHA256 935f7ae40ef090ddf9476009f627819f93a163147fd091b1b7992f9ca17b75ff
SHA512 a7f296c4e5a337f2aba8d27c84391aae1ccd90f1dbe2dd526e25de02ca1b06dc76e09f1c0f8e30dca2856ca1f72f0040c15fd8ec734929d084847fd3354777be

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\lt.pak

MD5 bd0b6de1444d6e4dce4cc0cca5919e25
SHA1 047a8e6a358206f874be4a7cfae714cb1eb4bc57
SHA256 cccf7b35f1fd534c824cc92305c400ecc0439395906b31f29643adb050d31615
SHA512 d93428437dd01961f9d6872c1a5b45ea53e73f9f96a42e1b366fc12e43eae1f78db2b10a2e9c4c0d2cb2b46d51fd7032e221e0343dd6f23461058f2ef3518122

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ko.pak

MD5 540ab4ed05846ada64e60ead8735b6c8
SHA1 501570684dd820b6216fe11cc9650c6de173422a
SHA256 da1b0f4cd0940c616e69cd37fd236c414bc5720a727f35cf4966aa90f714a6d2
SHA512 daa327baf69fd80c89d3d0717128ef8e5b1c8a98c750aa241c80a13f12502fbd5b7dd6bf8733eea9348e42d3ff7dbf1f1ab487cc38a6f232cda73b898d181e9b

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\kn.pak

MD5 a381ebb36aec61b86689b51f827bbbd9
SHA1 200ba0cc244768608d4dae0c29089698629bf894
SHA256 a392072a41ce7853394210cf1c8ba9eb4a5dec6a3fb71decf914ec35f9e80f67
SHA512 b935b9acf1eaa68c2494029020c42476d913ce26b867c9cd10700b2219ddc7a95bb21c69f98e0240a4beeecefabe696d8a76f7cfced2f8cff5ae1810b3806872

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ja.pak

MD5 0535d996b9fc46415d792537eed18565
SHA1 5219f79f5f51560a2ab1f87352151bd34e0ef570
SHA256 f87c1f838611d1715021eb81fdda5f99093ef805b7774b2c708149864239cab7
SHA512 5a4990b7d1552629a3a686e991bb0de95a17e57530a4fb3724273fc84a4120e93b08d8535066cdda58beb584a62b8baf5fbae17c877a444a885daa1ccf805a73

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\it.pak

MD5 576d97679d79e131d5e8e3aeb2011322
SHA1 87c92f17620e9700b60844d683a67877edf08224
SHA256 86c7f97b5df7c0bfafb6f660d1a4a931a7346439d318da3174a4b3867d59469e
SHA512 ee436b95dc1c737ff0deb2c5c35d92484e20c3e8377402ec3a7f2729142c1bb37990e6571f5735d5866e95c38416a6707f1f9b8f45f28ca511a377e4aeb2501c

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\hr.pak

MD5 ab1ce6b0ebbc6b6e33d88e6f279e5761
SHA1 4f3572857f0c8528f39145b7a2bef4cc9635eb80
SHA256 087e34145c02fd15f99582fff8c9555bd132f98a000244cf58fb930a51dd294f
SHA512 c087838b10e5ad308b61f00b0f2405e4d227d78bb0ab87a8556c717a3be9913d023e93e3dbada2dbdfc96059d6450342aac1c6254aa7d131943bc89ea41f132f

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\hi.pak

MD5 036555a4c2bdce7aa4a7673004a61ddf
SHA1 77d755082b46ed17f55ad23a39f6d1fd2b952003
SHA256 64da243792e53910a38a78a04df34b5803ac3d51b0ea0b3460fdd3be01922046
SHA512 07d97b09798be4d67cd1a9013a2539b4ef16a7b9ac7e7bc7a2a2843559e7e37470eb70304ac7cdca85c717ceb5f5748b8e5c51213ee3e9fc8ea65a81571e1565

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\he.pak

MD5 1758934bf862895d6d6e1558cd29a8de
SHA1 cacccc7180e1d357243bc894f7ee814a4f62d080
SHA256 5d02bfe3ca8527edfba220308f10d25ae49c4270504f25f15b6414eaafe8f7c8
SHA512 fa2bf5325ae00bc4def903964662399cd9cc0cf82b8de5f698c0ed5f9505d4adbd3e12193779ed2ec326138baf05dea9fe3d9dfeef4ea019e0faef4de2b48561

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\gu.pak

MD5 93a012a3df6544f1ca44c46323b11b13
SHA1 baa35720f8e655203de9a66262c91fc04ed00444
SHA256 b265e4d736c631058e06004e9d759e9c1d0700405b4dee1434768b35bca7d163
SHA512 901fadd4a84c4c2d143a51a2aeeb9e202122d551847a7669539b9018804e27f11c5ace62eba7abeb34b7bbf4299f98f7a11290abcf2849613a60593436dc589b

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\fr.pak

MD5 03634471d8ada7d1acf8d91483fe94a4
SHA1 210daf6c2c8afa06bd2a3a78285a391c0ef909c0
SHA256 9f7a46d0a42e8d77a7bd055783672045a99dec94c1739b78441312f96cf29352
SHA512 e12902e35b2d61379728f5c33e3f9119a392b0778793b2b2b8922f6950277471255f5da7d6ed93426bfc473f147373f3eca819ce5a86f71d612cd5e579cff98a

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\mr.pak

MD5 4396f8ca88fe4e84aec4abdd97bde74f
SHA1 219cb76a0bb59d07384da51d731bef85258445eb
SHA256 fe8e6b8f2b0b547e9d8bf0be897b3e971ceeed4ab8a6afa70d89023f6fce999a
SHA512 7b27912d3f9ac66940a74d9f62eb538f8388c746be6cae3c60822fb1afeb1f2a09f459f17a1ee5ef656914ffccbd057f76708a49f9fc6cbfb1705156571c8af9

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ml.pak

MD5 b38566178d744fcc81ed1ba4e1db8f9c
SHA1 87208eabde42a43906ec5b35354f90dd7b6743a6
SHA256 2a3724d296772786f70f09f7b75549ffb55db873ccab2708871c2cbaa0a637c9
SHA512 6993773531f31e6686693587071d554e06a39bd940ae86c24770e47f5ce694f6239306d70f517b647f8050ee976e3e7bd66fd97e344bebb0b63c7808527c1689

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\lv.pak

MD5 c0670b5f84adedfc09de597e2e4fd46e
SHA1 e1f949fd90654aebee0352ea3fadf314fa3730be
SHA256 bea938e3f78ffb7487196f60014a80654683787b7cf761d13cd817b5c85eba1a
SHA512 b53417360b10a69fa75520bd8383452b22353964b2776a36b45459548ace03821e476012fe5e3e40f2d8d2c0aca30706f91b232f760f971f8d582d25cc2a5fb3

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\fil.pak

MD5 502426d24de1eace36db0e9929e04b95
SHA1 490a30e0d07732fd3e999db2bbfdf4773d04ac05
SHA256 59d5226aa8dee2d1f8718d5d2933f3e7152c7b23c3875c0d0135c48f259fdf1f
SHA512 a4b5126d3d054f8f73103acaf82d942dd383e9daa33e8142f8dfd5053469a4f30f5f48d9019f2323fc6709f0e0c23cf59801032b6398a3c8d04b6259ca105c6a

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\fi.pak

MD5 73a1b2faac979c443a8134a90834ecea
SHA1 9d8e6fbbf21968e70949fadfbda0b485a3a05ec2
SHA256 1f0b2cbbb1b85612ded7b04e2bea5a81244774ac272df7d32ae8ea046c4bc4af
SHA512 cc4cdb3da9a7839c31d30af80ed6040cd99045e80344400ed3886040b95087e19d95db7ec392a8e4c737f1079e46d3d3e2b6bee6cdecd7af4b2e8bcec594a0ed

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\et.pak

MD5 0deaad24f897d8a7d58c02349fceccfe
SHA1 00c26f43e22478652c21d33965af9cbf8de4e078
SHA256 c15d32bd4efdab3de2f3b4aa372b6339e915ae07125ad1e81654214dc93dc5f0
SHA512 fa02363759ed04903ecc178e7d46b49aa4028b131cd4cf34d5ce3e6e5989649c48846c43aa6822ce4580dbc0f3b37ff578ed172fde2dfe4383107eb272814b56

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\es.pak

MD5 18effe24e1af2a82bd244fdc7335b924
SHA1 1a746a2f0271f9b15f11fc2870027c07657b17c4
SHA256 dde744edfc386245ead9e45806d50a4e520cbcabfd31dcc25d06c88cd7034c2d
SHA512 51154f6f6afc62a9eb691811d4f1f0d64be851efbc41fd165ba13d16a39c7e1e0491d4eccee413dcfa835da4a915b6b424678429de3fd7ec32e56cb3859f1560

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\locales\es-419.pak

MD5 16fdf08940ab9a6798b65ed8e86c2869
SHA1 7bbcee9742931838bc80f12c36f37fa2caa913b2
SHA256 82ceccb51c51859c8c29bb2dabc325a426f034113a4e4a1aa94de514d9a9842b
SHA512 89c6022345d003e031dea2bf21fc2bfb45e2db3646d842da73eac9c7a34543fb5bd9d68f10af0ab6b324deffd2aa113fb510ac5f85a2796f8342e6124faa8f6c

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\fa.pak

MD5 13ba8738fd68a28a9f0dd2c821bc4c11
SHA1 75e19bae5a651662a4ab4776cc032e84ac968cea
SHA256 8df1290756801dbab2d229c694f9d64fe5a9b3c46f5e108cfc6b0604bfebb08e
SHA512 8078a9f4b7bfc12fb27613f85bbe563025f5bb8ff147b9b9c348e17db65a2c098214fb7f169b7e07ccce97f56e82731b95260b2d337479c56a090963467f42c9

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\en-US.pak

MD5 c7a35b4792b419b89953f9c93fcf68ec
SHA1 310b96c8b3b6c03cae195ee765be4a465294dba1
SHA256 3d4b7bb473690c2aca5d010dee88add647d0f2c670d248fa0250f3b0d72f58fb
SHA512 42ef25f8e151101d9b59a5717ba503be6dca4bb1521551b20ed7f5f7887e55d7cda0b1b623689dd1875963e8ff1352902906e27fec805d423348b70d36894a4c

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sk.pak

MD5 dda8a9a7dd97eb50fecd7f72c6a788e4
SHA1 ac602545cd474f0f41c8f74f67d4d5bd1020a404
SHA256 b7fcea875d0339a4a634f2cce5c4133b1e5db6f27e391ac9b489f75bac43d0f1
SHA512 d553ab1f7f47d4fc2397e92b4ac8b3366edb09afa811c360f04dd2bd5a707368fc826d59afa84098212fe6339ed6d5078493b26fea12c23097c30932e8a5e1a5

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ru.pak

MD5 0e5e6b8274a70e22f0f54587e048ca89
SHA1 a7d64da07d79014d6fe6085132d8780e68f31d13
SHA256 9cf93e69989bccd0a7c81fe77e1cb46a8f4227a649c9c936ba018edc5084dbe6
SHA512 f9a6832273cd496e7d4d094f0ca72a063f8aa93b2e09c3d812c650195a8bea63ea5af1f53e58d2530f464b837bd8b2be6c23c86e4c7d5a346d2166e1dde0b389

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ro.pak

MD5 d80c55c2c0867e6592b412b65a3726d4
SHA1 0f98dc09e3be4e114b8a75504a1761c7c9c4773f
SHA256 0614f6aa99f2dba0ec85dfe4befdb587d456c82407747225818c4bf3cf8aa2c9
SHA512 eeb501c3835474d07877bd2b1f8e707e68f9101bc2d280d80fca9ef63a28907fa6a94bdae361278ae1c572409e3a47ff2db2dd2aab95419d4a0afa0e62e1e60f

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\pt-PT.pak

MD5 bdb1329f28c6b461a8892d772a402779
SHA1 5b69ebb29a3b09bef41c1cb8df23e8f2cff401b5
SHA256 467752d9766a15704a1e4943c02ae902816d17e80c4c1ea4aa35408e06d40203
SHA512 0e3ab8703597cbc685d5e299dff2fb34a4132d726bb8ee4f80694bf304bb2470814aa690cf291ba88383266710bf2a0e546e749ff04c885dfbde9d656e8814a2

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\pt-BR.pak

MD5 755e9c396a99a03ac26034ef5d499616
SHA1 e67976093894894439716381f7568fac65fbec9c
SHA256 32dcd6a79627e945fbe4440b8a58e3a82537f60d04a08be55074cae9ba1e3806
SHA512 977dec2f7e46648fdc0607a17564f28751db511d989bf9d0dfeba4f33194399970985eda28f3fca59c46bfe821b4e313993ad2d0abcd37ec265a613058573728

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\pl.pak

MD5 aab77ed1d9366ab6c862b52a8803ec8a
SHA1 6c027f72f361468ebcfe14a2dfaa26d5705d236e
SHA256 2f7b4e04d699b13f3e8b160ad0db1383b028bcee345cfef3bba5f0b6a0eb310b
SHA512 ad65bb962bb766d9df1198a244f4290a4c2b24eb84867bfdb4daecaf84d9c6e66c374805f8649eb0cdebf5cfc5f7a0aca77390f08bc80767ad78cd152847770a

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\nl.pak

MD5 cea5de4e70e45fcaf313026fe2a285f3
SHA1 935bea86dc63fd5cf4e75dbd6268caa3ae769860
SHA256 d25dad0b33f7ee117a93664c63c3f785cb6c0640e284af71e7af8f3ee962681b
SHA512 a137d8b1499cbaed99979f3e99fa11f85e590e03e274270745faa6f902d9b60de91d843211a7eb7277814135a3d3bf859e5ec0b861654d82e5e58b0b0a81fa81

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\nb.pak

MD5 1cd6be56f8271889e73e72ad27148522
SHA1 7325a1d9de25fe7bca73334581e46e7588da3522
SHA256 4541a661f7cee95e2fabe92808ddbe886f34b6a15b5b89fe6966526d1f9fe303
SHA512 a955683ac01f24349c9166dd7ac11942dd2941149a345ce38fc40493f0b7068bb6b052047b9cb24f5fa85b58a5e380176bb555f2949c718e2e524305f52e42db

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ms.pak

MD5 59a17c1547fd0c2d7442a57125de1e63
SHA1 472cd3d7087be0bd9cd6ac77f978db65d6a8607f
SHA256 d4b0b5180342cf9dd09d3abe84e1d805f83f39d0e10437a88799babdc5cc0898
SHA512 730685533295cc67211e49b58e1899a122e5927d69851b62b7456ddcc90ac894bac1168040b169d13fb3d83f48f9f7b84753a9460332b9e50c95ffa5acf6fa7c

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sl.pak

MD5 93c3d2c7759b86e3b0e41dc11322239c
SHA1 8c74a9f0a4ae5569f3096c7b79ded49237799b60
SHA256 27504bc51a42d9e1f3eb6c64529b90e9f07741e5f6bfb5a7d898c78bda1662d0
SHA512 de8a8182390efb40016e046d5d64f4d7c9efe50d714a9a1ced58531081cafa16a3adba47bc0fce95f64172602050fe7d52dc13cc56c9e098381e8cbb837de664

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\te.pak

MD5 7f0446d5531b88d82bfa144a5b67bf74
SHA1 e391f0d14b4cc483244bb0618765bfd823f49390
SHA256 38d8c7df6e5eb1195fa117c339237ebf774228ffd4440e76757f4185f7d352b4
SHA512 84ef87f7906a570b7272d4b2842e37e4b3c13f91612d13d8393916496d5b057929d10c27604f72e353836037f0697e40b3d91abbc2408e62b48970acc20ad50f

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\ta.pak

MD5 cec17c2599d8da8b266759be6011200b
SHA1 dd41acb9f60062f1b84fea596d3c88a3791445f0
SHA256 f958dec5ce1801c38ac437ff5858d27dae34210ba0001097425af29cfc4ed776
SHA512 b23f1f9f8cd02af79f970f3144a69e8c4e820f0c9f9860904512c59dc279f4ea06640c284267e52b698080445aed7fa9e9440023a0af338514956639f5e464f7

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sw.pak

MD5 75d0fe3eccfdd6e9cbdbcf1f760d41d5
SHA1 f28a8ff5770095486134f75c6155ec2e8317f479
SHA256 e5ab3bf2251d8bdcc106f4469df1ae4e38dc504e9be361c6addc8a89c44e11f1
SHA512 c2c153fedc7df8bc6d41f91e4e622472dfeeec32fcedb9a8b4bbb53a740aaf94c190b63995041ab17e77b9b3c23d49fe3e0c903f520c2c2dde4f9bb2ed6a596a

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sv.pak

MD5 0876161bbd746e71017012007f8a50a3
SHA1 9156de3372f0f66b3fda80972af6581ac09a33e1
SHA256 97bf4024eb0df00d94cf536d4acd0785a0d038d4c587b3a1b464f85cadc2096e
SHA512 be5974e75df2d92705282eef1904e90231b35d902fe34ea1cc2d97f6fb28a8eb6e238e0ee626a20254fad9cbe093649dbf1550a301f3c8b5c6a538affa589145

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\sr.pak

MD5 ef2e0ff7ce55e44a4a0318a16065a469
SHA1 10e3fdd0eafc3ef2f28880e1c9c39b98fbf6c9e0
SHA256 c14900b94257f1668ee52752d3b8facd838effa298d9e6d6eaea4b5e883a6ebd
SHA512 398d0a4e3f5b455cd1ea26f83bc4d32e64d9db3d8ff92e1c82e47ac4fde55caca1f7fd7bdd9e3e9f2ab6915caef7a61269aea346eff81ce9e19f483ae278f142

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\zh-TW.pak

MD5 94886deab8e5fb5e9636c322019d7d9c
SHA1 04a7102024bd4aa1b35f703c0a01958fd1e06da2
SHA256 dbdc642c4b6ed716ca512510d7a1d8ed1a0013f8cab99d4a6f9d48bfaf0bc184
SHA512 884096da6309c32440e62cd6063f213fe2532bcfca96d155292ae48b0e9e1486cd0cbfd4d9f06f12581822fbbcbb9520bc5f4f7601258d6189fe68f72976ae75

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\zh-CN.pak

MD5 6c0f347c156016452a2c89f1f012ef1d
SHA1 931fa57efba787d42d898d57df5b2f80cabab106
SHA256 90ee10fbaee2b3b847349f1f16913e72634587d467ad8b1339313101c06e7b66
SHA512 c99d6c0354b0d8f7412a6fab4bda4d85a94136857ffa29b2b01d3cf4760a17d10e11293ffba39dff8fa0386e9ff58ec7498aecb64816a969b8b2f673da61d870

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\vi.pak

MD5 548eb71042087cf19e2ce3ae7ae7196f
SHA1 0162ec7bfe2cdc0746daef2ed6dfeac297e1f6ed
SHA256 97dc5406d7f63748742b53b812acf72867aac55907d857d8e8d8136fd312008a
SHA512 8751ce072ca166ab8a1306f9fffc73d528e97681b1543a0cfcb2dcd7dddc8f00cad8aabab89bed67f38ff6bc8f8b63c15cd704782ee80d181b39f6da09f11414

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\uk.pak

MD5 4fc85705ad86d6f1cd63560c845667ff
SHA1 460cd483784fab3776fba45e5d028dfde05fddb1
SHA256 d3a14b1453a4396ab6c7bbd1ec5c20047231163e9812434221c0ec56b13e8646
SHA512 ffde9b149695b3910b497dc31cea872ac5337cb53b7ae6ce753701fe5f5dbdddc6c21375345a7d5e3cddef5b3f7ed684864afea553c7b10eabcd1c15b05a9599

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\locales\tr.pak

MD5 84b12208819e7793ca426fef7efce801
SHA1 7a8f471513a2d8dfc29315d8f4e148a17e22b0c8
SHA256 eb10e679837bdd7578fe2479627b85edc761ade571541dd435332cb9b62c64e4
SHA512 45ba46f1e35fa4631244a73486079542911dc785e3b0457bf55e98975f8d246daac2da3ce80e7f51f6160c0efb58c3e7e8c247c2b6a1dea15d25404cce509d99

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\locales\th.pak

MD5 c3d450324fd006b44cc8d76c8608b140
SHA1 84550adfc47e2d58c4f7eeb44fa695441c40c642
SHA256 f80e2b809cf96f51bcf7f45fe6dfaec5fde29a69c1c46b38290c4ee71172da89
SHA512 be98fc1a3a30fa537fbcdedaaa5805f06767490cfbba4c038109678234129048f369d3d9f5f3600b9d89869e9c28dae52bc6a455b32a6e9584f5e00fb211b92a

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\swiftshader\libEGL.dll

MD5 b23874b9c5770daa110619bbc5f07271
SHA1 d50e628f436d3ebbe50cd304f25ecaa1d67d9d62
SHA256 89a638cbc81b13f98aaba321470dd2510be06cab03262daee4681c3832b6298f
SHA512 52d8b6334cdaa7b7e5958379d28f8a3511c99f06682dfa7015438b3e7c870c48f90069d6bbd4e5c1e8a7301172681e7d7e64ced6e133cb0e7d79bbafed1f7819

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 f49c1a7aa9bf4761bf251804f42e5b59
SHA1 e48c1f45c949ff79ea2fc467debba868aca8f739
SHA256 370d168a0760ffa618936ca6114711bd854ac687c501ab7aac2c10e0bb924c37
SHA512 6fba5856346829c87177b9370dafc14492d63639de14a05fff1fd3e88a1dd703050b2ea03f4393349d8fb8e6eb257ce10a8b9170e1f86d050bfed3a21d8c48cf

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 471b15abc9f2e98fb7ed7361d3f045eb
SHA1 95b5798d80a9410872f6ed485ae2b43ca3745540
SHA256 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004
SHA512 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 2ca0ce3e997601e2a65f94de3d172d1d
SHA1 16640f185c7a1ffd0e0f871f39decd90d4a9285e
SHA256 11869154ddab8965dd326e132ce8337c04611a0372a3c47f6aa93f598a65e548
SHA512 c5322c2bf1ee4112f6b92bef9fec896f27f0f291156e6894db2f24466fb6c5bc5a3e333eff9c4da4fc9010facbccb6f40e17789803a1d8cbf00d9038eef95794

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\elevate.exe

MD5 f8eb6a997fd56d6873a14fdf6c62389d
SHA1 cd4b9ebd9429d9e6b89b825ca5eb763a9df47845
SHA256 8fb23831e60a0a2e627f158f4ec7998293442a1b7bc217baafc6f6a1ec9eb2a5
SHA512 e50aefb49ffdac7963e75383aa362c313cabb0271d3366d6800c3ece32078302935306d5759d8f37418c5b7aef40b9ce18a14a5b5ef09c68f774b8dac6794aa5

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\resources\app.asar

MD5 6c51fadcd5f9a3c34648cac3acbf3a6e
SHA1 c4308e2f3aaa07ca44d6b5cadb1c2ab94a63bf60
SHA256 e98d6fe8c36098bf8ee6f16f30b6a66ceb741d35aa2bede1acdbabb34ea008ef
SHA512 2b3d2b6c2d8773afe66c8ad6207d6980be3183a57d1419af711bf941dd4d03cde925225bcfd6b5cf4bfcab94aedb1f67ef3e15c44c3aa2bb50042f36915bb4dd

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\StdUtils.dll

MD5 128281e985062c77e890dd7c5ac4c0cb
SHA1 ae3f8209f3949a10d61690f5231e74f6aab3adf5
SHA256 1649cabb8070b494cbacaf0a001547cb6ccfe23a8ecdcfba2c0080ba4357dbfc
SHA512 1833a166ceae053fc6415341dedbe6b2d0c3cc84582457ec2bcef5c9ea9220e5654dbc7d2c5caf28e42620bfe0b64b76ff3c248ee3ae7932887100c98e3c14e4

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 00b7cf42127f7e7b3b0d8d69b92842d6
SHA1 8d33a3d75f1f972832b111142987050013ed766d
SHA256 852f1e91580fa6c3888ce9edfc51b74b8a4ae4bb8e6a2440245757d5f7414d46
SHA512 5676fdd5ecd67985303039040998c945ab1a36cc8c764ac56da87f49d9d9ad3d5794de7bd0824e72321629cefb5f15270c96b10d390c7e899d83a6c012e296e1

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll

MD5 36a75c72db9d827aec0c06085a733d9a
SHA1 3105ca92d418ed1244b5a64dc964187c85cd0f2e
SHA256 8e7bf3fad23084a9fc048208b1075a37f7aac05a250045e4ee06a1242cf88d42
SHA512 71bdcad6d785b5fd5255ed6453fac3d6b39b06bab119f9c7002c76a5d3ccb11da176f69977e135332ecaa6476551c36efef05c31beebe00b5da7a8c294bc0c42

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

MD5 80ce77b04d05a99471a04a045e336e3f
SHA1 0e5ec3908935b5f4d33926a6c420cf48aed47f3d
SHA256 6a7d99a7daa1a948aa7da716f39f434a39d3e4b25c39c656d82c982288c9f4f7
SHA512 5a2b2c5e2c7868c79a56a92c1972a65fb4869570185f07c93e4798f073003711fc4cfd19a47e97aaeade4188b76b8a64dbf141f3aa1fa3a4825d59dfa413cb8a

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll

MD5 ccbdab53ead240092d6b92a33f449a62
SHA1 315437c9da345c5e1a934d788180989063b0ef1d
SHA256 c0a4830435c4a0cd50747f106565a2bd7b4f9de7940f2742d3d2c72ea336bca4
SHA512 b255bfabda04fe734a4d924e3e0f225b81a2f6a1ae74dee7054783b97497f06d62738381dd867dc74fc9db8832cbf7226d53cacd9a20d7fa1949208549ced50f

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\v8_context_snapshot.bin

MD5 ec9ddb931b1c7c3c8f494a84db3c880c
SHA1 c9fa2a3cf0566fd2e2692dc2bca1da6dfb7b1a38
SHA256 baf759b7cb95dad400b1910d4bbf8c5d63beebb87bf7daf7c54dfd8050d09b2e
SHA512 0ec43f311639f873275c157ea20588abbd38808e1e581b99376f3d70f2bbfa23a00bece904e8e8fbf354d04c164c6059e4a78d8edc30e2924c9d7328f595059c

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\icudtl.dat

MD5 c4cc4f390ed96115a5f011de41fd78c7
SHA1 4af3e72db95284aab286f12372dd17cfcdbf3a6a
SHA256 56c577672c1a8b9b1cded8c67cde2bb600b3b4ff0024a4080d25440b56a69f51
SHA512 1a89fe7188618ad344e441ff131f6a45acdb64e6df9cb0f7f2147d8c8710ca379a711bcf7e01ff794b587e98e72c703b41dbbc83dbc2382a986f2631f6bd6ff6

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources\app.asar

MD5 5a5803313556d2bcae3bda0284d01fa0
SHA1 08c40906bde2075db5d1c11d6fc55d6bf2ead756
SHA256 b777e2e9384164771ab03a90b3950e57be90aa2e9cebe5392345ecb8c95708e8
SHA512 64844867e531b7f7b3a2760ba23a616505120db575add300a0952cb3c2255f63f0fdfb492f0a7b70ea49abe5c31194e55bcba4330abfb674e172a36d11f54ea2

C:\Users\Admin\AppData\Local\Temp\aa3a16f5-7a17-4151-b21a-8f8d44aca0a0.tmp.node

MD5 8a3e5332bba15fb3d45acb98623b90ca
SHA1 7c994f6b46385bc25c82d5751b5a3be9876e4d6b
SHA256 4fdb0cc4a5e79cf80446fab73f4a7fe3c9e89c33fd06936e95d906de8f89ecb4
SHA512 54803c5bd4933e4d488e5531ae3c23d69ec5f5b1b7ba8f00ec2d108b53fb2e874d183722035989ee8a30c2fb767b9df2af9a5f6afc46da36ce39c354ef6d4879

C:\Users\Admin\AppData\Local\Temp\aa3e900a-f271-4195-9ef9-66c4103b4e31.tmp.node

MD5 45901c22456863370cc6e8ffe72cc508
SHA1 aa48720921abe40cf209e4c8896d4af4b489a356
SHA256 e91b456f4432cccdf280c29fe2c095536e356b7949fb31622e81b864bfc8ac00
SHA512 fe22b49fa07b6f9691679781f04f66f94fe520c787dc8a4d6f05b86634a26671a0cd603a9959905bb1ca29f0f6fc81fcfcc442fccf913abe406e69099b6be3cc

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

MD5 08dbfedbb2a3ee24e0b9d195906c2f92
SHA1 1da4e8baae806ab395b6b11bf1ad6f4e74644a16
SHA256 39dc4a6fd77a20e7cd864752c24b534e62ca3a66ebe750cd02fd1d87144b885e
SHA512 6ff534cf20fb934789cdc817312a6f67a675af2b0192d93900b6297a03febc4374f1ebbd04d98161250df1ad46bc8753d17cec98db46e17d24d8d16b2682225d

memory/2712-578-0x00007FFEA2210000-0x00007FFEA2211000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libEGL.dll

MD5 42c47c397c44e3f9e5b38f11288a3066
SHA1 5e1754c5932a0764a31fd863424e24bf1fcf8fc0
SHA256 5f1d8ab15a80f07752e409d3f4b7c216c1a14c0a595858c376f42fc8d4757e70
SHA512 92d220b7cf3ad1f30e23ccbce8f4f56f643b8182a10ef44744d34042580e3677255f2e9309f80442f0f30a3a97264e03f11f7cf174ec0d0ead46682c1c920866

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libegl.dll

MD5 7adc6deaef03a7f9d7d76a8e7dde6eed
SHA1 1c1be65e66d67534a15de500056de702914fda03
SHA256 47bd73d8d1aaf28232e41b89e9fe14ca1d26800ec3555ed0612fcd49151b5b0a
SHA512 bbc032336ede336cc7fcdb1f1cb9a4d22479677d1f723cb879170bd86e4b291221fc55261c339d228f77be21489ecd9ebd3bdc10e7b42d61cab0201fc49af0a4

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libGLESv2.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libglesv2.dll

MD5 c28b74bddb5c56bc08cee2cdfba24591
SHA1 8b073fbdb9f5552f4c4333b20e8ff4063dd1518e
SHA256 8bec94018614cb57f0856c89e5cb26d5c0fccff08c3f8c5edba95a0d98129e0f
SHA512 964d39400b1e08d87aba4a7131ec5c856817a01927910beec6e1122989099483279dda39682c2d233b86dabaf945bb8915304d32ecca0e60bf73a334faa93c69

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

MD5 427266f9bf3d5423186ad83cec8164bc
SHA1 2613bb474daea8e43aa5f354d7e9b94dd112697e
SHA256 3e2f9b83a3fc2d293bb30f208c62c48884bab5c8f672fd4fac3f6cbf8eec4cf7
SHA512 389ec5dcddfcbf9b5b2312efe30f823ca399650b27838beaf25146d1aa43e022769c1ebf8ad45e44d753eb793f26b4f5ed741ead3742f3f1a488a9a8c08264d1

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll

MD5 ab115280e4856856149468f0f0d96c6b
SHA1 989d3313bae6c533c775f0a9a2a59ffea85f0e98
SHA256 0a9349b4f64d832f7b86ce8ecec8471df55a11b6a806aa0630a79a6300f5a9be
SHA512 dc6b58c882b39400c9a0ad11676868a5159796d0bcfd1e596ab752757cce4a24c95b3b2b8e949bce8623d76842ed469dd01e908b7a11c23ab54c2a5b91370e98

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\d3dcompiler_47.dll

MD5 d88cb6193aaa879977bffb313cc2360a
SHA1 2493fd7edb62673b19c7ff5877fd14e3902b48d0
SHA256 e2b0311b45d8fcde947a6af36c40be0ab0231111cf0dfd18553501e945e6b284
SHA512 53c16b0dcf05e7092ec3830967409088161b65d070010e23d8b51724e6b9f8974a7f328c2615842e88472742b07d67198e3d58f62693dbc6f6d55ad298512f75

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\D3DCompiler_47.dll

MD5 4d6ff1e43e825c9a3582a11ee739628e
SHA1 a2168711d9b383cbc089eeff92380d6975724035
SHA256 19e1eb9cff39699f951ef9ab0e3b67cc404094fc4176e08c33ee89c56c9fd771
SHA512 513fda623e189307fc1188ae7211530193760726e0d83faf1a2d3a6e47cfa5c62366c1326ffa31270c9768441f2fd2a624a64ef14a0c38bddab1fb75e0e7bed0

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

MD5 c175f17ad440a044120fbf146351dcee
SHA1 3289f95e22680216eb0451552e386c7c979a9c7d
SHA256 08bace9928bc46b39b5e41f7ec01ef22afe4a6ff3eb425833138ecf54117be31
SHA512 ffac702a573090eb0d01b4fa5a09bc0a8df3ae1d1d3a808dc03e9b3d073994abafae34ba393d53a19b73bf4e31768466a5877eb15cfd40860952a7324a7ad382

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll

MD5 4e7df27e996dd526be7bfb42f842c7ea
SHA1 a4294b8b81a5a29004c9200d59af05a1c0f429aa
SHA256 b35cce4a2fd8d52d6a37cae07fd37adbe55cd39919f2241621bacf56e078c463
SHA512 ee4e2b2707a0fe42ee9d622b8cdd04840d06ccf6e94dffc874065b04edaaac3f6d551fabb3b01e1ef02166d961b716c1ca4328342e77d9e29cdbb14e064be53f

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources.pak

MD5 a3bf5f44c6f13759e381de1f4df4c284
SHA1 018a4f38c5b807e271929565b6bbe8f9c5b276ef
SHA256 e3cc193a0483dc171696450d979c310a72404bdd3c15b5119b6bc3d94fbf4cf4
SHA512 49b5f02e9b553ac7f28d542f815277f56aa9c05a83e160422c6689173bfa8eb41c9c3668eaff8ea1715f2c912774c5d8d2cfdc46c69bc522352e9b1c18f246f9

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\locales\en-US.pak

MD5 1763f36cc066155149f51fef404d966c
SHA1 b7f53b3da2fb4554942d51c7448153a8a0e2e92a
SHA256 32e4181edf0e5fea01f91264ff25ad19d407a775ceb6a4e5e5bd7a311769a3c3
SHA512 6b2976386ae92e0520149f0f867840983116e632e2c8b7488fd72909b7fad202f3ae6a9ddae30922d24295f71721f0df78018ec3a57ae31f842ec2446f833157

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_100_percent.pak

MD5 5b5c3fd2d7d4de2f09d81f80e40f185f
SHA1 e012359becdf21025159e7f596c7a25b90d2a42d
SHA256 a124bdbc3113cd48afd60671bc7e855a24d44a288040e9897e95c90755e05593
SHA512 897a176f0efdf77a292996298d42d328937956d3caec1810c07d5d16b653b52d46b917860aa97e67ddaa7e30df9a6bde58d542925c5ae485ff420f204999f897

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_200_percent.pak

MD5 b5992632033008899e6804a017a5be38
SHA1 d05271e21ca331d864e42228289725eb4acbde46
SHA256 1e6032aa09532d063eacfcd6f3f66d4a9623d4e08cbdea01a46f27add54681db
SHA512 e2740e8f79e82b6881c365564e50b2c7cdd31f8d2eaf861764e3bb9bf3f5d5bee54f1c5960cc58209a8ee4f03c51469dfc0e72af933416db6672ccedf66d0b9d

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ipkl23tj.ong.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2860-601-0x0000024D96100000-0x0000024D96122000-memory.dmp

memory/2860-617-0x00007FFE80CB0000-0x00007FFE81771000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 6cf293cb4d80be23433eecf74ddb5503
SHA1 24fe4752df102c2ef492954d6b046cb5512ad408
SHA256 b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8
SHA512 0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d8b9a260789a22d72263ef3bb119108c
SHA1 376a9bd48726f422679f2cd65003442c0b6f6dd5
SHA256 d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc
SHA512 550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b

memory/3696-631-0x000001BF53550000-0x000001BF53560000-memory.dmp

memory/3696-630-0x000001BF53550000-0x000001BF53560000-memory.dmp

memory/3696-629-0x00007FFE80BF0000-0x00007FFE816B1000-memory.dmp

memory/2860-613-0x0000024D96130000-0x0000024D96140000-memory.dmp

memory/3696-635-0x00007FFE80BF0000-0x00007FFE816B1000-memory.dmp

memory/2860-612-0x0000024D96130000-0x0000024D96140000-memory.dmp

memory/2860-611-0x00007FFE80CB0000-0x00007FFE81771000-memory.dmp

memory/972-650-0x00007FFE80B50000-0x00007FFE81611000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

memory/972-652-0x0000023926780000-0x0000023926790000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe

MD5 ab327a5d8922106711f9215d1faf66e6
SHA1 6c3abd283d0192dbf9ac5e873c452e9167c06bac
SHA256 27a45ecab96dc6edf0d912e2929b04f78c3f1fc3edd9361006543103574dd44f
SHA512 1e5182e292dcf9dd1abae258f6712afb64959e24afe7684842e17ff8e9a48e0f08cc0f2188d450aed6c90bb894b30187457b2a58cb5d45039c58cab00158d1a8

C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\StdUtils.dll

MD5 11a15b5c4cdf372558f58f21ebeb3b5b
SHA1 e32f56ebcda428542918285b8b473e9fdd6d4583
SHA256 1032bfa13ca7ad5b7e4c3469c5432f51622cd1ef952c29755ba47c471703a384
SHA512 dadc6c361db895316f6e36e8e1b69fbd87a27a0f4883d9e71809357896195d0d41339f282b984caa3cccfb18fd66f0cd10940bf4edb412ad7f51b91cd8d86345

memory/972-656-0x00007FFE80B50000-0x00007FFE81611000-memory.dmp

memory/972-651-0x0000023926780000-0x0000023926790000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-15 00:02

Reported

2023-12-15 00:06

Platform

win11-20231129-en

Max time kernel

7s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe"

Signatures

Irata

trojan infostealer rat irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3132 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 3132 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Windows\system32\cmd.exe
PID 2336 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Windows\system32\cmd.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe
PID 2336 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe

"C:\Users\Admin\AppData\Local\Temp\GalaxySwapperV2.exe"

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

"C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1904 --field-trial-handle=1688,7470208076938658598,858066748977709269,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

"C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1688,7470208076938658598,858066748977709269,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=3132 get ExecutablePath

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=3132 get ExecutablePath"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Windows\system32\net.exe

net session

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "net session"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic PATH Win32_VideoController get name

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=3132 get ExecutablePath

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupFJZw0b /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe /f

C:\Windows\system32\cmd.exe

cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupFJZw0b /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupFJZw0b /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupFJZw0b /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe /f"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\"""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\attrib.exe

"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe

C:\Windows\system32\schtasks.exe

schtasks /create /sc onlogon /tn WindowsDriverSetupFJZw0b /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe\" /F /rl highest

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=3132 get ExecutablePath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.59.81:443 ipinfo.io tcp
US 34.117.59.81:443 ipinfo.io tcp
US 34.117.59.81:443 ipinfo.io tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\d3dcompiler_47.dll

MD5 e32a10b5b2b577e36ecf14bba343d5e6
SHA1 933491deccc4e7d73bbb62160c51f84a0a6d4128
SHA256 a34d29073217e4b77d7f5dc49302aded1a91e234ca192af13332aadce3b24839
SHA512 e4a37568451f904ef8bd0dcd61502f43e2561ca7dc65c4f4cb317ff06380a095cfe3b93f954ecb1c462620cb5eb85bd3d9f85b007b85f5ec751b6288299cd185

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\ffmpeg.dll

MD5 9665e264766df5fe30e55898ff7b3526
SHA1 a7d510949b03cfce98b5e17777a281b18b895b50
SHA256 f9d6234e316d8ce8808de3c7bb7b52046e7f5f194afae2c3ff1b9f6361059452
SHA512 24dcd5ca1e8626e0ca18e7afcb48ff06bad6f1645aa69d84336bb60fed45b71959c30a991a8d2d176bead5809cc242835ef0537e058c2fe639f4258916987e36

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\GalaxySwapperV2.exe

MD5 8fe4b571b4d1d9ebc99f22f9b14f2001
SHA1 72114b6ee98addc1fd7a58b88202f9bf1202ab73
SHA256 793f41c4e422f35d68bf6cd3b5915066ec0355a7f02c891b5eee96169d9a678d
SHA512 4aa04253233efde9d0c8dbeb19f75239a7c36345ec6ee353c11c5219195c7409a50d7904ef055d15456b0c45c9a3219b686d0d7c87dc45480b9e8f58760cbcbf

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\libEGL.dll

MD5 abff041fbf78c5424ae3ce0c7b4eec5f
SHA1 ebe1da9e4fa531259c58894e7175b0083bfd58c0
SHA256 4215a83013086b0ead2af69d299d9d99e121cde102128566ec467ccfbfc6c4bb
SHA512 4cc4e274def9374bfb16a01e0899963a502a7726ad8eef0e4851642d76948ac74449505f410000ea65735daca2bd67a8ec034e8449428b3b38afd9a11d78ba83

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\icudtl.dat

MD5 017fa9c05b86441b15fdd65a132673bc
SHA1 d51507e2a5943f8c5a621e4448f43ba8117de4e7
SHA256 b9adddb5e043239d9e20bfcc8a2e38a2606e09b0e714007ff6426d7b697cf408
SHA512 ee64f9664c73f8f3e612c1b0e8901ea25fdfefb7b9f32f4e0536813715f1d891347fce2ec2be7ea357af27b46d2153bf5b9a6342cf053ac5836d319b323fdb16

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\libGLESv2.dll

MD5 246bb822045e8e07075eb4a10147c5b3
SHA1 be85355f44fbeb468fd047240cef9beeaeee9634
SHA256 ba131bcb1192c2bf0c333c19533648abf8e169f9541f158b8d967fcecbba03ba
SHA512 4f7aabaafc16fe5fdc127e8a761c91e40db47f9fe2460b256dd6eb23e16364782ac96fbb569d5697e0a9c626c0d79a79a94a39162bdba9b97ba5b018758dbd82

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\vk_swiftshader.dll

MD5 efde1654f7283fcb85286386146b68b6
SHA1 286f859956f03bdc7409002e08f57235fab14169
SHA256 e7fd44cf1d5461817127cb2d3c967d4aeb06dc8b6e8efe509aa2726ab4c127fc
SHA512 5ce8ca9639ec281d72e397d72c7a58062cb0ab63133471a66030d61e0c49d07d18b7908fa13340bd1167fd6c5c74a19f1eb0ac25d3fc1eb38d7063e8d39b6531

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\v8_context_snapshot.bin

MD5 b1f7a0fd969ffc754e26df3aef375741
SHA1 cb687091aae12b697d0f3972515dbf3b6a89aee5
SHA256 542d35c13f114946c31b9782fc2cb6043bfb7c8b4024fa42e537291eafccef0f
SHA512 21dbdd39aa2d78fee7c3c73a42a8c34f3493a3d8c590c62a819f7f8a4910d972edf4437765ced0217d6ffa77ef73602e4116be9a4692b9c2c641862827ab8196

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\snapshot_blob.bin

MD5 7f8eb26c51d3b294f78833021360ef50
SHA1 aad6846ceb51d93a327d71e0de642825a579fab9
SHA256 0a0245a0bf383392be309ab1680ae0c9b2b529d6ea58692e00f0c45be09c42f1
SHA512 2414a839e695b0f19784ba50e7439e58a09e9830a37556c29c2ae68e7ac6276a8660c99f4995ce3905cd67cf969fb26fb84f4da2125c1cdd6200c266052fe295

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources.pak

MD5 a2584f1ae93104e49c10225d0ad8a345
SHA1 f3b7a4d5aaac0418b3deebf1a052f7e3dfc610aa
SHA256 3196b1b13c9d695ab8d64d3eb24eedf73032bb87f689f8cb2111aa086ae2fcea
SHA512 44009298275e2e01137c13efbde37ec5431e12af07467a39d1744697b84f08248917f9d5274da8384fc7fb64d380c092ae581d795acf48813978a60fcc569e32

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\LICENSES.chromium.html

MD5 ec671de48a929593d65c359db4b13aca
SHA1 01f05dd16eed482a8f43d36e5313d6576e172732
SHA256 227ed10d7755248078536adf64d57c9b6701e9d8b88ad6deccbdb5e7bd3fc893
SHA512 6b11c3b88a4239d885a1e42607ef4a37cc150e779a1e355abe11f1c7db60dff17e6559d6b5d73673b31d8d193c98ff920d370f7f2a053650e1d426fcabb21959

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ca.pak

MD5 f7b33a51d3e32bbb732a9c11c1783cf5
SHA1 f219a81d39360a1e6e8c9f7b50a220b556594ac8
SHA256 5acdb5c9bc617fba554cc3125c9509351538daa32c22763dcec1147c9657af78
SHA512 bfe4aa7242d666a374fd7cf314a9ea5ca212c5859e531dc4a7bcd562c0f8cfaef5c39d9974ae3c9e25c0383c349ffbcd0213d9a06a4ae0df5fea1d35b2eca6df

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\bn.pak

MD5 5bf255bba43c88d7422efd287d9eaa3f
SHA1 2c9e1a110e3f0dd40984e3bc98f628c93ff57ab2
SHA256 dd767c50f234926f364c7d0d3ea60427509359d404972d5e6f59671ef89fe3f5
SHA512 f614d6180b97da811c5aaefb93494642931007cf6d72fa16e87b20bf6c84c78acaab9cd3cd407063d084c441069f99e98b087811148d330fb452e15516fb20a6

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\bg.pak

MD5 be18e246fea4a8d988f80159f2a50eaa
SHA1 b8a4216707d47e1002a55f76526c778b8ee7e84a
SHA256 2003141371a2d274fcf3816d7de4e4e479641d363b6fce6092bf7e29d6364f92
SHA512 3dab7e1e3fd9f0939a0553fa049478b742adb7747e5633c7aedb6b3f74d6f25026f655257bc30fa89bae2f6eaf44f81f73f57f070e66ce267eb96edf10446cc8

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ar.pak

MD5 59890b3c38a6d69696014242c6d28068
SHA1 750441fa38f59426cb30ac7932d487e8535ece57
SHA256 92af511f791175dbc9f262ad3caf2ca8d989736fb4c1d477323625c2e41259e0
SHA512 613602ab12a41c15fb4f2056a009dc7213dc0999b3cdc4458a1e76ec063027155ef3f2be97a6a47bd4d5002069dbf76dcfe5043303818e35b9e03b3a3b4a5820

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\am.pak

MD5 dc4811667d35a61f9ef5076fad456962
SHA1 3f10589460d395084f5eb0b58c62e416a4986ce2
SHA256 00b347804ebad0437ef2cb186ea2025d38195f22d39a24dbfadac0ffd1ab9196
SHA512 ee459a243a88649c9bbc22da31e6eadbe50ed78ae9e99e6f01fb2d3e5b3185d3d7e130543de59225e03b85583e0cd777b31b7554f2d06ca963eadd5c157f1f70

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\vulkan-1.dll

MD5 fa8b904ca8806616efe808085b924e1b
SHA1 2e0ddc360bb1e4f42e0d6a80e137e455f992ab5b
SHA256 235873bf196cdcee083c6d4bf93bb85bd68c990bcf7d106bf26cf1e490f5e10b
SHA512 f3ebe3bdb325f0b911923d8f51997bc5447551ecaa6d4ed14e1d93f69c8f3fd0fe2679c9428177ed2ffc3863321a025c755a15f3f19d54e0a2f0f7bea9ea9a59

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\fi.pak

MD5 542587f564a1c1823bfdd1a00e28d74b
SHA1 dba74bf8251470d8a1323baeb0f6bcae7411193c
SHA256 1c6665f5617aeea07447cab2020b2b6564a6439aef69f6f11f665554710afa76
SHA512 9018c93179620e21350ecbf3c5fe3012bfccae90f0ac180cbcfd192ea3796990cea535137994881bd0aefc362711c133cc77dfe8d35fc90b4ef94e1201492fdf

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\fa.pak

MD5 0a6cbff531ee0d00c8875828c7036f23
SHA1 b109cac70ea1290f2fea27a1926cb1f24cb24a7d
SHA256 3156d85c9b2154565d1f7a9e13acb3fa1b3fed0f3c8b00a9e99312ad4d9fbae7
SHA512 1b6d2cc0ffe83097fe4a4df509a69fa5e700b7554bd9e230892fd1974fdd1a8a0d521fbb28295b5009c9adc737385f396b5d307b4f90b995944b5f718c922c5b

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\et.pak

MD5 09da98bd1c63b373b518549f23d49749
SHA1 b2fbdd2dd5874839a582665ac75832af033eee63
SHA256 faa3aea8ddde7b2e857cbc04456e72b3a2d57d1e45b5f8cf7c0410a487d12600
SHA512 82aad23091eb6c5f8dfec483faea789ad0913c60c988e4c922e8f22212394b90cff969f20c2ba3a58837cf69c51abbe713d8dee3e292eb33bbb8e0be8710c206

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\es.pak

MD5 bfc9d682757ce53ebb5ce6b57665334a
SHA1 a405b38326eb8cbce2f0241ffa9c45a74dac17e4
SHA256 a7120028ea9ac01925a6109af3bbfaadf1c62dc993c8a92dcc5ae247fce5bf96
SHA512 3f4d8754c4645246abd214caef17328598d91cd0d222936843f2e325770780d905793a96ec40ce73c8f97315b630174ff85f658d4fbfbdd581b4ebe6ef33f6c5

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\es-419.pak

MD5 db0e8ddc7525b3cc283c6d7fb4ebe38e
SHA1 19c93df53e6ba85d36d9b6b8cf5a19ac3400a847
SHA256 f1cf476a5a4c9293a2910792510ba596c9bf292c74ebd00cbe698df0adf1caed
SHA512 892e03616b9bafca4f1bad77e907c7dc0dd78477ce10da0dbff1b4cd85c80d130b3daeeb4fcf804818832063f1a9753831115b0999a8a527e7a57f278faf59b6

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\en-US.pak

MD5 488414d0f7f000dcb2ae9d1417dd4819
SHA1 285d408ac1570344e325641db37b8896ceeb1eaf
SHA256 23bfe80f78fe64c5e20b0052c86743536726c97936571de87acc36f07ee3e461
SHA512 9908d2087b61c1afd89b5ac4329ac3330d8008336ccd7000185875dbb537aee5308f14d9286114b388f2c1d7835b10c127249dcc088414dada9eec1dcbf6567d

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\en-GB.pak

MD5 52e2826fb5814776d47a7fcaf55cb675
SHA1 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b
SHA256 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454
SHA512 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\el.pak

MD5 1c33df55cf729a4a13127054729599c7
SHA1 55a8b5e2dd65a564132a12ba8b16ee38a511ef9e
SHA256 c2e90fa5708655255378f34fa97e1d19bb112dcebf3149e00de07a4843b10610
SHA512 32c670301ad817493447904faaa6e30e51d1951048fa24a685dc1014e68ab6b9f561aad0aa45dc0d71d91ff16d6d74c482e37d9278a324ecdcd301af9664433b

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\de.pak

MD5 ef70bd9336ae5862c2bba6ed84acffcc
SHA1 d4cb4cb029276d3b18e083ada0685af7bcb4d557
SHA256 363286e856e15fc90501fee60937a34c2f03af08a7dc3dc1f7856f89f4c46407
SHA512 871f3bb3f8ac7979436816ce1f01394eeba6c5654050335ac95173efcdea2f7977d33ef88e22e81e303af77cf9389725a8380c2017a6a83ea9112ebbc3d78790

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\da.pak

MD5 55a8f5883805a65c854d25edb3959209
SHA1 d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268
SHA256 e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb
SHA512 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\cs.pak

MD5 3cfd9dc564cfcc33cc5524711365c376
SHA1 2e5016d2643017f37658262122974429f18625a2
SHA256 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee
SHA512 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\hu.pak

MD5 19f0d67ba565f0a3efb86ac8843ce9ab
SHA1 f4285b2e613cc1970056c30676606b8a25a47ba9
SHA256 2bb8f81908d4e62f41063027aefdff26996c506d6c593d25afd68fab1158042d
SHA512 07e62cd97c4c73549184c86e3280002160022b89fb69082153779fab236ae8f68a5d91d50556b3bc673e9fd7c978e2ff1c63b0796fe592059ca9019fbdd218cb

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\id.pak

MD5 6c0476689c4f2318adc304eedd19b463
SHA1 33cbc905fceeff0601c677e24cc161f6b1b0d809
SHA256 64bf8febf4848e452021d2ed8c36b85ca9e012f2ef3d887d7c3de99bcb8ec74c
SHA512 e64fb1e40d296c91552fe8de71b6177c925a33d95f6a0e13848383742d54b5ca201e99c032019aa6d84832ac5db7ff7781ebc6eed96f6851b1338bf7c6869dc4

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\hr.pak

MD5 d44fdef9e76525c08452ed5d6940aa42
SHA1 6e52c2338846c29c2ef4af239b1a5c5a70401a8a
SHA256 998f2448c58c0851f1e9658849e2c8e5eb437d19051b53c9a61f4581af309770
SHA512 b6b084214d92363e01654fe10254f5515e413dca27a643410302358a58e105e37fae3a45fb6b3482595052663d60ba389520d1f4de4976c16f6952b12a84a8dc

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\hi.pak

MD5 527780cedbf5ebf5db93c4aef9108628
SHA1 e47c4e7d049f016b6638d4e67341f71a38c97c19
SHA256 b5aff145e1392bb986960612fdbabf9d1ee3d52e23ed145718880e7326afad18
SHA512 fcdbc6b2df201920619ae7f95997f306df65b553449cdeaa5d5f0750c4d4b15c0070ebeeeca563ea09b965fc0adaaecc814017a5cb4b60ea680791f7164af4a0

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\he.pak

MD5 71f882975d69c50d97503bdfa52a9c57
SHA1 cfc4f778620052647e4dce68ee42435b9efe17cb
SHA256 5163ffc9522f52b9c2d4e91c8b4027900e67b988653086b6d109ab2ea811e069
SHA512 4e161809077fa8454cb689a93e20e0c9e421dd6f9fe65539396de4134019084ece58b956ec20f180aeffb584c4ae8e057a0c4c782080cddf6e78ea4752b3edb4

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\gu.pak

MD5 72db0fc7b5456c88fce2fb855cddfcd5
SHA1 e89ca15c3e850b77da6205f44ebd06910129a854
SHA256 93cd990f288891e09ebde2f43da96b9a9dd58783d767e262c37652984e8d172f
SHA512 7bb6b880791a4d2f2e9e631c2f6f96fb83b7ffe27ac0746cd09cd4b963866abcdfeb746cd4c4139585ab1db7bc123a6c96586d20f307a194b78d1e62d20b034a

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\fr.pak

MD5 d77cc5b3a9eef858c0d71f1020904d9f
SHA1 9701c8608b6cb3cb9891aa259d12cb5acba21f88
SHA256 90cb143f0d8dfe1ddb318413cf3513f93f505a8241349518f9e41d320022d4be
SHA512 86b65da19728a2b6b4f469b2ad3d3e98cd0b026479c53eca3da3433b224f46728ac810edbd6e55c9d3a4785fc26aa33735cc9b250448b11bfa71cfa998af6080

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\fil.pak

MD5 19d24eafda16fe774aa15aa70a60268d
SHA1 f615fa4c1a800c397529705be3e3fdac90765aca
SHA256 eef7cf0707b06be9e0f186f857b4316ac7c0e9916a39b258d292b01789eaa16a
SHA512 251f3e2a268b19f1724003f150a17f6572a856acf1560b3a94baa305a3534d1a40336fa75d33f41dc9d73ea1e52859906b66609e997fc3409249a651cbf89e25

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ml.pak

MD5 b9df755aa732ed4b39e8f2882608dbd9
SHA1 1b6dee18da13c50e9ce6540b08c6664ade3c0b46
SHA256 146b2708ca90f89a844daf833d01de96d5a6332225b9d3ad20ea6cc02b2ecd7d
SHA512 d9af405c074cd7758045f59cfea209fb19060490969fb26e10b4d484966e9306ba7a3ba21195729af69758e3c4a594252899f702ed235a1da397f80ee48f5f83

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\lv.pak

MD5 337a53ccdd87fde67f3dbb60d1dd91fb
SHA1 d21af54f1506a1363b134761321cff84227a81a4
SHA256 f48d37352318cc367dda6de99b06ba2636a1d4ee73b6aa206954b0a37404f665
SHA512 e660505a437d25a47f4285b20e99af314fdc494b7070499389d3bd2189595c6fa253fee0e8bd9bdf0581213d7ae45637f3783b0206810f418427030449c4f4a4

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\lt.pak

MD5 b0bd397a8d848e45f3eeba20319e59aa
SHA1 643eb84f82b2a3d69d934ae989418b266dc1adcf
SHA256 012bf4f874d328165a471358652902f3c4bde25ef02cb1b8c367cec431c94a82
SHA512 ea18e23f794b8703777f3ad692516341bf9a26d7307754a925eb4323657611450f56d4e33ecfcb6b8f571b28b1acc3530b2b4e9c02386fd5464eebaa2457063d

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ko.pak

MD5 bc657ffae0c19d53c209759db483328c
SHA1 20264cb118d02fff6ea36bd7554c2c1cad3114db
SHA256 fa7b05d1fb196783cb324509bd9286afac4972e8b12128b90eb0335076831eea
SHA512 9295b7232e3b08d52398ff545f8899a94c0d8fefb557acf9ac081dd56371a8d6828f4054b0536393fb03abedd5a78db80b8d30d8864bd491386f36e069a979df

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\kn.pak

MD5 b87f395fbcde7982df162b0ed6c6564b
SHA1 7357e82c40141363f3a566f1b4eb9a156a7c0c76
SHA256 8b131a9e49b4c6e726f444fa7663a7153f0b20b24b823b19c62cac2626c61565
SHA512 e7ba68bad2f9a096bc46aea78b3ccd4a87e4a6f5e2d0cdd5c9df43ade17e4e71bf69c5cdffab8399224f7ec8ae71269463e659d7f8649849a8ecab7dcca1fb59

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ja.pak

MD5 65a1423af5ffccdb80c424605620d9b1
SHA1 e210ddcf99994add81d9348d05a5327763c0788d
SHA256 055c1eacfaa8409336a411977d4da6f9067d570235289674f02e27398e1edf26
SHA512 e656da4b9242a7ee912aafd09c6c09c9ed9498141a71f598778e0763385ba0c5f7108355ce4f814118f6a5c6c1c96896f0f1f850a092192941ab698c73ed9683

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\it.pak

MD5 5aa225aad4f9fe6d05ec24905a827d88
SHA1 f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22
SHA256 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab
SHA512 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\pl.pak

MD5 9e2de6b5009b40c72eb8932d711bac92
SHA1 56a0aea6539699d6120bade928df08130205c0fb
SHA256 443b9cc0ea3e0dd999a205d08e79489ea8c7167c2a9fea9800d39c4cbbd91e90
SHA512 0aede71d7369cd5b6d36b938827cb11c97ddee73c6e6351a205e6aef6e4f377a76eacf4d6cfed8b7e17ff129b7bc2243a66632ec67aa20668238605d8a6f29a6

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\nl.pak

MD5 cf6b1cbfd669e9461553974ba37a475e
SHA1 b33867e9bc7fd88ca98a76dc4bd756bcf18887aa
SHA256 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864
SHA512 e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\nb.pak

MD5 9242234d2974cea9c7994c0a21767d01
SHA1 249b6277062c0dfb66d735d7d93664a51a14e02f
SHA256 26af05118d09b5812f149d4f47906c63eef2ea1312f830133bac12dd2d192d09
SHA512 0a8daa683ce84dd7223cd1b4f827b3c41dc445ec714323bc1da8f68218ff0ce5cc36a05783a991ac54ffaa42ae2cff289a39a9acdb61d6dd3eab9dbfbf83acc7

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ms.pak

MD5 3f167b00cb563d2c015c67fec11bbcea
SHA1 c3a77459accf4778fd05a91bbed1e19a40b0e48a
SHA256 ecea5c1db547db33ecc9f0938fa7d9a0522524dbf73584215b089ee491f2441e
SHA512 5068b06d8b78455db3c1070487a55e10559155be6fba7ae793083efa8518a1977c3ef6ca6b257148e462fa660f89a8f54dea61f17abbf36cb6cb4bc67316eb34

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\mr.pak

MD5 9eca06ffc201e3df935c20ee727cae1b
SHA1 c55b47458ad4359938b8470dedaf101092ea5f60
SHA256 3f3c76081e15a7b99143c5789af8a09513482be3fa8307cd3a517a6aa574a9c3
SHA512 03380b1f2f3c703c0658ecf9bbadd6a5edc29fb6775d1dc9c526aff0a3f4e5bcb5b01a9f8ff146c37ed1dc1dfcc913345c946bb331d6d96f0c5c5ef9bdc492ac

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\pt-BR.pak

MD5 c9b6929d9081fcd18e6f93dd47cae9fc
SHA1 8ead20aed13f3c3daa82380f071614aa1198db52
SHA256 270f2dc067c9f5b316f1f5ea66cb038c31f039b4ae62a7e7b1af8b621d1b9338
SHA512 206077513abf3147b6ad31b7c2b7caea0f2bb83b7978707cc91973bc1b539a5a2991ecb682824d1fa8d53ef1aef3d28dec28805960584a91922b3c7b562b98cb

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\th.pak

MD5 cbe593e6129d0facc64b23d3cdd741aa
SHA1 b2ab64853491b423392530de3fac88733d977d99
SHA256 7d597f74e181e3fe28b204b6471d9b8e77315feeb1c861e4387a123a79d77a9f
SHA512 d8732be2fe460331904daefcda34f13769f48b125ab104ac64cb01ebba4bacf0a666d0cf5ce8531985da6c74a88144e71ee2d56d44a39eaf045d3f63d133e733

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\te.pak

MD5 80f78a18a5cf28b7dbc28ac57f940aea
SHA1 cce71bbd2293989d7c84c042946a3f19c71ba063
SHA256 4e13a79b177fa2315d44738a2dcc11b6501706f6883df2e7a6881917f98679a1
SHA512 7c76bafa586d1746a589e7925ac5e6ecfa3fdf652d00aa7c94bc9fbda4c2baaf556d60f063c46141024177d0b0fd309b4c2b9dc5e1290b516a1dc94bd6245db4

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ta.pak

MD5 55bf48b63aeb01ed61c7e222e312c332
SHA1 98f84f98aacd1f89825cbb267e8e773be0038205
SHA256 95afffe6a3184708428a7746af2d8c6d0b4a54da39ce6bf4851ef459530dce10
SHA512 d5b5b6791c6d2c00b51c10c502170f88c59cd29c92b03cf64e20b468b811b1b65a2160c2b5020d973e288f4d4b987fb0140576d998007fc58cce234e19f621e5

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\sw.pak

MD5 f8f611ed575d2807573f5af8157e84a1
SHA1 cc328ed255ece400e961e8228f5c05dc59e6962e
SHA256 130e815110642b2533493cac4a5409cd73e065b4979bc4f6837c3656d4ea1639
SHA512 ac3684094f09a26a892aa0d599b10819056286bb6ec5daa53c6e129462dbf5ee5823dcf1cbd15f5a20ce266260c2689846637d28326932bdf80a0d57e51be6cf

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\sv.pak

MD5 1e7e94ff2df01c6c75d518d0ff9ef373
SHA1 1164ef9aad44b51d54ed9fcb9a6ab804416b2ab6
SHA256 6ef74edd0f3a39e1b4360425a07cf6f6e685535bb7e742ef66003f06e29f51cd
SHA512 a86a7f0a8ec2ffd14d4603ba74db2bd71b058d4c3bf948ef607d5a2b302df190d09ca8f66ad9e6fd1d3c3af4c50c5182a3a37077e5f9e7448a4e95bb176fd103

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\sr.pak

MD5 0e1f2258cdc234371e344bf7fedefa62
SHA1 76f8353b1f750bb23368817b4976c55ffd79e353
SHA256 4fbeae901b1899028c954a2b22d016be8640becd056d813e2b534900a8df3157
SHA512 8e9056d894c1492b988c27c0b71e67e96208e0c07b981a392721c5965735155aa346a87318f3a0f9f25737c52b668fd1ecc8c925c8e26a4decb1e6befe8be31f

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\sl.pak

MD5 4fc2b83dd1dcca7adcf20f73716f5017
SHA1 85b96547722754a27f1f0dda2e0efd3ea1f3fcf0
SHA256 945ada1c7bb0c5b3bcb1c0042fc9f4743c1ad649fe09b8f1fcacccf81a82f5a0
SHA512 953d5781eca370bbaa7431c828906aa3592d1f94adc213b1970aba1b4ec49655083bc707e1389471e4d491eac342e88cf48979d103fc86972dd5b39c112663d5

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\sk.pak

MD5 7fc41c7ad3b29c84a5ccc7b3c708e5cf
SHA1 10e8db5f7d9eca9c15516370df72afb850f2dd8f
SHA256 249f8784289be6e6c9f1fadc6d719846a69d27888054e3e4665f2edcb5a033db
SHA512 5d30fcfbcedd0bb70ea61108957f30e13cc3432966f796cac266fb96dd3a4d78609e38b1bd783a8924c028d2abaa56aac291aa0f6757b0e77d41893cc17285ad

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\tr.pak

MD5 cc028ae17449280ddf37a5e4843bd622
SHA1 7e7fdfeff439eecb025eb6f1996cf3cbd2304c9b
SHA256 684617b194e1f17cdc502a709be10f35aea05a0c0d4677f3fc4bddc2f9f57aa1
SHA512 3478c5e8f3bb5395344c0b0ecc41b4444b1adfc7b3be802223105f60f4968010d8e7c4a91317e5fccaede70d85ae8f79294227bde183d4f617988a291f030925

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ru.pak

MD5 cd779169f1efc62237d7eb8d04ae30d3
SHA1 8a4eb3dcd3e61be170438794e88896f911a9effd
SHA256 f60ed616fb7fe7aa6a17b3aa4b11dfb3363378b7e374daa6cad4f300748d1c0a
SHA512 dce4502acdbda017da9c20fc916a7084481dc563d56247a30bc8223a4f71b152c3d1a4f705fab14db6aa22a1eae7897647ab9b905bebc81c551e3e4e7ef748ec

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\ro.pak

MD5 3f44b20e96dcb255a92e28837be0954b
SHA1 e667622de4a5c5fb21ee8994d6614a0c9b577251
SHA256 ec301c090ccc24ddee245549588b1be1961d9d7d11b4bcabddfd37f4eda82d7d
SHA512 de2f0d958c93c75d8f8d1b31c1eac7f40045c8bf8215d1f1c560d3dfad38bcedb573ef23d2d771604655d32c45cdb6213fb91ab8425dcd0018f751e6f34b787a

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\pt-PT.pak

MD5 18a9a839c47ce698a547d8039cf29770
SHA1 d86163aed020fdd2f43a65f395e40818b6c509be
SHA256 49c8dea180854f256eebd7007a3507a1125ec39f56681c6a6589af8873542dfc
SHA512 8336054781937458a56b86e9d9c44d6f5bd86c592e22104e97a964999908e0e44cf1b3ade67fe5bf72fb12003fb3565642eca90ed47236c753a29b7c3feb9330

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\zh-TW.pak

MD5 d65f9d6eb0d1c6eb14b494d93d9ab2bd
SHA1 ca835746ca005a905ed9be4104085dad58fbd33c
SHA256 f8a74b84bab4278baef9f01f93a634b2231683905bca73ddbd7825885c8951e0
SHA512 b5c8a2f88643e49f9d210ee67b117e6447597527e81bf8f4dcec97aa398f68b1793fdda166f2ca2dd4f3ab64b8a4c292c8eb197a28a24cdd13ea33ede06bb3fd

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\zh-CN.pak

MD5 8364b32e73c8f1bfa649296d369985cb
SHA1 5e943a0f38d9e8e7ecca46f88a91f3399e8a824f
SHA256 802729d656e7eee2731d2290f2a9daff4c21dcbbe98d616338f3a3a94474a26c
SHA512 2bf1572b1d9b27fff4f9eeee61590d7bad724233cbf9d9577af5e350662a7606fdfd4236296037287432ceecc9a20c0fbbc40cd95d54222c7f9bebcc7576c6e2

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\vi.pak

MD5 6b28cae4e2c869bcc1172d47f3b4d8fa
SHA1 d358ca4c288145709b5ac20aafe71595be28d0a4
SHA256 7b4eaeeb06bc3f30d9202d0d6dd22a2c86f2a433ef25e7923a2999cf6623b124
SHA512 387e2eee1a0d09e68d87e4d41f7c0e77375a4e79f0a5ae910149d4aa6ed2d6c53beb7b2704d94605eab9a34707659c10ad6476cac8c63cf2713f27265e7ff3ce

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\locales\uk.pak

MD5 e1798d6182aa4de2fa74262d19cd9c9c
SHA1 de557f946b8200027bde99844a9ac353c7a48836
SHA256 9d3e8c197abccf8e8a1fc54a628e95c7ae820bc88b825829be702f301a326bcb
SHA512 22c84b24d0da28777df4e49d62fcf7931257031c978417e84c23ee72bbb8fb0152a4d4df77f8ffa99664298e2f1e183f92ec57284d72a1b70cbc66ed09b5b6ed

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 9d1c7d25a07f03dfa7a8425d7ef22ed5
SHA1 ef4644819a98624100d85c9dd698ceda6cde9f93
SHA256 2f7c9da9d9fd30db19d031d18537de552cfaefc1dd718bbe92d5207ae3ff3e77
SHA512 89aab8feb01ea8b82e7223309f6670ec1c1a46310a16bf14464cfffacccc069b2a87dfd524947e95766cec4292a5287fed7c5980584f84fb10ad83647f0c318d

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources\elevate.exe

MD5 c3f48ef0f52abee576650fedcb2390ad
SHA1 1d25e9e284c85cb55245c80490accdb0da32b024
SHA256 075cfd3ae537860e7b0a7cf4a9fd579135ed43762a273051316c4edfcfee71cc
SHA512 a5f9337335f9b082059c0b451f1d3b33e53257b8e1e793f18f72bec1d2fcb5f5c5330159d4aa23d424385003060c0a6761213813fab78db761a3eee1a622d9b9

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources\app.asar

MD5 236b8742e516b8e74240d6d9efb87cd2
SHA1 1f75db6cd0d5c9e06086b66ecbe9e6ab46d9f970
SHA256 83c817017855dbaab80eeda252f8869c4d2d98b6d1637bd59feabc2ca912b5f9
SHA512 d768f3307d26722f445b5734f44923492d1c60607d23a239ae796bd3ccecc5c551d109d5f2903896a8f1e782c5850651117607b76c952c0184aa0afa8ad9761d

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 471b15abc9f2e98fb7ed7361d3f045eb
SHA1 95b5798d80a9410872f6ed485ae2b43ca3745540
SHA256 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004
SHA512 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\StdUtils.dll

MD5 971cef820a6cff849b07f9c7520cc938
SHA1 9b95eba2bc646bf5a24df54b75ff6465919f6b83
SHA256 2301331af81308d1a8f5d82ea26845dd2a1225160fcd0f1f69e38f6aafa64c75
SHA512 9ca971cfe4a54aa3072cbfedef53a2c87bf04d7532e31456aad2ccbabe54b9844db69f3aa6e7a45524bf4ea427e6dbd1558c4afb58c78d2ba3ac003ccb0e4d1b

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 b11590f9fa59b203db9f13e60a1d068c
SHA1 3924feecde85f95310ab5a77e2b014cc783450e7
SHA256 d4c79972bae8aeda98b8f86797252a20797dd1dc754af65131d5c2c5f08cbed1
SHA512 dd6fbeaeac1541145ba07fb57e4abf180f6c6fccbfb5ddf201e055d39189430fca23bdd6037282bf6fa5e686dca688f45d3b4f78a0982a88ea667a93d50711a2

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\swiftshader\libEGL.dll

MD5 2846b51d32455c8118ddc00dc87332ee
SHA1 17df8c7cb3782dafd8e9cb451a2e5ef1dcc246fb
SHA256 75e9b0cd7103523a1771d8b10932a73a5166e0f26de6f8fbeabfe3955ee7fb88
SHA512 8ab00ad17986cd882af4b2c6ccc396685e61237c5c04e8b618fea52454fda568788fde06df9b32be5aeafb2fb75c90b08dd69062cbe9bb7fbc0847a9954d6e1c

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 bdec2dcc14f4126e0be3a0a3e07f86de
SHA1 37385be24af8251340ef49f4464aada7eecad1cc
SHA256 75d8a96dbba4dd12f8ee8c8bd018f0d62fa304cf47db481482ef52591e2afa49
SHA512 143193648c9a51d218a3334c85244469d05ec6b2553b3b0d7642b33fff19de439cc390b8e5a0422019bda1f2319ccff3d2e19397adb4713da06d8f69d84a0cec

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\v8_context_snapshot.bin

MD5 0cf49718e2e4b5f5516b499417f505c5
SHA1 d8554366fb1086668779694b4f7a389bdc0e5e38
SHA256 3624d6c92859fbe7dfe5f328586f4a6c465b200ffcd98a0034b0400a5b6f292e
SHA512 4ffd7c5ac4f4d78f7c054defc513939db4dc8fd689a668a13d57e5aaa351a95aa4001b183fb33b03992c4e9a0a1f7b5333b5dc2e7ed1b1cdd385d79294f845f3

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\icudtl.dat

MD5 9bd7d26a7af5d4480c462cbcb99f1d88
SHA1 9fe9d92bc2d862041b58eb83dc08fd69eb7b794d
SHA256 d1272f5308990559b9d3189a60a9dbc006e30f78b23dc2c7eb4b29082918ed76
SHA512 b7897ed1853fe074b62614579e5a255886fa6975a5d411b0ff97af200596d91747b253e5daadeed5622b7eb577547da88204a827751df9b419dd62de69b26278

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll

MD5 19419c5867af8de22cbc41b45feb1ab0
SHA1 a038f7dcebf3e80ea53b134f2fc01a452f5ac10d
SHA256 3e70c19d8a34a6641baa817926c51cbb6844d5db9fc4a3c6b0faf674ecec4f6a
SHA512 a42c3e2902cd5e880ee0ac006a6b01f801fdc4bf4914fbb18702d0c39565fcccb01c46f8dc47123e9cf0b2967b871f0eff38b8d262a7eaa9ecc5c9839b0e2a7a

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll

MD5 95a00c535ac6d6cfb404fa38480d5d78
SHA1 2d9f71758d1c2e72ae1a76db6d66894deea7d91e
SHA256 73c4d805020c6a6ce948d331ecb3689c98315b415d3b2e7d4c90a6cf212052d6
SHA512 442fdef661e8525b47268c74fda2ffb89b10f612ec3e1c5e300697eae899e1039121da739837113de291bd2e6a0b6ec7c8693735339345cedfde6759aad64720

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

MD5 011970ceaa9f27e09d558da1b6e4f3f9
SHA1 85f687938c4b69aa3f1de76c203b3766efa4a517
SHA256 6eef9f143b79d64b821d4df1e90399541ab7edba6e9b80301ef323759e134574
SHA512 03b68ba4f1426b4d9fe6ef3d6464032a1f6e3ebcf7dc16e1b6759429785364ae14e8ad4923fc5c60a2e5b293038f594c4490a583a101fb7c8433e66b12d0d74b

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources\app.asar

MD5 bcd234d5a3956500f99886f05764a982
SHA1 3035aca7104cb14ff5551eb59e7094a729d25890
SHA256 4e63899502078258b8136ebe43ffcfe6b816a96b94c804b2c0b0a0ca707ec508
SHA512 8250166b97ba20ea8988489b340ce6df79c8c08afc0c4f9781989a9acc79612c292bddd7d0883c1be246e213b79ff8a3b629faf94a7178751ee7700c666cc687

C:\Users\Admin\AppData\Local\Temp\30d27bdd-6c7b-413a-97b1-d31275b44f39.tmp.node

MD5 30e1c7e2ca5ec7a0cabbd87cd7268e30
SHA1 9251f2f00ff0ddb918952be3b2b25813e50c106f
SHA256 e3116f6212bebfc1c5e42cb94032fb5b31d694829842130540202d84a97a53db
SHA512 8f1b500ea82229ce3228727a731e169e5dff0d251f3756a2a342b37427e2ed5a5819d22a8d39a1f064675dbe87af8acca0032b6210da9a1f4508ba121e469012

C:\Users\Admin\AppData\Local\Temp\a492164e-ed87-4e44-8c6d-5e75463c0a5e.tmp.node

MD5 2303efc3a7b37db5cb580a6d00a900c4
SHA1 2ec524e53ffa3b75a75f35bda9ea5eb6a381b0df
SHA256 1f8be4cd7f3da2f6e53d54c5f0fcd7893cea7e7d8a3591fd95ac43a734486fa1
SHA512 c4af0a2f80a5cb5f9626d56a9e8323a36e93ed52c47fd1f13314c0a2402a517aa7f7715dd504361f7bdd65dbf8e56978f59e68a8e5e30018924cdea1451c6e8e

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_100_percent.pak

MD5 2167b6b3b9947a85ffe2e46c208b4390
SHA1 9a70414e99d545a3b269d04e8184738a29ffc676
SHA256 76f260a51da5c6887a92934354f6562ef81ab5386da8172cc8d15be31981786a
SHA512 4e5cd237cc98135e04cecfc2249e82853ef6a60bdbc546abdf2dc68fcd1828234363f77152b1bc5ae7a04fc5533ffd5f8b145540488a2ed499ae71c453655afa

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\resources.pak

MD5 141bc756e5d12b845598ea1d88df11bc
SHA1 25cd040d102f9944bafceae397eb583be0dff406
SHA256 492b4738b865746edee4ee41cadc71c5e830fd5c1aa67ae467c9e5399cc42b6d
SHA512 56ef550b1d3e78b26c20ed5e953a994c9191c030078b9e362edaa7dff8d13d90f5b52e7d5106b62bb7a321a5a52d46bf2847be8c32e03f63bc36ea05bcc21c9d

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll

MD5 6c8e6d02673ab12aa5f87f3a1e948276
SHA1 d06481c1105fdaf96f984455f1bec24bf982368c
SHA256 9d98d634a9ca6b1d9a85d1b0d1130c5a5e00651c2101b5045b1f2e13f84a19f2
SHA512 0501a1332d127d6baf91226ed47475660bb561d1b2fadd93b585572e4ff96e5452572ad2f6ca19202fec16e7d6afc97a2677b101484ce48d4e6de23d0fd2ccb0

memory/3808-578-0x00007FFDE14F0000-0x00007FFDE14F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\ffmpeg.dll

MD5 e732eef51091131b58e512f48c42b357
SHA1 164046b2a8b446325ea48cb5bffbe5479311662e
SHA256 f7981a6c1fe848adb2ba02bdfc391c2dfc6722f804ec5ee4a8e2abc3295e6ade
SHA512 43ec51355424175d2d2a44c82f7e22dc80beaa597043d213189cb90e891f9da3a7d62bab3879820f044e2afaab84c43b0f4f5adab352e28ab49f0a374435885d

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

MD5 aa8542457941c501f7c13e7d4b69c85d
SHA1 1963b1bfeb820735a29e4176ca91e8d177792dfa
SHA256 0aa99773334e132e73350e494ae643f816d073907b0643166b04ef1467fc9be0
SHA512 e6922963e4c030ac32c934086e6c96b44cefe438413228acdca575efe89ff01128a0717a77695a6e8fb824c7702365cd4ea2e4c8638d27f5f165e0ab8be38e0f

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libEGL.dll

MD5 46894826c99929733f0463d04d508464
SHA1 dacf35683ba5988cdcdcbbbb02af9afb96e2be32
SHA256 8182b21ad32fb3c0a335183b3c1dbb8066dd8be915030b8a48192db18fcc29be
SHA512 8ed0b6806e6e2a9182b133848c17d1297bdc61efe7be246d8d93420fe44283e96a194d34f7f5735be4b8fdffe20e7ba6bb513d3606585f49f6ca9546d86646d4

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libegl.dll

MD5 2d31b806863aaed87be82d13c52cfa43
SHA1 e4adb38c965f07507505f88de982b22f574c849f
SHA256 80e13b6822ba82dc7cba862958a1e2c1ea3932a40fef2f65c413a6708dff2a84
SHA512 bcbf71e67a0908f770f0b60665bd89716f91875846d579a2bb68c649a4e05e7a9aacb3af078b4e12899a0eaae01290e2a519859ec1749e0535422f813ffe6856

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libGLESv2.dll

MD5 c2c36412b5a54d61cb4a61e7f29f8f02
SHA1 af5d76b5e5233f90c1765341d197f569244bf928
SHA256 3635f499df211b1968ab0f5d89f097ca2494275eff854fb51584a8f9594d47bd
SHA512 504816bace02d91cbc6bdd8c144f192e1b7d87233c6fb8610bddd602cfa8c9dff7a6b0e416a8cea1199ac490c9dc9ac1088c8e98f14296d1889c369f1f957945

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\libglesv2.dll

MD5 0e335b487e73dcb478602982e9850918
SHA1 fb1475a73cde2b9d784753b5355c1f6f8f9af2f6
SHA256 102cd1c8680b377e1a399953e89c50176103120d212698a20b972b1862b63fb3
SHA512 f51ea08c50049c8f46146fef272a56b041e6ece768109b8578cb5d9fe09a4e7e2aaec55d9c9f981cdccaf52fa2ed8a0e0fefb3e581883aedf703286ed919ee29

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\d3dcompiler_47.dll

MD5 32222062e7d71d7b626a87b1d200db6e
SHA1 765e6ff92d382ce07b7b07db1d294c71b0031cde
SHA256 3211b45bf248b7e77be492d966669735f69c5098d6aca8f95d720a8f6feb6a95
SHA512 c9ad5851d08943ace46ef66edfb204af6adf790580a5b2c090f79b713d289914502f9cd3d794ac6d13da84a82765cc02115ad0a009639d44d34fc361d04f1e8c

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\D3DCompiler_47.dll

MD5 dd11aa65b5e86e01b3d731bd4e202630
SHA1 8d10a5b191a5a17afc4a8d5862c53e56abb8fe96
SHA256 700e164194deb145853d3c3f8d3c8d311a45fa69ebe910eeb9951c97197d8761
SHA512 df77c70446fa455b588ee88dab6279b4e93e5ec30860358a4a1df3bc1504831e4211730633d3e5fbb57c0107a6c07f96250016ae7fbaf6bfff5534e27903ee93

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

MD5 fcfaefdabd22be345f73fa31aac03bb1
SHA1 83ebc1ee0558b7217f42ac3819a1403521967f43
SHA256 6087553fa857bda44cb60c2801d32313eb453ba2ca3b93daeaece287251d8be2
SHA512 769de1cd9914c9534379a535d016f0a864afc64a4779a8a4b202f7a5bc0f3eff82d76067ff7b72c5dba9b6f00367db777961697dd03574973ed3ac8cfb5acb62

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\GalaxySwapperV2.exe

MD5 9ffcd34c1299b03eee904af62b5d8f08
SHA1 edce8b998f7d5877147f75d75b7199040697e229
SHA256 6057879bcb383ed74a4dd31cf45841f6b7f8f380c1f7f73a800bac9469ad868e
SHA512 d05b6b997f7efaf544eeccb84d26d1b0b78f49caf87fb9255af68d67642a4dbae1929eeb5e52409b1634432a8279b54398a02e63b52b5bd8f6523ba6b95c721c

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\locales\en-US.pak

MD5 0bb857860d8c9ab6d617cea5a5bd4d00
SHA1 351b744d95846bff2ce5f542fec2e87439aa0f8b
SHA256 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816
SHA512 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

C:\Users\Admin\AppData\Local\Temp\2ZWZP8Gop7Fnf90fxfgg1lkC8bT\chrome_200_percent.pak

MD5 00da54e27f67c99cf78f84cf74185b2f
SHA1 7b1c2c58a906825c10c977a93970ed510e7fe913
SHA256 8937f6f75cb137328f7801daeae8854d8f7e127ab9c5e6941bdc8c8ffd286c06
SHA512 e422d1b5d6443298a2f1917f75ad4cf3a9933a41ded38cb5a161cde05be3017521083d6fe5067791495dd946164b0aff40ecf37cb3b49a01d6c30c8c88bb3923

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rjujtgy5.czi.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2464-610-0x00007FFDBEC50000-0x00007FFDBF712000-memory.dmp

memory/2464-603-0x000001FDFAE00000-0x000001FDFAE22000-memory.dmp

memory/2464-613-0x000001FDFB410000-0x000001FDFB420000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 88dc70c361a22feac57b031dd9c1f02f
SHA1 a9b4732260c2a323750022a73480f229ce25d46d
SHA256 43244c0820ec5074e654ecd149fa744f51b2c1522e90285567713dae64b62f59
SHA512 19c0532741ebc9751390e6c5ca593a81493652f25c74c8cab29a8b5b1f1efef8d511254a04f50b0c4a20724bae10d96d52af7a76b0c85ddc5f020d4cac41100c

memory/4984-629-0x00007FFDBEC50000-0x00007FFDBF712000-memory.dmp

memory/4984-631-0x000002D5EF0E0000-0x000002D5EF0F0000-memory.dmp

memory/4984-630-0x000002D5EF0E0000-0x000002D5EF0F0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d8b9a260789a22d72263ef3bb119108c
SHA1 376a9bd48726f422679f2cd65003442c0b6f6dd5
SHA256 d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc
SHA512 550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b

memory/2464-617-0x00007FFDBEC50000-0x00007FFDBF712000-memory.dmp

memory/2464-612-0x000001FDFB410000-0x000001FDFB420000-memory.dmp

memory/2464-611-0x000001FDFB410000-0x000001FDFB420000-memory.dmp

memory/4984-634-0x00007FFDBEC50000-0x00007FFDBF712000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

memory/2960-651-0x000002345DEC0000-0x000002345DED0000-memory.dmp

memory/2960-655-0x00007FFDBEC50000-0x00007FFDBF712000-memory.dmp

memory/3808-659-0x0000020036A70000-0x000002003721E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nssCCC7.tmp\StdUtils.dll

MD5 45d4db67553b4422938494f16f985394
SHA1 73588f1c28d36f3f79ea78297138674d7d34b5aa
SHA256 e3d6576cf6e12c72e45268260c84ebff32d61d6fbaad51e299351a8efe37a10d
SHA512 fa15ea3e10b147158051fbabaed5f13c5fce880780d723aa5868739a909dc78a3c852d33610fbc27a5b47ed4e00fdeee9d3038998c1d72f57222cc3ba4390078

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\GalaxySwapperV2.exe

MD5 d240384f02571144b5c0dd99ae694028
SHA1 7ab638d4c44856d7ecb4915aff66766e06550386
SHA256 17d89004d6da74d210525fa9f5e24e06a9e6bfb343baf90cc1e51a3fa2497f0f
SHA512 b019466f1ceee4a3643b3cb0f676199c106bfb3b1406e92f27154ec70b8663ceb913d422f712145f0be78a89d3762bf81b567e15e27b7be6c48b8f7cf1777806

memory/2960-652-0x000002345DEC0000-0x000002345DED0000-memory.dmp

memory/2960-650-0x000002345DEC0000-0x000002345DED0000-memory.dmp

memory/2960-649-0x00007FFDBEC50000-0x00007FFDBF712000-memory.dmp