Malware Analysis Report

2025-01-19 06:04

Sample ID 231217-ccptvseha2
Target Creative EAX Settings.exe
SHA256 2cf147182fce3b86da3a4e63688b39ac30e47956ce5b01c2ffcc3c4243526b5c
Tags
irata infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2cf147182fce3b86da3a4e63688b39ac30e47956ce5b01c2ffcc3c4243526b5c

Threat Level: Known bad

The file Creative EAX Settings.exe was found to be: Known bad.

Malicious Activity Summary

irata infostealer rat trojan

Irata

Irata payload

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Views/modifies file attributes

Detects videocard installed

Collects information from the system

Enumerates processes with tasklist

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-17 01:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-17 01:56

Reported

2023-12-17 02:00

Platform

win7-20231129-en

Max time kernel

7s

Max time network

210s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Creative EAX Settings.exe"

Signatures

Irata

trojan infostealer rat irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Creative EAX Settings.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2548 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\Creative EAX Settings.exe C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
PID 2548 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\Creative EAX Settings.exe C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
PID 2548 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\Creative EAX Settings.exe C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
PID 2548 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\Creative EAX Settings.exe C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
PID 1548 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 2384 wrote to memory of 608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2384 wrote to memory of 608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2384 wrote to memory of 608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1548 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
PID 1548 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
PID 1548 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
PID 1548 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
PID 1548 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1492 wrote to memory of 1924 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1492 wrote to memory of 1924 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1492 wrote to memory of 1924 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1548 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 2440 wrote to memory of 1512 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2440 wrote to memory of 1512 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2440 wrote to memory of 1512 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1548 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1436 wrote to memory of 2088 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1436 wrote to memory of 2088 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1436 wrote to memory of 2088 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1436 wrote to memory of 2040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\more.com
PID 1436 wrote to memory of 2040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\more.com
PID 1436 wrote to memory of 2040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\more.com
PID 1648 wrote to memory of 1340 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1648 wrote to memory of 1340 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1648 wrote to memory of 1340 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2004 wrote to memory of 1664 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2004 wrote to memory of 1664 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2004 wrote to memory of 1664 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1068 wrote to memory of 1160 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1068 wrote to memory of 1160 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1068 wrote to memory of 1160 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1068 wrote to memory of 2240 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\more.com
PID 1068 wrote to memory of 2240 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\more.com
PID 1068 wrote to memory of 2240 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\more.com
PID 1548 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\Creative EAX Settings.exe"

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe"

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=988 --field-trial-handle=1136,8608928584706155265,8648755494310230350,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=NaN get ExecutablePath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic PATH Win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1032 --field-trial-handle=1136,8608928584706155265,8648755494310230350,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1484 --field-trial-handle=1136,8608928584706155265,8648755494310230350,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp

Files

\Users\Admin\AppData\Local\Temp\nso2203.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nso2203.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\Creative EAX Settings.exe

MD5 2bc44b80994ef2a3e557eaba6d646e7f
SHA1 37ab1d400fdb01a029f1c88431b4c68e3afbee42
SHA256 0a0078171759eb3fd6deb5389398276a14d46e1d7c0b3d7141a810727492d141
SHA512 ab016b5f7893e4ac187cc682cf81ca1149865c0f6354b27b3e3e53ce122371f121a2ca392dcb1661571f298397226940f299b0c205265c7d2986cd218a4e15f7

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\d3dcompiler_47.dll

MD5 fe6e511c3af1301eceeac8f363803d21
SHA1 9c3606548a2e448d8006a7e115b1dec8a9b795fe
SHA256 a2916945692936db47a2bf4349b9d2e65bc10b33de56daad24a8dedc266c2ffc
SHA512 97ef972383ff3a7ecc3f00f203b21222b66f7ab78aacdb124251d1ad24adafce4ba18a6ef647c0b6507d12bee7b2c07a30ccb21502cb6ec7bdd6ff5607c642ab

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\ffmpeg.dll

MD5 2cf75d1129f962bf52a47851dfa3e1c9
SHA1 cee434539b578d122f68f7fa6045994819e97378
SHA256 5f0528ce9aa4bb9a9d4d53f1139fe35caaa2a48c39dd258224f2ead9800353b5
SHA512 403504f99721867b6ee1bd7be5efcec590892ca79007c825a67976e55a4b7cc40819a32a6a981dadcd756c0c2b382a63140e4609e3b6842e619276f718d3bf20

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\libGLESv2.dll

MD5 ecbb2cf9f887fdeaa1f13ed8732347ec
SHA1 e4ccca433ad72f56f607073e9884e4f321ad14fb
SHA256 bbd81e7ea61cf4ed8526cdb8c9a053e2167c41e955eba5ad03223eba1a062004
SHA512 15b6b154e24d83108601e3bfc108ab6836a7123931ebbba2712681e4ef9fb0d8e382671ecb14cab5d99beb694936e9c675f6bc96c928cfc5d457694b022527e5

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\libEGL.dll

MD5 d4795ac9c2abaae3bc323f785afba24a
SHA1 03338500dfa1de30624cdd77f6d139f1fc0a8645
SHA256 24fa345364bab4550a77a93fff6fac3ed7b066b563c826047f9c60e33f5216bb
SHA512 c88b396ac3b461e2224f35f6c5260f47cfe40fbd667a45449c9e7c8fac0f7fb8a74cb332c10d413ca411ce7268cbdd2a789f7595e98c03ef9160656639eba86b

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\icudtl.dat

MD5 6763e7596a3b792f8adeb5dc2fb281fb
SHA1 dfffdbb49ea0f10ab0ffd1e0ef2bb2d7681bb206
SHA256 bba769060bdc199044a7257c53306a8cc3f102d33a3e313b990db917e8fa123c
SHA512 253c3cfd22b9398c9cb87134e0cbf569b394fa85f954154bb3a022998ac8355fa35cb2467c530de8f14d13114d94b870b3168d4e6d291374b6ce7cbebb99b4af

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\LICENSES.chromium.html

MD5 9e4a61d4349170b326be0747d27bfe1d
SHA1 6d6cede64b8f3f4ac19a33495b42f03c2061e2ca
SHA256 e0129b8fb0095e6a57e38ab949b811fc1ff378f50112378ceea6fb3f9b1c19c9
SHA512 e4e84d8d391d9429381a49aaf5cdf512ce6dfb51a06a5ca5949bc345c5093a2d06b9d93bedc0d525d3d1fa88cb909509f11fa7a7d91580420a7d382e3c1aa432

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\snapshot_blob.bin

MD5 84fef16db0896c73525d126e298f7317
SHA1 18e3065cc26a212ae68aa4c043b9f42e3e4bad35
SHA256 08e94f6d0594db1babfcf8ffe51685f72cf4b1880d54b18c8617d095529a659a
SHA512 0e353c72bfedbc6907fe74b02dbdb56924d04777f8e1dfcae4bcd978469475d0140b2e43171a15b01b6e0a61a4cc940867db9ed3da86230a5fd41d575620bfb2

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\resources.pak

MD5 d94b1026e2c8fea1988c63ef6fcd9f6b
SHA1 27648198f91f9f9f271f4da782395f54ed91223f
SHA256 092a2fdfe6fc859c9271a26e27bbc3113b0203fb758d69a20dd7084506d7c030
SHA512 4273b75f168bd9143e2eac1197ee652dc427317b25b175f221a9fd16b23e58f67dd689b2663c97469331d64ba8af3e91b58c636c90fec400f53e0b410943c43d

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\v8_context_snapshot.bin

MD5 0379614558548c6281124d688ff7fa0a
SHA1 afdebca6f18f4c68b3d7f83d001abb6d5f9e60e7
SHA256 b47548116fef5fc38af5ace52233aea2aaf787be8a63340b34b4e9d2a195be8a
SHA512 861d9264008e7908460f69ee7b336fe1f8d227ace72eaf1e6b39264a49a4c0f329e63f22f7a6870d1634961c1c4c11590a29e590252a6a7f3ce973255d7b6c31

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\vulkan-1.dll

MD5 faf235bb7f7ba7493b7ff0caa05acb17
SHA1 132cafb4be4abaf72ea4fbceab2388c57198a29b
SHA256 3a0e29818ebb5c44b9ca80629f175f0ee8f285814331bb3c10c99a6783ada890
SHA512 4fe500bc8e3fe73a95902c3556cb089716a6a67b2ffed91ee20b58b8322dea1aadab9fadcbc78a6dbbe4adc295b218565d121a60b7e002fdee3ca42b7f87119d

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\vk_swiftshader.dll

MD5 d756880bf1a653281271bd3ee2564b81
SHA1 fe29e3b9eeeecfa48d1652fa399b885334c56cdb
SHA256 336166e53d7f9649e3cf5a7d0a4239533fbefd2514e799c9598ac03bcf4e8fc7
SHA512 0bac0cef98618bec780e8013c88f470018f8935a0717773f7a47998bcbd2cd7fb78aa302c4f488fc88547be319e0a975cf42492f2f6a3bd3f1e0428ba221eb27

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\ar.pak

MD5 3e9c5617e6534501e33ddba80eb3436d
SHA1 46e69042b63b426b045d7a729fa9166c8dea662d
SHA256 7428b97b16b32beb0ea543c7ba06deba9751f5771854161f3e3b0961fa7416bd
SHA512 aeda2c3f4d9dbc64238c9feb4e01769596a7675fafcf2465256df20991a72b6dabf213f57c6d5b5e2b9fa77c166e72474d80b29e8175abe80e03bf2f1740d993

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\am.pak

MD5 e18a450ef034b42599341c3d09f280f1
SHA1 2001c8a85904962ac3a96938eccc69ad2c110fdf
SHA256 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da
SHA512 ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\gu.pak

MD5 27caa91d801b8a403084678be19b97e8
SHA1 1246c2468e66dbf351a8180bdb53f9c9de1a7c60
SHA256 62401ed2d4571f8381901875acf148b9419d6b51960b13bcc34c31b808b94997
SHA512 333820c0a96da9a18c7c15258f1ae21356e50b718495499919e65d37588136d22af596794c88c8b2e21100662b195f9e49b7041d5471904665acdbf113974d06

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\fr.pak

MD5 c3095ce1e88b0976ba7bef183d047347
SHA1 b14cfbf6e46ac1f189595fc09660178525301138
SHA256 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272
SHA512 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\fil.pak

MD5 40bddaf97f64dfea9ebafc7f82166f80
SHA1 90d1fde3c0b27d2184f0353991259c2a92c7820c
SHA256 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2
SHA512 d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\fi.pak

MD5 cc592d91ce8eabaa75249cb78b889376
SHA1 f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac
SHA256 b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20
SHA512 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\fa.pak

MD5 6458a239e994d8d18315deccd35389ed
SHA1 75c985f43503a6c44645786d46639a6b555ae163
SHA256 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34
SHA512 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\et.pak

MD5 c76db3385190c6840315c4497e40258a
SHA1 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46
SHA256 e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f
SHA512 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\es.pak

MD5 f83d8f7f6108786c02c2edbf3d85f147
SHA1 57781d9d9eb7c90cdc71f78e25d0763045b6d29a
SHA256 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d
SHA512 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\es-419.pak

MD5 b261b1efe945365588befdf68879040f
SHA1 616f44a5f73f0449b483f36ccf831db6474a10d2
SHA256 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4
SHA512 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\en-US.pak

MD5 0bb857860d8c9ab6d617cea5a5bd4d00
SHA1 351b744d95846bff2ce5f542fec2e87439aa0f8b
SHA256 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816
SHA512 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\en-GB.pak

MD5 52e2826fb5814776d47a7fcaf55cb675
SHA1 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b
SHA256 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454
SHA512 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\el.pak

MD5 7b96525b965bd186d17873067e24e144
SHA1 9324d723d19ae9963d60e195ea3674e86557d623
SHA256 1860e2d4c57a71dd77f868973b7a10cc13e460a85bd45c915ca5faaab4e35b9c
SHA512 23afb588db39b53543071d3cc47458c994c9264bc6c46590b26a2e4de741261261e87144272f9c5d8b671df43ec52234953e9eea6bb734f266ade8ff11432d26

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\de.pak

MD5 b73344e5a72fca6f956dbab984c123ba
SHA1 0561073aa40a63a9ce9930dd18b18e12ff139b2b
SHA256 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b
SHA512 e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\da.pak

MD5 55a8f5883805a65c854d25edb3959209
SHA1 d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268
SHA256 e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb
SHA512 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\cs.pak

MD5 3cfd9dc564cfcc33cc5524711365c376
SHA1 2e5016d2643017f37658262122974429f18625a2
SHA256 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee
SHA512 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\ca.pak

MD5 423651c45566cd90ea5edd8631e823b8
SHA1 13bed4173a08bcbfefba034aada3d838eece6d16
SHA256 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414
SHA512 e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\bn.pak

MD5 47c95e191e760dee3ef43345577e2379
SHA1 609634315270a91d4ec631642b18bd0036367aad
SHA256 ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7
SHA512 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\bg.pak

MD5 f22901c41d01a00bbfc1d754fc6a9e03
SHA1 6892b884d3be7bc116e71a44bb1ab0862cdfb055
SHA256 9d36e5f1b2de5973c841809b48f3a32229e2657c7a29f25194df9dae603699d6
SHA512 9f2b9b564ef323de4bb21607e26fa93dc38f13b25e571250de3ad01a1e1dbd27724d784ff8c0223167b679a69ebd6b77b6e0cfe6c6efe4218e76fa1ed6ffbd4b

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\he.pak

MD5 6a02a37e1ca3215fa9ee0e1b0fbcf5e7
SHA1 89a8a126c0bbf536ac58e29fc50e045fb1b88220
SHA256 f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986
SHA512 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\hr.pak

MD5 6f92235e6ba003af925a2d6584afd27d
SHA1 3ceba61e9c2975466b6244188f5ea72aaf042fc7
SHA256 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840
SHA512 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\hi.pak

MD5 590e9e73df9cbd83cd87b9c03848fec9
SHA1 da125e60a5a2c51a2d6219d3f81688bd22237b59
SHA256 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9
SHA512 fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\hu.pak

MD5 71d42cb22d2d7a8b26c4514ab12df3aa
SHA1 cd0307503a7906f1742d1e98fc816959319c2171
SHA256 b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6
SHA512 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\mr.pak

MD5 3c48898f16bf7c152cbe1c593a27b4bb
SHA1 43a304becef8c3c06de6f8a3063ef04c7cb686cd
SHA256 7a0193449bfbe87c5491f835c28941b0b1e3275073bbe5410507c282541b1623
SHA512 8d3e33c0a2f0408ba589daa56859d6efc764539a6a05bc175eae8536a2a639414f6fa9a8d438527a1ea93183a24169f8a65a92909378f2f0fc0484dbf0269a4b

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\ml.pak

MD5 04b2540c25990a5e0a9b227dcce6ae0d
SHA1 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e
SHA256 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661
SHA512 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\lv.pak

MD5 264c6e20b3088ceb4dae5773cef0cb55
SHA1 fb6ff83ff14df008092bc3ee73bda7491e8e090e
SHA256 a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda
SHA512 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\lt.pak

MD5 2d4fca437a7548893dc4b51fa5b33c33
SHA1 c1493013d7d981ea9223716e415380992de65c2f
SHA256 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769
SHA512 b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\ko.pak

MD5 d6e2c18c9eabba59b50d147d942125ea
SHA1 0918879203c2050b4f9f449f5616e430897ba0b9
SHA256 f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76
SHA512 f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\kn.pak

MD5 5115cde84b4c674db412619b65433004
SHA1 164f33e7e2e9f685a579da492a6fc8806beb6cbf
SHA256 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7
SHA512 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\ja.pak

MD5 833e8c4aa70351b6be7bd403e4e9a0a7
SHA1 46ccdbdea35deec8ef13a5fc833776875fad187b
SHA256 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0
SHA512 e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\it.pak

MD5 5aa225aad4f9fe6d05ec24905a827d88
SHA1 f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22
SHA256 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab
SHA512 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\id.pak

MD5 e40cb2f3b4db379e4d187aeef0dfd300
SHA1 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6
SHA256 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5
SHA512 b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\ta.pak

MD5 5763f753dffce6a3902b3763857c903a
SHA1 e3b48b715dbb53cb4ca5b8f946c9f3d9c9d2e216
SHA256 e192171fc65cd66ccbcdbe6bcd539897ff2be718f9287b5e6ca3139b1ba12935
SHA512 48172be2c091436cfded3163c2ecbc00a04de17082ab5ffb28d77ba24872fb8cbc70edb164f002dc090fb6e49b897bd0519c969f7d834fd858811ae1e88221d1

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\sw.pak

MD5 99e385ebc1ef8d3daddb3a171fa79edf
SHA1 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1
SHA256 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01
SHA512 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\sv.pak

MD5 41e76f7775fc9a2d6e3c02c46e9b32f6
SHA1 088c15c74a68bee69682bf89c31055332b68c84a
SHA256 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13
SHA512 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\sr.pak

MD5 af7083f2a4bd95dcbe792efade352662
SHA1 dc69aa831836016f6e66c6079931503d534a7862
SHA256 e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd
SHA512 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\sl.pak

MD5 e015b6f5042be2dc96a4e23dcf035502
SHA1 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6
SHA256 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4
SHA512 b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\sk.pak

MD5 b35daa0bd9627ca88b413a5af7c6b4a4
SHA1 d5efdcbc7ca17de29f3075f6434f31ab2e895826
SHA256 f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177
SHA512 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\ru.pak

MD5 75457b95d2bb03891232dae7db886387
SHA1 e5a7569df7f91533703626d167ecc8cddbd27205
SHA256 e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6
SHA512 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\ro.pak

MD5 24b01a438a3ab9699d4ca97c081b5e82
SHA1 0d0b082544d23425a74199fb0a6c11192f0bdf7d
SHA256 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca
SHA512 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\pt-PT.pak

MD5 ecd84b296d3bb312ee18e21017311986
SHA1 f5625523f85c10723750834a54ff59a2dd886fb3
SHA256 fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94
SHA512 e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\pt-BR.pak

MD5 88ad860c73676ffb4025b5c691f29942
SHA1 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558
SHA256 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e
SHA512 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\pl.pak

MD5 644c0ace25d6e532b56510a736c6bc2c
SHA1 1bd0fec952107b493da04c46423da634ff3e1504
SHA256 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7
SHA512 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\nl.pak

MD5 cf6b1cbfd669e9461553974ba37a475e
SHA1 b33867e9bc7fd88ca98a76dc4bd756bcf18887aa
SHA256 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864
SHA512 e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\nb.pak

MD5 b61e42f66d581b6a8929cdf5fb10662e
SHA1 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a
SHA256 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e
SHA512 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\ms.pak

MD5 6cfadaa784e687e6dadbcd80e631bc9b
SHA1 481acb75f525055bf4e45ecabe0eadcb9c492106
SHA256 fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71
SHA512 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\vi.pak

MD5 69c8796439192577f48bd249175aaf37
SHA1 97c52088ca69dada593db0e42b2135d264646454
SHA256 d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2
SHA512 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\uk.pak

MD5 d791b1ecf2931b2fb0c31aac170c7cdc
SHA1 02be115a9ff94fe5250651b6de4323eafc44fce1
SHA256 ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22
SHA512 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\tr.pak

MD5 40491896ad21543f339467186c5efb40
SHA1 695dde7cc35056dcbf0a533aff8299d4c6b61bd8
SHA256 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa
SHA512 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\th.pak

MD5 43edd25f67ce6e6cea5373009ff0a1f8
SHA1 ed72ca6620cf23837e1334be50ccf616806bc5a2
SHA256 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0
SHA512 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\te.pak

MD5 793a87d41cde6e6d1bb086284f69733b
SHA1 d887e3842b664f55b7308427aa6f5bf0b352d879
SHA256 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255
SHA512 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\zh-TW.pak

MD5 c2c35fcedc3708b5bcadf36587393002
SHA1 31d72402cbd44ceb921cedd806259c2cd14e411f
SHA256 cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac
SHA512 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\locales\zh-CN.pak

MD5 098d656a4f4bd8240bed10e7678186c7
SHA1 0c19ab62b4262f1b51558e8aaa79e7741f73393a
SHA256 a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7
SHA512 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 47854640fa7e4b0ac74bcd77923db650
SHA1 5b53aac20683bfeb0dbb0a08b82673f7823c94e3
SHA256 09ec95cf3f1e97cb3848503b7977054b67254a0c307df4f81239b3af3496eefc
SHA512 48bf4b0f1cd48459c533847f6a25f2b903b20eabde400f745208337fb30b213b01a60f0092ae7b66e014b41dd6c77e143fcf7d07fff45e07b97183c74274295f

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\resources\app.asar

MD5 9c8b819dabe7bd9b10f3b701a0888ed3
SHA1 a0e5a9630379bc69c468e18d50e9da561500b206
SHA256 3fb01ea78fe276ce9fde99c5d6912d82fb7569d1b10a4c7abb8a9e45517e786e
SHA512 87850fc7d527193a9f40ee6cee96b051da4d2bc16f8ae38b0c086fa10ba7fef88b24657796a77a19a3610b808365ff582dc475fcd2a1231b2232ef9a7c05c22b

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 16a12bdc986207390dd79d658a6b2263
SHA1 b4b41f62cbc1e1ede786c6e30e11df8e61750bad
SHA256 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac
SHA512 d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 471b15abc9f2e98fb7ed7361d3f045eb
SHA1 95b5798d80a9410872f6ed485ae2b43ca3745540
SHA256 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004
SHA512 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\swiftshader\libEGL.dll

MD5 a6553d67f3035b53b6f766e02e4c71dd
SHA1 2e678c3794330a6e286bfe6a0a72a23219a0fd90
SHA256 611ca89f08fdb8407567d1adc08f9a83559b7425622286b0f0005a24c7c73a32
SHA512 8119b9df52d6f5ac5120a71a6f92cf2d2c2fc3a2a39242557265cb4e0d68fbe86d3633fe47447f94b4a0f52c78aa36a89f04f4ee6b4b7f34fc9ff4367cc3bb44

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\ffmpeg.dll

MD5 0f1f8dcd28989b1a2b7409c0b1c21f1b
SHA1 62e354286ab921fdda4a35cc17c5a5336be65d0b
SHA256 501ddc133f495ec8aae5005e95d91b9d4467df0a188a3350056f6e8376062c0d
SHA512 6a9faba317f66297e458e1bcf5e2257742655e6d3953b73e4f0898134d3f28a2e842dcf4cb3492230212da52a45fad43dc974aac91f4e38cd90768b4ab103bb8

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\ffmpeg.dll

MD5 322d560c651448463821f738e27d0305
SHA1 4a48e79c50f756941ff3d7d28cce28ad88285bc3
SHA256 595e5f6e5ea35a15a50b1f6d100ada12aee30670009907a1a625aa20fa04a29b
SHA512 be41110e40cd488678ca465ae1d5106b5d66a5f19f12a665a4697b60781bf6f4da4131950131698bd9985f5865b586fac3ce4dde33c709a898fe9324341212f0

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 21aaa5a750aaf451a06f992253c44fb9
SHA1 27f9bd515adce1918bd38dfe1dbd3ed32a48b257
SHA256 1ea0a51ec081d18d2e1784422903bc89894fb14cb659ebd6fb09cb229bbbf4bb
SHA512 c3d7e904790032f09ff1a385df3f498ec114d13c1a5ded1092cc3358a56621f931c27498c713ec049f532457cb30564ac0bf4696bab01e008fd98c1de0b95aa0

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 9143111135d1c6465aafca6b36a5c86e
SHA1 ffaf9e451e142de5d1c019de863a58bb602816a5
SHA256 4555db0514e31cd14dd040a4b07bcf20b06de4b16e2541042bc2ef6e9fe241b5
SHA512 a188ce285a40b7c7229bec27fa495c3aeefc8fefcf709b71c46324162ceb2ff21a42f43f1b70d6d4c10d1c07688016e961c275c1a871be314443d1d8b98dc533

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\v8_context_snapshot.bin

MD5 47014c0f81bad6d216c617c9c63bf040
SHA1 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf
SHA256 e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178
SHA512 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\icudtl.dat

MD5 4792befafd3bf451d4aef2b39963b0ba
SHA1 40910ee5372ae8b14dcbdedffff020cceaf48179
SHA256 8a4e547fdc57e909b863b3267d11878037dd7928251b7503c4aad26adc0915cf
SHA512 da69904c1dd894e8885e59aff02304b130d0fd0ccb580b2f16f0910f27300dba09fc7be35e094644e716c646181b730cc2799bd1866f2b9cdbf34c762a1fb163

C:\Users\Admin\AppData\Local\Temp\nso2203.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 3c0537600bbf2e2449e31bdf41afdd64
SHA1 3384aefb54910cefcc85abd16dac9a36917f2fc0
SHA256 3e6b7f00eee9c5f7190e865ec56f7328dc026d46a8ada395c52416e5452babf6
SHA512 5bb4476556a3d85f874317e995839a4d74d14b10ffb6659652e450a5f4b4c7cb8eace54f7e238e1e0e21f2268cf917b346f3af028a3f7327a0d6427ad56049bf

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\resources\app.asar

MD5 f0a85beaec0e889643fe940ffb59f8e5
SHA1 ddee93a41850ef048de1626e18703724c7c07a8b
SHA256 b4b6f1dc3f3173f207763c8f20e96266285ab2a875901b6c28a7a684a63d81cb
SHA512 a0d366eb479ddfe20f49d2eb62b8d2c067557b0633c87b8057ef8eeb55b7a254304baa14811aaf92f0ed55a1c6fdff95b0a7c78c28f69a9828eb4c9d1155d0fa

\Users\Admin\AppData\Local\Temp\5f2e13fd-f3a1-4eaa-8b47-97d24c9b4f0d.tmp.node

MD5 0fb6f395476d428f00b1ed0789be5034
SHA1 599556015d3a51ed9eb8527c6ba09664889928ea
SHA256 714a66995869a3246d62f9d6ecdfb9e20b63778e312124c2f9c53ebbfeacc0f6
SHA512 5a47d7a72416b3b52cde416a8eecb874992c17f4592a7029ec1bdc821930b1747a9520013d2e296e02d661e24e9f519f45bb73fca7173db638e413c17fccb0e9

\Users\Admin\AppData\Local\Temp\517d0991-a340-446d-8da7-061bd48cc05d.tmp.node

MD5 a149ba14dc75821189e11aba62646f62
SHA1 7931c9089bfa9fb24cefacb6c560c706b76883e9
SHA256 a191dcf942f1d97fcc5dd7a9ebc3fb0b6b51d59a4bac5b1b9bbf728af8c1b11a
SHA512 3b4e8b7eeba48f9c5f34e225dd39ca98983ddda838b70c222894b6940066a61a70fdc230299b62806f51c98e03b6124caaabad842a4dfd86fc7749a82380aa58

memory/1896-580-0x0000000000060000-0x0000000000061000-memory.dmp

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 f901d6797ceb862fe424b806748ea521
SHA1 773ccb6e3c4e34f40b0e4ac7f62f2292d8d6a840
SHA256 b5778e23bd44ebd2799dc54beabd71f4d4e1b7e31069ab0981999f72353b1366
SHA512 a3e8c13b0449ea8cd580f40218824cd2fe2d228f6bd519bd46263b40880ff2068a3e2bb58c7f92cd5b33725b644675555ac3a4e21b1065b58843be48d97e2427

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\resources.pak

MD5 45fec5aa03874fa775f21ba1e35f66a0
SHA1 1e9a0ef37720aa3c20001d896bbe994cf88b4c6e
SHA256 232b6f0e2ff55c7d5e472e181cbf36603d4347b689b4e56c5a9fee75087cfff2
SHA512 4fb1000b94864b28d24ea139fadfa2e9375ad55c312e732921f0c7729dc1b3a572685c06593980d5b9932a1e7518905e257deacff15f13fd668184875b84fa10

memory/2468-618-0x000000001B7C0000-0x000000001BAA2000-memory.dmp

memory/2468-619-0x00000000027E0000-0x00000000027E8000-memory.dmp

memory/2468-620-0x000007FEF4D80000-0x000007FEF571D000-memory.dmp

memory/2468-621-0x0000000002AF0000-0x0000000002B70000-memory.dmp

memory/2468-623-0x0000000002AF0000-0x0000000002B70000-memory.dmp

memory/2468-624-0x0000000002AF0000-0x0000000002B70000-memory.dmp

memory/2468-625-0x0000000002AF0000-0x0000000002B70000-memory.dmp

memory/2468-622-0x000007FEF4D80000-0x000007FEF571D000-memory.dmp

memory/2468-628-0x000007FEF4D80000-0x000007FEF571D000-memory.dmp

memory/2468-629-0x0000000002AF0000-0x0000000002B70000-memory.dmp

memory/2468-630-0x0000000002AF0000-0x0000000002B70000-memory.dmp

memory/2468-631-0x0000000002AF0000-0x0000000002B70000-memory.dmp

memory/2468-632-0x0000000002AF0000-0x0000000002B70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 b3e0751975cc01f81facba7e0a6af798
SHA1 7288f2a6888e6be4f1f7b48f88364a7014dd3961
SHA256 451d47c56e26e46f933d9c4e7680b92ced6eeb51139ac3f2be225020318a388f
SHA512 ea510e6ff286db9ff825f004f9de8406f87ca7d527459f16a1606fac5caf3c5ab0079a2e3ce9bea3513ede98ade707a44193f523882eeef18ca09900798568d7

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\ffmpeg.dll

MD5 ec6b7b358ee87c888358d6a656afc7a5
SHA1 915110ca5783470cc5d556e98bf233d57feede01
SHA256 b7ffd6aa0c53ea0e694495f965c2dda46b25dd8e8227ccf5299e9befd5361818
SHA512 817a3aa9a01aa25bf2998970a22cc6bb05a46a571263994b8951470250abff37da44e6471bcf12cb9cafe14b4e7f200ebfa1c0ed1fcc4170a70662d679c52c8d

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libEGL.dll

MD5 2fa9e18e57e519da30a0bd6ff038999d
SHA1 900cbe9a68b749994354d43d968d9ee26c9a9ca2
SHA256 cd6e481e3a9a2140d74180a3a7ece84389a96c932072a23e713e0add12d610a1
SHA512 3c0ee49436a0146a6321ee73a04fd3e7113aa158d05eb18d8f81f530fcd631e9dd79960101efb521eaad2a33d9c13be927b19f46636afc49a1e355065ffa38fb

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libegl.dll

MD5 14562a22e27511c305781c1dff029fd9
SHA1 9aa3c74e08a1e203c495d3262ce02544b5f0b758
SHA256 481723a2f061eee9e2efae1e4376ad43dbb573bde21723270e85f306ff80eecb
SHA512 64d901ed3468eee1aa45234a2cd5140dd186d83259ef433d8b92c8798d96ede38984cb6953da5797540fc294bbf4202e911f6a3910bd9991adcbb9af10ad6091

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libGLESv2.dll

MD5 109218af9cb55830cb0046dadeab211d
SHA1 36991f5e346cd6c353939a66f48dd7366b2d901a
SHA256 7ba78f5d6c2a76d67681ef2ce847b9112c82b49c72d0526bfdcda341ce0f0d11
SHA512 2c452f9d625bc6e788b6a8dbae58701bc488da292c4145954ee1a561a84dfbefdfd3971b943ca394773e2f42d70333cbd704b2f177b3c004f01001e51a99da6d

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libglesv2.dll

MD5 2dd50badfe6229375fdc5a6966a07beb
SHA1 4d259d1e5233311d18e6237068e68d90c046565b
SHA256 df0171dddd671aa6e5499b74c08b5cb99bbc5e38f2a92a72bd8dbb52fe7d377d
SHA512 441899f17fbb7d40da5ebfc0351158fa835534147e5379adfe3eb9ac305ea20e09f18fefd905ea6a381b48209f7026753cbc9cace06593129fe561033f0a3574

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\d3dcompiler_47.dll

MD5 0bc551e2b4bc845610cf767ed45ad1d0
SHA1 f6eb7045585dadabd83e74766cea6f816870df79
SHA256 79bfb4aa91aef6d01bc575ff17240f0c0bec23f8b7fa2cf68d382d49ce319347
SHA512 3750f846ead861d6ffa9acd9a86723d2b5a115c8b451e36efa364114b73f732d8e8b1fda905afff10761cbc007e7859bbb6e506f00e1c239586d077ba2bd30c7

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\D3DCompiler_47.dll

MD5 c8292abd4b741e7c23953f066d64cf11
SHA1 fac100882ca5d7fea983f5b6c7eb7fe8c3e21943
SHA256 50c949a8dc0a13967728a1c660f26dcf2913c0d0084411054e150e2a2c35553f
SHA512 9a89547b4ea0e30b47fb8588f4dffcbab0d68eb6b0748bedeb9d006c2535751f6c90cbdf8c7019173910bd93c0776ae203abc934d8616db02079a1f6b06bfd19

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 22e9c72a8f5f067269ca7effa8ff3678
SHA1 b241e41df84a7f5100d455dbfaa422442936ec66
SHA256 6d710d1e78497e5c9f7e5457240d5019877c86a3f5bcad6f805f31c21f2fd533
SHA512 fcb884e0143459784adef6c7905cce7c1a481629fd298852c0e0197bbe6c56d987ba28addc3ad5abab1e49acca2af406ea9ef5f5516574a3bb9dc0c6d42d61bf

memory/1896-666-0x0000000077AF0000-0x0000000077AF1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 f5bf331f589dc7acad2d899683dee142
SHA1 39c6757e88706263047c5ef64d3c87ee17d460ef
SHA256 9958f221b3f25d5e9013772374e5d7086bb02e27ab295cb7592ecbbffdc2ecbb
SHA512 8f3d3e07d15c0d6e0f7259ff4a528e9204412d8e992de0d8b8f285f94b238dafd9261fdd2281c94283f362db189d04323cca854111d3561f917ad08893b5a5ab

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\ffmpeg.dll

MD5 375a57e3b0f770f28491b1b359f6a47c
SHA1 37d94d6781694b57decb42b51435779e2c99926f
SHA256 b6114d0a3a74e043dc1fda659d749dd912d9064fd6d0d7e575dd78d7e980d932
SHA512 b11789d5675c2735cfbe64491c0487e0c8a69f8045278c8d5bb6f73aa769fdcd2f163262842a4d8ea2a556728553bd1cf6364d6b3942718ba9fb2427f5123d70

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 d8acc74a5484ba4e68e94ead3954783b
SHA1 177b4ad18b6522e874aeb1baad0a7c570e9d172e
SHA256 1ea668c0eeb268365c6924cd7769e7c958c544181ba63febe1854fc44c5d1f74
SHA512 064042aefc557bb6b545d391b82c8cc51af10a0e43f947383cea8160bbd7d9ff372e638e53f5371ecafc61d81d873106964621b048759ffdf8bfd59cf80e9963

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 40a413c4de1b6a0227b8649bb4b017d9
SHA1 cf2ab9e82f49203559725ebd2f23d7c7b754d266
SHA256 6b49832b90661302dc392401893a60724aa6b6ab1a7e751c075219533e1d6c2b
SHA512 523222c90d740587fbd49e6fe330a65e61aa340e02b62bfebca2e9d65955abc24f3de9469772b6216ccf6ae2f495011a268af7c765b215a123ff7166665493d4

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\vk_swiftshader.dll

MD5 ac37610d68f535ac842634daacc1e16b
SHA1 05a2f898afb65c3ebc4e2cfa58db44ac1bafcd97
SHA256 1ac3bef6433bd82c1dc045a36185b33718eb31624ea296ac75c3697340a20031
SHA512 3048ece3fa2e33a612e65a3e96ca1dc6e357adec55e54ca511ecbb7776b7840617be0a6f4d46b3e9c8913475929f74f9768ea677e60324d62c8c006ea7820917

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\vk_swiftshader.dll

MD5 d82a617bcf485be22c3ffdb3a07aebb3
SHA1 a60c7248024641cdc2730c51edaea64ff8225e5a
SHA256 8cce007be848da4e940a0bc52b58a2ec4f1df7b332a575de279aef65e9fc2537
SHA512 0d53e0cdf3e5a45318e01f5c11ecca2ce9d94afacc9f7e901f8ad37a98a2f111874531838e22a9af878e8378cf334668126280f8496db73c23e56e69966df80c

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\vk_swiftshader.dll

MD5 fcd06e1a4b22e8669402cc14872ce978
SHA1 09baf9c9417e013e42ae4508ca152229cd091167
SHA256 e51bf64bfa91921908657307ee47c00730527921e156aa1d0acee516cb70b9cf
SHA512 9529e81b2d04fab8c2b14b4ce6a007194eaf5ab01da4e03ae47a4f9108ac3cf6e53a1e2a863aae68df978d1f2e7e5933bd32104cc77e329a20aa3de154dc4a76

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\vk_swiftshader.dll

MD5 28bf034cb242867aeef07b56a6a9b6d8
SHA1 a3fc3b61af3c60b8326810d2184d5d670b2e7f9e
SHA256 12067d04e67f3dfa2ceef053c5f6878085e3df959d674e778e62cb1a0ca8c9ee
SHA512 a8957666c1bb9b19e2021d9254f300b6a91ca114708298da20f289468998974cc5e7fa1fc8dace891c4b48193a221cc103e96938d2b8f47e323c89fe7f42d7e8

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\vk_swiftshader.dll

MD5 1753a3ac2f684076ee1a0099fc9fd15f
SHA1 a9cdf57431916bea29b742afe9932574f2847f58
SHA256 d970940bc26d32e94018a81de0346c0f0945967ae16cab8a20856cd18b1fa04d
SHA512 bffd5aaa69cbacf0ccfab9d0ef78c7a4313ca5abdcf7a0354be43b0edd7d6f67f5aa4cb6cc77e0110bf10a93026dcd92f3657e4ce618dad192afd310883785c6

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\vulkan-1.dll

MD5 a9144ff0a5288f64fff30301be0aeead
SHA1 383b972bdde20f69efe63fd4718a3d7c85280a4d
SHA256 93b8a8d85b5dce571d5026bc62b36b1c714e497117f55caaa96294c9bed02279
SHA512 b2984f091b3a97eb8e3360fa53fd06747dab3d577c50fc5e6812636a7389648c4ae046024d3c6c12e0491b3e4684b1f877d68a0b57d91c1b699561ebcfc86da1

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\vulkan-1.dll

MD5 7fe5fe2b598b610e06be954622257351
SHA1 209f3c3efcd4953dfe7c207f5aa2286b366dbf3d
SHA256 5ded37e0f597d5fa5f6dc6436c8d29a15f8d28cdff7db99d9ba882f07507c5b4
SHA512 11c16c468521971e073e76d046e267b02ff3b57aa74ec3f19cf4ea644887940fb669a42edcd5a1a24f604d9bac34a3ca29eec42702bcb2f4e6d9edbe104d7084

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libEGL.dll

MD5 8352fd22f09b873193cabc2932be92f0
SHA1 5bd2b58854b279f1733c5f54ea2669ee8a888d9e
SHA256 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
SHA512 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libGLESv2.dll

MD5 9e5c0704744acda793e6b38221ee4b7b
SHA1 2f8887aabeb1cf535d4149d853d0cc45f67b8e29
SHA256 97c45f067926cfe34f70c232b4b675275e2870b354ed5360ba51badcab8e79a2
SHA512 34ab9c86ebdd0d05865704f483628b474482c32fff4626125726ba3764ba4dba9adb902fae72c30031b453c275787a782a0e40c497aafa7ddb5a0664fc3f33f2

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\d3dcompiler_47.dll

MD5 3d3c038f6034e31c5868ef9e46e3dc5e
SHA1 07d9f7ebe50691eb8ef20f09d4538a2ad9ff26ed
SHA256 0114a5ef2d72efc69c3cf14f3e2f6508920683be5dc367d56c179a55f2d2e6d2
SHA512 b2f373f79b9de4f670e4dcc9e7076a6a008023f06e08f667294c2777528ce90d58c8286a43bf7386df2711895a3ebf16c2272efb15d149eb6d3045ad8cf3efa2

\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\ffmpeg.dll

MD5 d7744089c599cfcad2b5adee4f2985d6
SHA1 584354b707a34dce66f636bb2215757a0ae41fc0
SHA256 0bafee6bd3be3bf985627a2bf0b14e4fd608e1ca973be41fd2e4edf63583b2ea
SHA512 2debc91e23d3cdf7058cd739448caafa86bf08f9f43b7238da1f2d1f952de431a534b0e3362de525f732b6ddf82c830f0b12cf28674bb370d357f0126309d08e

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 1f1cab9bc7fd21d2e49bf5d610a94b00
SHA1 cd79500e9e63f2f314552ff0ddab3febb05bf5f2
SHA256 ee76403ddff2034554fe73f3b077bddbd9c5a50c1636bd2a9f698575812a9423
SHA512 5dc4ff2cb04e7d2d869be0e72c8b65c689ddc66bc61a47ab40315230f891d66f07ee6e147b0fcbb920d0bed15fcb9771d3cea1be772ad7bba5953f030048511e

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-17 01:56

Reported

2023-12-17 01:58

Platform

win10v2004-20231215-en

Max time kernel

13s

Max time network

101s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Creative EAX Settings.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Creative EAX Settings.exe N/A

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\Creative EAX Settings.exe"

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1684,11387474657775878205,165164441095058418,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1960 --field-trial-handle=1684,11387474657775878205,165164441095058418,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=NaN get ExecutablePath

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic PATH Win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=NaN get ExecutablePath

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\tmRb4MqyzMqm_temp.ps1"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard

C:\Windows\system32\netsh.exe

"C:\Windows\system32\netsh.exe" wlan show profile

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\sj0y6VcGkGBcgZfHhyhE\System\cam.3408_Admin.jpg"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& {netsh wlan show profile}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\tmRb4MqyzMqm_temp.ps1""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\sj0y6VcGkGBcgZfHhyhE\System\cam.3408_Admin"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_4BlKIf.vbs\""

C:\Windows\system32\attrib.exe

"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_4BlKIf.vbs

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_4BlKIf /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_4BlKIf.vbs /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_4BlKIf.vbs\"""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_4BlKIf /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_4BlKIf.vbs /f"

Network

Country Destination Domain Proto
US 8.8.8.8:53 16.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 api.gofile.io udp
FR 51.38.43.18:443 api.gofile.io tcp
US 8.8.8.8:53 store11.gofile.io udp
FR 31.14.70.247:443 store11.gofile.io tcp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
US 8.8.8.8:53 247.70.14.31.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 hawkish.eu udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 51.38.43.18:443 api.gofile.io tcp
FR 31.14.70.247:443 store11.gofile.io tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 96.121.5.163.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\Creative EAX Settings.exe

MD5 cc6ae0e0ee3b3d83eefcdced64074240
SHA1 319d81976f92f7c14e3fbf8c06a9347b3c7ebd76
SHA256 586ee02fd8f6716269e7cebdcdce92ac311a6512c8df9b094afeb50c69316926
SHA512 45adb92224723fda58c100fdab876da1a5411e837e34ac00ae737d5fd3a615fb22defdba4051766f64ff5b0054bafbdc44d44d7f0a88ae4aafffbe302f0e4ae2

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\d3dcompiler_47.dll

MD5 c1e9c5d58adb8f91dcd9793520676b14
SHA1 422e28f2ed9cdd55b21d52a9cf09084f1a987d34
SHA256 95b01b5c8cf10a4411f103babdbb19f20504b6b5198828a78337251ddaadf6ed
SHA512 63395fcb7fef1b4764359ed76b4982b4062b2fb0f2bbe7d104154d428237e0077248e9b172ce20a3b7a705439a11bf11d628105ee4c6ec1b020140368b353265

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\ffmpeg.dll

MD5 85c11152b9a61793de8535295ace22ab
SHA1 b485b9cb9b36500ece683070d91653d9035a407f
SHA256 091fa01102d34484ed8a7d6dece1045b58b4d0cb20095075f36220b85c26ac67
SHA512 12bb7d46a46776e2ae9a4d62a8a409560e9b2b6b03e07e130fb5b4e9d296b41063e730cd46ad8c2a730a1c582807c20c07e00c7d76e145e51a92981d7f89029b

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\libEGL.dll

MD5 8352fd22f09b873193cabc2932be92f0
SHA1 5bd2b58854b279f1733c5f54ea2669ee8a888d9e
SHA256 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
SHA512 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\icudtl.dat

MD5 e3345564ec9b93504f5529bb53ef0def
SHA1 3d728c02e0acf3ee592eb50cfc9ed4d4a321d16c
SHA256 4ef5cfde4cdb9e799363b3724212bdf54519e388a6ca02e92cfc2ff8993de457
SHA512 ff644f7d259847f43a44c9baa3e44427004c3755224374f8f1b66240bce9ce790a4d061046242fc2918849ee075bf46c6b4089a43824b63b3eed97264336c0c0

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\libGLESv2.dll

MD5 033c72bdc171fd6e40b6a96115c10d2d
SHA1 ac956ec3bdc19973fbfd48c0400800a2c2d917fb
SHA256 51184a550da93ec25774e9d4c636c35b7f193782b516509c7718c8f86e0b1d3b
SHA512 5d03bf532f355e174d4a26770c496130e8d3b4df173e84a181a4a65c9ba4a4d24d9548a00e5f834529f2591713d2ec04d7546a4cc80169d9259b043233903fd7

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\LICENSES.chromium.html

MD5 fba1d2d9855cf7e37ac6ee7384bc98f1
SHA1 16add287ce69fa58d1a1a56a9c03b44f5dd14f45
SHA256 5a0551d1e3377916bebcf3bf98c91cce081cc59dcb5d7d261b3b8a31805f9a53
SHA512 720a447b04d78a37788042b628d0f7bdc7929dbff004160f4f11363d7b2c2b5a61aa2131379ea7c01f00cef75638b9d4fd8bf07c12ace307e35ca71e14d61fa5

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\resources.pak

MD5 9d1dc07b2e1845fc9626d1c12fe74082
SHA1 35ffaa757f47770db8286a9ad815db0aba86970d
SHA256 df498626e8b62e90f68d0f70b3fdd81baac568556e644019f360aa6e67ab0dd5
SHA512 9f24b83d71cd846826c7f2fd3c583d2737c624c3befc4d474223b2933886cd32944b5e9ca1ca5b6eb0d3b434a8565ebe8b18b6b4b1346181fc87d066c55d9acc

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\snapshot_blob.bin

MD5 c9ab741bbef53fa0e84952b8891a5f5a
SHA1 e2dcb8d034e07243537c86371de0c52bce62cee1
SHA256 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4
SHA512 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\v8_context_snapshot.bin

MD5 56bf364c8ad1d0206172286dae85a2e0
SHA1 f2f9a152a4747978b186c99da279c8c6823ace5c
SHA256 bf2e0357ea56422a283b32ab74cd1eb07404beba68cfe61df407dff88cf69cdc
SHA512 20f8f551c55838d4e2bbb8d69a03803eed46e4dc4dae63ab72e0a085944b954731ba114c29bdfd946f287afc2ad893ece705135096d18c4223d8d6e8895be09c

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\vk_swiftshader.dll

MD5 b0399350f1f38b4b0cc4f6a46e0735c7
SHA1 6893e338cbf9ee19b6479ddb99aabee9c7470cbb
SHA256 1e3cec3b1688487d2ad0384b367c17571d46c20436c0679a11732fcb4b545b3d
SHA512 7a73791456592cdbcf0dcdda7cc7a1b95efe266965f55cd3d448eff45b470bdf522c776f078a092d0a2fdef203f5f7be2a63bc8681e7b827e6496141d998a2cb

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\vulkan-1.dll

MD5 c69ac9be8e1ba68487d13be59e48e06e
SHA1 484bbc9779c17476542a7c0dc81fc48f51a43e3e
SHA256 ad5701f8ce97e32e10bafe37ea723eb21004565189e860fed0cb00a0bc2a88f6
SHA512 78265bf12bbf92c873476edaa34a8e2e29706c7977216420eb952da01fcbcec535a0053d87a8a74868e880ae8c5732128b78b3069a6df7c4c61317f524d3b638

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\bg.pak

MD5 bc2668f806b20d7d0d13f683bbf38f1e
SHA1 9f061cb36eaee35c02651ed861679c83b81f2535
SHA256 5e03d6c0fee8b6f39ad7cce5f792a1a71c6158d643a4bd346b4de9d1fe8d2e8e
SHA512 ce92a51cc24907d7f4b1d4631030f85feee2423702f762dafab407ae49b127448cb5dbef646409ce1d1eac453b984e518d58033f919364ccedf779ad9f55841f

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\ca.pak

MD5 b93669db441d5f3c2f6f81e0c7430b7a
SHA1 c3830fea254c26c47c3ad87f258aef29642f842d
SHA256 64daa48025a36e58db4b9fc7a225fbbf43592dd59cb8d8cdc11e5a247166757f
SHA512 43e4e9235fa4b8a4ecd9c3bbc1a6a83b9cd974ed4f0a8d4c4bff1cc2b122061f3209083bd40f8ddf31fa34a4dcbd1932676201d3a7d7d3adac1438bbef4b88dc

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\bn.pak

MD5 328699d024dfbd214b8a08a9d6c53897
SHA1 499d1dbb7e14fb63debca54f7cd53c3fb75e6563
SHA256 0e7f97e62e17de771e8163be54c6dff5c241680eea4b1cb9ef397f9edb94bdeb
SHA512 47f599cb430576f234183f5aea448eea672605d454d6bbf3c0752c0bdb1800a9b47e7cae3fd3cb6d3700073d81753eacf3dc0c37c7c468b39fa1a466caf2509c

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\ar.pak

MD5 4ce530d0bd0e48772bf8913b558fc611
SHA1 94d9c21bc82113a02433cb0764c874ae1661ab5a
SHA256 01343db113bf47f010476469fef84144de8d0889ae9ecbb8d36767a1f52a83f5
SHA512 62a2b7d56074ca48840ef5916253cbf69aa85f09e652d71859e8f471f86d41d8fb86cb024f2bb146ce2bf4ade6b300896b9fbf73de8dc0e984be92ee2e267a5d

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\am.pak

MD5 e18a450ef034b42599341c3d09f280f1
SHA1 2001c8a85904962ac3a96938eccc69ad2c110fdf
SHA256 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da
SHA512 ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\de.pak

MD5 a5fcd6488719105d11e3cb67612f3d11
SHA1 1ad54db36394c760233377029f0d3f3511706dd7
SHA256 191804e34e1cb1600b712dc19318df02c91e0abef46be78c449f1898215fed7d
SHA512 a2818228e7e77d91776f531bae31825823385ee3ea8cb5e1e21a42f14f278034049ccb204575d4574783acabab16c6472cdc8c447a768590c9065638ec4182b7

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\da.pak

MD5 ea1bf3229bd91450d49094e3d31a4064
SHA1 b2eb33db59d9df29a61b7e20e8590980e4c752fa
SHA256 98aeee352d673c85ae27b549df1a9f8ba88b0e7a30576832ffbc2c094fdd1450
SHA512 fb8d421804ec15bd5222b50359cc1e514f6584e640116af7f5b5e33f874352a0fb3432339f0d2ca986f97ffd27f71c4592a39556ddd9533550dcf31323edff51

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\cs.pak

MD5 af43210eab322370df5434634597d5a8
SHA1 a69c043ffff3a77cbba7a76a5ebd2949ee697c99
SHA256 9f71f8b27080fa08bc3cc3d56027bb3ae2e64a52bff665768a38ac3f401443bc
SHA512 43def8435bfd7c35508124d67d899409e56e36df70de506d355d414eca7412e41bfad74e7150a518f2f8bffd63cca4116d10bd09fc3106df3e5e85787cdcb868

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\es.pak

MD5 e9f9fbad063e13dbed7265537a1cc870
SHA1 ed410b67233e859503c4a8b682ceb68bab4a26a1
SHA256 b0970918832a8e91a2024f53edfec4d7dd849225b329aaa636037dbea01eb09d
SHA512 9b096c79ba36554499baf2487e0dac990c834c50d0ffdb55834cb14c812e39e81f2e87ef8c32b2635afa1bba5cedb43c4a0cc698fbeed5145a15d28deaeb4e38

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\et.pak

MD5 35a0e5a951aca334e4158c30cb465913
SHA1 4fe7444c428827421c3b7374aed5e644ef27ad9d
SHA256 3302258b04321710b6d56ab93f050633acb4e8b7160f6931bf779db36948701e
SHA512 4bde587ecbb1fdb399a253ba4b6249bad86a21fdeda6e9d795cdd8a8f9b6f0469862febbbcacbbc9334350b18e95a4e2c1a6f42d8b8d65dcf4636836ce5536ee

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\es-419.pak

MD5 b5ef90baa031e9a7492400a2ebe89131
SHA1 2227c06c8a2d03281dd74d75d9a5301b76ff32e8
SHA256 e04deb11bf69a362729f8afc1e4fab207a469496a94f34847a1fed6795894fe8
SHA512 fc93a2a35497e27cbb5671d88242b56c0cac702797203d56154a6e6ea63cc9b0ca8314eb727489114729bb39f553dbfa2a4529494da3951ca36d693d33568a1e

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\en-US.pak

MD5 a562d6568cc6114c3c0395d627890572
SHA1 e11078a75e3b3ffe51c3d43c5316adcc4d5d83e9
SHA256 f454790baeb8f54498361f1d8ad2158eaec55ee1c939c4a6e5b7a86647744c35
SHA512 433011bef315ecb3c6d3054a2506570731a83432b57138daf93a5a130ed6c022c3b1e663c238737c235501a0fa6b0c2ab08b7b4100c87fa2162501cae3c9c2b8

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\en-GB.pak

MD5 52e2826fb5814776d47a7fcaf55cb675
SHA1 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b
SHA256 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454
SHA512 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\el.pak

MD5 6df88f0f8c3eab57f29b08e248d378c6
SHA1 31fc879a40c140df6d2b1dd558b1bdb4c4e1e66a
SHA256 ed729ec782180ee262d5e8c810d98ebf2bb0838ce0a7dbaaff88e948a18388ab
SHA512 07f284ffe8ba4b754465f7e7c2e4fe3562baa007b2d31c1c437b8d92d78ee4b615f484b9063cd1d3c8c039713a12f11ee4514ee6d066b8c48f2e047b1c40649a

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\fil.pak

MD5 224e4df41920c0340639e1a1bba53713
SHA1 fa431f49936eb5976298a62fc84c3a1adf0930da
SHA256 78ff6f90a829591a0bc70d5ffaaa984e8da35364af2d33705f8d7c31d3cf45a8
SHA512 251f05800ac787b02d602605c3e4d9b8b690e0d2d75e5320a8d9a856736cc1ec515f44f895d6e6b59cf0edb35dbc891db572b101c84a138a1745a92ed2bb51c4

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\fi.pak

MD5 3c7e4a9a5c36440023f315d660f0d960
SHA1 30291c4ba77020bb1b60c72428e7371b843d7acf
SHA256 1104710246ac7fa6dda239b2ba7b1e870057e5f9494bd47b58f42c796b30fb5f
SHA512 57efc339e486f2e8327d827dfedae6cb539721bf0fc492a11352cb03b4d1787869242f5226259c302b1e4defc19b7d85cab13fa61866c3b880a04ae2292c8591

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\fa.pak

MD5 44c3e85873ff1a121597d727777a1e8f
SHA1 f93c5c788a94f9f27c5278d25384ef0aa87e3f64
SHA256 06f720693ce27e6096d93478431649889faab57c1bbb6ce6e0fed8bd4389d88b
SHA512 5f9623de6d3514b56d8151b04789869bbd426e098970f9f209c27f7150f270ae2a2050cca34cc06cf8196b8c30bd54c6e157c6abac945910029ff7a6dba81ba0

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\fr.pak

MD5 4c3f7dd1af8356b392b84d31a307dd49
SHA1 6788a6b7f151f395bc87ab4e5862f640d047e388
SHA256 4d20836e10866f304cd12ad77b229ae849b31109c3703ca3a66c9e4507ad9bb5
SHA512 73c9e43c1ab73408536543aed9aa29d50d18fcb476ab5076374f2321a4b5c6fffa581fbb0ddfe0ae9f5fd3f13a26a2a3f42bd94dec7dde5fa56c9c44123854e7

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\id.pak

MD5 d591e9da81331d6024bb3af41ac8ebdf
SHA1 3787a5d3bc31ee5c4217fd535944a2d5c499b955
SHA256 ed74364c55d92a9aecdc1fd1539c1484fc2a3f750b490321d60202b941045b62
SHA512 d6364768bcc05fb2cd4bafa039fcd7e392285fd206e9b3078a74386f33f04e9aee8424c2f1cfcfe89afa1db843e6a9d2a5f5a4c13e2354b3b3ee4c8803beb217

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\hu.pak

MD5 d55f90a713a7c51ec1c1e5c3c0d0f258
SHA1 a096313824ae2ed61f108b612980ec81637e5c8f
SHA256 10c66f7470401b87d2b3fe3c926b9cb3fca5d4e91009d55b2dc58660917325d0
SHA512 35f2e5d1f8fa71e27070e4c5b89b97283f7abe72fc495d64ee0fdb5cb798cfaca5ad70a33e500cfaa1605e1311a3cebf90c538cfda08616c429be98943f73e9a

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\hr.pak

MD5 e09a5f73125aad858e1ab4a6b3d0429e
SHA1 b4bb5b033ed4e8e6e662617339121ce3c84c786f
SHA256 84e21310759aab753336bc8c93b6bbf931d2bced6d2a1c082a5504a3e3d03807
SHA512 00dadf233fc6991c6258d953fa3477dbaf19be2548166a5472e2c84cff0d06610a8fb5cfcba453a14395ae21dc489c24b0d348a83ef6d1eaa993166a24eb6997

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\hi.pak

MD5 faa235bd7f010e4d90bfc0056e43c0cc
SHA1 b3ec3edb477579df578b40a7f5a888cc45d8483c
SHA256 8118ea7700f219bf9a1f5aa24938f964486d4d46289b4cac140f9e1b8258ed60
SHA512 fe73cf2de5bfb6ea277d192c1fd299a96c413bfe66a33d24eaa8c6503737097653e3cafb296f04294b059418581eec05f694deb98b177d0e09a0c00f439209f7

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\he.pak

MD5 a42da087c71bcc04a98d0d42416bd5e9
SHA1 f2c7dac3e4f67939535c58bd17a0d44dd5d7f105
SHA256 94d57de4c0d9824814611d4b711bea7ec54beea3e1744cdc7c90d479274e6056
SHA512 653cebb9529743337c8daaed3a35598c0fd9d0ee59e60d716f8abc78515d9acb93497c368685d108f17a0e76edd64b28d610a6067764e4805a670ff37c8f6590

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\gu.pak

MD5 6c5420908d8ec8a24309586bdc41e591
SHA1 eeb2e0f66730c35cfaafb4359337bbbd959b9e9d
SHA256 b8a207cd1045443e5852f0cc682993a83e032040602d23bc639eeb4700b959b2
SHA512 f56fbbb176ff30e09255c053da965b3aca7297ac762e5b4571b0cfdcfe27b060787656e3d5cd110d51844807906b9862213923a08aeef95e65b089eb1e6232db

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\locales\it.pak

MD5 d7a52de24b1f88255dd72c506b11b0aa
SHA1 105c5d5bb90ee8628dcb21386b66622754620f0c
SHA256 8157967a2a978ce00ae460c2f6eda52f163241af1023ca1ac9bcb6dc6f88f9a7
SHA512 cf8ae46540e74f3e0b468da9dbdd9e3dfcb42d4ed8aef9446349cccebb86a2b53e345a54c74fda0b37c81a95f9358624b4653b947d2918cf6135405200d3dd79

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\ja.pak

MD5 4aa063d42b6154d91a627bf0f71d323d
SHA1 6d7f44496d4cbad7305a9fcca129433a55ff3a12
SHA256 c657314ea52b0f28b8f6db5539b99182d726a104c75d9eab9dd6ffc876a4486b
SHA512 67c7200a6b79dee8e64bc955c95de43ee49ae99c9a33caafdd65122ac76fce5b9872bb9495c4a7eaf11e7fc1ea5b0b589364d9fb2cdc9479c8ff47f14a1e9a08

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\kn.pak

MD5 899c24bb029374db33c64d1646bfd81a
SHA1 cd716f15511b0ebabebde5fab5a1fe762165bdb1
SHA256 9b1c2bf1a6c2eec30a5922d57c832632fbe1343ecac57729138b18afc1b93e41
SHA512 32fbef3b10561cad4a97d1c4d5ff27080b83a790a6a94893eeb7dfa5976fd198a026704abdd1bf6316cce94ce4456a83a138344d9ffb800685ee91e3f9143e4b

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\ko.pak

MD5 e372d7da60864fd029753291569237d3
SHA1 ebc8d7aa1c66b44658982dc6abace66ebfa821ef
SHA256 85e16c859e1def72094ffd24c338acde46e316a3e64a18b8c6ce07be63afb8d2
SHA512 179ba2458a9c46ac065c631598a6c7752e1bd1a75ceebe425ab098af526ebb68390c48ed79aabcbf791ecf5dd518cf2fb3160b6fb42fbe94e95c58fdbe21a554

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\ml.pak

MD5 77b2af9abecda7d3170fd9c9aa202415
SHA1 1a0d7dd78450ab7ea4f620e8b8a6f72d7e043aa8
SHA256 17824e33917a2c2db17d5cc07b0b7ca2c84f942b767e345acbc3713967c63380
SHA512 6c91dee3a6473fe0101e84c8dbb68aa6f7cd2e1e314e8e3a33324a52a81126b82afbad1011338205bdd7604eea7421a1d289873a922ffc1d169452b238021bc4

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\lv.pak

MD5 ec0531877fe679971b82ae93f042df31
SHA1 d3b9609d8b72ddebb3d964e22fa72596c59a47bb
SHA256 1534a4cfe44650f21f8bd7460da5d9890d264678838d9c07b32d118fc1dbecc3
SHA512 e8814ff56923c2464b2bb072cdc8ff7e1767e8c92bc128b6c2424b97cfa3c240daae7a896cff85830c276e3c2fc2fedebff300f012a5813319337b8272ed9071

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\lt.pak

MD5 086b6f6c7fdbf74d1777af7eea77d0ac
SHA1 861f2dc3c4e963911c79621e6aa10bc5d519b4eb
SHA256 85587ba63624ce4195997f0db2404193b55b2f9eef53616b8abaab0e1b6aa8d7
SHA512 9c8faccda3fd45843835f1f9890e427da7cd98e729afae08736f161bb31ee984c1a86f5e625a855fd5d5a6c4865accebe42ad653b626fd16f4e312188ecfd688

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\mr.pak

MD5 77e924940e81aace074ae60695b2fa69
SHA1 11d80557f90e0d352412eec051e6f3ee8b72b782
SHA256 d998fdc67d5acc18ac4ab74efb7dbf61f1dd23a47f0d95fe57faf5417f2fbcaa
SHA512 fde110821d236f7f26852f0e0014e9e613641e17d66bc2856cb1a71e099d274f105ff7c5095a5d33e2cc39b793299072ddbbe950af8160567f346a1548b63a89

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\ru.pak

MD5 9f0568daf4e1acc7c68eb70004b5c9b5
SHA1 901c3e4b1d61941749efd522087f22e8b30cd729
SHA256 737436539419c579d5adece22bbe20a0c5eddd0a3fc9c2f8bc4a2fc0cc8b0728
SHA512 de3870ee70b3526b5e2fb3c59c85e14f123c7d794e82a07d3d9d12d71e043361f32956b9e6ce5c1ddc5f97f1372589a3cf4d944124276349993e0edd38b5c142

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\ro.pak

MD5 f172ae0603af810f0ae1a9b57a15eacf
SHA1 75d086448e125a1cab2d6e07f7098c4356cdbc4e
SHA256 5ff78d075fb5f4a44da4729f6db23280f75fd36bb17ecf7f428e5fc8ad2840a2
SHA512 088bed19e31ddf432f1160864a0e83b9c26968fd0d0d3bb27f8061d2735a34e469f10fe97b9b4dbf5d509c761d62e5e281e6c4db332b47dd2ee55fa93536d488

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\pt-PT.pak

MD5 a2115479be313b22ece89d7077757384
SHA1 0f6b0e5b59de47286eff1cb4c9f779e7c6ade39e
SHA256 03f7b98dc8af466a549f5e9a70831a8708ac9bdc09f2099a08f6a268ab9f58bb
SHA512 8afc417a4663fb4612a16cff5b4ca5e87dc35af30a283b9e336312c3b6be1e27f39c46c83a7f698012849780f185de52e2e792fd10e58b5f795d5cf3949d3f6f

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\pt-BR.pak

MD5 daa35c6a7242a4a78414dd23ff59ba87
SHA1 5ca2cfbff78bf82665c83714c9dba969da447dfc
SHA256 4c090c937b8e20f119168b2d10e0bd699afc9c8f1ca5d9a9ad9e9506542455de
SHA512 d9b81fd4443d2b684c7eba1d6c4f025bcd3175053acc3e714dbc7f14ba36ea64faf0c5a269e52a83ec34e18495966af8e638eae0d14d036121d843a6b34a87bf

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\pl.pak

MD5 ae04e6a05191d9a4357f8288a3b3dc19
SHA1 8d3f571d061faf4fa44e44a9805fd09f1577f080
SHA256 137323153bb471b339aaf1475a09d0334f4123e0e66aa6e054d2c81cb091c49c
SHA512 5238250c08695466857b66f0c5e691d351a57850a7c501f0900742a5200c4564200a3989efa95ac152a4ceb446c02db1320d74fe2233e790dcf0f61dcd8fd959

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\nl.pak

MD5 d4a3ecbab2887da1778769ed86053feb
SHA1 7105c53a741bc93d6d6f85b9c34c0634a12fd59f
SHA256 00ee277c0f61ffea84a18b1118031c4f4f57fd40f9f5d8ab4cea76618c2c3705
SHA512 de62220021308b4920154405638405177845bb69055a40a428b85c891b15be7ec30673e97117be0d079acfb0ff1bcad936774709e7e52b2f65ba06944fce4f51

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\nb.pak

MD5 044f07f540fb196acfbcab6bfff6f74e
SHA1 0a8495ff54983fa087257773f9c3fd2af6a300a5
SHA256 4408b6b09aad382bebde2ca8544ce73c842c42a780a3574d8470c21c35b18390
SHA512 370367f6e357d619d9c10f925b59971b54719c5b5f79210c99081f2266cf721c1be6d4221304deef4461584ee289352a76c845e028f18790ccda7d81df0235c6

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\ms.pak

MD5 5889fd99fa549f3dd9ba486b2fbc6ac5
SHA1 6e4e8151dd3ab3ec87d7f57a4d0e939f59d1a9dd
SHA256 131794bdebf1c84ef5d39f6adc7c18b263cbfee960774acb784e0f62a219c821
SHA512 78e4afb9b223110d52bab7dc4783f2c89324c7230b89bb7e08277d967d4c233efeef128b95827620707119b59af5682442c1878b923830a89eaf1cf9142caef9

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\sl.pak

MD5 e015b6f5042be2dc96a4e23dcf035502
SHA1 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6
SHA256 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4
SHA512 b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\sk.pak

MD5 b35daa0bd9627ca88b413a5af7c6b4a4
SHA1 d5efdcbc7ca17de29f3075f6434f31ab2e895826
SHA256 f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177
SHA512 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\ta.pak

MD5 68b43b35701bde6b449a884f40313c5b
SHA1 f37875c7514f146b2d79e56c13a179e37f951dee
SHA256 4ab92d2b5f16f455c175e0d00d5d9c4299c2cb000bdf6e4a900e5f9848db8747
SHA512 372b78fb23b45af60d2e565084d1193c1631b5bd31e84bd3a236281c88626db29a8cd7e8f21726c581c55e233217d117c26b0a5a43d7571e3b27f9c523bae8b0

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\te.pak

MD5 9ea8359a9e42880ee15520b58322f8bd
SHA1 729578e5853307963e9d2d785d54d767b5d70471
SHA256 a3f37c23a7f18cdb03121de2d457158899488971abbf36596aea47a8bdb10f4d
SHA512 5004ed4e807d1a2559791808217122a47b9d6219d038fdd9b87fc2128715f2b70a3b2d32dd1eaf87e7f54dca83e68d264208d5bd73af9b1abb8fad3024b6681f

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\sw.pak

MD5 99e385ebc1ef8d3daddb3a171fa79edf
SHA1 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1
SHA256 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01
SHA512 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\sv.pak

MD5 41e76f7775fc9a2d6e3c02c46e9b32f6
SHA1 088c15c74a68bee69682bf89c31055332b68c84a
SHA256 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13
SHA512 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\sr.pak

MD5 af7083f2a4bd95dcbe792efade352662
SHA1 dc69aa831836016f6e66c6079931503d534a7862
SHA256 e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd
SHA512 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\zh-TW.pak

MD5 c2c35fcedc3708b5bcadf36587393002
SHA1 31d72402cbd44ceb921cedd806259c2cd14e411f
SHA256 cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac
SHA512 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\zh-CN.pak

MD5 098d656a4f4bd8240bed10e7678186c7
SHA1 0c19ab62b4262f1b51558e8aaa79e7741f73393a
SHA256 a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7
SHA512 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\vi.pak

MD5 69c8796439192577f48bd249175aaf37
SHA1 97c52088ca69dada593db0e42b2135d264646454
SHA256 d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2
SHA512 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\uk.pak

MD5 d791b1ecf2931b2fb0c31aac170c7cdc
SHA1 02be115a9ff94fe5250651b6de4323eafc44fce1
SHA256 ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22
SHA512 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\tr.pak

MD5 40491896ad21543f339467186c5efb40
SHA1 695dde7cc35056dcbf0a533aff8299d4c6b61bd8
SHA256 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa
SHA512 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\locales\th.pak

MD5 2add689cf388172018011809d1c34632
SHA1 51306be30473cf936f27c64f37435eec6d14b811
SHA256 5445c9e8ce753ecb76aba474601c130a5aa2f0e964e955c94ae8d9e7aaaa4e00
SHA512 0de1fa6605c2a824899ad06270d5981218343fa0942ebbb37a200271b96e1a564ce9232cbed207dd78942c8f17d936bf8a01f04e650ff8ae92d2fedba822da48

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\resources\app.asar

MD5 a4cb282a399a653b76c17ca01d3f6e2a
SHA1 57a84df5a2a7d8e1de9b6e0eb32b3676c98211ca
SHA256 be819b0807c50cc61b62f8022468ef3c3f6af73858a2bca7aa81cb7e9e96f298
SHA512 6748e0cd70029f338f7788d563608ce04e43d891fd1c1b5a2e76464a0e5b67e61b20341d60ac83a04f25b119ce3a941517565f61e06d80990081f43adab10020

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 16a12bdc986207390dd79d658a6b2263
SHA1 b4b41f62cbc1e1ede786c6e30e11df8e61750bad
SHA256 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac
SHA512 d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 471b15abc9f2e98fb7ed7361d3f045eb
SHA1 95b5798d80a9410872f6ed485ae2b43ca3745540
SHA256 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004
SHA512 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 3ad6b3838f7ba40fa2853bcb4a22eabc
SHA1 d2a7614894ef219ec7d6110dc91b33eeee0abbae
SHA256 682abb14b11fe574520d05a4bb644c2527f090c09b702c5fd11705d7158eb5fb
SHA512 c17782bbdf7b5704ef1bbfad216b52bc804d297819f91ae22840b1a70cc1e3dcbc12c1c253ce363518d4ed1add6c3b8156536c234c2e0c46b4d30f93e76ea0ee

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\swiftshader\libEGL.dll

MD5 6fe4c689a49b64fe8e881ed57797b494
SHA1 5f6bac55eb4297ddcf980ae7e15d61c91527d828
SHA256 cca74bbf387f56923f085343b1eb16e7c64aae24285db6ac8786f379c80c2d7d
SHA512 7cee779b12ea81408ea8c2d3d19fbdd2afe806b1e49c201c6a6c706461cc3d448df1020d37479cbb94981902aa3df8efda1d0c4d582e63d1f86426b862f0a4c8

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 d6db3cc6ec6c4e56a98c9b61e0ebaf4c
SHA1 d86bf3252f3272ed31dc3f3c7f0c44e3ad668d3e
SHA256 85346dd885278314b8cc08cc8f262084630908bdf63402b535d6b617e0c4a3e3
SHA512 309eb49c07693d1f6fffab79ec80385f2db9faeffd3aca6b4b715dc0ae7018218b36cf95bcdb2996de98fd6d50d4bc2cca515f6fd66bb622ed63d7c064ae5131

C:\Users\Admin\AppData\Local\Temp\nsx8CC0.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\ffmpeg.dll

MD5 8aef48e863e6e96c7d4526c2a2385ca3
SHA1 8765c1f079c0533fd03581427ad5f0d674ee9239
SHA256 233da7cd7f180a2e5dadbe07718877911c34c63fe1d127cc38debb42324a4613
SHA512 0a8d4c630ef9f12627568f90695c5a2ff80aa6d2b2bea5a13f3d201e7e0091875a8497cad705e87f307b9adfa8616a513e777df08ce83e17e0afcf531849bc76

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 da002eaa4bd0e076d9f39364a86b0d70
SHA1 15ab0f2c05cfa47310c50b28dc3b99616cbaca03
SHA256 3174cf9b2e3203dfa1fb53dca4cf1beaefe0c88523fe96184d9df29f6a3fcdb3
SHA512 24435b03198cfb9d43f8215396d9c401e74969c7e559635da9f7d76ed51d1a7a0358847789c838496a83f0ff7e1c6793199e3187b14b26abbdcc615e9da59caa

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\ffmpeg.dll

MD5 a7a94b01efa70adae2cfbd747d0596b4
SHA1 7e0247e0a83fbe6d35c55f8bfa9c724e27eec519
SHA256 ccfa2d55355d76a04f2e59d9ee0e37e5314b555572afa48c2c8705a2430db6ba
SHA512 c6804ece893f6dde4bb7efab7bd8aa83ad75708600857ca4b0718a6d4319b8bdeb42f84f6bc4cecdb3d5dfd3358d1f343d52db4ea254da80d6f6329b0ec00d85

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\v8_context_snapshot.bin

MD5 06ec7d4a60a58641302e2140d7c851b8
SHA1 a8cf00451a5a02b4c0aa2dc0dc66bcb8cc7ddc99
SHA256 68ed9c205231f3fde2609a86ed4b79756a27fc753c926261ee25f2826ce5fc7c
SHA512 cb4060072df1c9eb1d753bda7f7469904929625fde699d59a8dc42ffc8caf6f5d7ab383f5215f94b6a7797bc57d49fc76fae578ecbe8bd2458f038c12eedaf56

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\icudtl.dat

MD5 50997d7b0e799038c3e428a5c0fa0e2a
SHA1 9db609ac2f0428aad1794928e6cc960d42ef1555
SHA256 00ca63ead7c5bf9bcaf2a5d143b6999ff8347a4754e539e150930fa3ee645f8e
SHA512 d65619c5e1deb9a81994be6f57e75c92c328ddbc1837d5aa8a8cdf429b88efbf935699291ca85d72d7c77e357bffffd562d3b350652bfa89726bb10bb00ba9a1

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\resources\app.asar

MD5 498a263c88f884e5794d73e6a120ae78
SHA1 52c85a789cf5c70baf1676064cb819de9c2ae2c8
SHA256 9fdcb8f1495b92801770a601106f512c29b5cf4d65fb4164a4a6af5992c861bf
SHA512 5fd3329d9c0070573737144179014a43cbad88b679282fee8b2c9d64c2fdf908d8be8f4952fd356cb0e425a30a77e17a35ec742fb76a0637786e59785f723bd4

C:\Users\Admin\AppData\Local\Temp\0eabef5d-78f6-4398-a659-609ae137057f.tmp.node

MD5 6d487974aa1a8f77fe6a514c0397084b
SHA1 25a0eead2cc3ff7eb5ca37e5108deff585eaa202
SHA256 bea0923e910735c8c4c8e14f4e50bfa542624d3a0401c39d881bb47a1b1666f4
SHA512 616e747488aa165d07b617f39998f98f48da8dd648edebc26fb5794d8b34e35e7d0643f572d7c2bb05b29aca24cbcbdf4e4f712785a50c4620bdd4dff3d55569

C:\Users\Admin\AppData\Local\Temp\0b812cae-3368-40a1-bd0a-bb26643d067f.tmp.node

MD5 5f9b6f4fae8835a4ae3aec626c5929df
SHA1 284bb7c300f83c0da9338168add2fb9844c14c24
SHA256 1c2be7b1000537aed7e13b3043afac240e37559a97530ad6361aded976cd21d3
SHA512 d9ca60d90bc821adcb3ae63e2d55ec29f6ee5589e619c65cc4e7f388f37f128d8444733a43803200b94bba97804ae1ed1427599b09ef1e9b292d307ffa51eeba

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 42ffb82bf2d42204162a0122b8ee4285
SHA1 fc3ab00eabbf7b5357f453d3a5c0a2e0f3917ddb
SHA256 0bf78fd4d261ef6cc9836a8d72d709d63572c15e75215f062131e245c31b36bf
SHA512 ca7eaf0eaf06387f050374c1a167242835a889dc1f532a874a6a0190fba7da9bc24664ea7fd56c59b99f5ec88dcdbd499fc852a88bcd1fd88dc6951fd02aea02

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\resources.pak

MD5 a3dd8fdb269c737c1c936e1dcc943375
SHA1 1b52cf82326a414cb45d4d34fc3c164ee6eefc8c
SHA256 131749b484f978e8f6721753c4ed26d5e898875634ae28f085d8fa541cf8757f
SHA512 ca5f89a2548190d5d1a713ad2c8c4763859ee70729ab7c1eef92424172fc1b4087bca06ba8158a9cf4f26d0e93e24fc24b939e632563583f8073a88ffeff32e0

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\locales\en-US.pak

MD5 0bb857860d8c9ab6d617cea5a5bd4d00
SHA1 351b744d95846bff2ce5f542fec2e87439aa0f8b
SHA256 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816
SHA512 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\chrome_200_percent.pak

MD5 a360402466e123a706fa4ea63c7c4a4d
SHA1 90e47378634d5c6cd0a18533f2e11f2d03be54a2
SHA256 0616163f87dbad00fcceea24b43aa17ba5813697adaecca4a84f99ebae42b2a5
SHA512 9f3b3fa9c15da568f894342314c93a59f67422390e8bc04221b992c8006dfe770d9567c4d0836f79306aafb9b8833a5bcbe0777ccd831cc27d6df8c58bc0ba27

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\D3DCompiler_47.dll

MD5 3fa93c81eaede8b65c46a1fd57a0afa7
SHA1 57241bd2b85aa1b251b845fd11c92845cffc98af
SHA256 bccfd8d47fb38e1e771dcf64f3c2081002cf4cd89f05c3920b1e883368096333
SHA512 f944a4002a538cf82c774cdc3bf89ad376e8f63d82d96082ecf8c26fab6e015cac577757f9fc2d5f81f4e3a144fd70d7ff1b997eb43ae6c2b9eb76d54ab570c7

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libglesv2.dll

MD5 da5502e2286f952445239720c6b9f5d5
SHA1 fa847d39ece642b7d7922f6e376e7d34d6de6afd
SHA256 ab0c6c9f91dd21a934ac90437868aba39796b838e79d71505f179af777dcc7a5
SHA512 8cc478f25d0cac450aa77504a8e31335b120f3880ca53750c475cf0d447ddb02e54a5d8ed7b2739499988d0a962bc29bcfd2fd0de7216c47e73aa8dc88655b40

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\d3dcompiler_47.dll

MD5 44750442d40c9020e2782fa056896958
SHA1 1bb8eed6bb07a2836a3fbdda263e7b6f219f0fc6
SHA256 278d9a78c7f7b41e37c8f263c1deb7d58113a4125705a01b161a99ceea01e9c8
SHA512 4978ccbdc6a82ce23a9e42fa298be945257d03b3fdd8dcb1f289d464f051197e0ca538b032a593b6201ceea8fee70c417fb13fbb8bba8996b580032e0d948fa5

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 d8d7e058f04c48b84b89d55f7a940846
SHA1 c1d5836e06d698d9ab583182080d0e69bceb9dd2
SHA256 af7cd0c1719f72124754ad2474c35c024b7156f5f662bdf5911843085de57496
SHA512 b275859896d80bcec590d7e979c66ff47cc93196cb4c7f24d34f8563acd91e815b32925639abe4b6ff9fc225e9ab292c5c93ac4feee18262ac78697c3317c803

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\ffmpeg.dll

MD5 9b2a570555e30b635acbe943dbeec42b
SHA1 08b7c738497a14d32722272308008e07c674c01b
SHA256 613d7788d70fb2d311037d88b16290f04de15a963791778fcdd0876ded9a933f
SHA512 92ad837e49409f81363e3e5a51c63616f774faa204f7434cd90aacf3b91dea0f23ba0929e23c0b4f0a8bc1435c76da354dc7f37afec834a71436ad6ea626c980

memory/4608-578-0x00007FFB8A9F0000-0x00007FFB8A9F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\ffmpeg.dll

MD5 fa462391328da51033027a2473fd873f
SHA1 e3d0273da25950bafbe9dd3385258ccdea5f3c8b
SHA256 ea06d16723da90f044861fb326f8c782a9d8410fd41e00a5001d3fb981438ba9
SHA512 46aa9f5ebdd5bdb1d3332121852f9f4a237b1ddd7023cb3d036825c6405aca348d4ef571eef59356200aa6f615fffd4736a0a5c94be833d14318450bfcd77c6e

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 7d40f843b427b98e2733dee72f5b303a
SHA1 eaa605c31911714cd6cd26bd34bf3f51f8bed572
SHA256 ce5bb9e8914522ca2c95db7f5948c689f0d783e887edf2f39fe962e53537ce39
SHA512 9c6a92c69d3fd80a4038d2ebef09f77ddb964f9882a10963c64021fe783dde6cae13e85905b658b2cecb0bf77fee7c95aabe24b2561a4a95a3e47e55f6916ef2

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libEGL.dll

MD5 ee14f28a2231737d2859d93d48fc3d82
SHA1 e33aca32dc051f62d15dd2405d16a98fba447b9b
SHA256 0f50fca18ccf65d2234f447123211ecbc63f58f0c52acb42ff5901029f40d564
SHA512 f23fe8b1e1c668f2f06c2f0b9cbb913f5c7395940ce3c3bc2c658d58a497011bec2bb5c2d8fdce83125ba8d07f9562af231de59f6d373eb489e28514732c4078

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libegl.dll

MD5 4e33c7909afdb6a3e0401660c87c86f5
SHA1 afc37988a6b6cc3f991aa769e0919a23ef3d06d7
SHA256 fa633a5f140df8002bcde5cfec1d4a0769be222b377bfb814f55e2ae6b59ff51
SHA512 fd67b71c1480f6b24f64d9f8d2e7712b05a8ca7ff9d868c4fc4e02de7fd850f41efbcb5bd0a7149e1cae900616b02685445a89e0b33f5616f3f481e3b06f38cc

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libGLESv2.dll

MD5 b2b2f19a227501a2a0a6e4c9ff8646ff
SHA1 a185efd7a8e63dd674074dceffd35e1ed2356d8e
SHA256 a56d037f69b7ad7cd35ed08ac66738c5f3a28c3711ba85a34db260ac686d6341
SHA512 f1777130e82a9dbf3fca4e9f185c2607af8a638dfe6e4e9fc8dafdf9e199a046a525f08a4c0b405e0c154922514375899527113fb3effa9b5bbb7fabe12bfaa8

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_b4mlftbn.2uj.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2572-603-0x00000266F3E20000-0x00000266F3E42000-memory.dmp

memory/2572-611-0x00007FFB6ACA0000-0x00007FFB6B761000-memory.dmp

memory/2572-614-0x00000266F3DB0000-0x00000266F3DC0000-memory.dmp

memory/2572-613-0x00000266F3DB0000-0x00000266F3DC0000-memory.dmp

memory/2572-612-0x00000266F3DB0000-0x00000266F3DC0000-memory.dmp

memory/2572-618-0x00007FFB6ACA0000-0x00007FFB6B761000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 6cf293cb4d80be23433eecf74ddb5503
SHA1 24fe4752df102c2ef492954d6b046cb5512ad408
SHA256 b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8
SHA512 0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

memory/4476-633-0x0000028DC6DC0000-0x0000028DC6DD0000-memory.dmp

memory/4476-632-0x0000028DC6DC0000-0x0000028DC6DD0000-memory.dmp

memory/4476-631-0x00007FFB6ACA0000-0x00007FFB6B761000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d8b9a260789a22d72263ef3bb119108c
SHA1 376a9bd48726f422679f2cd65003442c0b6f6dd5
SHA256 d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc
SHA512 550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b

memory/4476-636-0x00007FFB6ACA0000-0x00007FFB6B761000-memory.dmp

memory/3248-714-0x0000029C76580000-0x0000029C76590000-memory.dmp

memory/3248-713-0x0000029C76580000-0x0000029C76590000-memory.dmp

memory/3248-715-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

memory/3904-703-0x000001B1559D0000-0x000001B1559E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

memory/3904-702-0x000001B1559D0000-0x000001B1559E0000-memory.dmp

memory/3776-753-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

memory/3776-754-0x000002B246330000-0x000002B246340000-memory.dmp

memory/3904-695-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

memory/4980-755-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 919bd89b9ab1b7c49ce76fc12fcaaa36
SHA1 496081ca765f7412fbca393af083cf49277c798c
SHA256 27e7cb36b83021f93b6a3e24410f05b955b7c7965094f40e0ff005a99d8f5bd0
SHA512 acdc9f2e801c32c91757713a35ccb1f5f674cd594e2eaa8d51d22cb76104615b0aca3c6c5b4430dcca110894b446aa862f522cd66d56f3f26bc3ee231d7851cc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 b4974d7ed96db67284ddd12b1bbbff0e
SHA1 3d9ecbfadfb63d607023e8ad8ca3c20571fdaa4e
SHA256 b6b0dd9271e12c9d00bcde77e8b61d80582f18366bb247a9aeb85ed62597d4fe
SHA512 5583f03ced918d7bbd4db83cd951871f490725fed38864e50ed066c1d9d67aac397509a31ee36a4dab5963769e92408193addf049adf32735c1e65ab10e3fa57

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 706b65ae6a116ca3185975b09fd95a57
SHA1 2f0d1c96fb3693cfdb44a53ce6ce70d2eee5649f
SHA256 bf18f088949ac7891e7099e9252da886b6401115577d7a316917d6eda1922dc9
SHA512 69ad8034f0dfb94c8c97445b0f74183518eec400b76e53fc377e4eb097749b968ccc1acb1a38ea45cbcd69ad7a8d4e47187e53c3f48a20ed39a228e95e0273b6

C:\Users\Admin\AppData\Local\Temp\tmRb4MqyzMqm_temp.ps1

MD5 ee49b3b44063b9ab85a106066c076367
SHA1 a96435b1e90d526295826ee1c58e4c353ca498b7
SHA256 83436787e64c6680ef4173db4c8fd2fb4df8d12a2f53511a176982ecd327f27a
SHA512 df0658b001da0ec49007db607462f212c829e2dbf48533f6f00ae5cafba86e69809fd86bf8e54e7bc52b78540465ea984f1fecf1d3a6bc6e32993c107091e6b9

memory/3196-758-0x0000020AB8820000-0x0000020AB8830000-memory.dmp

memory/3196-760-0x0000020AB8820000-0x0000020AB8830000-memory.dmp

memory/4980-761-0x000002837AB20000-0x000002837AB30000-memory.dmp

memory/4980-762-0x000002837AB20000-0x000002837AB30000-memory.dmp

memory/3776-765-0x000002B246330000-0x000002B246340000-memory.dmp

memory/2620-764-0x0000020677020000-0x0000020677030000-memory.dmp

memory/3196-763-0x0000020AB8820000-0x0000020AB8830000-memory.dmp

memory/4980-759-0x000002837AB20000-0x000002837AB30000-memory.dmp

memory/3196-757-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

memory/2620-775-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8d460ce715a00afd56cda62e926b8b17
SHA1 3aa1ed2a3cd5e6e1a3240f222492c9e49c4eaf22
SHA256 195c9d4857b9486e312f80264b31ef7e9ba014ececd7731397ee75ce8d8f38cb
SHA512 1b9efe45bea12e59e552dcce73d597ad431aa274621d96e5a3d146e28cfb11d9f5af256f0bc986e8d4d043f6352b9410d01ddb048bd57445f544502eaf28d969

memory/3904-781-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

memory/4980-786-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

memory/3248-785-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 50a8221b93fbd2628ac460dd408a9fc1
SHA1 7e99fe16a9b14079b6f0316c37cc473e1f83a7e6
SHA256 46e488628e5348c9c4dfcdeed5a91747eae3b3aa49ae1b94d37173b6609efa0e
SHA512 27dda53e7edcc1a12c61234e850fe73bf3923f5c3c19826b67f2faf9e0a14ba6658001a9d6a56a7036409feb9238dd452406e88e318919127b4a06c64dba86f0

memory/2620-790-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

memory/4944-802-0x0000028FAF9B0000-0x0000028FAF9C0000-memory.dmp

memory/4944-810-0x0000028FAF9B0000-0x0000028FAF9C0000-memory.dmp

memory/3776-809-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

memory/3196-807-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

memory/4944-796-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

memory/2620-780-0x0000020677020000-0x0000020677030000-memory.dmp

memory/4944-812-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\places.sqlite_tmp

MD5 bb5a48a39d24eeef952d5e91c4d8689e
SHA1 bac37c47c96693f4be79352304e96f7fc7a480ce
SHA256 a2599c6d915bf8b4ffd7710898ec3cac2d846b739bf9730a7327987d75977999
SHA512 bbadec5165ed43363292e62318136320bf6cf695ccfa2d63bcbb2acf69ced0f5a04cb1853b7d26a400d96a08b5c13e24c5b38ce55d347c4b36c13b37beaa3c6f

C:\Users\Admin\AppData\Local\Temp\sj0y6VcGkGBcgZfHhyhE\System\IMXSDNYJ - 2023-12-17_015741.png

MD5 6bc6dd32ba6666c441ef0074dbaf3cb9
SHA1 8c9121fb7075ac71ba28ba938ff64f9e10cbc9a9
SHA256 4aac867abaaa30314fb92fa729e14e863a7227afd791ec639b36434b40dd75cc
SHA512 4721df64681876b274eaaf9274abb5468dc3752f15b1ae9c6a49c6983035ce1a52ca4bbce7e3465281f1c959a7440d0e7e7f503eec2de0aae771b9d8b3322247

memory/4580-880-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_4BlKIf.vbs

MD5 923fe54d461ff39f16be8a05632afb29
SHA1 a9eed5c9a73cfd14d7e1beff63c69bc3cd6c7aed
SHA256 1ffba02d51cdeaecc02c9fdaa0aa89b780482228cfd74d7ba931af8f38e72075
SHA512 76f00de6d7c7477d9d9578ab0f189deda3f271dcae87d6f77677b1c6c3aca4962177c7b21f6a5c7a27a7efb68f6d24d06a281f84e060f77766ddbda64af5f385

memory/4580-885-0x00007FFB6AD50000-0x00007FFB6B811000-memory.dmp

memory/4580-882-0x000001C48CCB0000-0x000001C48CCC0000-memory.dmp

memory/4580-881-0x000001C48CCB0000-0x000001C48CCC0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 e5ea61f668ad9fe64ff27dec34fe6d2f
SHA1 5d42aa122b1fa920028b9e9514bd3aeac8f7ff4b
SHA256 8f161e4c74eb4ca15c0601ce7a291f3ee1dc0aa46b788181bfe1d33f2b099466
SHA512 cb308188323699eaa2903424527bcb40585792f5152aa7ab02e32f94a0fcfe73cfca2c7b3cae73a9df3e307812dbd18d2d50acbbfeb75d87edf1eb83dd109f34

C:\Users\Admin\AppData\Local\Temp\sj0y6VcGkGBcgZfHhyhE\Logs\Error.nova

MD5 b697b37356ccd3fc63115453ac834bcf
SHA1 a628e8206d906249e51dc583ea32f4da7c872e40
SHA256 a9d0f86c4b62e910cc5ad830055d3d746664d1ece19b7b72e40da416184cda31
SHA512 83f8d1ab260632ea54b5c38ac763ba08d47fad52a9db02ea8b7e9f9c0d98f2bda9647c3f9bc07c7743889cb7df11c6f922e8f28ae207eeb1599ed1b98bad0c34