Malware Analysis Report

2025-01-19 06:05

Sample ID 231217-gemjqsfcb5
Target MythiaWorldBeta.rar
SHA256 9a8427b6bf897ee3e3597a4c08eca49a28b22c63001b80285b968bfcdae3efc9
Tags
irata infostealer persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9a8427b6bf897ee3e3597a4c08eca49a28b22c63001b80285b968bfcdae3efc9

Threat Level: Known bad

The file MythiaWorldBeta.rar was found to be: Known bad.

Malicious Activity Summary

irata infostealer persistence rat trojan

Irata payload

Irata

Drops startup file

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Views/modifies file attributes

Creates scheduled task(s)

Detects videocard installed

Enumerates processes with tasklist

Suspicious use of AdjustPrivilegeToken

Runs net.exe

Collects information from the system

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-17 05:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-17 05:43

Reported

2023-12-17 05:47

Platform

win10v2004-20231215-en

Max time kernel

141s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe"

Signatures

Irata

trojan infostealer rat irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsDriverSetup99KTdC = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\MythiaWorldBeta.exe" C:\Windows\system32\reg.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\cmd.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\reg.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4592 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 4592 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 3460 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 692 wrote to memory of 2636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 692 wrote to memory of 2636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 3460 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 3460 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 4796 wrote to memory of 3788 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4796 wrote to memory of 3788 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3460 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 3460 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 3460 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 3460 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 3460 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\reg.exe
PID 3460 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\reg.exe
PID 560 wrote to memory of 3440 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 560 wrote to memory of 3440 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 944 wrote to memory of 1016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 944 wrote to memory of 1016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1016 wrote to memory of 4788 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1016 wrote to memory of 4788 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe

Uses Task Scheduler COM API

persistence

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe

"C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe"

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

"C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1700,12311466046325592768,9065693575154742637,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

"C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1936 --field-trial-handle=1700,12311466046325592768,9065693575154742637,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4592 get ExecutablePath"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=4592 get ExecutablePath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Windows\system32\net.exe

net session

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "net session"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\system32\more.com

more +1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic PATH Win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=4592 get ExecutablePath

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4592 get ExecutablePath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetup99KTdC /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\MythiaWorldBeta.exe\" /F /rl highest"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetup99KTdC /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\MythiaWorldBeta.exe /f"

C:\Windows\system32\schtasks.exe

schtasks /create /sc onlogon /tn WindowsDriverSetup99KTdC /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\MythiaWorldBeta.exe\" /F /rl highest

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\MythiaWorldBeta.exe\"""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\MythiaWorldBeta.exe\""

C:\Windows\system32\cmd.exe

cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetup99KTdC /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\MythiaWorldBeta.exe\" /F /rl highest

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetup99KTdC /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\MythiaWorldBeta.exe /f

C:\Windows\system32\attrib.exe

"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\MythiaWorldBeta.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cscript C:\Users\Admin\AppData\Roaming\0C2WOfBtc0DL.vbs"

C:\Windows\system32\cscript.exe

cscript C:\Users\Admin\AppData\Roaming\0C2WOfBtc0DL.vbs

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"

Network

Country Destination Domain Proto
US 8.8.8.8:53 6.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\d3dcompiler_47.dll

MD5 2a417b175c3aa0f8f5879702b13e39ea
SHA1 eb4ac8a840f0464ee1ada1870c9321161f080ccb
SHA256 5ef4989df5e27abe5b23d48eaaca79ecfa3ee8c1b3bc0ac31c24123101e1a621
SHA512 fe47a9c83cac113740aaa453546b615c7df04c585b25d129ada80179cc50196764264c2ed69bee4ab35dc0850b90425f4e0a58379f1f8d81345014ad79c287ca

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\ffmpeg.dll

MD5 9997df240499020b2ac3f8996996828b
SHA1 26d0c8ac6aa296049886f53e056b94b5dee73577
SHA256 b7b059ffacd33a8391103ef60928525bf249f06bbefdb67e58cfa3b42afbdd17
SHA512 c414c6fb1b0896e8dddb49ae918c839ff94af084e35e239b36788597dc5653c575dbd22d894a72a72caf49714d89630b339bd69cc4b92e593e4cd7bacd9a5cc1

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\icudtl.dat

MD5 3bd859c0f1acc7fedb39d7b2ee2aa688
SHA1 d0b4604d6c9f1cd95a77abf731cebfebc4b095a9
SHA256 91935834ddd839665e58a17e69ea92c7504175e236b823eadf8c0e0f638fc83a
SHA512 fbeceb4b8a211e171dff173bfaef24fb050b18627827124359297340234aa0d87d4d669d9afac096126b89bfeadff9e7ba7f03cc5a00a43cc228294973e2d877

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\libEGL.dll

MD5 8352fd22f09b873193cabc2932be92f0
SHA1 5bd2b58854b279f1733c5f54ea2669ee8a888d9e
SHA256 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
SHA512 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\libGLESv2.dll

MD5 1b1875a0589db16353842f766e1c2e82
SHA1 2a5fed7f7ca8de307b5787f6972df1efc6a2fe71
SHA256 e1614f3c57bf3ec4cb1f7228964942ff14da18924360e3e8bf70c4a6e72c42ab
SHA512 4ff7470be61032cfb521a9038cbfe53b786fc95f5142f7efbf6d70931f4a97263f50728e4ffd43b52d639cc1a835aa1f7c2cf8fe4209e6d9f0df0803ad8d1d74

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\LICENSES.chromium.html

MD5 2a5b924727537601684dff8a520e4c9a
SHA1 e08a583f554191b38ec36c2025a32237b167432b
SHA256 0754717bf599fbaa628f1a0b54abfb0c40b758f929acdfec9ad9c93c6de04738
SHA512 d1430467b40fe434646331b78b3e850b7cbe50e27f3574efdad51aca89d6cad88301aec707b785c1046ae432b77a37828fe3b0d3774f468a8316a4888bdf79a1

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\MythiaWorldBeta.exe

MD5 a69f50d72eff1c45070cfaf2e13d250d
SHA1 5c35b15103a7fc99e79dfe0aa12d4757b1c176e0
SHA256 f76c0b51d60ceaf0d54d0c0349ea88d8304b4c6915d98695bf83c3e0326de910
SHA512 6360945b160cd900026015f45600d3390ec7cbb96517f15bd448b77a85c4a338aea25b356520604d862eeda194fd5cf398c323a0cd64af997702d20c14b1a4b2

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources.pak

MD5 2022d9f16557115f41332623a1b32196
SHA1 9f00dd849f0c140e205b0cf7e53cf915087efdf2
SHA256 1a7933811152fe03e9e22867cbe37f905ac31b76b235649c359ab79cb87db3ac
SHA512 8d9ec02074d997b07b1cd2fb08e1b4d052344eacc3e718ccee1ff7a108f10db6752b54f491e8ba84fd77fa425f7c7cbc1aee51ef6e8f8f84f1a734c7dcb272ea

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\vulkan-1.dll

MD5 b91586bd80e057a7f62bdc4422744812
SHA1 a1df644421ece2e740e5bf0ed98b4f269fd85c39
SHA256 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02
SHA512 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\vk_swiftshader.dll

MD5 0762aba404170a572b5f6d3ae976fcf9
SHA1 5569af74168dea83fff6e11bec96c6c751f25ab9
SHA256 9e46c40cfc3b5fc7476c396100d46a0d16306295e8cbe03739301f45bb2d233c
SHA512 b8a9b246ae79c5da7ffbcfb141412a6c6496cdfd43ee8ff7f7bef10bc780ab1097b38409255b0082906e8c708ac423c5ebb740c1f52914528d00aefac81411d7

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\v8_context_snapshot.bin

MD5 47014c0f81bad6d216c617c9c63bf040
SHA1 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf
SHA256 e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178
SHA512 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\am.pak

MD5 e18a450ef034b42599341c3d09f280f1
SHA1 2001c8a85904962ac3a96938eccc69ad2c110fdf
SHA256 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da
SHA512 ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\cs.pak

MD5 3cfd9dc564cfcc33cc5524711365c376
SHA1 2e5016d2643017f37658262122974429f18625a2
SHA256 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee
SHA512 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\el.pak

MD5 38440b98bfdf5ed496da0f49d59534c0
SHA1 1498d9207ecaf4923a47271e24c68a817041c82e
SHA256 b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f
SHA512 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\es-419.pak

MD5 b261b1efe945365588befdf68879040f
SHA1 616f44a5f73f0449b483f36ccf831db6474a10d2
SHA256 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4
SHA512 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\en-US.pak

MD5 0bb857860d8c9ab6d617cea5a5bd4d00
SHA1 351b744d95846bff2ce5f542fec2e87439aa0f8b
SHA256 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816
SHA512 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\en-GB.pak

MD5 52e2826fb5814776d47a7fcaf55cb675
SHA1 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b
SHA256 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454
SHA512 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\de.pak

MD5 b73344e5a72fca6f956dbab984c123ba
SHA1 0561073aa40a63a9ce9930dd18b18e12ff139b2b
SHA256 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b
SHA512 e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\da.pak

MD5 55a8f5883805a65c854d25edb3959209
SHA1 d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268
SHA256 e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb
SHA512 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ca.pak

MD5 423651c45566cd90ea5edd8631e823b8
SHA1 13bed4173a08bcbfefba034aada3d838eece6d16
SHA256 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414
SHA512 e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\bn.pak

MD5 47c95e191e760dee3ef43345577e2379
SHA1 609634315270a91d4ec631642b18bd0036367aad
SHA256 ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7
SHA512 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\bg.pak

MD5 5ba0c7200362c9ed55610cc8b66ef53c
SHA1 d45239c2f1b00885407771a41a7776fc1fe8fa3b
SHA256 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7
SHA512 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ar.pak

MD5 6f3e791b4d35ee7d9515614d128752cf
SHA1 181ec3a84fb3e89336d77f24f562a2cbe07619d8
SHA256 e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60
SHA512 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\snapshot_blob.bin

MD5 c9ab741bbef53fa0e84952b8891a5f5a
SHA1 e2dcb8d034e07243537c86371de0c52bce62cee1
SHA256 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4
SHA512 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\es.pak

MD5 f83d8f7f6108786c02c2edbf3d85f147
SHA1 57781d9d9eb7c90cdc71f78e25d0763045b6d29a
SHA256 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d
SHA512 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\fi.pak

MD5 cc592d91ce8eabaa75249cb78b889376
SHA1 f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac
SHA256 b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20
SHA512 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\et.pak

MD5 c76db3385190c6840315c4497e40258a
SHA1 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46
SHA256 e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f
SHA512 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\fa.pak

MD5 6458a239e994d8d18315deccd35389ed
SHA1 75c985f43503a6c44645786d46639a6b555ae163
SHA256 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34
SHA512 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\hi.pak

MD5 590e9e73df9cbd83cd87b9c03848fec9
SHA1 da125e60a5a2c51a2d6219d3f81688bd22237b59
SHA256 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9
SHA512 fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\hr.pak

MD5 6f92235e6ba003af925a2d6584afd27d
SHA1 3ceba61e9c2975466b6244188f5ea72aaf042fc7
SHA256 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840
SHA512 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\he.pak

MD5 6a02a37e1ca3215fa9ee0e1b0fbcf5e7
SHA1 89a8a126c0bbf536ac58e29fc50e045fb1b88220
SHA256 f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986
SHA512 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\hu.pak

MD5 71d42cb22d2d7a8b26c4514ab12df3aa
SHA1 cd0307503a7906f1742d1e98fc816959319c2171
SHA256 b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6
SHA512 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\gu.pak

MD5 63a7fdc4eadf8ef1c35c72468a0ce33f
SHA1 e8d064f0e9c8a6a8c6ccb036711e292d011d9466
SHA256 e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c
SHA512 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\fr.pak

MD5 c3095ce1e88b0976ba7bef183d047347
SHA1 b14cfbf6e46ac1f189595fc09660178525301138
SHA256 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272
SHA512 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\fil.pak

MD5 40bddaf97f64dfea9ebafc7f82166f80
SHA1 90d1fde3c0b27d2184f0353991259c2a92c7820c
SHA256 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2
SHA512 d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\id.pak

MD5 e40cb2f3b4db379e4d187aeef0dfd300
SHA1 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6
SHA256 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5
SHA512 b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\it.pak

MD5 5aa225aad4f9fe6d05ec24905a827d88
SHA1 f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22
SHA256 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab
SHA512 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ko.pak

MD5 d6e2c18c9eabba59b50d147d942125ea
SHA1 0918879203c2050b4f9f449f5616e430897ba0b9
SHA256 f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76
SHA512 f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\sk.pak

MD5 b35daa0bd9627ca88b413a5af7c6b4a4
SHA1 d5efdcbc7ca17de29f3075f6434f31ab2e895826
SHA256 f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177
SHA512 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\sr.pak

MD5 af7083f2a4bd95dcbe792efade352662
SHA1 dc69aa831836016f6e66c6079931503d534a7862
SHA256 e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd
SHA512 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\te.pak

MD5 793a87d41cde6e6d1bb086284f69733b
SHA1 d887e3842b664f55b7308427aa6f5bf0b352d879
SHA256 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255
SHA512 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ta.pak

MD5 31dada843d0b4f9a66b184cb6d7b8b92
SHA1 0320b31981043c6e4c17470bf2ff4c7488553511
SHA256 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b
SHA512 c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\sw.pak

MD5 99e385ebc1ef8d3daddb3a171fa79edf
SHA1 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1
SHA256 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01
SHA512 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\sv.pak

MD5 41e76f7775fc9a2d6e3c02c46e9b32f6
SHA1 088c15c74a68bee69682bf89c31055332b68c84a
SHA256 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13
SHA512 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\sl.pak

MD5 e015b6f5042be2dc96a4e23dcf035502
SHA1 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6
SHA256 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4
SHA512 b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ru.pak

MD5 75457b95d2bb03891232dae7db886387
SHA1 e5a7569df7f91533703626d167ecc8cddbd27205
SHA256 e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6
SHA512 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ro.pak

MD5 24b01a438a3ab9699d4ca97c081b5e82
SHA1 0d0b082544d23425a74199fb0a6c11192f0bdf7d
SHA256 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca
SHA512 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\pt-PT.pak

MD5 ecd84b296d3bb312ee18e21017311986
SHA1 f5625523f85c10723750834a54ff59a2dd886fb3
SHA256 fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94
SHA512 e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\pt-BR.pak

MD5 88ad860c73676ffb4025b5c691f29942
SHA1 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558
SHA256 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e
SHA512 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\pl.pak

MD5 644c0ace25d6e532b56510a736c6bc2c
SHA1 1bd0fec952107b493da04c46423da634ff3e1504
SHA256 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7
SHA512 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\nl.pak

MD5 cf6b1cbfd669e9461553974ba37a475e
SHA1 b33867e9bc7fd88ca98a76dc4bd756bcf18887aa
SHA256 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864
SHA512 e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\nb.pak

MD5 b61e42f66d581b6a8929cdf5fb10662e
SHA1 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a
SHA256 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e
SHA512 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ms.pak

MD5 6cfadaa784e687e6dadbcd80e631bc9b
SHA1 481acb75f525055bf4e45ecabe0eadcb9c492106
SHA256 fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71
SHA512 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\th.pak

MD5 43edd25f67ce6e6cea5373009ff0a1f8
SHA1 ed72ca6620cf23837e1334be50ccf616806bc5a2
SHA256 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0
SHA512 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\tr.pak

MD5 40491896ad21543f339467186c5efb40
SHA1 695dde7cc35056dcbf0a533aff8299d4c6b61bd8
SHA256 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa
SHA512 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\mr.pak

MD5 f22c99fe6a838e333e8ee06a4d01296b
SHA1 c3542ea8dd45a2b387dd02fa5687948f135e10f2
SHA256 b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911
SHA512 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ml.pak

MD5 04b2540c25990a5e0a9b227dcce6ae0d
SHA1 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e
SHA256 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661
SHA512 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\lv.pak

MD5 264c6e20b3088ceb4dae5773cef0cb55
SHA1 fb6ff83ff14df008092bc3ee73bda7491e8e090e
SHA256 a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda
SHA512 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\lt.pak

MD5 2d4fca437a7548893dc4b51fa5b33c33
SHA1 c1493013d7d981ea9223716e415380992de65c2f
SHA256 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769
SHA512 b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\kn.pak

MD5 5115cde84b4c674db412619b65433004
SHA1 164f33e7e2e9f685a579da492a6fc8806beb6cbf
SHA256 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7
SHA512 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ja.pak

MD5 833e8c4aa70351b6be7bd403e4e9a0a7
SHA1 46ccdbdea35deec8ef13a5fc833776875fad187b
SHA256 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0
SHA512 e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\zh-CN.pak

MD5 098d656a4f4bd8240bed10e7678186c7
SHA1 0c19ab62b4262f1b51558e8aaa79e7741f73393a
SHA256 a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7
SHA512 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\zh-TW.pak

MD5 c2c35fcedc3708b5bcadf36587393002
SHA1 31d72402cbd44ceb921cedd806259c2cd14e411f
SHA256 cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac
SHA512 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\vi.pak

MD5 69c8796439192577f48bd249175aaf37
SHA1 97c52088ca69dada593db0e42b2135d264646454
SHA256 d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2
SHA512 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\uk.pak

MD5 d791b1ecf2931b2fb0c31aac170c7cdc
SHA1 02be115a9ff94fe5250651b6de4323eafc44fce1
SHA256 ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22
SHA512 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar

MD5 c049116e26cbf20cdc5f88238cc9103e
SHA1 6aa5dfc8410899fa342abc9374c52a199164d58d
SHA256 fa7e01203d930861511299603d1ef6812dd6f1a14ed289751e53f7764e473433
SHA512 6d479efb08c181bf6f67efbe75207a5853f5d2eb8e4aa98f2d9256df883a823001bfa3f018aff296c3babc5d9c46b9a8b568dca0bff38f0241304713592f20da

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 c20c205c6f8d70a5e1351a4041a3ec9f
SHA1 e1b2a763dd6c42439656e4e55aba0f3610ff3784
SHA256 bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc
SHA512 dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 16a12bdc986207390dd79d658a6b2263
SHA1 b4b41f62cbc1e1ede786c6e30e11df8e61750bad
SHA256 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac
SHA512 d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 471b15abc9f2e98fb7ed7361d3f045eb
SHA1 95b5798d80a9410872f6ed485ae2b43ca3745540
SHA256 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004
SHA512 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 c0b36d56d83e601bf246f7709a8c5f9d
SHA1 b025a6070f7d61c7d1827856d2d4043834fd23f2
SHA256 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53
SHA512 e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\swiftshader\libEGL.dll

MD5 19dc9ee70e7765bb63a66b6826e8ecb7
SHA1 1a12f983f8b35cc2955d30657971f113c47dc164
SHA256 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f
SHA512 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 eaf8365616deac8f772c82cad84d0bf2
SHA1 400144d579b7f8af5570294918b3397d5f01e999
SHA256 5f0b9677183598256916445ab180bf9287b7e1558d2c5ec6b619542d898a58bb
SHA512 de9f1e0bb6818d2d6e37ade59dc8c83c9ad096f7fbdf701ae37566bcd339abb034724579c0c44d3a73c4683b5e75eebb9c96bd7ef7ebda2dff51186e47d0b6da

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\ffmpeg.dll

MD5 e4cfa9b3d84a59ea303aebda89ce9d9f
SHA1 41818f3cec86d0aa13b98ca1d94291e01945fb96
SHA256 fbe8ed6d5794e7dcecf85e4c4568bedde88cff6378ff89993901fea8d352c0d5
SHA512 99cbdc6ccd092903b97af2c04fe8d70605dacf3c3b93980dd05e5bf903cf7d13d291018ddc6e97c8818d975dc4aa5dc66b1fa1628c7011d84dfa37c9b89260c8

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\ffmpeg.dll

MD5 b8b0bbb8466d4e94c1c0222564860665
SHA1 bf720956b43a953952f64c8d5681d343ed88d435
SHA256 e4cc108d983b289d2479b00e599c804351c305cdaf6fbd6895dc86e1eb17ee38
SHA512 2e8aa09d450ad6d51d9eae32facd338f5192878693642e6809cf71069f8aa7024239a0f00f9a6ebd32258c7d3e921b2a11c9a958bfd4661e77d1b093b417255e

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\v8_context_snapshot.bin

MD5 6fb73ca8b3381c86b857c158dc2ad7bd
SHA1 7cea2af0a99f6eca2337ab507b127f48271a1f33
SHA256 e892f64fd46224fe6a9061c7fe919eff2ac8d82dccd14a1e92ea572acf9f48b8
SHA512 0d4df1ee9e8dd3fdec2d18be13a084df99bf51dfd0591b72c1cd4eee9d84f534653082b592ac82365311f95d759b94fd455a3e97794ae0c1008ed8fcbac4fe57

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\icudtl.dat

MD5 d7d1391895d5efceca25484c4dbe4c7d
SHA1 980952019fade70e4b4042e005661c285cb0434f
SHA256 5fca201e43ac4a047017904053172859415d5ae96af6e93bdcbb8612233ec694
SHA512 70863183bb23536b1ce06055ecb17e8b3cbb3451dee6007eaebd7a294e567a55f8bc04bb43e329a5437c49be3ca8f236973120d45124e220ee17aa088e66c699

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\resources\app.asar

MD5 8e7717a54080fda4b02e029f61833fc0
SHA1 d46237a40e69f0c6103dca226858e7060898a95e
SHA256 fe9873dbbde619ae41de9343f0f00ef5f014e0897cb0514ab540a9315bd8b9cd
SHA512 2e8c9b31cef5db0b964b2e49c907da154d79b5117c2cf957d4a55060d4305af60e7c93a341c1d0d9b296ed7197587ee08e8f4bfc1fbc4eb4cac16480de02169e

C:\Users\Admin\AppData\Local\Temp\7221552a-69fe-4edf-be69-c29cfd741c0f.tmp.node

MD5 803badce7e08d2aecf66da6e3f12b201
SHA1 abcf4ae4802efd4dbd0172408780e602da6005ac
SHA256 950cb26a0db9c91d02e12bbafdcff4bd72a4a23375021ab4166d19dd32292916
SHA512 c39302c95d0d0745347042879be524ddbfc4de4e8b22bb5d5b2b1bbfa98df5511d05413a0ff6fd2bf1afcb2011932dc18b5d7569025c4d164ea7dd4906a22fdb

C:\Users\Admin\AppData\Local\Temp\4202b71c-2c74-4472-93a3-7f50a61d7b5f.tmp.node

MD5 b99cc34c5ad2730f1c6e13aed114f995
SHA1 134e9b0cd566c4d1a8a0775311647385d9cb1ac0
SHA256 b907e85b93063b7e9e7be9ef400a6b65659e7bd0823e5f3fe1429978b229136d
SHA512 fe601590785e060efeef4d712a773ef4bfc14ac534f9e5a9c75b9ce2fc06cae325fd631bc5bbfff40eb003f4448bc6496e10ac24e85e38189ddbb9047eddf488

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\resources.pak

MD5 05bd0522ffcb70c5f436e08f298ebeb4
SHA1 47829cf8e1c700c9c4b82b048dc7b37eab07f256
SHA256 e691b4418997a24e3612eaf9a2ebbc97aed7c9c1ef270946329bdccd497d1b94
SHA512 541b8f8e132f67dc56014d75dffce7f68f733a25d03b46fe58794f89aca4f14c00f7b739ef0b1930ade5d38af5961153010eb126c119540a042c831d1a15ac48

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 0026b65ad587e8d02c829d2e11fb7b6a
SHA1 13708a0124cca2c0fec6f4d51226423d84fcbfc7
SHA256 eee85bc6ef4d538c0e6891d4e5afbf6fdf3d287c0e23874157f07dbe465c010d
SHA512 95c3fa627f8250ca090f5e013a3b2a3d57ff55b014f8c03319c72e6d3e8d94b3e722c4d7fc71bcc9ad3388ace1aaa4ba6460218368fd050402bc73c855c7d564

memory/5032-578-0x00007FFC670F0000-0x00007FFC670F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 18005eac12727332b9684551325b7975
SHA1 cafbf49c097607ff603b69407058ef806a38b80a
SHA256 ba3863d64d51d88875abeda5376ba67fe3d59363de334a91f606aa39531d719c
SHA512 4ae17fb2d03a9f85b9bd7be5f5e0ae38b547bb8d21239c650110b1c202dce8ae8f7ed644ce300ba615cf1d9167d65ede60aa57f28d6d03cb0abed29623c66694

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\ffmpeg.dll

MD5 b0d33caaf0682c2632ba8249d9e1b6ac
SHA1 11a47c6040ff18725b4eebbdaea325b098726e15
SHA256 00398c50edf45f9f67f56beed8cd2f06beb98d8e44eb007ccc98c4866b139369
SHA512 97cf9aca0594c60c768cb226775c7ed7c4f97edb3dfd8a1ad1d32a52d01b12d8db7e3f00f30d094e2041f53751fa1c4b017e97ce467c36344be22a8a9847415f

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\libGLESv2.dll

MD5 e0d779e3f3f05b5ff9f4c55d1884ec1e
SHA1 e6c66892a0ae9df890db5f6c22fe0c01902d5601
SHA256 f08470d9d5a310aa1faab1f12bde5be49e1cbe9e950bdf800f9d0457ba0208c5
SHA512 4a83850381dbfad23c2307ca110e6be7896720befcb22221a2d64964e7de9504acc8f7b3f69ae2b4a40fcbacd5e13c83d401d7ad5e87ac042918bb2d01771b7a

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\d3dcompiler_47.dll

MD5 f32834999b3ec4c76b8502ba27683e81
SHA1 5754d29c306a435b53c37f074c201548305aeab1
SHA256 a8aac4696459594359261571aee0b545c5bf7d1cc00fc4cd6cd4cedf3589eae3
SHA512 285f895d3d8984fa1e00b7f9accfdb4c3d37179a33fd1d6fa48a8f32b5df60d8248e546a920f071f43047f7904ac8cf5bcfc48c54cc77ee3b1233902a87bbf6e

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\D3DCompiler_47.dll

MD5 10a66cab75c2ed0e8a3c8bb906f5b5d9
SHA1 2ce11272608551b4707db923c2bd1222fcb42a0b
SHA256 ca72054bf27856293acb902acb8296b5be0445ae0dd3b950c071579ed16660cd
SHA512 89706f562a1b7dd6936d5b5f3351ce578a4d337878e7fffe8ecc89a47d034118952184c5eb17525d90b55fcc1cdbc38d9724eba66cfc56ece60423ad66287dc3

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\libglesv2.dll

MD5 462dbcb619ecda4b178d27077d4c2827
SHA1 844413125da6a069306c3a99b2d3902b5c36262b
SHA256 279a2808afff5cd3223c1c224115088488c032624b9552ac6b069a7b7e64717e
SHA512 3f16bdcd292ff4c54b8baaa306b1ffec95e5bdc8f393b46431bf0a8ac520b57626dea1396bff8cb73caadbeca4b2c075aaff4d6a11aca4ca02754f4083f0664d

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\ffmpeg.dll

MD5 aafba293446034eaded81549fb79b4ff
SHA1 82297f7fd1b77eddffa1db1d6cee769f2eec025b
SHA256 9aa603f9aa9c37cfd213b48513adafdd33ece52f0ae9c7a4ee176747e3e04f7e
SHA512 c56e81150359c8dfa6ee5c4f9ddacdd7f4e49ce611e7874999c16cbcc136f60a878408c76dfb6921f1d278e10ead8c0e850c160472d4ce157c67e19ebb2aabd2

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 ebc8ed20263eaba4d18d5979455dcc58
SHA1 8070e49b404d5366fe328717708023372891c6c7
SHA256 5a4c5d452164639e0a5b947c4d470edaca38963e73d4866152109c86f132af15
SHA512 1b97be29b29c488e58bd402176daabf9cd90b6c4ac29bfb6d3b123bd237fa30746800815560152e9c8462099d2a770dd18259c0aac48454bacd2c845ad93dae8

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bdsqzfqa.iwn.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4804-603-0x000002325DBE0000-0x000002325DC02000-memory.dmp

memory/4804-614-0x000002325DC10000-0x000002325DC20000-memory.dmp

memory/4804-613-0x000002325DC10000-0x000002325DC20000-memory.dmp

memory/4804-612-0x000002325DC10000-0x000002325DC20000-memory.dmp

memory/4804-611-0x00007FFC46B80000-0x00007FFC47641000-memory.dmp

memory/4804-618-0x00007FFC46B80000-0x00007FFC47641000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 6cf293cb4d80be23433eecf74ddb5503
SHA1 24fe4752df102c2ef492954d6b046cb5512ad408
SHA256 b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8
SHA512 0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

memory/3364-631-0x00007FFC46B80000-0x00007FFC47641000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 235a8eb126d835efb2e253459ab8b089
SHA1 293fbf68e6726a5a230c3a42624c01899e35a89f
SHA256 5ffd4a816ae5d1c1a8bdc51d2872b7dd99e9c383c88001d303a6f64a77773686
SHA512 a83d17203b581491e47d65131e1efc8060ff04d1852e3415fc0a341c6a9691ef9f4cf4dd29d2f6d0032a49f2ba4bd36c35b3f472f0ce5f78f4bb139124760e92

memory/3364-633-0x000002D9BB9C0000-0x000002D9BB9D0000-memory.dmp

memory/3364-634-0x000002D9BB9C0000-0x000002D9BB9D0000-memory.dmp

memory/3364-632-0x000002D9BB9C0000-0x000002D9BB9D0000-memory.dmp

memory/3364-637-0x00007FFC46B80000-0x00007FFC47641000-memory.dmp

memory/2932-654-0x0000024EE9C10000-0x0000024EE9C20000-memory.dmp

memory/2932-655-0x0000024EE9C10000-0x0000024EE9C20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

memory/2932-652-0x00007FFC46C30000-0x00007FFC476F1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\MythiaWorldBeta.exe

MD5 4fbf817249f6a2101fa04a534dcf2eff
SHA1 ce973c14a8ff12ae3d0581d120ff32a470a65d08
SHA256 2b25529140c27b603be87d71ba74ade8e6078e52c1a9d492a8231633eec318bb
SHA512 37c358ea0f962892349f43c9014040768b85a53595d131bf2065d5512021dc718b5a2a557a322ca77ab4d54c6c8d3aef3654ae3da5915f877bb49fec7cd37d71

memory/2932-658-0x00007FFC46C30000-0x00007FFC476F1000-memory.dmp

C:\Users\Admin\AppData\Roaming\0C2WOfBtc0DL.vbs

MD5 7107f7476123bacaf33414deffdace97
SHA1 34debabec9865cc17584ebffaed628773117d34b
SHA256 aaf44db433ea89f2050c74239292807cdfa970209eb65743bdb381c4d1d7f8e8
SHA512 2ebeeff519bbc31417187c97fe792037c494ccf5f28b8cb9894fc3e597b0e2aba7c535c6907ee6a718e015a0cb8302e3490343448c7bc7c697d1761c9a3ce003

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\StdUtils.dll

MD5 3abddec9cacb35b8d97469625006d88b
SHA1 6322d0defa8dc3d2b9f6480a94ec8d35c2639d22
SHA256 96f39f91d501cd86917b817e9cc0fbb51648d717b8060270101b5b74af15a9b4
SHA512 42449801493847269792077c97509b10c1b5c1618678b8b92e7b0d2f75b16e50edccfd240e47c481fc0774ef2c7c95f26f8bc2c0868a390b69ff6410db068896

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-17 05:43

Reported

2023-12-17 05:46

Platform

win7-20231129-en

Max time kernel

8s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe"

Signatures

Irata

trojan infostealer rat irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2380 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2380 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2380 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2380 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 2184 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 2184 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 1876 wrote to memory of 1916 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1876 wrote to memory of 1916 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1876 wrote to memory of 1916 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe
PID 2184 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 2184 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 2184 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 1616 wrote to memory of 732 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1616 wrote to memory of 732 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1616 wrote to memory of 732 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2184 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 2184 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 2184 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 2184 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 2184 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 2184 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe
PID 2184 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe

"C:\Users\Admin\AppData\Local\Temp\MythiaWorldBeta.exe"

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

"C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1104,16898365876689019046,563097824151203260,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2380 get ExecutablePath"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=2380 get ExecutablePath

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "net session"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Windows\system32\net.exe

net session

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

"C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1304 --field-trial-handle=1104,16898365876689019046,563097824151203260,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

"C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1608 --field-trial-handle=1104,16898365876689019046,563097824151203260,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\System32\Wbem\WMIC.exe

wmic PATH Win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp

Files

\Users\Admin\AppData\Local\Temp\nst1862.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nst1862.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\ffmpeg.dll

MD5 c3842fb3087cdcdb04020ac38683c289
SHA1 329dbcd4a1c79b891b200f11eb50194b85c493bc
SHA256 e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133
SHA512 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\icudtl.dat

MD5 599c39d9adb88686c4585b15fb745c0e
SHA1 2215eb6299aa18e87db21f686b08695a5199f4e2
SHA256 c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859
SHA512 16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\libEGL.dll

MD5 8352fd22f09b873193cabc2932be92f0
SHA1 5bd2b58854b279f1733c5f54ea2669ee8a888d9e
SHA256 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
SHA512 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\libGLESv2.dll

MD5 b6a433dc7b4030fb17bd1683a9606b6e
SHA1 0602c50532e3f13facc67bd95a048c470e88afcc
SHA256 f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9
SHA512 b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\LICENSES.chromium.html

MD5 df37c89638c65db9a4518b88e79350be
SHA1 6b9ba9fba54fb3aa1b938de218f549078924ac50
SHA256 dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
SHA512 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\MythiaWorldBeta.exe

MD5 9f74a5a59ba60172af289af6fe1ebc25
SHA1 5b33b07c7638b141d2466f9c2be37d4d25b6f172
SHA256 4054dc02c2396e0fa0fcead166715b9c30f35d2a92fcdc719198fb9341d53dce
SHA512 6c97ee2a1292126c4f93c458df9cd2151e306898808b85ece62c5ed1bae9657f1fcd402e7c6aa2203ef2e6c283383e3c239649460c4ee4ba2c5626e8bdeefd37

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\resources.pak

MD5 17ab5ef4dcefa5fb999225ee6990dd1d
SHA1 9031195ac09e027931c2ee6affa95a0f2db974f1
SHA256 fc4651bbbb7cd0e63abe44b39da86ac89ae6f3fe6496d459091bbc4598b25bd2
SHA512 25aea2d4b0ba4bc63d518bf60d3cfa4147d3249c7b0dbc97fee7bd40641e03eb3fc4add7b092dccb91e482fcea7946f3d4bdf3064e31dd467b5c7368f1a8900a

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\snapshot_blob.bin

MD5 c9ab741bbef53fa0e84952b8891a5f5a
SHA1 e2dcb8d034e07243537c86371de0c52bce62cee1
SHA256 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4
SHA512 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\v8_context_snapshot.bin

MD5 47014c0f81bad6d216c617c9c63bf040
SHA1 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf
SHA256 e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178
SHA512 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\vk_swiftshader.dll

MD5 89b15c79e85bedfe2e7ff7264d0ca714
SHA1 a3b48683cb4c363a256483a8d224920b7c8be306
SHA256 e64fc076f8e7fe278fae893d23407406f0b3331bbc2645d4bd1f54728b9e3900
SHA512 24bd6508ff5d033e59db12d1e016b2cfdb15fdc6698ae852444b25f06250f906d454045b958f96642fbe119d7442fbe1d1a130c12f313ca3856ca7789a873f02

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\vulkan-1.dll

MD5 b91586bd80e057a7f62bdc4422744812
SHA1 a1df644421ece2e740e5bf0ed98b4f269fd85c39
SHA256 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02
SHA512 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\am.pak

MD5 e18a450ef034b42599341c3d09f280f1
SHA1 2001c8a85904962ac3a96938eccc69ad2c110fdf
SHA256 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da
SHA512 ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\ar.pak

MD5 6f3e791b4d35ee7d9515614d128752cf
SHA1 181ec3a84fb3e89336d77f24f562a2cbe07619d8
SHA256 e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60
SHA512 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\bg.pak

MD5 5ba0c7200362c9ed55610cc8b66ef53c
SHA1 d45239c2f1b00885407771a41a7776fc1fe8fa3b
SHA256 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7
SHA512 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\da.pak

MD5 55a8f5883805a65c854d25edb3959209
SHA1 d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268
SHA256 e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb
SHA512 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\cs.pak

MD5 3cfd9dc564cfcc33cc5524711365c376
SHA1 2e5016d2643017f37658262122974429f18625a2
SHA256 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee
SHA512 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\ca.pak

MD5 423651c45566cd90ea5edd8631e823b8
SHA1 13bed4173a08bcbfefba034aada3d838eece6d16
SHA256 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414
SHA512 e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\bn.pak

MD5 47c95e191e760dee3ef43345577e2379
SHA1 609634315270a91d4ec631642b18bd0036367aad
SHA256 ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7
SHA512 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\de.pak

MD5 b73344e5a72fca6f956dbab984c123ba
SHA1 0561073aa40a63a9ce9930dd18b18e12ff139b2b
SHA256 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b
SHA512 e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\el.pak

MD5 38440b98bfdf5ed496da0f49d59534c0
SHA1 1498d9207ecaf4923a47271e24c68a817041c82e
SHA256 b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f
SHA512 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\es-419.pak

MD5 b261b1efe945365588befdf68879040f
SHA1 616f44a5f73f0449b483f36ccf831db6474a10d2
SHA256 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4
SHA512 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\en-US.pak

MD5 0bb857860d8c9ab6d617cea5a5bd4d00
SHA1 351b744d95846bff2ce5f542fec2e87439aa0f8b
SHA256 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816
SHA512 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\en-GB.pak

MD5 52e2826fb5814776d47a7fcaf55cb675
SHA1 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b
SHA256 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454
SHA512 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\fi.pak

MD5 cc592d91ce8eabaa75249cb78b889376
SHA1 f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac
SHA256 b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20
SHA512 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\fa.pak

MD5 6458a239e994d8d18315deccd35389ed
SHA1 75c985f43503a6c44645786d46639a6b555ae163
SHA256 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34
SHA512 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\et.pak

MD5 c76db3385190c6840315c4497e40258a
SHA1 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46
SHA256 e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f
SHA512 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\es.pak

MD5 f83d8f7f6108786c02c2edbf3d85f147
SHA1 57781d9d9eb7c90cdc71f78e25d0763045b6d29a
SHA256 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d
SHA512 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\fr.pak

MD5 c3095ce1e88b0976ba7bef183d047347
SHA1 b14cfbf6e46ac1f189595fc09660178525301138
SHA256 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272
SHA512 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\fil.pak

MD5 40bddaf97f64dfea9ebafc7f82166f80
SHA1 90d1fde3c0b27d2184f0353991259c2a92c7820c
SHA256 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2
SHA512 d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\hr.pak

MD5 6f92235e6ba003af925a2d6584afd27d
SHA1 3ceba61e9c2975466b6244188f5ea72aaf042fc7
SHA256 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840
SHA512 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\hi.pak

MD5 590e9e73df9cbd83cd87b9c03848fec9
SHA1 da125e60a5a2c51a2d6219d3f81688bd22237b59
SHA256 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9
SHA512 fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\he.pak

MD5 6a02a37e1ca3215fa9ee0e1b0fbcf5e7
SHA1 89a8a126c0bbf536ac58e29fc50e045fb1b88220
SHA256 f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986
SHA512 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\gu.pak

MD5 63a7fdc4eadf8ef1c35c72468a0ce33f
SHA1 e8d064f0e9c8a6a8c6ccb036711e292d011d9466
SHA256 e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c
SHA512 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\hu.pak

MD5 71d42cb22d2d7a8b26c4514ab12df3aa
SHA1 cd0307503a7906f1742d1e98fc816959319c2171
SHA256 b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6
SHA512 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\id.pak

MD5 e40cb2f3b4db379e4d187aeef0dfd300
SHA1 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6
SHA256 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5
SHA512 b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\it.pak

MD5 5aa225aad4f9fe6d05ec24905a827d88
SHA1 f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22
SHA256 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab
SHA512 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\ja.pak

MD5 833e8c4aa70351b6be7bd403e4e9a0a7
SHA1 46ccdbdea35deec8ef13a5fc833776875fad187b
SHA256 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0
SHA512 e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\kn.pak

MD5 5115cde84b4c674db412619b65433004
SHA1 164f33e7e2e9f685a579da492a6fc8806beb6cbf
SHA256 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7
SHA512 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\lt.pak

MD5 2d4fca437a7548893dc4b51fa5b33c33
SHA1 c1493013d7d981ea9223716e415380992de65c2f
SHA256 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769
SHA512 b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\ko.pak

MD5 d6e2c18c9eabba59b50d147d942125ea
SHA1 0918879203c2050b4f9f449f5616e430897ba0b9
SHA256 f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76
SHA512 f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\lv.pak

MD5 264c6e20b3088ceb4dae5773cef0cb55
SHA1 fb6ff83ff14df008092bc3ee73bda7491e8e090e
SHA256 a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda
SHA512 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\nb.pak

MD5 b61e42f66d581b6a8929cdf5fb10662e
SHA1 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a
SHA256 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e
SHA512 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\ms.pak

MD5 6cfadaa784e687e6dadbcd80e631bc9b
SHA1 481acb75f525055bf4e45ecabe0eadcb9c492106
SHA256 fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71
SHA512 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\mr.pak

MD5 f22c99fe6a838e333e8ee06a4d01296b
SHA1 c3542ea8dd45a2b387dd02fa5687948f135e10f2
SHA256 b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911
SHA512 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\ml.pak

MD5 04b2540c25990a5e0a9b227dcce6ae0d
SHA1 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e
SHA256 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661
SHA512 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\nl.pak

MD5 cf6b1cbfd669e9461553974ba37a475e
SHA1 b33867e9bc7fd88ca98a76dc4bd756bcf18887aa
SHA256 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864
SHA512 e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\pl.pak

MD5 644c0ace25d6e532b56510a736c6bc2c
SHA1 1bd0fec952107b493da04c46423da634ff3e1504
SHA256 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7
SHA512 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\ro.pak

MD5 24b01a438a3ab9699d4ca97c081b5e82
SHA1 0d0b082544d23425a74199fb0a6c11192f0bdf7d
SHA256 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca
SHA512 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\pt-PT.pak

MD5 ecd84b296d3bb312ee18e21017311986
SHA1 f5625523f85c10723750834a54ff59a2dd886fb3
SHA256 fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94
SHA512 e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\pt-BR.pak

MD5 88ad860c73676ffb4025b5c691f29942
SHA1 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558
SHA256 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e
SHA512 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\ru.pak

MD5 75457b95d2bb03891232dae7db886387
SHA1 e5a7569df7f91533703626d167ecc8cddbd27205
SHA256 e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6
SHA512 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\sk.pak

MD5 b35daa0bd9627ca88b413a5af7c6b4a4
SHA1 d5efdcbc7ca17de29f3075f6434f31ab2e895826
SHA256 f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177
SHA512 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\sl.pak

MD5 e015b6f5042be2dc96a4e23dcf035502
SHA1 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6
SHA256 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4
SHA512 b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\sw.pak

MD5 99e385ebc1ef8d3daddb3a171fa79edf
SHA1 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1
SHA256 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01
SHA512 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\sv.pak

MD5 41e76f7775fc9a2d6e3c02c46e9b32f6
SHA1 088c15c74a68bee69682bf89c31055332b68c84a
SHA256 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13
SHA512 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\sr.pak

MD5 af7083f2a4bd95dcbe792efade352662
SHA1 dc69aa831836016f6e66c6079931503d534a7862
SHA256 e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd
SHA512 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\tr.pak

MD5 40491896ad21543f339467186c5efb40
SHA1 695dde7cc35056dcbf0a533aff8299d4c6b61bd8
SHA256 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa
SHA512 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\th.pak

MD5 43edd25f67ce6e6cea5373009ff0a1f8
SHA1 ed72ca6620cf23837e1334be50ccf616806bc5a2
SHA256 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0
SHA512 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\te.pak

MD5 793a87d41cde6e6d1bb086284f69733b
SHA1 d887e3842b664f55b7308427aa6f5bf0b352d879
SHA256 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255
SHA512 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\ta.pak

MD5 31dada843d0b4f9a66b184cb6d7b8b92
SHA1 0320b31981043c6e4c17470bf2ff4c7488553511
SHA256 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b
SHA512 c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\vi.pak

MD5 69c8796439192577f48bd249175aaf37
SHA1 97c52088ca69dada593db0e42b2135d264646454
SHA256 d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2
SHA512 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\uk.pak

MD5 d791b1ecf2931b2fb0c31aac170c7cdc
SHA1 02be115a9ff94fe5250651b6de4323eafc44fce1
SHA256 ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22
SHA512 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\zh-TW.pak

MD5 c2c35fcedc3708b5bcadf36587393002
SHA1 31d72402cbd44ceb921cedd806259c2cd14e411f
SHA256 cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac
SHA512 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\locales\zh-CN.pak

MD5 098d656a4f4bd8240bed10e7678186c7
SHA1 0c19ab62b4262f1b51558e8aaa79e7741f73393a
SHA256 a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7
SHA512 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\resources\app.asar

MD5 58cac42d17ce4485dbbc2aa88b5fe4c2
SHA1 48e25104fbc6aadeb874de07358a35dfeab9f18a
SHA256 f3fd96088f0c60d40974ead87a4f9a49c7b5d2b5a68625ce94c32047e60085ba
SHA512 e4994409ea51842d67a8f25b335a0415f785ec9d2e8923c9716e35c237ee4d43e2753ee1e29ed45ca427413e2838b3c7f8e061901270966f08890dcfc0732b72

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 c20c205c6f8d70a5e1351a4041a3ec9f
SHA1 e1b2a763dd6c42439656e4e55aba0f3610ff3784
SHA256 bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc
SHA512 dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 471b15abc9f2e98fb7ed7361d3f045eb
SHA1 95b5798d80a9410872f6ed485ae2b43ca3745540
SHA256 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004
SHA512 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\swiftshader\libEGL.dll

MD5 19dc9ee70e7765bb63a66b6826e8ecb7
SHA1 1a12f983f8b35cc2955d30657971f113c47dc164
SHA256 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f
SHA512 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 16a12bdc986207390dd79d658a6b2263
SHA1 b4b41f62cbc1e1ede786c6e30e11df8e61750bad
SHA256 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac
SHA512 d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 c0b36d56d83e601bf246f7709a8c5f9d
SHA1 b025a6070f7d61c7d1827856d2d4043834fd23f2
SHA256 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53
SHA512 e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1

C:\Users\Admin\AppData\Local\Temp\nst1862.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 ebe2f51c2eef38ba2d5fcc0c445aeba6
SHA1 a61b672766ce24615398132f971cf38963ff4797
SHA256 9c45f2bd680ba2cf260a1ff497627741fabd62bef30c9b961d9345ff2830c80d
SHA512 7b04fd7702c74e0cf91a6851a21439e42702479189268ed2d2dfada29a886b4b095f4d302f05358a09bcc32245a3886d081b8f1502223e5229bcb086daa63dda

\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 3c4b898c4114c5d866eff94da82ffbb2
SHA1 8b371c56b9b2e5b9e82494238eae678bdad083f6
SHA256 74c234dbff5168dcdbb4be4ad8a254a11a6b1b8d3256108b6ddd4e50a6293669
SHA512 59a7dfb5ad7b533788d2a4f06f36d11905e18bd0c5b7d8ed6827ee16fd983459ed1a47e2af1dbd9a8e3355de1f2b6e1074b9e11583f82106a2568c41c5e5cefc

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\icudtl.dat

MD5 08f84757a46cba11f0d5fbfc62237876
SHA1 080267b4788610358de7acb770fcebd7a97639f9
SHA256 06b552222f27c0d1b10537d032ac4653285394bec2f6adf591509085378f97d3
SHA512 0ed7dcb43b8b7caf61b3bbddd4d45590ba1f29b4a99c7be78965eb6baa2c5d9ea9fa7be5e1f2bf64cad519bf1337167483abb1212ba0dc603abd5c00eac8e84f

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\resources\app.asar

MD5 3ee90b026ae10bbf7737e76ece116ea9
SHA1 1c63e3d53f3d6b2e5dff2e4e31bc2d7a15d65368
SHA256 555e6211a6249e09ffcd4c1cf110b8613401fbe0bfd9d887083fad51d3fcfb52
SHA512 d5df3b0008dbe3bded214a08111269c3ccf3719c9d6c36b999abd96dfcb2bc0639cf13ac22712aae2f81358ab51b6f6349667d2b83bb9fee4fa1305927e1311c

\Users\Admin\AppData\Local\Temp\7cd36cbf-e05b-4187-a81e-a3dd00e709a7.tmp.node

MD5 3072b68e3c226aff39e6782d025f25a8
SHA1 cf559196d74fa490ac8ce192db222c9f5c5a006a
SHA256 7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01
SHA512 61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

\Users\Admin\AppData\Local\Temp\9fa0df64-6fc4-4edd-9e87-69ce929047e7.tmp.node

MD5 b99cc34c5ad2730f1c6e13aed114f995
SHA1 134e9b0cd566c4d1a8a0775311647385d9cb1ac0
SHA256 b907e85b93063b7e9e7be9ef400a6b65659e7bd0823e5f3fe1429978b229136d
SHA512 fe601590785e060efeef4d712a773ef4bfc14ac534f9e5a9c75b9ce2fc06cae325fd631bc5bbfff40eb003f4448bc6496e10ac24e85e38189ddbb9047eddf488

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\resources.pak

MD5 a10e58fb425b0d98fd3d3e5de59481b1
SHA1 971d637f9d923a6a94f94d24aa72913966ed37f4
SHA256 ecd5b55381490dabc400e761b0ce02c5cc9a1db6d0440ea6a70bed8d0be9c3d9
SHA512 60cbf7ac4c13dbd1de9afd91492a979d644a24167482a40813934dc1328fe83e21bff418fbe8f9c517b83814849b71585c1ec48d3908fcd6abfb888785a713e4

\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\ffmpeg.dll

MD5 e4769420eb1c6a765a5eff661beedce2
SHA1 b13b46c5eb6ea5d9cbf6c0104b7e53adf2319d28
SHA256 b8668b6bf0e2ad7ab2b79df86fbfbf60558545ede9309dd8dc19778abe8a2e85
SHA512 6dadf9bd548af1c775b795febf8a5b3827f979fdf2a147a05fe3840debcf9fd9712c1061896f83ec42c44787b38af6936d28e2fe3d9d9c64bd436a9c41190ff4

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 c873e99a456632435bd052ecc84884d5
SHA1 6c625ca474094528067cbe032f6d00a8c85eb213
SHA256 3f2c494ae0895c39be4e28e0f7b297be9bc1cf9e06499b9d4d6ebf0aae404123
SHA512 83f9210df6278d56af61c002b7024f6f114c84aae003eed8875bec702c66f230e636f5f1320f0d544b757fa2f92812d5235b2e680faa841ae6b96de4a5a5591e

memory/268-614-0x0000000077170000-0x0000000077171000-memory.dmp

memory/268-580-0x0000000000060000-0x0000000000061000-memory.dmp

\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 ce0251c168a5ff2735850e5ed14ead24
SHA1 34fdad433c22a765b292cc6a6df2556638789a6f
SHA256 35ce9980ecf06fab6d66736a643bc51f9a86ef7312fd363c4bb3debd606ec766
SHA512 a4207806a1bb134051b1a9ba8fcae3410bd9f69831f84f751ee894f6c0604ad6e29fa5387f8b4ec4377b8b39e7b9196d27620b4f07972f03356b99d8eaf7fa0d

\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\libGLESv2.dll

MD5 9dfdfc18d527fb12e1e79f2d08ec4206
SHA1 f9a615abdc82532661824ed0c945f2907338f42d
SHA256 70dfaec1065ec8aacb3632e6c8eb92d4a08884bc0d4762c79736971f5a76e94e
SHA512 7a3e56acd7f911a7ac8fd2c7864a8c0b5f5a7fbff9efd9d00e397bbe6722c6b9fdb751a521470b497a7bdc2400e51a1f01c2d1890af6dfd3b76df4b10a474b66

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\libglesv2.dll

MD5 fe8a2e697a9b2af5b9dd42a9a79dc411
SHA1 22a1ae1e832a3637eff020c8f21bbaf022b3cd2d
SHA256 44ee671c13059358e9bd86afd82c67f30f367a2d08a000b636688b163f7c3840
SHA512 db29d78833c17b63383d487cefa34fb3fe5d785307a9adb086620f813707c6e33e3f792327a5db7386c50033deb442b16dc996f6fed5067ca7e2d4ade8b8d491

\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\d3dcompiler_47.dll

MD5 2379438ad2622d56c1b04e787686886a
SHA1 dca10582fe4e2e1fa9a6125f18cabf03a0f0cacb
SHA256 bf84b202bca8c2597107d2170324c3f13c0ef1a7ac51341adfe76244432fd1b0
SHA512 09ec1c9b6b72186f9dade631e0dd22d394f25d4a5a5599ce63cd5e5efdc8036958cdf05b59fcf32b0bfbc477aeb5e4e4149ba42bc93a24793c7b72e2fa7731c1

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\D3DCompiler_47.dll

MD5 d42adeb204b018bf644d759da040419f
SHA1 42836482cb7e42d0bcd0bdbe5adbb5743920117d
SHA256 740179df2c0d7aa411c89ef2ce2ca5fa2d201a9be3d1bff15a164e1aee369e20
SHA512 8c1a18dde8a03db1cf3f184b1cfab9b406391b2a0e015cb6f5e596dbd84b5b1a0f2d905ddc0288ff86121728838e06ca771cf62411aa27e4f4faa58aa52c0159

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 403c8ccc922b30c0fb6db15eda406886
SHA1 63598d6efb6a5bfcce976924bc8ee78d7b3242cb
SHA256 8d6947e7f8b3530771b472193afd2cfea6fe08f141877de8c696d9272a9b59af
SHA512 47f60e7f8f7319d75280d3c2ba19859a57a45974959260374327146ba99c5fe1b274229ff4d4c12b101499a39767a21c3ca91509e957f424bdd037ab5639a31f

\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 3752c8136540a91e0b3f999de54aa568
SHA1 951f8ed119fdce01e3abb190761464cc159463ff
SHA256 f9a758c46fd4c12b0c235f275bc6c8ac3b7fb9131c5116ebe634c984107a2b1c
SHA512 654df09b9ea792054957fffa1d6bf0860a048aed77f67ea778c1af6228bf6777c9ae81f9ae5f94e8b69ecc7224c939ba6f74cd8dc19aee86ee32ef5182179057

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 0cd880442ef124e287d18b295c4cd0a6
SHA1 412e18a78984e1baeafbdbcce5f7003df00c0f5f
SHA256 49acd6882eab2aed62dd357c7c4bdd3d726814f13f6fcddbfd0a5ebee6a5d25a
SHA512 1161aaa467504f27ffe860cb09d1239d929b57e87e678eed0c2a6bd7952b0e075331bec4f24366bb7faf5f5927d6563da024445d6a2ebdcc60a5e4e566106bc5

C:\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 ba8f04430c15fa48a239ec363cd164ad
SHA1 13d52645beb39e609d165064abfe1b18eb4c8f1e
SHA256 8a9b41a4b39718834ce08e0dc2995780695a812bdf69d04c7ee4b7d828f2955c
SHA512 ec5c52a812afe27235f65d6c9f6c59e33b063f28b3a2d3a45dcc05cd491059e246f010553be43b176b466ba0ef51714697ab5866e563e74bf091e43fb7cdd430

\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\ffmpeg.dll

MD5 628bb4924193766392f558dd07ee4bf1
SHA1 395716ad545c42c1b409ec2fe2ac0d38d21faa3e
SHA256 adcaa38acfc1feadf636fd5128d9bfd569524d17364a13f8ca882cec7c6d1449
SHA512 b9fd1ac313155868b9ad9974857ee4014569e0d84eb49c318e4116200a0e49e87d8f8320296c64bca1d7638e70df5f279acb3c20b9188058634ee1b935169e69

\Users\Admin\AppData\Local\Temp\2ZbRgzQ3HODAr40TH7wfPCoElMS\MythiaWorldBeta.exe

MD5 06ef746813b985fdd135b100fd10c9ee
SHA1 740bcb2f3e834e43b862eabb32baf93998411db5
SHA256 e3b9eba60e1da7b16097c2821fcfec60cc88bf54f258f2994d1a8083af6495db
SHA512 416e6cbb9a27a49e147d760116c4350c9929972f8519f3e9e093519166d9c6ad12f774ad6c3b1ec385520d7af3769618ac11be6334c1dac80f60b629bbff0b84

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1980-704-0x000000001B6A0000-0x000000001B982000-memory.dmp

memory/1980-705-0x0000000001D80000-0x0000000001D88000-memory.dmp

memory/1980-708-0x0000000002930000-0x00000000029B0000-memory.dmp

memory/1980-709-0x0000000002930000-0x00000000029B0000-memory.dmp

memory/1980-710-0x0000000002930000-0x00000000029B0000-memory.dmp

memory/1980-707-0x000007FEF46D0000-0x000007FEF506D000-memory.dmp

memory/1980-711-0x0000000002930000-0x00000000029B0000-memory.dmp

memory/1980-712-0x000007FEF46D0000-0x000007FEF506D000-memory.dmp

memory/1980-729-0x000007FEF46D0000-0x000007FEF506D000-memory.dmp

memory/1980-730-0x0000000002930000-0x00000000029B0000-memory.dmp

memory/1980-731-0x0000000002930000-0x00000000029B0000-memory.dmp

memory/1980-732-0x0000000002930000-0x00000000029B0000-memory.dmp

memory/1980-733-0x0000000002930000-0x00000000029B0000-memory.dmp