Analysis Overview
SHA256
31334c51d6db4c2a11b4f048cc97afcb0a7424c9397cd214653235c0fb1c73eb
Threat Level: Known bad
The file Nova_Patcher.exe was found to be: Known bad.
Malicious Activity Summary
Irata
Irata payload
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks installed software on the system
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Collects information from the system
Detects videocard installed
Enumerates processes with tasklist
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-15 20:54
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-15 20:54
Reported
2023-12-15 20:57
Platform
win7-20231129-en
Max time kernel
6s
Max time network
136s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe | N/A |
Loads dropped DLL
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Nova_Patcher.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Nova_Patcher.exe
"C:\Users\Admin\AppData\Local\Temp\Nova_Patcher.exe"
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
"C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe"
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
"C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=988 --field-trial-handle=1148,17215278432194818763,2175346708185583116,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\net.exe
net session
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
"C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1512 --field-trial-handle=1148,17215278432194818763,2175346708185583116,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
"C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1056 --field-trial-handle=1148,17215278432194818763,2175346708185583116,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7feef189758,0x7feef189768,0x7feef189778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3220 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3636 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3740 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3788 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3696 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2832 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2344 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2392 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2380 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2784 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4076 --field-trial-handle=1216,i,17277537014700718061,2967084329767640434,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
Files
\Users\Admin\AppData\Local\Temp\nso1B01.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nso1B01.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\d3dcompiler_47.dll
| MD5 | ecb6041e7b6456962954e182a0779520 |
| SHA1 | 7603a25b21c539f032fe179fe020e286ff893862 |
| SHA256 | 7d03e3033c11026c4110ab205c656743335e8c9474c9d7629e77fdda90b322e4 |
| SHA512 | 803f496049909660e8110ae938893da2561d784bb9c7f3b75852b79ceccbea96d2c5b1f6f4a0134455e87d9d8edbba65e6d59778d81df7d573d213ed2cdf17e8 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\ffmpeg.dll
| MD5 | 900755c2da57e26fbb96b8d2b3110164 |
| SHA1 | 63029a72c1d5431801af592f8255ad39a1cd6011 |
| SHA256 | 3cdf6d59f7de232d4873ab4f731b2c2e0744ce3d98ded0ad9626267095c08106 |
| SHA512 | 320ead83610c0e292933034e60b7b753f9f8a71fd1c7a3fc027e7ce03d1807d50298aced26765cf95457a6872f47ebabeb4cb29e3932c8c9917ebf94c44a4aae |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\icudtl.dat
| MD5 | ca43a1c23cd412d870c79a6a894c70c1 |
| SHA1 | 9a2ce4ca4141ff844ba7dd53a1e61179f1c27fb8 |
| SHA256 | 36b1835894238de1e17773aaad062843194700bcef382c43da6756e8224ce19a |
| SHA512 | 8b41381401adacf44705bd93ebb984b0566ae99acceccf2e023d5472ded59295012055a81ea6348ebde44d0be74957dcf0551507e04bb01b9b75f10b3af3a49d |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\libGLESv2.dll
| MD5 | f11f831b5649bc19e829fb48e2257f46 |
| SHA1 | 8f3db1c7b30dc796a32539c53b22cc5fd6f4071c |
| SHA256 | 080db173f85aabe01465274babbab9af199097bdc468756b7fd41b4107458c1b |
| SHA512 | 6dbf556bd7fd1efb78aec4f995299bc26cac776660cf56fddb079c4e847dee0402849fd7238b3078df684770fb954eceac85bfe48215cd14e192fffe7d41da57 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\LICENSES.chromium.html
| MD5 | e58f249b5f9d99b34754e0cbff4c8101 |
| SHA1 | 2d9144fa4bd23e578e9344fed6733393b53c079a |
| SHA256 | 9d6f587d563bb562fc38bf635c46226fe57a7f6ae5f2eb5cdba4cc9721e1444c |
| SHA512 | e3813e085220e7a4bfce7740e78fc45775d2a113b9a30b88215e5f8241cf84f0dcddaf08ac9a3a78ee1c1766506dda29be082b1c9d3246f8ea37c746dbed7e98 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\Nova Patcher.exe
| MD5 | 605b96dee2b262e0e0744ec9298b86d8 |
| SHA1 | e71afd1e16b567de442d101aa4d01165c967f117 |
| SHA256 | 62c16bd4592785288405da50b4b39e99d6ab67663761643b5b87d10bd35d1333 |
| SHA512 | 1efb3065555a2d1354bae6a5997a0c69f5d6a0bd5a70193601d9897211f3fac8c772e14864aeb517de10666755fc977677c050acbc366c744f7f695a2cb7fe70 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\vk_swiftshader.dll
| MD5 | d1525f5266c48e0de9b7621e40093cbd |
| SHA1 | ac66506de853a4ca85a54971e0d69b66387b612b |
| SHA256 | 76706e745b4354acb5f74f9fca29063f335ab62dbf077aa8d34712749679a92c |
| SHA512 | b80bc4580ee5b6e489f2a63d7dc212d782c66da11c708d0ca0b6ecf6641151755b91be6c6bd809438f567eefec0418adb175dbdfc5d3fa4168bc23f4f5fb7921 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\vulkan-1.dll
| MD5 | 23dff82f793371800cda0c50a16eb050 |
| SHA1 | ba18aea9609413d31ed581db13376d6f8d26353c |
| SHA256 | 6d7f0b1e9d5432a29b740c5a8766c3a221d3a650c802efa5f64eee88466433cb |
| SHA512 | b0e85e780c718b0a4cea4f8a0af3f87d908f1c7fae8f0f2a2aa9e00f7b830e3e703fbc149c0751077ca31bd5f2333d042383cc740b0a3cf4ffa3adbc8d350f23 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\v8_context_snapshot.bin
| MD5 | e5fe26bca487cc3ce4d912732f4f8d38 |
| SHA1 | 09a97a457ecd2d026205c1ad0e58c040fbb18444 |
| SHA256 | 75c331cd9485b3b0ed75d2723022eae2b9dd086b2162d7d68b2678961cee4465 |
| SHA512 | 9bb74cafd7e86f1aee3f017497031318f8f444210df96245467aab3f20a81f9309c7acf764589a31d2cf5d377442d517e536415c11dbf786c7cda9902ed2daab |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\snapshot_blob.bin
| MD5 | 02c7730f9e4e6207effbb4e7a47509b0 |
| SHA1 | 7fd4d607641094c2ff17f1608dcf8bb0d2913b52 |
| SHA256 | 20dab3f166361703ba41dac5aa7ba5e29d536f1f3dffbcbfcc365864811f84cd |
| SHA512 | d5211a1b533723213e8132c97ecb8a54384348df8ac18467990a952840a4d000875585ae856aa5ef44eb002fe818125c462e67edbba54a492b86d08437926b0c |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources.pak
| MD5 | 84f95d9731bcb5c81f9fba0b4fba9179 |
| SHA1 | 662ef2e97ab19a52a64ee327fd371b34ae81ee02 |
| SHA256 | e4e0876c30d5c863e8294c4b229843c4d08d30e4e437b528b9c4eaa7b44130a5 |
| SHA512 | de40e6f0444872be5735c0c57c1bab535d833da419fba9b9ef54906b4ec5e8fa6e520c87000fe483615d693326692aeeede63bd3a1cfa5a73a49e2495867da62 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\hi.pak
| MD5 | 6c77eeb5799a2eecae130641deeae5da |
| SHA1 | 2cf451e941a0bfd2d22a0c18fbe8f9c91ef182f1 |
| SHA256 | 79a849102ae0f9b6622c2efab09db2ad5b6eeb58fff59e91a3a3c4a139f2adb0 |
| SHA512 | 3c30fbfdb34fe5573ac4fa1b8b1aeeff8f39560a4a81178c6137eaad930639f01e5550cea8d86f4cb2df18b88116aeb5571773fc282048a5b02ce30eafda62d9 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\gu.pak
| MD5 | b9778e3251ff7ae6bbb526560e8a396b |
| SHA1 | 756c2967f69b20ff850e2ec8338fc49c2ef09059 |
| SHA256 | 85bd5fbeb6c1e546230244a09f632fb0d0a2e61a83fa5e004588a29b389e61b1 |
| SHA512 | 73bb594a3a32b9bb29787fc37457f520c0d87193b4a3e6b94af261e0e2f45b56718c53ea04d1c621ef06bf7c5d4b042d3ac0ee09ea0ab72c19a839f53855a1cb |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\hu.pak
| MD5 | 4a419de53cf8c0ffa868a976da74d22b |
| SHA1 | 91d5feee84ca9bf27dec6dda75891a51bbde6042 |
| SHA256 | f04c68e26bc5d9edc4ab678bfffc0d5c4046cdd207f73030a034dc691f3f9347 |
| SHA512 | 9c2228f9d9764609b63aad866d77b55379c7e85d9af9650be89986202333f57235d118efbb861797d242b67e8546c2e0757d843afce9d43c7a3591418a2e60c3 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\sr.pak
| MD5 | 0e1f2258cdc234371e344bf7fedefa62 |
| SHA1 | 76f8353b1f750bb23368817b4976c55ffd79e353 |
| SHA256 | 4fbeae901b1899028c954a2b22d016be8640becd056d813e2b534900a8df3157 |
| SHA512 | 8e9056d894c1492b988c27c0b71e67e96208e0c07b981a392721c5965735155aa346a87318f3a0f9f25737c52b668fd1ecc8c925c8e26a4decb1e6befe8be31f |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\sk.pak
| MD5 | cd8892a8a57695dd6b018d4498db5385 |
| SHA1 | 77383874495bdaf23a3b989b1e6f92581f1ecd00 |
| SHA256 | 3fa480f1f8c06c02ba34bbb1420a7ca08a274a88144b83184959aee5cb849ae8 |
| SHA512 | 832464dc416c0c72352f016115ff16000aa913c4b2e930d710447b1be0dbea04dd51d87dbebcd0cec760e7f42c14328e66221d752c6bd0ca881972fd50106095 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ru.pak
| MD5 | 1d90118352216b21e7ba9f8341dfb822 |
| SHA1 | 75ce40c5a1550b6b3170203766696d890956caee |
| SHA256 | c54eaefe9decd0a693533addc5536476dc3f83f902e50a9cd56763fb8095c023 |
| SHA512 | fca343bd8d52ebbf22ccead0691f9cf8bbf0dad8e7a19d9fed7cc95ab08fd2d9ae23789194110d08edec6d7d11364ef9bdd27a43e32ab7aee9b4c58847ebfb2a |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\pt-PT.pak
| MD5 | 99397dead7e30fdfd4a6fc6d5a988216 |
| SHA1 | 767a5aa7a14e07b45881c3aa0f0bc3359ecf15f6 |
| SHA256 | e0c57600ffc29d649199f2a5e8784b8afd87720ed7edbd578f4520353d589211 |
| SHA512 | a50d65893310cd2f742e79b43db444b700ce469941dcaa79c9853b419f3110ca9d2fd7e950bb854299d3eae10f5a1e714fb90dc648c9fc34baa952d988612ca8 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\pl.pak
| MD5 | d3bdff821f2ef6c5470b954bbb70ac9e |
| SHA1 | b0ab1e7c6aa67a4ba229918b94f37ae2d83bfefd |
| SHA256 | 5b02339c00fc531f03cd8691878f914a445ec643dc4550cb4df83ecf80251273 |
| SHA512 | 91d6abd3521943da8f390426a6019271c43815d514a1172163a2f5d393f1d9f7e0185117a9fb1253b30fb1c1088e6bc7d694e019227334415ee4d4f3be9cb244 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\nl.pak
| MD5 | f51a91e7ccced24dce700c292106ac37 |
| SHA1 | abf89fce658416339fc3929383800a33d56dabe5 |
| SHA256 | 32cafa9d7be9996e19daea0ca573d0389d3f47ddfb5919211f1812230b72a2e4 |
| SHA512 | 9dd94604c925a03759db4d5ea27c0f538712556a56637d360b3944e881d9a5dc9bb6bbe63f551b73aef6030377b8615add849a73468bfe24fc59982e449aa753 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\mr.pak
| MD5 | 2ac60375de0516a8c665c8720f91f4c2 |
| SHA1 | 1f7a13ee9e743d7351e71b6881329d1f61409584 |
| SHA256 | 9652f5243104459c24e0a64ed1abf4b278272e36446157ca257b6c8c8025d385 |
| SHA512 | ea48c10ceff25e7eaf298678f8f748fb828956624ff79392b02c328e80b06d5b154239f433a96dd36aafa5780f44db03f7a275566ce9321086acbdb3af07184e |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ml.pak
| MD5 | 1d9f5ff683c43616abe9fd69db84ab1a |
| SHA1 | 8145184aff060db0547b39bd24cb45e44fc42d91 |
| SHA256 | 123ab22369535dc5d71ec3792cf46558329a16ac921d649a3d5360e115eb4a41 |
| SHA512 | 0b7af7c10e495682eb322b3a6c1e73986ef62734682cf571f9d5c2f524583f66c81a760c8885e81323c7612a1af87e7cb3a1396fa80846c3fd26913cce9c708a |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\kn.pak
| MD5 | 2d6d00de58110759109636200397bee6 |
| SHA1 | 1d0543bf5c9fe616c75183a6eeea5f40aa380e87 |
| SHA256 | 6805b3dc4dd6bd62733848c113e2ec6d55f964c111471a80ae67c049ae4ae692 |
| SHA512 | 494c3843d88aaf5867326286f22c6df3bc8b99e379d41215e550ba35356eb19410ad7f7498f89bdbb8457a3718b32699b4f443248b79f59b421d0c08de8ba878 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ja.pak
| MD5 | dc2fb01a198030c66974eb6193b9e204 |
| SHA1 | fc7c731c9ccd603c281b0b755bd1246afadcf28a |
| SHA256 | f8c36884ee468fef7cc956f1ef06b2866b0e21dd1473253f06e00e033d6c3e3b |
| SHA512 | 6f6f79cff149ad228deeb8cea2aaf1158f1da9fed49f3cc78d7caa63d9a2d5facba817e9a29bfe0d4570d77c4d98b0d180085734518b63ad8026f432762d1ea6 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\vi.pak
| MD5 | 1eaf224f93903ad6845829495c8da612 |
| SHA1 | c73069139ea7aa45e872d87c13f8ef8901a67632 |
| SHA256 | 5517c690268616137c7b30fde32dba540ef90b74acf1902ac2bfc258e2066572 |
| SHA512 | 239133d150055a80a341c20a5df97369ae5d0281b4da26b102b585e97417e536fceea6e98dc3c6d2d899b3250c61c2054eb6d3dbfdc4d53acdfae4d541ad6ab9 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\th.pak
| MD5 | ca20f20feca506263f0866c8c0a20ee1 |
| SHA1 | 81e5147d839dd5932024594bf130e9119f7f5cbd |
| SHA256 | 55b8242ebe7e0212bfdaf59b470b8c56d3a66330881240839af8d4e1106fa7f5 |
| SHA512 | 601f42801dec2fa95d38652cd9e4c762eeb535e2bd140a0596e32c1db14749500733bd6f82a3339c65505cebf1f1820ccd095c19d42fb189717f08457a6c2fbb |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\te.pak
| MD5 | 2e11df878a3c61179026e72d30edb157 |
| SHA1 | f656d2b75fe627dfaf240afbf2bb5a24a93bb7a4 |
| SHA256 | 63cd144701424d3e792c748d1c8121451817efc8b4c88b603b5dc133e11467b0 |
| SHA512 | 198f2da5fdd1e345f91bc56bc433f9eeb383d5786d0035a50d2ea9b2d7ebdb19d2618a6311654977c29d5b69f91ef92765375a4b49e05e7b4c8372511508e58b |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\ta.pak
| MD5 | 4121b3c350d798c40908efba5ba217bd |
| SHA1 | d218558cd221c12f8b93000e69c63112e591a353 |
| SHA256 | ebbd4ed1efe699525bb52491bd985843853b6757006c67ea866ba2d683f223ae |
| SHA512 | 307f4035b5f387cfffc4216b19a860e9107cc887714a31165881ea238454d1f7357db38c9cdcf0ef2f6d22b13f2e74571bec873db8680253cad94cca03f2d768 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources\app.asar
| MD5 | 1dc9415b3132a0a323f4c9df59f3da86 |
| SHA1 | e21b462b13e962d20d1946c8d8db929ceeff9e0f |
| SHA256 | ebbd24f553583673675688dcc34b0eb46457a8cd8cd3272eb5cb8d3e170341f8 |
| SHA512 | 87357543e4e84a18849550e0fa631f8a702fe5dfad8a05b1b58ef5d82f9ae5f29b1ce8ed8992448798141e4fd5039959a70565c602ded654cbc6212a69e1c6a7 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\ffmpeg.dll
| MD5 | 6d1c1828b0962db1cc1fba5403e0b682 |
| SHA1 | d196159b94f42656b91cfdc57cd827716ee4b93c |
| SHA256 | 3e63dd42d2539459dc80fd52fa3568c6fdf0008d2ff2f047b788b16f7fdd9319 |
| SHA512 | cbc8f2cfbc6ac4116c05a7c11dd0eed6a22d1c29492d5b739d65f7d81c78b72542e2326e69c2043ca7ad4951ab4e60468116adbf850a817f2840004484d763a9 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\ffmpeg.dll
| MD5 | bef5329808f9dc0c9753f83749107fae |
| SHA1 | c637275886dbfdcd52e7923e120b176d001d2336 |
| SHA256 | 03225d5264c6ac9cdc215aad8abc91d7868ee37a56546137e4e61274d75bdfb7 |
| SHA512 | bcd62c85b754da7951bedf73df5ba42063a9b86b6734288b1844dccdac88363323279a9b6478d21934143d9e5450f664fcd05878c47ccc9d31c32dcb67735ee0 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | e50e0d2f0e03c98b5c609b2f4d96d9e9 |
| SHA1 | 041b83c304c467eea6492dbff108804867f885f3 |
| SHA256 | 9d5f2d0a93281a013601f6fd704ba098c50571a02662407f93152fe28b749feb |
| SHA512 | a45334acce15fc2c7cfaa34b9f09728ccd75a79144b4ab42dfcc0f8b96a10856ac006e694830f2fed1b14a4a53cd7f78a4c476fc6cc8c93d7d8bba96112f88ce |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | 6a871db7dc276d37d89242e39d3d7389 |
| SHA1 | 2783180e96793bf4df2eaa4d557eff8a43d56804 |
| SHA256 | b7df649b55ec097f52c21493bbff03b2928f4de1c3d27e5574354d0dc35d52d6 |
| SHA512 | 4ad87626dce04f6fd1a975098367486af65852428f26520ac7dac8a19af2e826289246bc023af284eb36c89e6536ef60039e8fd7277f1b9cab360f51ccfe88f9 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | c2e6438b42353ef3bf5db0b318288010 |
| SHA1 | 283a3ddeaf7246296ba8a8d7cd5af04e1600fe7b |
| SHA256 | 76ff4a255f265434b8bd126cd4ee5eb524e8d12d372f6b3023dc925a937fae1b |
| SHA512 | 602f8c36a471c2504ec60848d12543f23751b58e6caf4509b7cd49b44f43c18b13d4742d4deb9489ab46e4a0ec8e0a80401252b0250a04cf439339ab4d6a48c7 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | f56aded95e5b8fb37a2abe97f75b859e |
| SHA1 | eb472356963b88d0872713465213dfca9b3fc6dd |
| SHA256 | 3daadbc1acb19c512fb1b6851a6bb96c4341f7dc7e0f4ca7dccb62489c9d91d5 |
| SHA512 | dedfa2992d6d154b44a2143c155af60d92f39219cee1feb5e766055800c0ec59e19106dd103aa9ae2b2f079ed83f4a23b298adec570f3ae2290591e22fb77111 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nso1B01.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\v8_context_snapshot.bin
| MD5 | c66fc49d01c86f907de8380c66edee4b |
| SHA1 | 07fbf72f090389c77dacdaf157a9a24412e5a40b |
| SHA256 | 1da2a26ca73dc38307b90b945f428ba7a66e0126ba08994f96b16c0c25912b04 |
| SHA512 | 8f7be2db0be06580ead34fcaca5a717878d1b79d0d1352441fe0121284ec4036ea1025d0b741230179cbb8b7e253d267ee562f2c2b3a8a2c028187d173dbfeb2 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\icudtl.dat
| MD5 | 2bd13edd47d48b81bf16f740e5a66e2b |
| SHA1 | 124cc4d6d800955341a1dd0b5175e1cc2c5f6089 |
| SHA256 | 60f4df4b05c00dcf929e6d3d577bdb8d06f1205b05547ad284321c32c775f0eb |
| SHA512 | 78237dc16ba30c1de9c56bc4457903cf65d16b3cec713ffe3d2cf98d0dcb264505beab4a59d36714179f9fa08ef96d870ac936edc1e11656e03edb1dc17112ed |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\resources\app.asar
| MD5 | 7bca947b728ab21777402889e4f4fc76 |
| SHA1 | f7a3b2b04d08b0165f01e4ecb3bb33802b219c43 |
| SHA256 | e1bf7ccf28813984f828469e08c27779b2e0ff2b82cf4976d1b2902f160e4fd1 |
| SHA512 | 43925e22f26d7893625048ff9c6530095be8b823fa728428eef170ce3284c5fd9a677a4617da8e8efa88298127cc255c7d00d9f1c844bdd9eb2ca6b677a53eb9 |
\Users\Admin\AppData\Local\Temp\20d5126a-9a56-4458-b57b-1feb1e2ce9f0.tmp.node
| MD5 | 60eb133e807ea79153983f0944d2e25c |
| SHA1 | bdf66cc3e4024b1c88ef30be75127463d5e558cb |
| SHA256 | 3c868f1eda7965734d912c035e672383f62e9c3e0b3436e387552b57a88388a1 |
| SHA512 | d673af5ee292b484ff8e2db434cdd25dd07bcf2e961fefbdef2b2cc34bbbf73ba76b915047a15c7d9f814a269f5d83706317f2cc6c67ec93152f9f73837fffef |
\Users\Admin\AppData\Local\Temp\1e49ebc6-24ed-41fc-bede-609d4875c0fb.tmp.node
| MD5 | 33f64b3f287134964d491bee7450529a |
| SHA1 | bb0e72422c7ca1782f242729c0bdab199c7e106c |
| SHA256 | d43ebc91e069a764f8c06b8c133a9750ff376d6cb3c1b111c72b57bc54c6489e |
| SHA512 | 8ae3f5cbe1d3ace47ddf0de3b32f7545ffe5da8aa7f9510f5dd48cee28d216a25a0223a65c860b754f1721e586ca0f3da38133be184c91f802adbcb280009237 |
memory/392-580-0x0000000000060000-0x0000000000061000-memory.dmp
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | cb85f502c154330e0981a77d35c1d1ed |
| SHA1 | 85315f50989341d628fdb70045702187136457bf |
| SHA256 | 70322674298d53076c74b255ecb86aa587b1e905b9353bd7e1bdbd5af4263e08 |
| SHA512 | 8de943d2d3498b2d873e00ccf70a4576d19c1052df4125eb91cc31006ee5cb05ae2846f2ac38b30234287b015f2dfa54f332f9efb143c01118cf8be8fcb7b50b |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\resources.pak
| MD5 | fd4c78e3d2bdf31775afc4c8a278b2b8 |
| SHA1 | 64fa49c9da161db85183b5ccc72ddb4e921776c8 |
| SHA256 | 8df57fb4857d1e52b81ebd85034b50f5c303b7e4eb53d55ef3ef612b05508d4a |
| SHA512 | 41e8a9ffa7384f20d7fe92a78a3a2f652502c3fa12e8750c71cc1a28ec79acbd104bb7a5f1053441ec972a846108200d851d9bc060818057e271b7e9236dd723 |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\ffmpeg.dll
| MD5 | 4b2f6fcead2048a42cbcb4ea5d8fcddf |
| SHA1 | d0da2548108d5c52efb6b2c9b73d5b1fb96c59b2 |
| SHA256 | 5f592fbf4ecdf15633d10287681f5303af394c0c9876810221d44d80ffa97bbb |
| SHA512 | a89887118027bd812788f1c0330917beb9851df9db6e3e66705581780dc3a7306727068d42e14d76cf316fd7af096f905ea5170aae3813af6fa87d63b8799596 |
memory/392-614-0x0000000076EE0000-0x0000000076EE1000-memory.dmp
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\d3dcompiler_47.dll
| MD5 | de6748f9797041a37b71dd4af0d03d67 |
| SHA1 | 1b22385eee22e34a72524f985572c25563281270 |
| SHA256 | 332f46a5395c1881902033dd8ba924c9c00056cc4eafb456346e3e5f87f3694c |
| SHA512 | d5dac3750cd82c8b89a2788a0e139f2f45f051f8ed2a7d4dc813306c63d9ec19b7e4c2761e5dd26352c23896607a2affed0094fc914d1ecc96c1d25a5f3fbc93 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\D3DCompiler_47.dll
| MD5 | a0bdeb4f09e324e4f9727d05f37d6651 |
| SHA1 | 47730420424012ac6ae1fb7e7e5fdaae3679bc55 |
| SHA256 | 3fdf384cf3a1d7f2f53ffe5d12cbe90bc81ceb5da5a43853b027a923dc5af374 |
| SHA512 | 009d1d81a2afbf0743367662dd8f2f4766e71b72a9bebf4fcebe648157a9b5fa3741d9ac6080755dc476aa976d1bc3cc2a7b3109724d82bfe042d3815f222d69 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | 5477b003ccb058f862f3b10728deae09 |
| SHA1 | d4f7020e2ace11801550a2a7aca8ab8ca420bd27 |
| SHA256 | eda8dc6be73c159587bbd548ddb4bc52b83e8bb6e7f3e1eee860344956cfae37 |
| SHA512 | 0abc4ca9ef10791cb2c0ab68284d4c6c2f65594a50c42edcfcb40cac476dca61129be77e7ab16d7f5069427996e0310b63816b8349350d335be27063bfb19ab9 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | a714feaa1ba9eedb579cf41043029cee |
| SHA1 | e23ae56a1d76640b98c06b2b69974ea76133b37d |
| SHA256 | 0a2faf1cff6a9d2b48cbb69a2f8907e29df79e2b9d103768f4b5f79aa9350889 |
| SHA512 | d2fbbfdbe442861fad8889b1ff59ca0f043e10ab5696c5f6722d36b6602254a5efead1e2888a7887ac02cb990cadb3cd25b3e40e544052b85ccba624758c7b51 |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\libEGL.dll
| MD5 | 0644a7e25774e4e919ec306f9614f525 |
| SHA1 | 3d7b57ab09c5fb8c6a26dae9b47cde5cab498275 |
| SHA256 | dce21f6d49ed3be5cf759eb66ac662b72c1a456364835401aa506896714e6980 |
| SHA512 | 9f3b288ded2fc257e39417b5ec6236accbdc084f3e0de55e70bbc22794dcde69ea302c7ab150b16dd31d00c41abbaf6aa6280870ade3e2952716c11590ce3066 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\libegl.dll
| MD5 | 7869c1da6f01c9f1a7fc5a8afa5a4fd6 |
| SHA1 | cfaf9be65fb3ecd926d8e69f5e39750aa7f5f161 |
| SHA256 | e87535bd089723112f032c5ba41fbcf41925630a1620129dfbb78820375aab3b |
| SHA512 | b56c67f22865046de5ed194d3182b6945a49e9f79c91b121d2169cdff90888cbc145ae32058b36abf37209e158f7e427dc73397d22c6958fe76b867c6aab4fb8 |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\libGLESv2.dll
| MD5 | 269897f4f27c0e5e6dc723ecedef99f7 |
| SHA1 | 42ceafffcef13dd3136d9305a9dc43d3f01d785b |
| SHA256 | 9dfa79ba1bbd8da9e02e71b66ecf941711cb3f5b9ef188908206b88978ad261e |
| SHA512 | 0b6a0fdcaa9e8ecc197ac3b86401644fd36b49e51e2a78fbb49f94591efc140779808d7cdc16645ad5f229be6ca51817ecd526c32e4eb468a54946ab4898a5b6 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\libglesv2.dll
| MD5 | 12de12cd4eec69d5089c8b64d8b259eb |
| SHA1 | fe5481b5321067498b1e72e43f631fb07be4060a |
| SHA256 | 905ae8498485b35aca7c7872f7c6b592b0bc6ac8125da92ddc0ed5fa543050da |
| SHA512 | f0547c84a992e0626b76d4989a35092d18ac3593f0a373152ea05552dedf3cfe3591518464824b2a0ef0df8705b11d22d53d3633117baec10d42205ecece246b |
memory/1924-664-0x000000001B760000-0x000000001BA42000-memory.dmp
memory/1924-666-0x000007FEF2F40000-0x000007FEF38DD000-memory.dmp
memory/1924-665-0x0000000001C80000-0x0000000001C88000-memory.dmp
memory/1924-668-0x0000000002AF0000-0x0000000002B70000-memory.dmp
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\ffmpeg.dll
| MD5 | b837992bc824c277de609cdb3fad8657 |
| SHA1 | bcfb1bd460d9d61de0ff28c70440a42c873305c5 |
| SHA256 | f70df1fedee0b6f7f5638a5c1240696bcb7b5696bac20fdb327f89c415975951 |
| SHA512 | 5539fc22dbe9f6ea1b7cab8d92bf04d0b1e0ee58186ecf808fb51882256b78b583f93d730a06088de387bb868995a43372325e4fea2db83537210a94a28b8472 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | 41ec94768c8f35e56e7432671cd59927 |
| SHA1 | 83d522eb7484d484d40ebd4c90994570f1864b53 |
| SHA256 | 565f9802739fd50bb72b5f308a8e1105f5b0cf3adf331dbd11b24a4973aa9f56 |
| SHA512 | 32222f3c5aa92662431d4f80b0f6dadc98f3554266aa4aa8ba63781df569aa4b5a0adad0798603b7c7fbe5211e441a20e06dc6bd866792002193374e3906a5cc |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | 9b788576ea31c6470d65b6ebefdb0260 |
| SHA1 | 9d4c9ec674b8db9a7f0c4d777a065a99eef6212e |
| SHA256 | 610ea81f17bb505b14628275f2a819867c7f93b2b9b14574579e1c2ed6045e34 |
| SHA512 | 5b4813627d35dcf5b4f51af98d0ebb8cefe89d0d3641b1417ed0573e2049870e3a08484cdd32ddc7b3f62519cb323c20777e86471ae9ca8f9c806119eacb287f |
memory/1924-675-0x000007FEF2F40000-0x000007FEF38DD000-memory.dmp
memory/1924-677-0x0000000002AF0000-0x0000000002B70000-memory.dmp
memory/1924-679-0x0000000002AF0000-0x0000000002B70000-memory.dmp
memory/1924-681-0x0000000002AF0000-0x0000000002B70000-memory.dmp
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | 9646a105d3974d424b33d9da47dca2be |
| SHA1 | ec5d3ef90dfd853aca55e9a1d0c45c97a56e0ac1 |
| SHA256 | d5edc2995685c03d8b69c8cfbfaad384e26010ae7861f963056fc66bef7dfaa0 |
| SHA512 | e6f5be8b1bc7a4b7c1d4a09897830dfc46ea2d6f8bb540f5a9d5639b2b3b6621beffda64630e3be92e0038f366c576ac93be44d1f7ccfeeadc5ed5cb23dfbdb4 |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\libEGL.dll
| MD5 | 0d60a2bd691d1c80d314e4a060bb38b4 |
| SHA1 | 9fa4533779eb796a503c61bacaeb4a5e74643b8f |
| SHA256 | 73295a373f81fc0c99cca4abc5f87ab8ba452905c0226c9f2ae5d5a7465ae750 |
| SHA512 | 7281bac695d1c6e3475ab2e3c8b3fede665bb913a97dc6341915b7d0c3c390b6cf6e7156a7c822f5e6fb9849ec66fd8bdb8d0d8ee973c98fbe66d9e08e5c1c9b |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\libGLESv2.dll
| MD5 | 2388072ba0507c76eae91886b44a4e38 |
| SHA1 | c7df3030a81c233ab3cb2d93bd0ed108b0149765 |
| SHA256 | 58acb6cae4e82cc3ad62bf90a88abc683c52171e6083936ecc4d63674825e94d |
| SHA512 | 174dd0179c0a55a693955bba246fd808dfd5a1353c854487f68e5b9521df6732ce03042a3771634f696c5aa05b875031c5e900c2ddd63b557bbfc916c608faa7 |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\d3dcompiler_47.dll
| MD5 | 92ad5151ef59187cd55c41310382a5d2 |
| SHA1 | 0456996735df57ba284e335cb4e0475b2e509c67 |
| SHA256 | 496798ab7596c61ec6b648a58ebad8f9173469eea6206f2386a778c4f4c7a351 |
| SHA512 | 65e57c433d6291329c24543ba1ec212db6d9cbe7c2ba432cc77abc15e65d8505d92bcf1c7a7e97a2edefdb123fa6d851276135f5d1988751190f5b8fedfe61d7 |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\vk_swiftshader.dll
| MD5 | 9a2c139792cd927c7295e63e478b5304 |
| SHA1 | 8e1c10a8880a386b3c373bca30f079d85fd59984 |
| SHA256 | ef5c9a630a6ef5567e5e802c2344223cffb577f4647ce94b3f95f9b2b0f61604 |
| SHA512 | 45c5cfa2a75d253e54752f37227dc146eaabee5dc83a7012172ebe672fa12fc1b3786975cd592a6bac2eee03f31255639cb4f00908c7e6dad0cdcc64d4318952 |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\vk_swiftshader.dll
| MD5 | 5270282343e8e80f6c40bd15229332fb |
| SHA1 | ecaf83cbb6d3c51a20f9fe03bc526f0d39da49aa |
| SHA256 | 2e6d9ef5956e3abe3acc3914b0ea9c8329cde9fe320017b07a93d4dfbf9aa37d |
| SHA512 | ceabd1ce8303c569c3613a5d493bb54f4c969e46cfca3763715f9d69d7e8dc68e250350c417e24e3f281987faff2804428882d38936c0a7f844c02cea311be09 |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\vk_swiftshader.dll
| MD5 | f2d6e1a37b994a56adc6dcfecaad0dda |
| SHA1 | 02e472f01e14809664f2a42212402bf2fc9b3984 |
| SHA256 | e062bd2b6f8bec776a621e57a5b0c7bfe27376d571b635c2298923e99a40869f |
| SHA512 | b5fb70a6fdf89f68b91ee537ad9ef79aa65937da01e1d3aba51c679881225d657793d3727454d93b9058cea23770a66dd094fcc7e96b01b0bdb4e39512ab9dd8 |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\vk_swiftshader.dll
| MD5 | 1575eb0348e492de9af8feefb7583615 |
| SHA1 | eedd02f448897baae82ff0bfeaafe242f7c9e4b4 |
| SHA256 | c1efcbbb4a0cce8c549014c5bc5edbe4935fd6dc82234297092fad5fa9e3f3fe |
| SHA512 | 79a18d1b73cc1e5024340f6e132ed0762f7582cda838348affffdc0fdd50aded206234962b8c9377a8e8427100eefbc8e2fe26be99f1bbac7ae6e4056aaec015 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\vk_swiftshader.dll
| MD5 | 57f7320c07a6de098677ba96562eceeb |
| SHA1 | 87b64005f275a55ba56f6ac7072b688e11753c53 |
| SHA256 | 0f14b394229082e559fe491659976ef37cd664156d6b4847d29bd330777f26ab |
| SHA512 | 470e6c34ba4c48054bd294760e714b3d2afb12f79b0f1ceb95105ea6d0e827219aacc35ffbf983e1efa7ddde90673f581bbf1f7de8e5d2f93677c59d3ce8151e |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\vulkan-1.dll
| MD5 | 1069482221dd722fee1baa6201ec54f3 |
| SHA1 | ee27c32929dd0f53bc750c81843901852f8d9449 |
| SHA256 | 6fa410154859ab08e75501243c3c7de74cf6a1f94fd85f9c862f6a68b5877b9c |
| SHA512 | a7425a0e1049d4250391fa5b2c2e6a950114f2b8d29f9aa922b59ae8646943a2884733ab74f91b30be3bdba44ff2420eccaecf202d9a2f3297eb1b71fe36526f |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\vulkan-1.dll
| MD5 | 8333a9091b067b55b0a876d064936206 |
| SHA1 | bd99c1289315995e63dab8782957ed6a53628a54 |
| SHA256 | 0888d66a4df4f5aafe8a2ecc9446300d86c881d20e89d58d8399505f87eae0a2 |
| SHA512 | 5ee882ae6bc9b89d4a6ac512d97d9f88c2235825cbbf8cf750f40acc424847f52a88553a43c1dae6f49fbee991116d7dd7d7af36f90d02df53b1e23df70ca4b0 |
\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\ffmpeg.dll
| MD5 | 66e03157b34362214fee2918a28b0247 |
| SHA1 | f72e7b9d9d6bbb3530b068a59dd59d720f733755 |
| SHA256 | db6f69f16b31f2265b69dc748c029aeab4aff3b69ed76f950a7749515fd5f68c |
| SHA512 | a10621cca2c342b1ac769c27e903847871fa67c3a0d5be90d52d3b43093561801c0162b8f9b74e6776607d76bcffb5158e9d496177a290720e16e2b3cc32d878 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | 168ae3f147ed94e1909a0d63c9b772af |
| SHA1 | c611ba360f4f5f3f30311b2ab8492dfbc1da8e25 |
| SHA256 | e7eafe42d2f2bf82c70f593b36e551bb5114a0006f67a4f3afc7a3ee9a2974c9 |
| SHA512 | e1957283ffc0ebdcf2193dfdb7d98195fd2b018d33510580c325f8da6bd1e8273eb9c9d905c2148e68c824a11e0901556e6167fb26139aa9742544fa9e720db7 |
\??\pipe\crashpad_280_XPZAATAHGXUFRLTY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 5547afb4f566e275afc32a50bacefe60 |
| SHA1 | 48cc84f3c762b2cbf01bd5a6f3f4faadcd976620 |
| SHA256 | e8a66b3dbf8a0c66ca4bda0f2d3e38f3140b31f482181429de29088c565a7394 |
| SHA512 | 1e02f93fe56ffa92d3a01bc56478ff539a060bb8d1cc239d4cae021f140d746d22eed12cee1952439018a46edad21c1384a1ea14c7fd4bd249d5c0951f8f61b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 3e455215095192e1b75d379fb187298a |
| SHA1 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
| SHA256 | ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99 |
| SHA512 | 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | dc58f9de4d58705ea4e7d144c6721edc |
| SHA1 | b5f93f62816a7f05600585cb355eb0171a8e73c1 |
| SHA256 | af501d0f064ab597efe6dc56272f54fca1b1442776223dcfb793a61f8204fdc2 |
| SHA512 | 43c6e3c3fdc39ed4456cb478b997073702d414280e2b1b2dbeabd6fb6d4da247aa884d81e50d343eb439d7326eb3468f327d3b0d33304a08a16a9d7e0e985fa0 |
C:\Users\Admin\AppData\Local\Temp\Tar4DF4.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e9b5cdf1d8261ebb8cb3216eb6e664b |
| SHA1 | e9bc6d98dc5aaae79f237394b7f5885a80661130 |
| SHA256 | 5e25f225a4790993c03a6a34d576ee3a749b058f6ffb7846c20f97b1f4a9fdff |
| SHA512 | eea709624aaa1385a7035a738ab675076cdd790b7a6356b8e5985ba402b8d2a949ee69137686f862420f0a749acda27904519e0b76360f35a59b6a8b52f309d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 2ab32e5a3dbe82d4473dcd100adbccc0 |
| SHA1 | 12372f8c0bad4c58d104db22698d88a3a95de89b |
| SHA256 | 04eb9a13dce1ccc5c7ac65a06af04903ec7a5733eae2aa84f8783d1ea5ec2a40 |
| SHA512 | 2bf891c0975c41a9d1f4d996715334d73e55a7c803c9ba3d3abed683769dd260e3b099be9ed7108f3eb77fde0271e76a0ae73d741a66c98922a6708e97c6ebb1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
memory/1924-854-0x000007FEF2F40000-0x000007FEF38DD000-memory.dmp
memory/1924-855-0x0000000002AF0000-0x0000000002B70000-memory.dmp
memory/1924-856-0x0000000002AF0000-0x0000000002B70000-memory.dmp
memory/1924-866-0x0000000002AF0000-0x0000000002B70000-memory.dmp
memory/1924-865-0x0000000002AF0000-0x0000000002B70000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9ce610f5442ee138a7ab1f964ac0824f |
| SHA1 | 8719b6792333488659bb0a4b0c5bc03b0e306123 |
| SHA256 | 9f42ce32409794e28f2858a7c08646ceb5dde30a2d0d6a0c860253f77939dcbf |
| SHA512 | 1745260405cf9941ba90dcf085697110cad97467a52508329c678310dd28d597d78af96568037ade687a49f0e18a7ca8e6007e6645273cb1122449a0e7d64d9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a553c818274c944975a8b2449baf159a |
| SHA1 | da8bc65b23696b6c7a3b480e41af3ee7ea0b17aa |
| SHA256 | 6e6e2cdafd30e384e60548f204036c34110a7b1eabcccf17475dc88943391fd1 |
| SHA512 | 6c90b9865c76a8c8ab6efe24f6e4c54684e03ad9719a8f003991322dc5f8fa21c7e1d77126097b728a0e5d31a6d0fe6eb301cb5d6b17dc5f7bb37b40ca880ad1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09a41eb27dc76110e91b0fa3a903aa7c |
| SHA1 | 033cef8e96fc979f95f58bfdaf412f5ae8b26264 |
| SHA256 | b6bead6d385781416bb5795fb86df852ad3e2024c7bb1496a07db403c8afd5a4 |
| SHA512 | b63e3763a21ab9c08333eabaf879aa2cbd1232db77ee9737f65810922ace9fd23e25bd1a9b1784b56089689528e492fa8628fa5f097398f3b1ec0aa1101aef47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b69ae39b738cc3c2e3ae9679201dea0d |
| SHA1 | c95359baa08c47920e8c8747d040dd8a36f3b438 |
| SHA256 | 83607f3af4375a164fd06da3eb9d010de4bb0aa3071eb68436d48071c81892ae |
| SHA512 | d374a9dbe8c0c599f78d0ca295dd6539b90f168104713d4b0ef65faf0649391f4094b15e7e484ccdf3e90487467358915b001bd8697b6427a97685e3ec4e88e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4e6cc104ab64451708fb8daf64dd76c9 |
| SHA1 | a336b4067665aa965fc6001dfd53c1b499e93026 |
| SHA256 | 9738a859aa2135b9fd74187a13d0e3ee86a223ee17efb775cac868105f628807 |
| SHA512 | 278719dfe232abee69ed7f896f9bc7eea8bd7bd20cf859fbeecc431b5fa328990fae2cc194a15cd2b7181ccf9473ffeb5c71fd1d84d53dd727ce7664cd47c711 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61abe9233b7c9a3ef1a97dc760a1b617 |
| SHA1 | 77aae3429d57e61c7283968128a04a1b7c0ece0e |
| SHA256 | 3dd2d50b85ebaca319b7d674a8b987af4c272207632f1bdff9e377f34d5ebab5 |
| SHA512 | eb29115e020210403180f23b1d790e31fdde7314e4de0a5b4ae2a0c8e153dd49866d30a111759470547d046fe33c0c18a987199b7721536ef8fc698b5e59478f |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-15 20:54
Reported
2023-12-15 20:57
Platform
win10v2004-20231215-en
Max time kernel
113s
Max time network
154s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Nova_Patcher.exe
"C:\Users\Admin\AppData\Local\Temp\Nova_Patcher.exe"
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
"C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
"C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1696,8324631595639116858,10840071732252134375,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
"C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1940 --field-trial-handle=1696,8324631595639116858,10840071732252134375,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\net.exe
net session
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\5dMa3QUnUEF3Qn75gqpM\System\cam.3572_Admin.jpg"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& {netsh wlan show profile}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\rvZoNvM1x3lx_temp.ps1""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\rvZoNvM1x3lx_temp.ps1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\5dMa3QUnUEF3Qn75gqpM\System\cam.3572_Admin"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" wlan show profile
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salutKoRc8.ps1" -RunAsAdministrator
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salutKoRc8.ps1" -RunAsAdministrator"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| US | 8.8.8.8:53 | 245.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hawkish.eu | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | store8.gofile.io | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 206.168.191.31:443 | store8.gofile.io | tcp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.121.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.191.168.206.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\ffmpeg.dll
| MD5 | c3842fb3087cdcdb04020ac38683c289 |
| SHA1 | 329dbcd4a1c79b891b200f11eb50194b85c493bc |
| SHA256 | e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133 |
| SHA512 | 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\icudtl.dat
| MD5 | 599c39d9adb88686c4585b15fb745c0e |
| SHA1 | 2215eb6299aa18e87db21f686b08695a5199f4e2 |
| SHA256 | c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859 |
| SHA512 | 16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\LICENSES.chromium.html
| MD5 | df37c89638c65db9a4518b88e79350be |
| SHA1 | 6b9ba9fba54fb3aa1b938de218f549078924ac50 |
| SHA256 | dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463 |
| SHA512 | 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\libGLESv2.dll
| MD5 | b6a433dc7b4030fb17bd1683a9606b6e |
| SHA1 | 0602c50532e3f13facc67bd95a048c470e88afcc |
| SHA256 | f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9 |
| SHA512 | b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\Nova Patcher.exe
| MD5 | 4e119c2107909663ef036158409f8992 |
| SHA1 | 87353d1970606114dfc92dcbab8b19748669a09f |
| SHA256 | 6ca9e63ef5d7022bb47eeb9bece0f89a0f1e1aee16e8bc68c7096ebcc8615e12 |
| SHA512 | d58f121eef3b119bb8b666af6b7fc365ed4b6a6e0a504146e46917dd730bfe99947cce8cb73384a411da5ac0576395c28614c2051382c56010bf2a47e94e382d |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\vk_swiftshader.dll
| MD5 | de2d91476e625278c30a5f69a1892e05 |
| SHA1 | 4d707f6a801611fb437f5c1cba31b0909bf41506 |
| SHA256 | 02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba |
| SHA512 | d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\resources.pak
| MD5 | bdfa339e708ea0f23ed3620adc4a2d64 |
| SHA1 | 82a95b7b022836b6e888f53e69386570c05a1af2 |
| SHA256 | b66ae9eda4543685974d35d051d967538bc57d55c2577629007c534ff330e1e4 |
| SHA512 | ba87c70e1b6446e0a7b62da33d72a36ff92ee54fda64343262bc26afa8166174e76d058ec6d707cdebf2611858b3b4b7e21798febec53da02febd81ade4ce8f8 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\resources\app.asar
| MD5 | 03a8d857a5124b4d8440774944578670 |
| SHA1 | c9f4657fa2194fbc125a1e3c96be69c28d593123 |
| SHA256 | 2fe71af2154fbfdd844c0b40cb5e524760cccab6d02f8ab7b2db2da2f23880cb |
| SHA512 | bbd0d27ecb41117466835a6e4dd66a9f3dc504b3655fdab4ce81a8c64f800caca7d16e2126346be4409bc5f02a49ecca027bed08cd67907a9a85c98a026e93b1 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | d327c2ea2546c8cbf721fce5e35b6539 |
| SHA1 | a04a573df186ff3cd0f957745f7d6212e07fbd4a |
| SHA256 | 376959baec1947abe29a3d6e53e73be9422eeadf6d85e18b79635b2c955762c5 |
| SHA512 | 619e91631926b1ab1cb81bc60c959a4fd071e595b526c314d11aba8bacce1d833f1b1a5952862d3a855b78c0e0a2911cd2b0dac41c06d80406611bfa734c45b4 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | c0b36d56d83e601bf246f7709a8c5f9d |
| SHA1 | b025a6070f7d61c7d1827856d2d4043834fd23f2 |
| SHA256 | 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53 |
| SHA512 | e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 19dc9ee70e7765bb63a66b6826e8ecb7 |
| SHA1 | 1a12f983f8b35cc2955d30657971f113c47dc164 |
| SHA256 | 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f |
| SHA512 | 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nscBD3.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | 70d19d8a0107a0fe00eb1f656171a851 |
| SHA1 | a95b4393088099da2ceb1b9010ded2ab056a854c |
| SHA256 | 537038e20986a34ef55f021725143c33576d011953c89c01f5d401514a1429f0 |
| SHA512 | 4d3fe6e2063ebac895c5cab762c67a1990b4be083c2895f690a229cc2299d3717f0358410bd7f980b04a6d4a7351786f1ad48a2be6e80390ff055c10ce6e64a8 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\resources\app.asar
| MD5 | ba43cbb6c3c58fd4fe02e020d3c5463c |
| SHA1 | f8a9dd77ae7c44f05c2839c78dfdd44dedbdb8f5 |
| SHA256 | 4155d5e3349afb41e14968dffbd961c7b597cd1b41695070586311d332059c54 |
| SHA512 | 2de6ec7003aa3758f940b5c7bc34707c5bc3d40f1856e38aa9148b2b9238514abc99903815078db4ef156dcf2c0d73d1a82a38072d3f7fd69739f8f63bdb644d |
C:\Users\Admin\AppData\Local\Temp\2676b8de-8262-4bfd-a88e-9f579eebeaed.tmp.node
| MD5 | 3072b68e3c226aff39e6782d025f25a8 |
| SHA1 | cf559196d74fa490ac8ce192db222c9f5c5a006a |
| SHA256 | 7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01 |
| SHA512 | 61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61 |
C:\Users\Admin\AppData\Local\Temp\84108a36-e41c-4ae3-a22b-4aa5ddf280ab.tmp.node
| MD5 | 965e0e77fdba0074c5f1abab537c7535 |
| SHA1 | a5d70fef63f94ee9d062b27b8cee5f31b5139625 |
| SHA256 | 6cee62eb663e4708bc36a2035fb0ba9a9f32fd94b057f5d8afddaf289aef6f09 |
| SHA512 | b1af3616e7d8b1fa5a3629e52d7dd19607f15ad3719d35552723a3c9b3d294242c98e33b56608f070df545558d8eed1396f3e49f2ca9171fb948e61221589e6e |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\resources.pak
| MD5 | 268af2eab1150e48d42223eff1e0d284 |
| SHA1 | d5d8c3c08e34c93321c5bbde64db5f72e8e624a2 |
| SHA256 | 02853bcd718708e170889eec963ca967933f8d632e31311e08794ba6e58199ef |
| SHA512 | 35671ec986019c672d25280b64eedd9a5401ae3a2a0f04f50bf6115a937dd0f2cb889e6789ff888a014455477e9b9b2b64b835f166e17a0c4747ab02b1f8db14 |
memory/788-578-0x00007FF9B4F90000-0x00007FF9B4F91000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | fd0f171e8daaef428535e346534b56f5 |
| SHA1 | d4438cd6cfb16ea5f39d20ac755fca744224624c |
| SHA256 | ec1fc75b869a35e79017056188cc84ed0615a39a7555cdf5727a25e719292334 |
| SHA512 | f4426a23a84919277141f94d98c362881bb2394174aca5e2739ec3fd9da1e26809f22e6db561ffcbd7d55f4616e2c5bc7dbe80b5f9eb8fe0a1ce531ad0e74046 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\D3DCompiler_47.dll
| MD5 | 056eeb951431e55fcd4e0c06fc999390 |
| SHA1 | d3e4857f00494464c8426229391b6007bb89f452 |
| SHA256 | c26af14b9867f0a8db102271cd6ad9af7ff73d450fa9c77801db055c0ddf5057 |
| SHA512 | d5b8e2ed54c28c3348977ba19edc16309adba63fc3ee1969a8e8a1c8a6549fcef716e1c576236201d9ee2f0faafd6e9fe28371bffc313411661071d684c5c22b |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | 402f65079d0afb2aaf3b19184363085a |
| SHA1 | 5ee67023d8533fc77614a15ba13d0a2bac3e6200 |
| SHA256 | 45208cd6ecdae1a7437a013bb818161548cc90a3c007a7097cf21a7cfc6ee56b |
| SHA512 | 89e22a76733b9c8a083e23e24ccf946a3a7f2fcaf68b0df7e8fec9bd1757b2c3e0581e04983ce4770fc7650cc28477aeb851920f78e33525b15d6d1b61f8784f |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\d3dcompiler_47.dll
| MD5 | a30b46491ecb73f4989ef471ebdce8b1 |
| SHA1 | 2524c34759dc60099ff4311eb52775141d7252e9 |
| SHA256 | cfbf20db1b49596fec129340d45a3ff03e800d2b1ddc94fa8dfebf11ae5271a4 |
| SHA512 | eddb3958f49502be122c75ea1370b664466e4457b0a7b6efcc57d8364d83349b107386c1bd3c968e3c49cc02414b94cfd3f8ffa2d9e35ab0c3b500969cfa6473 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\libglesv2.dll
| MD5 | c35ec03a9fbd4a7133ca6c082b69f7ad |
| SHA1 | fa44b3a3527083166c92615f84ffeaf9cc198d61 |
| SHA256 | ed0ef8d9d2af76baa744e760d1985a8dcb68c45878834350f1ba692c388023f8 |
| SHA512 | 9f43c905fd83253164d34a744bf6a8488f04e6e6b53e1e8ffba36662bc3a0d9333791bee9cfda7fcc812661f558b1734e72500a559fb0992a3e0e2b8b12ec1d9 |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\libGLESv2.dll
| MD5 | 3ca9c57e6b83badd53e31fad0fdc429b |
| SHA1 | 3a65e4c2a981b91049af34a4c21de36fedbfb873 |
| SHA256 | f0cbcd5aae9c3ce29ed5097306498394545cfe86ba02c8e446220cc5830f79a8 |
| SHA512 | 161338997ec1f0b80a1b042848ce43a44ddface5e0a8bac558a9cbfd1bc01cf192e00efee3efbe4528e16a499e8e36ef81b51bfb4440e32bd96032a3209002bf |
C:\Users\Admin\AppData\Local\Temp\2ZX9UpsI11LbZ0sOwes2ChmlCmK\Nova Patcher.exe
| MD5 | 6564d487f04f32dabf457a5554d26b18 |
| SHA1 | ed14609b512c434332aaa23d1686ed3f7492d1b2 |
| SHA256 | faeffb65d99d990f61fc9740e13ff7c039df72aafec0ebd75ecdc4375124d474 |
| SHA512 | 35ba4f58a1b7896414e1585870b861a82afe2983ae5e8ff0eef8aaa3a5e595611c3acb56307298195a82bdb9f5cb7845864ffcf6346ec3f88f132c281b246136 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_41hpemy1.5vy.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4080-613-0x00000281EB1E0000-0x00000281EB202000-memory.dmp
memory/4080-617-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/5116-618-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/5116-619-0x0000019679960000-0x0000019679970000-memory.dmp
memory/5116-620-0x0000019679960000-0x0000019679970000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 0ff7e1af4cc86e108eef582452b35523 |
| SHA1 | c2ccf2811d56c3a3a58dced2b07f95076c6b5b96 |
| SHA256 | 62ed8ef2250f9f744852cb67df0286c80f94e26aed646989b76e5b78f2f1f0d0 |
| SHA512 | 374675fd36cd8bc38acaec44d4cc855b85feece548d99616496d498e61e943fd695fec7c57550a58a32455e8b21b41bafa18cd1dadac69676fff1de1a56da937 |
memory/5116-631-0x0000019679960000-0x0000019679970000-memory.dmp
memory/5116-634-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/4080-669-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\places.sqlite_tmp
| MD5 | 5e2335efc0f006c3315f5fb283556645 |
| SHA1 | 604eb139e81ea5fbb776dc3e04de3322b692d24f |
| SHA256 | a33dc3a642692934971f9a2c08a37f2b9d82e8faf72dbd57096c4c7e9de2ca9b |
| SHA512 | 04d8ff706d921d86efd8ff9f3d00c87b44dfd0259428829ac5d861fe43a626873002b39cbf30d5d915b66e2edd447b1384ed2741a9598e59ab191bfb4783d00b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NZSUA6J9UUPRXNFPCCON.temp
| MD5 | 7b675daebefd5f2efef92456aaa2f97a |
| SHA1 | d06d946bf8e541768de2500432f508422340fc91 |
| SHA256 | 3f0a0e97f560e156e74f6d1e3ba25c94f5b9da4073b972c411c4d48ea45662be |
| SHA512 | 9fdb59f1b0756e451ec02fc75aaf3e207d8da16d74567c38c0ed3781abca211bd4377dbe7efc402f7e827ea69f8590e31f5900d350de1e2bbdd9db7393550c70 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 77f357b0d5b725623b1ce78fbc5fd445 |
| SHA1 | 415196eabee87721486c8b0da063058337add2bc |
| SHA256 | 8a8f73b7e0e563c48b217e6861bbbffe0cb2282efa52033647fc5ee625e88300 |
| SHA512 | 3d6db9f9ecfde8051f6adb31f721194fea5ee6c9a17e9d913368407270f5731a944f7924af0e3b22f7fb52fce64c85cdf4e81f5d77968e37f7603d26a1f19f00 |
memory/8104-765-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/5688-768-0x0000023E9C640000-0x0000023E9C650000-memory.dmp
memory/8104-767-0x000001AD263F0000-0x000001AD26400000-memory.dmp
memory/5688-769-0x0000023E9C640000-0x0000023E9C650000-memory.dmp
memory/7748-770-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/7748-771-0x0000027B9EF50000-0x0000027B9EF60000-memory.dmp
memory/7748-772-0x0000027B9EF50000-0x0000027B9EF60000-memory.dmp
memory/4552-784-0x00000267CAD60000-0x00000267CAD70000-memory.dmp
memory/4552-783-0x00000267CAD60000-0x00000267CAD70000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
memory/5688-804-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/4552-815-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/7748-816-0x0000027B9EF50000-0x0000027B9EF60000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rvZoNvM1x3lx_temp.ps1
| MD5 | c26974baaac742dd02629b4ca751e5c2 |
| SHA1 | d5b1eda1e433e70b0a321c09cf2e08f4739180ab |
| SHA256 | f546bd210b02a306a96d58c4c0764e1dd267cfd001500ab0be5fc2a4aec5d437 |
| SHA512 | ee1b59ea920f064923c86f1985869c78a3468773f066aa1996696710f0e4a69a091b36d8e9c088eba4e46933b30dbbbb03f225970943aa042c574ac1ec3b1d11 |
memory/6724-820-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/6724-821-0x00000295220E0000-0x00000295220F0000-memory.dmp
memory/6724-822-0x00000295220E0000-0x00000295220F0000-memory.dmp
memory/6724-832-0x00000295220E0000-0x00000295220F0000-memory.dmp
memory/4552-834-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 8d460ce715a00afd56cda62e926b8b17 |
| SHA1 | 3aa1ed2a3cd5e6e1a3240f222492c9e49c4eaf22 |
| SHA256 | 195c9d4857b9486e312f80264b31ef7e9ba014ececd7731397ee75ce8d8f38cb |
| SHA512 | 1b9efe45bea12e59e552dcce73d597ad431aa274621d96e5a3d146e28cfb11d9f5af256f0bc986e8d4d043f6352b9410d01ddb048bd57445f544502eaf28d969 |
memory/6724-876-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/7748-880-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/8104-875-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/7152-883-0x000001E0C15E0000-0x000001E0C15F0000-memory.dmp
memory/7152-886-0x000001E0C15E0000-0x000001E0C15F0000-memory.dmp
memory/5688-884-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/7152-885-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
memory/7152-897-0x000001E0C15E0000-0x000001E0C15F0000-memory.dmp
C:\Users\Admin\AppData\Roaming\salutKoRc8.ps1
| MD5 | 28e4eda7451c625bbe806b745753f729 |
| SHA1 | d29e9b2c2ac5b10188cbae92cffba6827728543d |
| SHA256 | da79e10cdff90aa7f5ab3d3f226570107ecd20d48eb14067c7900367111df5ba |
| SHA512 | 932f53b6cd2aa55ab1475d85528069357fa7d9eea26051d1a4edb11872ca30d02c31c44bed3a48f0ccdbebe556e9d8ec2f4a0815bf177d93ab4272b3fe2fb0b5 |
memory/7152-901-0x00007FF994F70000-0x00007FF995A31000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5dMa3QUnUEF3Qn75gqpM\System\NUPNSVML - 2023-12-15_205711.png
| MD5 | 4f0ef3ff3f5249a1913b6dafc02ac5d1 |
| SHA1 | c6a27f40d7eb655d52ae7d380e38ab0f5717da48 |
| SHA256 | 1e7f14edf51d8a7b42bf6a8baa08bae6ff5654e230481a431eef79cfa16dc659 |
| SHA512 | 0eb561beb5289ba706533b00b07db80e2a88877e7b543d664fba17ddae1875247a9c8c0cb5278b1292fee9a59c5c35d40b821bed9525663a5a3889e6f0e977b8 |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo.png
| MD5 | 252b4fda07550496d330d819f15ceb3e |
| SHA1 | 650584312b310219a26d5fc20cb1804bb6c4dde5 |
| SHA256 | 39eafade0656a3c0bd723ad576b1f00a0d625ebeef80ac01f965165ffc28cf1d |
| SHA512 | a18529cc7325d3fce5fb5d32a63b74a8e2ff23a027c12fecdc111f14b1c601079512fce3ff5484a686aaa0dd1ea20083570707511541e4a6d7615053f3ffac49 |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo16.png
| MD5 | 192e90432fed0081abb25295d8f309c4 |
| SHA1 | 5150e93061f39e26688afd60a04c0ab14b510d47 |
| SHA256 | 3216d6864b4f8824b82eb887edf95436dac3bea3f7d43d8988a176e3f1f8e1b2 |
| SHA512 | 9b9b3f85eb9f12ad1b4c8cfc5e672758d879e178179deb28e80e6c3b27871261bf6b52f9066850b5a7a2fd85012b5308eaf3dda882fa40febc9cf6b47f1a4f04 |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo48.png
| MD5 | 2f0a6a34d9b95bba0e3358ddd41ff2ac |
| SHA1 | f39a9e7aeab9fe86fd9034284516de40186e6e93 |
| SHA256 | 6f575f1cac9f29b8f1f8a83a580811bdedeec88f9d4cb78ccecb553cba251ca5 |
| SHA512 | a3c2094377b355a56d7d69f2a53baac58ebf3b40c5c031ba60fbc6f53e72e67e537e7bddee1489bbae4b41ea23311ad6b6f5c841e7b070dcdeca4bb8a6043084 |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\manifest.json
| MD5 | 04c23766134b234e85cc537b2162efb1 |
| SHA1 | 45c48d9ca30a4580a682f025cc66331e49f6f158 |
| SHA256 | f50f62683347bbca52d7f7de0c877014ae77043753905628644e2d485dfb4900 |
| SHA512 | d246f59ad6d6e9fc8d8d88129302d55cb3d2ba7d52496915ee6791fa0576153070af76ea689cc74ccefc36456df749ac5c8f45cb12702961470f202078bfcb3c |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo128.png
| MD5 | c555604e8b6f818991e186342f856b1b |
| SHA1 | 3ae02db8eba2f4fa30cb7567a9f5bf8346faded0 |
| SHA256 | 012da30b247a7964a3bdaaaeec8a6fb5559d7047ab8f1bcc0a2a785aad978972 |
| SHA512 | 01a6c8f91d1eedd0d83b654059844aa7ed16e76abfce54183b5bf484edb6cb33e0ebe317987a3143e94c23ef60954ced0e32378a1a5f80f8412c7029e4303bbe |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\js\jquery-3.5.1.min.js
| MD5 | 9ac39dc31635a363e377eda0f6fbe03f |
| SHA1 | 29fa5ad995e9ec866ece1d3d0b698fc556580eee |
| SHA256 | 9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38 |
| SHA512 | 0799ae01799707b444fca518c3af9b91fda40d0a2c114e84bc52bd1f756b5e0d60f6fd239f04bd4d5bc37b6cdbf02d299185cd62410f2a514a7b3bd4d60b49fc |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\manifest.json
| MD5 | 42ac88deb5c3cfc02fdc1c27319ee067 |
| SHA1 | 97b1addf35159800b90743fcfbb5505e80f6eb82 |
| SHA256 | 28486361faff1827fb9f1871529c48efaaf86027592d189afa6f99b14eb3f4bb |
| SHA512 | 77c4054a3cf061eb6f4f6e9803b74833a8fb0fe352239b5b47cf39ea5eea8104b9da6deab75018557476fbda856f3be8d57e6fe2eb777c45a7a1bdb1e72d02d5 |