Analysis Overview
SHA256
15bb700544c589dba519ae5692062b766d9eced9ed7f6fabc3c44acd686ec2cc
Threat Level: Known bad
The file TatsuBeta.exe was found to be: Known bad.
Malicious Activity Summary
Irata
Irata payload
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Drops startup file
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Looks up external IP address via web service
Enumerates physical storage devices
Unsigned PE
Collects information from the system
Enumerates processes with tasklist
Views/modifies file attributes
Detects videocard installed
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Runs net.exe
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-17 16:15
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-17 16:14
Reported
2023-12-17 16:18
Platform
win10-20231215-en
Max time kernel
4s
Max time network
150s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Runs net.exe
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1528,14605696584417824603,17339194505501705696,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1836 --field-trial-handle=1528,14605696584417824603,17339194505501705696,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=5064 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=5064 get ExecutablePath"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\net.exe
net session
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=5064 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=5064 get ExecutablePath
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupodgGQr /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe /f
C:\Windows\system32\cmd.exe
cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupodgGQr /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn WindowsDriverSetupodgGQr /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupodgGQr /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupodgGQr /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe /f"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\"""
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\kvpQWbY9qXrKtiak61zr\System\cam.3612_Admin"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_odgGQr.vbs\"""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_odgGQr /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_odgGQr.vbs /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_odgGQr.vbs\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_odgGQr /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_odgGQr.vbs /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\kvpQWbY9qXrKtiak61zr\System\cam.3612_Admin.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_odgGQr.vbs
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3480 --field-trial-handle=1528,14605696584417824603,17339194505501705696,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 151.80.29.83:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store11.gofile.io | udp |
| FR | 31.14.70.247:443 | store11.gofile.io | tcp |
| US | 8.8.8.8:53 | 83.29.80.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hawkish.eu | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 8.8.8.8:53 | 247.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.121.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.116.69.13.in-addr.arpa | udp |
Files
\Users\Admin\AppData\Local\Temp\nsd7418.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsd7418.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 06c4e5b733b72da2785782fb7c08296a |
| SHA1 | 960c18a7dcfc142b6d76f4d354fe3a6f496d7e8f |
| SHA256 | 64f2f5d801037ab9f106bf2f36730d41bc1b8ad53808782a74f94a13c77dd7c0 |
| SHA512 | b4edb5ad6b6cd37c2a7f24a755d008eb9a4ecc54016461be44e86f2d6ab6754a553c45c1ec5791cf1c0d87af944c5205ff41ec96fc5edc8a34eca3d0b30a90fa |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\chrome_100_percent.pak
| MD5 | 75680adc71c87439f9b8aeb1ed0f6779 |
| SHA1 | fe34da515819e20750995ada28220ba6dabcd7a1 |
| SHA256 | cf1d9eda51c7a4accbadde7227fcbf00f631ea959ac32db5d1fd68b3e8aedfca |
| SHA512 | dc69c66f14dd67e87b9eb4217aea73bcddf7c31fb587ce9961a951ed61ce064c2aa8b6b6ccb422d9cc7b962b3cbc9d24d5beaa8c9180a393d4e66b17546b0ced |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\ffmpeg.dll
| MD5 | 6e901d7eafb253e547df800fb462f152 |
| SHA1 | 5d4120179ea696accc499d1fe17afe89dfb3d44c |
| SHA256 | 9ef414e3d37f886ed85a2b1d5be79e30c7a1742183cdacd809b3b040e3c17439 |
| SHA512 | 3ac9ec2fea085b8acb9487681227f71768323a432f96a2b01386d7d0db8be14cc746c60f572c5bc3b6d96fa2e80e3c3869036bfc8f1f4ae5df9d1df3241ada33 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\icudtl.dat
| MD5 | f625bdd698c266a43f47062af92f57a2 |
| SHA1 | d22bedde1211d5f9c70dab9c131ae2d508334a1f |
| SHA256 | 2ec0d037bcde0cb8c154800d6a119ccc27ee1a62f06a8b6ad9f51a051ba60b6a |
| SHA512 | 949beae5e1154d02d53f0091674dd7b19bd82c39d720d477c410c5398f9c97b80eef896003347b3fd3345c78e1c185b5ff68bd6bbb11ad31fa8459b564f3cecb |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\libEGL.dll
| MD5 | 7871a4151d8a6ca205b2c3a9507dca04 |
| SHA1 | 39d7bfd31ededf692fed775a69b31b3ee17c0981 |
| SHA256 | 7fb63891062e37bde60e297bc88559366a946c799a9eedcd47438f84d907df2d |
| SHA512 | 418c7a17ca348c429c09d6c4fbb1a6bedf86f154c4baf6de36d9f8cf894c52e206818103cdec8a8329f102f556ebc5b7e2f03f86359076d0f36efb86471c4ca3 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\snapshot_blob.bin
| MD5 | e68895a78fcf8bd9c66f55fe70eefd04 |
| SHA1 | 15353bd81ad6de35bdd4e9047069d04a12b16340 |
| SHA256 | 270ae23397a06e2ec2967cf26bea1dc189825dc59d2b3c6321e9c4e7d0310838 |
| SHA512 | 52ce9b56a5288bf377da3d98c4d290a05e2ebc4c8048118260e85fccb8cb9cb5855ffab719a5aaea6b3574ed63c731f10d60e8afeaeb25e4f361778573722b0c |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\resources.pak
| MD5 | ef8eb285e70a184f96665d6ecdfd7517 |
| SHA1 | 2e09ae2b3826d67894984956d45a67ac24f690be |
| SHA256 | 1dc6f91611e5ae70d7739ef5915b22f11970de87536873c592ba74eb1c2baca5 |
| SHA512 | 210e13b08630992cfd1d8e89785ff3e5d0eab2fc4f001c01bf85b380824882595331db07692b5d6e1f5e2219c68fcc2f21b82f6b41b90cbb1a0cbdc94dd5fd80 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\LICENSES.chromium.html
| MD5 | 564ee222266219daac471d602a7798b0 |
| SHA1 | 63de173e073aa6a9c46ff975654f1cccf25abaf5 |
| SHA256 | c513bfd4e5a38580302835c1737c9843586fc752c7a3a2a50bc9491aa7de33a2 |
| SHA512 | 258f06a7bff72083c4833790bae3ed135b44966ebda2eb148ad8c089290447e95f8e533b23ffcf11f9ce5c2e017e64a1dcdb6c3dc180bab15daac9567c8621d4 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\libGLESv2.dll
| MD5 | 71f27294cdfc421d98e6fdb360995d7f |
| SHA1 | 0319b959873b056331d4f7371f530a9c741868e0 |
| SHA256 | d2044e4b7255a9d087a848868571991dd2cc9a20b278ef68b659b694a1dc0ebe |
| SHA512 | efb32c3fabc212727867e54f43483e10bc066fc90e1ce10878b941cd5686375a8a294c5311d0da375581a822551e1028cbb6287ffe11779f5e9fdc033fc63a3a |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\vulkan-1.dll
| MD5 | 8217f0a9e819bb653afd4c4f22c7bab2 |
| SHA1 | 0a1e51bb7bf5463886b3e2bed08bc5797730f5eb |
| SHA256 | 31fbc4bad724b4e55e5f520af79cf65cc888ca29786707cfba4cbbacb7454dd4 |
| SHA512 | d7d3e611c2aa26d5ff70d07095b33b3d672eaf8f3c3aedc729f8b138c5e78fcc4a5668dd7a09c6cb84f80dba6203d9261d570bf94993c9d829f5491db6dccbe3 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\vk_swiftshader.dll
| MD5 | 63ec2e733391760d43d2698e40d69a37 |
| SHA1 | fc79fea84dea40f819549731eef2cd466afc21b3 |
| SHA256 | 0b3ead8893564d10cdb825ad7cc7fb01974836e5ee521d8d33081d15a3dbeae0 |
| SHA512 | 484abe53d3a56a376d0d04956f6b02e2df7f42d837a59cd26701010656336f1a7b705558f053141f64a7c02ee0fa400706acac6ee8618bd095ac399e6bc4d4c3 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 390baea5b619f39e093e22d4c8041553 |
| SHA1 | 03ff34e68621e895e8c482a2eff77d818d536eb8 |
| SHA256 | b4a0758313bde26958135127796b4a0dfaca4c37f789b3f0a14602fefab1aee2 |
| SHA512 | 0fa8ae5e368ce6c7328e6c206c0582d1f9c1d90dd699ae90df2b5c1e65e44ee2f43868b7727974c58aa1555b7032828956cdd33717381f891fc9d8bee0dde75b |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\TatsuBeta.exe
| MD5 | 1ea8de8052d41b310dcf0d10db65551f |
| SHA1 | b9be6e7ce38b470c1f529aa1f008bbc7dd26f099 |
| SHA256 | a81e868692a81229235e1faebf1dbe529ef33dc29f4f133e2fd7c360b8283b88 |
| SHA512 | 4d27a2bafffe635ef3787b725f6bdde26c739307486aadf1f36e896110cdf77e9083be9ff3ea1e018bbbbf370e77f0808b946eb63a54596eefbb3499fecc0e9a |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\am.pak
| MD5 | 151c8874e6977eaf86f65e4053c3dd7f |
| SHA1 | ad6f62ea7963922e5fdaaea7f65a47cbee57f87a |
| SHA256 | 70a17267f8a85e8bc834c1cc328d1c0f8401e60927e86b45874e29e7c7cb8b01 |
| SHA512 | 6eb293fe9e5f639d039deedb09bc6b7f149fe9598c620278469c26bd7b5554aa1414748bb0feb0f9c9e9297d812756e217fe0376f16a92ab8f73023172c9c68a |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\cs.pak
| MD5 | b4e23bee46ff37b105d80d22052ccfb3 |
| SHA1 | 78e2d89b2509e85424e1ac771c1527bcbe474182 |
| SHA256 | 418e459b4dbd9382bbbf3bdfbc9e6b7990a323c9e58ef68f5c3df989a8ad03e6 |
| SHA512 | b94b2b4d76ab2cb790548fccf413c25d178efa50bcb395a38ea8acd0b8f9c58af24239186b4a64b7170384c01d30b6222de79d1741043a1343347b7cd9d7e5f2 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\da.pak
| MD5 | ed8453efc26338369a38eb0f6df2bd36 |
| SHA1 | 55f07b731c8d2e9fae17520e032317f8a88e12b9 |
| SHA256 | e361a4b1e920e06b98009b933d76c5d1ce88ff3aa87a5906d0fba25c35b9a1da |
| SHA512 | 4372317988ff497859aa0a0398650b4c2d8a1417a1c3944ddb54e34af68168068b4d17821fe16110107b8bcf070eb33c66dd775cf1a66aaa38fcf74e83df3471 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\ca.pak
| MD5 | a71d0de5f303003faf694960f8c5ceb0 |
| SHA1 | c5198cfa473686b4066f298014f785ddcbc2cfd9 |
| SHA256 | f6dee00815982fd187e01da3a0c6abaee952d3ac9c4dfd2e96b416d6ada2b357 |
| SHA512 | 61465124ce7e849e02b79884ee02f1a539ad14fa969b1fe7a741f12e1387fb45074ab9a38dd55416cb189dc62f4972ad6827901e9b8b9256fdf416d4a734412f |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\bn.pak
| MD5 | 628ef6cb62c9f8340ea96e5af9e73e56 |
| SHA1 | 1473e651f2471b212f1216a17d267e0771c85871 |
| SHA256 | c1ccade95c32a5750f59319dcf842fa3f294a7fda2f9af9156a6cd6f2a575164 |
| SHA512 | bd48c23473a00dc321373648ec8fdb4c0e3f78b6be50a5ca9e9845e9c93ec9aa7e4dc0201784c3b13b339f5cb9af401f6155437aec93b3b49f3301a1d78a215d |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\bg.pak
| MD5 | 99d463b9e22f5867418dcb5a80a03804 |
| SHA1 | f449cfffecdcd1105b8744e1ce316024c7fea78b |
| SHA256 | 134bfa3246d1f20f8967f8a0c9aacaefa3bf411e2bcb361b8f030bddd137e7bb |
| SHA512 | 9fc00e331472dc68ed96ad8ef6338a386de63a2ad95c042688076dc70790943e55facfc7695f8446b417e97a3cd8129f30481b11ab5f6f83a019005d79599f06 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\ar.pak
| MD5 | 362f011454d39609ca4cb4d942be3f13 |
| SHA1 | df91b904abf183dcd9fe9075442f81de387df7d8 |
| SHA256 | 76198e81b09acaddaf463d39171f50f652a61efdf344f22b16ae15343b219b9c |
| SHA512 | f0ca03cb6e3aad72aa8eee309ae08c00830b413e9abc6a164f655dcbb270eb411734caf5ec44848e77a52955bf2aa239969d2ae08a29b3bdde5426bd90b22f65 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\de.pak
| MD5 | 1f1c6f0fbed50888f5c39d9492d9c87c |
| SHA1 | fa49583115fe70d5a008160cb558f03ab501a481 |
| SHA256 | 4fd9dacebf1eac0910e3041444f84ca0844ad99642ad2d0633baba2fe8a51b0a |
| SHA512 | 54b321a84f9ca425b53b8d91fbfd2e96b2a605287c1e608245624479a9def76e28a4c2832ed452ac42d8a192abc578d558364ff8fe475a5116d63234d2d8a7e1 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\es-419.pak
| MD5 | 6c3994192fc22e2eb3a3d27935d848e8 |
| SHA1 | b47356bb80caeb4ad820d3def154bca45052c46b |
| SHA256 | 3eebe22b38415509e441dbe3c72c1ef8fd6cc8bdbdfbd1571c36b18cc9a30f3e |
| SHA512 | c885a74291806e7f8d1f8b7675f07fe9cc7d78fdd1294b5725956a9e77aeec4442a813001ea721f87836b197b4f2927982674601875142b1de9f7d2427542931 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\fr.pak
| MD5 | 282e124ae0501f4c06693ba91b5e6061 |
| SHA1 | 273580e843c83e3b7aff3663f1b53eaf2860be66 |
| SHA256 | c03689e28da37e2a92e97547b080c436433822aff46ad9a6c288080021380f80 |
| SHA512 | a74103dd905e59eb572729e7940c11fc8011c9a7fe337df70f92cd00db59331f4eedcca8cbbd558d5c8cf6e329ae4f9e37da89715c711a7b7cc87074149cc999 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\fil.pak
| MD5 | 55457e9df40896edba238fdaeeecda46 |
| SHA1 | 8c4cd3c9461a0e483801d3d4f68591887fbaa59f |
| SHA256 | 142c6972f7ee5f5029c4001b8f76aa40707b947b620d7fb8f2afe61b0c3bd629 |
| SHA512 | 283ef00da695f0faf210cc107a38dd4a872aab068e2877a6b5689260e74d0860c326196025da14798fe793770855ae07013018450961f11f4ff631ee48768bd2 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\fi.pak
| MD5 | 0cab28c37e4a2441a6e29311fb2a83d4 |
| SHA1 | 069ccbc5d2033d65f5b855fa04fee27d96d0bc52 |
| SHA256 | 0e31bc387d3674c895d64bde820442108db623ec428a6506576ae3d243d25dd9 |
| SHA512 | 3bb805e443518edd8b5067a9dbb4a44539c15fdf886fa22f48674aa61c5379402dbd07a1113629c36910e66a5a7ade2d48ca6516102656b410f3b9709cbd0377 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\fa.pak
| MD5 | d7d59942ccc77fb834de072501b1b5b8 |
| SHA1 | e200a78328dad56eebe2da93d89ae982b33ca6a1 |
| SHA256 | 023ae1df235025e24aac43c670b19d447a09bc1db63ce8a80e7b2d7405c4034f |
| SHA512 | 4db8c3f6b4ec31036ffb87796517c4fcc55012a37a594135aa6fbd5cb56fc15567f1788959ccbe545152eaee8b7bf1a5f25a9119f13eaa05cf65cd406e3e668c |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\et.pak
| MD5 | 6a56b45a5887d09edb58741d96f2667e |
| SHA1 | bada0464a7bf0c7c39601e3202827ad78037c125 |
| SHA256 | 76e13dfde672973ffea9d227f79ffdc437743de62ca2a4adc025903f5df66611 |
| SHA512 | 6ba666b86b91bc4f188c23261d4542e7ef4b13589dd11e814743778bc5323e4a4e3225314f038ebd13bf9c5385fde59b183c5fefc15d30c121d912babb7f6314 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\es.pak
| MD5 | 22608258d7163558a7b260dcafdcad1d |
| SHA1 | 44d524e93389cb24c52e915903b572c723f55ee8 |
| SHA256 | a4fba4f298a81ad940e4688adcbc7f959cdef4a97801e54d3877b31bc3babc56 |
| SHA512 | 1eb35e5124c49a7aef32804a354f5366572abb0a5c8eed9863bbbac4169807e27e17b942752e85b6f5e3d5a5476ad786f1d3489e0a85d38f7ed0b790a14a4b91 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\en-US.pak
| MD5 | aa7040ade6f7279c761bcc3b7649b351 |
| SHA1 | bff0dda79abfcf5774bdf5484d3961b9bb69dbd6 |
| SHA256 | d2857268a081852d066eac9e061bd8eaff71241e7382f50d3dd6995386a9b853 |
| SHA512 | cc0f5cb231f72685832f1dd4a9ee5ca8cc49282168dc5859ad1253e6e8a0688dd02c487e5dbe1e6d9e8b402d3cfc034dc53e7dd51cb525fccada85f061588197 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\en-GB.pak
| MD5 | 9d0568fe804d97bc0e667f55c5da95e8 |
| SHA1 | e646193fb605f60cd3240ea3ab132db791d60893 |
| SHA256 | 381cdafd8cf02a266c1b74fc626fc925cb1c0ebb7ac03dc6069e05deaf94b9d6 |
| SHA512 | 7b3166b736882d820f00a7d9528a9837326bc3f339373a684c4cd5561721fedb5102777ce83750ffeb8dbfbac7d11033c904316647790f1c04378d7a542320f8 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\el.pak
| MD5 | 46b685e4610655376bcb998c79ac25fb |
| SHA1 | cf5d7405e7d935d797bc264dae2a8e1056348db7 |
| SHA256 | 6ea86f32d8e6a1d80399d622b9a48e7e0364adedf4c6aa43f7977975ea18cf2c |
| SHA512 | 03437d97cdbd2d9df9c21ea7fc53c83a8457c48f28ec1ef46dc9002d45eb7874e76e7cf95caf110c4ab2cb668999e7b4799ce151f284a8cb57e5ccf0ff0a2f63 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\hi.pak
| MD5 | 0dc1f817e981a36eb13769db7e022271 |
| SHA1 | ff3da50626a29762ec89fd32d8cc66396300dcd1 |
| SHA256 | 5cc3473a0e3646244e57ab80cd8575cbc3efaf64b5176f52d766a274e8879c11 |
| SHA512 | cd8df1eee25c36cf8fef2ef0092cc4baa3d580cea094969e6b2d17ac235f6cac30f8ef6dc1f1f53b0803d55c1733fa202f1ddc01aec1418ecfc05a5cab77e1fd |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\hr.pak
| MD5 | 16358667fb8b8b1eecc12276899597f6 |
| SHA1 | d7e577157f409ac3035c8f7c2d5792349326c2a6 |
| SHA256 | 2384c2361aa63ec7045dee04db33e7a5d331426548ccc5231f99d03486dc5a5c |
| SHA512 | cfd9f173cc8bb4c781306a6112dfd0e396cec4210058fcaa47e7074262578eca59a7fdf49fcd13599d7c6b85992f611e0d6da181e2888edde5e005459abcee0a |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\he.pak
| MD5 | fc93c39dafe860d54ed08b7428a9d846 |
| SHA1 | 3d4b2b14f9a172224f8964ea811b85765bc11c94 |
| SHA256 | d36aaa42d9226dcec0854a9fbd3d82eb707a41f0191900a70facbc35296b1398 |
| SHA512 | ec69d9c6564920a035bd1f91bb74a2e22f512770cb3edcb629d0db145e1d15aef3f6ec18e298190a88111b8eb8d2ded620d7f6ca5aee201c73bf7f8c0d13e9d3 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\gu.pak
| MD5 | e9c0aedac07927b00a87407261704cb1 |
| SHA1 | 9b16d14eb1483817f26586c5e6e466189533ae15 |
| SHA256 | 7c60dba6502d8390b38b4a0816d64bb1423a31547fc8438260fddb470c800afa |
| SHA512 | 42eb5c3b3592b555a104fdd85b54dca71e6af9100eee72bd9b53952e81252193abfe91314aedbbcfe652ddab89c607ab231a86532478ef7ad08086640906ac28 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\ja.pak
| MD5 | 38675c8f76de8bbf58c0c401948c0c50 |
| SHA1 | ed7f2225c670a006c4a9d882c29a9eb74b2c76ab |
| SHA256 | f9474ad92604c619f5e91f079bef8d0031befd358c7d2402903510f57c663580 |
| SHA512 | 976a852f37c607c9ff70faf9d533a5792b4dd7fbb3592a54299c9466c7477990f96461db4bc63d0ddbb3c76ba4933253121d2f8d830f8f967df8ebcf5cda8153 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\it.pak
| MD5 | f0a18cc64823d6924a6c7071949a2b3f |
| SHA1 | 80a399cf9ffe9897281af4d1f19ab0eb4598dc75 |
| SHA256 | c79a810756783fc1199ca1b0d36db1ca05bb74064f03dd389fa8355aaa252a01 |
| SHA512 | 3c4c0581300d4a7ebd40e834f2ca86e4d30193d399bb0cd99f62d38028acf12b38774a9d8903eb1e1e175ab34c4409e9fbed8b8841e5dc8a50d745fcb045f90e |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\id.pak
| MD5 | dca3970982e1dafe6ae65f6251250f42 |
| SHA1 | a9ca7e8ec73d5e7142c82ace5bfed9ba8e87ebc7 |
| SHA256 | e2ec89f3adfee4da207610c4c830547b48438dda0b697b00336064b9607c5866 |
| SHA512 | f244fc2fd678aa91bfb312f641b17bc640302d0e9a5b0531fab15b675a1113c65c3318daba32a5d45aa0248dbee9e4dfbb216757e8562ecf93119698a1fd3922 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\hu.pak
| MD5 | a458ea17d4343d5776c724f28265ac36 |
| SHA1 | 86a9e90e2481f8a50ced516aaffa0dc5bcc9bd51 |
| SHA256 | c67e1dece17ef9064da1c58cd391b8c0e98ced5cb18efba3cf8d11c998542a98 |
| SHA512 | 12678d4294e4a5f5cbf761c6655d22b92ee8ca91363d9cc2a88bbd831c38486edaa3c06a72b69340225b3d0413b0c6e88271dac9431d53ccc48d582a60ac4a66 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\mr.pak
| MD5 | 8a77a1d6c80ae73c041fe61a2e3ca51b |
| SHA1 | 170711d7d719d58242569c0016b24363feac2f35 |
| SHA256 | d6709751c5aec5170d36631d61d312cadd5fd337876353281b3fd1acf37f3424 |
| SHA512 | 09bbe75373488f8eee304d5b28b56d6781ea507b4d0adcf38d89e501a026223b4ad8503f2eaea4aee00f185066c07e3505f24cd3007a5e38b72762f3caffdf24 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\ml.pak
| MD5 | df827d2a9b8ac982031e96c6e3796a37 |
| SHA1 | 07926b777ea2a5a3e3d913fbb71ed3368f22afd2 |
| SHA256 | 157a5fe633a4739069f941574477ca2461d8ee998d72a714109b53163c85a540 |
| SHA512 | 793dcb64eb8fd91516b1070ab6e987d741a0c145bed35e0fccede88fe954ea91cd0937c8b5c8afea8ec30fd54f0bdc5282227a4cbd061af274bd7a99208cb98d |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\lv.pak
| MD5 | 6810b301518b328a683bd16f14ff09e2 |
| SHA1 | bd179084fac1f6e64cc3ebd2ecca1472492972a2 |
| SHA256 | f1d565ad1e6e826a322ceb0e8ff574ed768c8884150889e18b908fa7bab29c33 |
| SHA512 | f0312164bbe0651cb5976b7dd201f8907250d63dc146f48515f3226d96aec9a2a4671cba4cc4280b452fb22ea40e8faf844bc1ddf0ac8849888343de959f3720 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\lt.pak
| MD5 | 746f760069bcf505bf384c16864eb68c |
| SHA1 | bd835301b596f8b5b7381ded446ec44f867754c9 |
| SHA256 | ded84b3a637834f15ad712f4b83381166010bdeb19b8f5e365b5dabb2560c705 |
| SHA512 | 278fa75f1c365211d29336a5e90db3d076741bf4b118e62a2845e5e354668155107c32a266d7a61bda384e90a1a135121db9475b3b4fefae9c9379ed251fe2cf |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\ko.pak
| MD5 | a4ab98671ab049693b46ebca05657265 |
| SHA1 | 30a8e88f0e4fbb13656e8c031e0db40618833b24 |
| SHA256 | fd5dd380d8cc8665623d973fa097961b9ed27d625400bee91979149139c5af14 |
| SHA512 | eca18bd054560404c04e160ab7113ae677850b6709adfdca9d52bd05f91266ee913d4044a4823d4067135c9cb9a9487c52ad2ff54f21ccdf37316d6c6cf1367d |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\kn.pak
| MD5 | 8219499cbc64165440378b683d04826d |
| SHA1 | 566e18816f552f206a27170229ab7bf046516800 |
| SHA256 | de75542f49567c5d60659a78beb00cd601d0819c964fc2c4e27eab26b3fea9c3 |
| SHA512 | 21b828a7daa6c276cbbf0ee60e89323d574c342c129ed8e301a23b1f9a2fb3ac6dfba738e725bc9aa09c2bcf70793a8a7165696c7a3756c4c964a85a8616b63b |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\sk.pak
| MD5 | cda01bc413ecbb7f4a87d5d00d33961f |
| SHA1 | 24cccffefd092d8dbb1ab26691a145aa3b5680ec |
| SHA256 | 50c9c4fee979654e9abec5fe175ce010d24bb66138710e3323b3bcf0d5fa7020 |
| SHA512 | ddcd1c5f2b86f8458efa337ae85279627a76219467d6b91a679534757821cec7ced437af70b4dbbb473a363e42e56f7026277a280d45d6cd57808ff3c707ed91 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\ru.pak
| MD5 | 38e22b3cf83002a1be734660baa8b848 |
| SHA1 | 16297f74570d5df64e6825eeca81fbeb07832830 |
| SHA256 | 1f7cdbdf6567b9ed5c3ea22a68c22bd72ee3f64dae87eaf9a694ead407090b7a |
| SHA512 | 8996df660d7e0c645267bd76c6f8882231d013786d2bae66f36d3c2c4ab7527731b73814a61c372e93fd332ffb40fc3e54ae4ee2ebc222609d2775122e759a50 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\ro.pak
| MD5 | 4caece5684bdf286ab6366f478627f80 |
| SHA1 | 00f564ab536ddb36cc3543c8bd8472edd0a31991 |
| SHA256 | 2d4219c2212a11e002855ac6d636e6ee6b544f32f10e0fe1ca84638407674c8a |
| SHA512 | 964a30ebefa53a1324b8b727eea8e9e0e03f156ac5bfd6dad63a30861c750466fd322373b9a14cefcc2d731e547f0684e3d2fbc022e1425e849861394a2a0a9d |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\pt-PT.pak
| MD5 | ee9ea3f0ac700f9812468666f35956af |
| SHA1 | b3a601d5c18d2e735774f5b12416e0385fff0d44 |
| SHA256 | 9b0d0bfedddca7be6064ff4651e2553190b6d9deae79e9c59c387f3f46701a60 |
| SHA512 | dae9c3bbf29372710b9f653d668a2885bb905e2b6d4bdcefb043072cb28709fd4e347e5fb9031271d089c7ed5b6a6895ef7b474429201b5ebaf99fcda83a3ac5 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\pt-BR.pak
| MD5 | d5b04e37ab2ee478bc7190cb6e50b068 |
| SHA1 | ff31d8b858072f70c0ff9419f3c3626ed32407fe |
| SHA256 | 1eca417af6b948b7639e92a075b5d7cd1553f7a294a4cbfeb8fcca9771dd4119 |
| SHA512 | 708ed4496e26b3683d32497f395f1a4381f186c2605d9c11b0d56ca1ec2e602f46ac8d189830c8aa9b910c96c76228c2b12261601be1b32322d6e707dafb0dca |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\pl.pak
| MD5 | 04d4dbf342efe42c11459d51889c34a5 |
| SHA1 | 6322472ada13197dee860e66520698252e85adc6 |
| SHA256 | 131bf5f2e31814c7ad8847a5790e4c6735e63474f4232def9fdd94147597cf79 |
| SHA512 | 18905989df06d717ef893b29c98c9696c96172c36aeb28519526f26187a05ef77c0158508f0a575e1b484551ca7e40e65157b538d18b6e107cf03072d0c75f32 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\nl.pak
| MD5 | bb65c332362307d94e5296b3660e42ae |
| SHA1 | fad10eeae28ad38d4a5b66754b27f02a8addfd03 |
| SHA256 | 1c48aeac14e2a4ba7d2f31b365d9ea6fb7b307add43d625f9d5dc351f46170d0 |
| SHA512 | 74b3f95ff0e8eedfe8dfe45d5966e5795393653a312943d2bf50424420c0e20193259fdbe508ddacbb6755303af8dca10f4c7623b14ae0011c5bb16150b420b7 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\sl.pak
| MD5 | 913da3b532dd2d80f2d9d7184faa6390 |
| SHA1 | ff65d7e75b1757db23e24648729866b103799518 |
| SHA256 | c5e45dbc81e2a3ab87106f667edd7c275903e9adf53e4f7c806d60ce17e88601 |
| SHA512 | 764c1ef77696ccdc89218530f7f7b20d6396def729c2e14877ab3e35be30b64669e1b186c511670f141bb3f06034c9e143a9a3fd59991fc81349dea6776808c1 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\sv.pak
| MD5 | b8b85228dd508db6f3ba662f7c69dde8 |
| SHA1 | b4c2865603ae127a2459f464bec9046e13bd7e28 |
| SHA256 | 81112462077e00b8524d4877189f5c65fa043400326247233c5469a893ef39a8 |
| SHA512 | 0c3a22fc7468b3a25138ef6490c6b31cdef5a69ce50ede7e5516cabc127a28d3be1a4b40e86d85dc436c03947ba15d664fc7eac66c270038f148dc25d787700b |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\sr.pak
| MD5 | 378f2189340b50bd37ca6f6a75bd1284 |
| SHA1 | a8d4b974bf16cb3a2effd92aa255e2f37016e45c |
| SHA256 | 4d0944e64f25fddee560ed3e2b3153ca2eb2c1cc4d163b39e7d9c9674e1ba1e6 |
| SHA512 | 937cfa192c4e3883b6c8b69d53491b5517712575dcfe45303fc186d342a2cb5fa1d10802450b68d8ed852a8c47f555717a19ce0344edcdc7c5d046e189a732df |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\nb.pak
| MD5 | 02cdeb82393a075661a8c102211b1325 |
| SHA1 | 4104f17c14f305dfa0b6a587b7f9c9a7824aa089 |
| SHA256 | 7c72d1432a2c930227b784b53140cd06a10fa3cb459724583d28b469bcb85634 |
| SHA512 | b388fac9b962eb0212d9b27ec7103b1332aa21c6525d2dec5713ceac7ca12c500b5f41c660323b0a6c2f8948acc4c9c455527ef6b75ce3278eec4b8b8da30cce |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\ms.pak
| MD5 | f8e7c0025636e1ae4a3d502d23462969 |
| SHA1 | 38884b75a731b4018e8b4b5be233c912a54d5754 |
| SHA256 | 16680d7db8bc1b993353b410f289a2f92360d30a776413caee2960ed35bacd42 |
| SHA512 | 76f2dcf92e7deb8c48e687ab9ca79d746ed7f9fa6594b434da9380f8d8b0c4cf6360eaff8e416b78f90137252f6845fab0f8d66a6638131723feb2263a2d458f |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\sw.pak
| MD5 | 2c2e1b264a016826361ebc6f17f8c60f |
| SHA1 | 5082f6d76058a563b937a6fcb413b854c0ef54e9 |
| SHA256 | 5760a4a9aef89868fa36ed8d9a23d84606141ce0b0e8b912460879f42e1d206d |
| SHA512 | f6257cb785a385bdd119e9a62e4d1d75323f603f122fabf9e5a485a249a7bc87048eb92c59711f348f4562bf402985f48de5c3c129b119b5011fe50172fa4896 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\zh-TW.pak
| MD5 | a9da2570ddb6ed54b8ff0fa92bbd2ce4 |
| SHA1 | ee6b6a5d0e5a3136eddd08d2d5f51950fe7c3d01 |
| SHA256 | 57dbd05c1961dce303b62293ca69976362863ec5f3eaf9180299140c67b8a5c2 |
| SHA512 | 39778e2dc304c36136bbdac40df516a3c0f80ac02f760840eda8b5bb46a566d2af2c3e04e5e0c46bdddcbdbb6c513876c03206e29df9dc8c0cfec384ba734723 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\zh-CN.pak
| MD5 | efde9c191ad650eae7c7d5369d563a99 |
| SHA1 | 1ce034a83faab55f6c6862ffd282f0ce5290de6a |
| SHA256 | 187d363305f70c78637aa6f80fcc2e7e7e98a994b872ba3ce10b0c29b73dec77 |
| SHA512 | e09941d5b78b9f6d514b95f1b59f501d73215f44e9f7039a448c895f1a2e0ef54a93c0aa01196959d64db91a8801f81d73896e6889000ee90fef3a856a2a564b |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\locales\vi.pak
| MD5 | 879eea82550f21b88294a00aa3bf775d |
| SHA1 | 7e7bb5f1d16a19b57a968c237fe6aa4dc0b9105f |
| SHA256 | 274fd19d28ce9406cc0ccbeca1f7c3b0fd9df7eb864ae1f9e51ab5dbcb489d97 |
| SHA512 | ffe2d2a0abd8a84b13130c23002bdfa3742c3065d50a7198c0d2dbf24a6ff8219f1b4dcacb1157ab301a7c5eb551aa933962c6d07f67c75730cc8c2c56052baa |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\uk.pak
| MD5 | 850fc341fe8d332ba70e0ec6352ae2b7 |
| SHA1 | 1b5b366001299f62d0046bbca39a87cbc8363a47 |
| SHA256 | 6cce6cc22941139e871d1d16735571ef23a8a13fce2d4be4fba52eae06818fb2 |
| SHA512 | 6b04507544ff50e344b8932a4146bc1e4515afcf41232eefa8512630f3556ca15339ffc6f2c0215016f17ecd0f29394c9675d69aeb1af656f6bd6d2aa04fb838 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\tr.pak
| MD5 | aa98e30de8d7b42d784cd8ea522e8d01 |
| SHA1 | e0b4f703b0b41a893fb89c2efe1c214d23971a68 |
| SHA256 | 213eaa58785a749f2dba933386f333ff1cfa09c791daf123132d360a43c4edc0 |
| SHA512 | d9a22f1120e3df7e8c50c9cd73b177eeb8f2f14a451e6cf8f4cea068bb39281851c98791ad70a07a56e6a4aec20841ad36d10b3ba40e67da28529ec4b292b60b |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\th.pak
| MD5 | bfb5c498800fdc685693192dca1de4bf |
| SHA1 | 52559544ef64381fd149b46c7868791eaa82b003 |
| SHA256 | 330334a59ac2e91770166f09db87bf8ccdac5a9a73ee849d778e0b88e15937bc |
| SHA512 | 2f1bc18470c4d87bee5dafbd1576a674d0b0256844b81a73879000112a3203522f83e20f0a6a4b415d7bf38eb2c574a5ad0321782bca19ab31ae3fc7386c94ad |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\te.pak
| MD5 | b3db194206e9af2346a2d29a1df4cf34 |
| SHA1 | eea773944f559d83c41226c37213e416e2125d52 |
| SHA256 | 27a9f1796a1afa1f6dd6c986cd66efba6d638f5afe9af1435a7a9e6f6dcdf6ef |
| SHA512 | 782f85f7cfb9727f00fc42db086d611b3da9997b8c731cf1d208c573031100169a5fca4b6d017db1f3b054ecd7b249d92aaead3e93d8521c3a0bf2e7c8b66913 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\locales\ta.pak
| MD5 | 807b5e356ea0c651575ce267c61289ec |
| SHA1 | 14edb3ae82f22b44e0e1a169a5bc55ad01c75210 |
| SHA256 | f7e0fc509fd7fcf0a4e5657e6be6f2bff1f0b4c82aed80b95d37aeb2f2ec17de |
| SHA512 | 078d211fd9e3b006b682474afb5f90284c08688028aaec4715b4f9918e5522b538a9236fbec752785c72f85014e37dafe43b4eafd793d0601f3511b0581ac57d |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | a93c48df0cad259f3d6a659230d9df3a |
| SHA1 | a06fb5bebd67a9a9687780837b850c5e46c5152d |
| SHA256 | 0962f9bdf04eac3f846320f6215daff77a5d610e4a945058b741d75329ca3627 |
| SHA512 | a2d2facc106014000af959d16c65ca10d9f058ab147de197e09d185ad427848f94dfa58af2b66325d1400550df3b77b14aa1dc1c59f0ab2a4afca2b21d05cc6f |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | a3b34b74686b3428d317fbd442fc9aa9 |
| SHA1 | 00312037fcda494866bb0286323591a09cd4365e |
| SHA256 | eb53ceb7ed8875f6a857da9cba651bfd2ee626edb349ada43e092c325964adac |
| SHA512 | 9efb8696852952578dfad27ed9890ff323acbdad003906a3b07cda8b8635486965c048ab742bfead181f5839f8ebee0637dc2e1226d5ac2baad104b2bab040fa |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | dd7839f0f030e7324d850858f60025b2 |
| SHA1 | 399e36638fcbffbd15cb9824832f04ba4b36108b |
| SHA256 | ec9af1aabb289223bd970036fbeca547516e3365889f64b2f7eb2bf1120f716c |
| SHA512 | 43d76007f54efe245b3aa66a688a9b7c430d498905ca506ba6ab06745f57accad46ea5f9ba851d05f78d8c79dd3a0765d60ca88ca8a5b8f949ae6c8209a8df0c |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | a9321599e0bedd25fe8b4390638d31d6 |
| SHA1 | e74083b6aec98c5c99c53357b3dd5f522e3b00f9 |
| SHA256 | c56fe0036e18beb47bf8128308f4968f9e3a265e7d64f46f42d47cd5986a1ed0 |
| SHA512 | 10073d20ae4734909f0c163c4f6e2cc152a2e82262b7906501ce0c5d00f140fe85d5375d91ffb88f741f752c64f7cedcd9cdba8e8f95f84b14d564953bf39216 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\resources\elevate.exe
| MD5 | db0794b886ced59cdc17bbfb9f3e3254 |
| SHA1 | 55f80b5f351f152bb883bf34d766367fe47e247f |
| SHA256 | 6b84e3814ff309e77066784619fa662e88a55ad9b3c53a8b8b91dca03a051ecb |
| SHA512 | f5bbf5c9e24feaab954ae7f3293cccc8cb586ad89462216cb41de6b1d1ee403a2165357cda553193b5d80775bc293abd9b3820d838a939318de0037ba61529ff |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\resources\app.asar
| MD5 | 06db896cb649487e6b2fab541ba963a1 |
| SHA1 | fb2f5e9ded300065f222a3d5b459dae410cc0529 |
| SHA256 | 8f8d9adf6beadff0fed6195299c93c9cfdb98ef96d2a423af6860cebf8b32465 |
| SHA512 | dfedfa6ba0d305ae409779725c2caaeb595de36ed860dc2002ca54a2747f1aa7d945589bfa24c1aa8c683b15308f9e1043b2e78d70e035e4a0b64755954b127a |
\Users\Admin\AppData\Local\Temp\nsd7418.tmp\StdUtils.dll
| MD5 | 50768993d015a8c61b392f915b3c4ef9 |
| SHA1 | d22d93cdf2e9717d085f5325c88d4c9b0b540437 |
| SHA256 | 65ee984970aaba30f9033895543f957ceeee7229025c79c3dfc7926fd4a63d6f |
| SHA512 | f1ac047ad12b74aa5457a6d5908fa7134f8f520e223e6c4bf13ac553ae87ba2ecfaf023dd72e7e3d1947f94b81d4c9c01278e4a7cb73d705e6ede26fe4ea1793 |
C:\Users\Admin\AppData\Local\Temp\nsd7418.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | 78bc73c1bf994e11e57e85188ca1f64c |
| SHA1 | d93e8fc7a4909a3c3687b40aaa62468c6a8243df |
| SHA256 | 034c0c8678c32b25feb4d46c5441330a1025ae67b3b9a3a9bb7ad64c0a6aa185 |
| SHA512 | 201adb9001fe814a389fd5a6ec623f6613b498b890ddb613083ccd01c530a8b0cd0a6a8456adb7411297b979bce1d3d40fcdc3a0fe7f5daa6b442edcc9ed884e |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 00a528089b11e7026e800b3c50725904 |
| SHA1 | c0d0ee21f999aec7b29bdbe210a03b41bc16f5a1 |
| SHA256 | fa69c015b2be80231551dca275c232649dd4bbec84d95665ea97f08e6207694f |
| SHA512 | 4a1369856520817ea7716a66670effdde70e8c1c522e80f5006373f05b3b04efcc1075113bf35b88509474a7edfdc949c87db125f322e555ff828f7948d4d7e1 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 91b814f198cc62cda723b1cd0e6dd2a0 |
| SHA1 | 1328f250ff06b24fdad67dd6419668e83d9ecd5e |
| SHA256 | 130e99f9d713a3dc9e047983f1b16f96938d1b3727e348808b6d3841ae033016 |
| SHA512 | 27e05527230703bd93cf7444a9ef293869a7db755d59916af6fd8bf7ad205c9a20af014cec7cf0c119125ee8e8360c6f64cebdb5aba020d3eea6c1275c8bbe24 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 966d014f20f869ca3c41649ab1ad834c |
| SHA1 | 136b54b38abb94e28092ba56334841650868e041 |
| SHA256 | bae5ed2cab4dadb8b8e614c26c083a2a4f690b399e5bfc59f5a2aed783ef88de |
| SHA512 | b9fcc02c8890fc998e494f565ee8120e15695362c5ebb7936cf1b0518ce7ba4d1bce01bc3f05a626e776cbe915abd68c00756857d176c9658869766507f52122 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\v8_context_snapshot.bin
| MD5 | 310d7c3e24725dbb27dbf14ea3227d03 |
| SHA1 | 828d1dbf7ab02fb3a37f912b42aceac1ce5309cd |
| SHA256 | c0af9b94f83dbd1d27ed3351732bb2ebbe95aeac6d854f1e04740c5166284bfa |
| SHA512 | c99f38290333036f7dffa1e4863def62dee0318d72f8f1e8bc11a393aa16ff43aebe3a9e53bcff33c1bea9b11fb53352000efbf3e290764cb319f98f95a9272e |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\icudtl.dat
| MD5 | 5e3fe8a83deee55bd36be51bde4cdb7e |
| SHA1 | b9cd7945ea1cd6cc0bd00d45c70fe7a849ce54dd |
| SHA256 | 88761e6c9c8bc11b1d1368437a4a64115b6a82b0a85a45617b9359af7065290e |
| SHA512 | 100a41ea91f7cb48fa71ce9836cb82c8684b745883f5082d7dffe003e7cd0141290a69f07009c8bf0874d7dd28cfb12b0e40fa14cc536f293fb4a9129bd9c028 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar
| MD5 | 374c9bf66aef1f7126c3191909d67712 |
| SHA1 | ca2c6199689928c04f9d5f05b472d22a0b267bd3 |
| SHA256 | 6e603f495ef0b1054af4c6e0a3684930c36510e525f472fb001c19acdf8027c3 |
| SHA512 | 97307c58f7df6377e52f3c3e7ac9803fe27878716314b5ce38ba372aad2edc688cbe23c5e3376ec4eae5e094cd3204c1b50a03536cdac7edb2c8757ff72d50f0 |
\Users\Admin\AppData\Local\Temp\ee044210-d520-4445-8f13-2cc975cbc2f9.tmp.node
| MD5 | 244963e8a51aa085d7cc121256dffea5 |
| SHA1 | 6c4c1a24bdd1c8a62d89d5b989b7e3058e0441c9 |
| SHA256 | 9ae37984f21368dd7c1d9852ae006cf09a9856235588ac1afb3ac6d6ccba64b9 |
| SHA512 | 079ee7652639d2fab2833dc93f539aa23e6b763589181860753e91bfef663a3bf413c1c9d5b1f93e2ccea0bbb7c324610da2504c7d0d6b9510d2d97613754b35 |
\Users\Admin\AppData\Local\Temp\f77cfd70-8156-455d-af28-41bd64f7de31.tmp.node
| MD5 | 0273caf540915f4b70951b6d3b070d7e |
| SHA1 | 67096044d90c5300fc5c3b5fbff2fba2cc15c2c8 |
| SHA256 | a4623520e0453cab54395a77fadc45c87e5fcc2aecfe8f1e25dff1d382cf8852 |
| SHA512 | 017595562e2c0ed888fc3a0aa204873b3f4e7fdf4f602fc26ec1fb8e7dec2c6f1eceb4e6868a769fee429eeb3e0ba0f01b9187db02a4d3aacb5ede7ffbee91cd |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\chrome_100_percent.pak
| MD5 | 6bcb42e269b8c0e64db2a2694bbb839c |
| SHA1 | 454fb4b7b2e46f27004e7fa9a7aa72a746159dfa |
| SHA256 | db88546eb0a63b6759f7ef655ad2f56a1abfb91f1e7108f589b80501a3c37e0c |
| SHA512 | 9c316ebcae1072e93d3244123d9fa4e46c97675bcb0232d6eb614a41679b6e428cedca81301489be2d36b398d3d8618bbdb3ddf89bca4e109240c89ba05c4e9c |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 33f01d8c6584e7335246656ac74d5cc1 |
| SHA1 | 30bc757163b31f0e79fbc76edc82ac3fdd1ca9e8 |
| SHA256 | 00ec602f6f4cc05a2a1f88e29221437fb6b003df1d37c8db4d3a05681bcb88e6 |
| SHA512 | a96f64c32e64d968797223a23610283724184f55f13fb88205440c6b987e584b4ca3b7613ec4942dd048c23d54d7174fcd02096f954747b56b91d8226122cf3e |
memory/4216-581-0x00007FF8FAD50000-0x00007FF8FAD51000-memory.dmp
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libEGL.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libegl.dll
| MD5 | bbaf2f1a2b2e75843c6366acb654f9f8 |
| SHA1 | 4b141d2299454d264c65525d9a63d7b2e6df5ccd |
| SHA256 | 999a7a897d0ff8b9af7295e254bb683b5683503d6964c2448117b849572e2dec |
| SHA512 | 6abcc76186c83f0522c303321f72aff17b67d49263d82e29bb41905e50e9c0b9bfacd0abbc5f64ff62d1682d9a209745ebd4a43c01bd499b3aa97b392ef971fc |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libGLESv2.dll
| MD5 | 69935502c1bc396ada4bd8c8fe0aeb09 |
| SHA1 | 5188d89f3c6c6b53ac32a09afb73b6caea816f78 |
| SHA256 | 1d0cef86554617ab4272520d811c7c3a0f819d3279651621eb64d597b9f55041 |
| SHA512 | afc13e363e4094f3d5c704a75f204547d9b78f74867ca149da9278332727ab3a3e2eacdc20aa6167ff31373951c7637cf73d79d7a82ae30318d3623f6e4a2c71 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libglesv2.dll
| MD5 | ba3170b8657efb045badcc73e02f7a15 |
| SHA1 | e142b364c77a1eec5bf618f4e875b5cafa686d40 |
| SHA256 | 9986620eebe06f7f8d0fc443efea719423b845240c2ee890d0c51488fa4cfed9 |
| SHA512 | 774ef2931e9f6dad938d97b77a66b56957289da56a711e464be6cc17e3c5bfc90ab26230939938723753626295bc29e79f527b4b4b1e88bd702dc6a2148d858b |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\d3dcompiler_47.dll
| MD5 | e8a5ca6986564029ebed856354f1f7c9 |
| SHA1 | bc542c735fbf258ca25649a48b0855d8531854ac |
| SHA256 | 4b577178d242bc0432d12147ac4e247eac0e97dcb94b82ee8ff43353f96ceff3 |
| SHA512 | 49e10eef4f83f845eaabaf0a39d6404d5c0fc59802f77f51107ad758d6ab33a84895f8d661eb763d5e5857b1561b5d1dfa1cd297b9e09cf1cd9089d13a4143c2 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\D3DCompiler_47.dll
| MD5 | 00bfa4de6ea1a5b97f73c38ec538d412 |
| SHA1 | 17e52922c28e3d6e82a21e1a567b0777ceb706d3 |
| SHA256 | 66fd174d23b325b2774600830195b407b20018f4e1ba685ec90149a1cc8fa80d |
| SHA512 | 8ff8d33fa2da17f0683cf837d51c149f1061de7db0a16315e0817426bc93fe372e9516d817237ec9e3a39efff811b383ffc7112bdc04355d26b928b174368338 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | b8a58c62ac7d39ab66c04e768b91c1d2 |
| SHA1 | cc70cc61b3dae17042c40368a5bb10b613ab81f8 |
| SHA256 | d5fad55e133d291b19bc00d68f8db08af4634cee3d366c3fa2c18dca6ef9f70c |
| SHA512 | 1dccfb6a8b8be01f3972baea21d3253628c426620dd86fa37abadbcf084778a23b94d2d69dd0eee18ddf7b457c01432a63a24aa222346d9d977952e673601c8a |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | fa396c804689e324a80dc74b411ea1c4 |
| SHA1 | 276b98ef6f9fc75d9ac581922e251f21ccb53007 |
| SHA256 | 1dea586c9518db37cb1fba9d33ebdd7731a41a32d541b9674f31d0875a7e65f0 |
| SHA512 | 8cce5f52f24750c9a62613a4c0376a95b0f66e61456912922bddedf43dfb2d6cbfe8d33fd45761550e86959501d45be85c4bbf4733616c8daa2342f52704bb11 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources.pak
| MD5 | 4d95fb35695df0ae979118584d705190 |
| SHA1 | 669c5425abdb9df54812621893330bb506ef7804 |
| SHA256 | 12416607aae55791f19e9934b512ff3e39c1e08e122391ed79ec1e9ca52cd052 |
| SHA512 | 4a0663fe57b4633a4b367128a0af977606845b3ba85bd72d44b87d43ca9fec46b2808857cba178dad62444d78530eba27b532c2ced332cf2f8d05bf3425f24cb |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\locales\en-US.pak
| MD5 | d1c17733be5fd0cc35fe89fa8dd0d66f |
| SHA1 | 17bae5dc1265beaa40b687559ab5239f0d9f1d69 |
| SHA256 | 2495830b014393b1e344d0dee9d328d09060615a2a3f192c546bf023df84b196 |
| SHA512 | af6963ac2cb4c71efb244a26bc01f19457d009313742eb6f9dfffa76b3aaed7789904d04941368d64a2a2ef67bc13a2bfedcb819cade179080689f9aed22d516 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\chrome_200_percent.pak
| MD5 | c76fbda762636fa737292ecc3a8b5dd5 |
| SHA1 | f118f79fbd0f26b296dc4431e387e919d4d9e664 |
| SHA256 | 379c4552906646b3c5fdb26fc7ac8998b6e610581e69c2b6404f6f2b642f6b39 |
| SHA512 | daf3bb331c7d39d60ce548ae8497dfa9c8da14028f5658932f2e9d32b6c7747a1c2ef02e3fcf58091876182e4d458a9d0133f9595a89b71a39679c31cbdd6a6e |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | dfe09cabfbd795061a1ee3b8334d94f2 |
| SHA1 | 72b68cd87317c88cffa47c9fea2a03caaa61510b |
| SHA256 | 1186f6442c683c1b3920dea454ea5966523764106dded9c11a509cb2cdf76f55 |
| SHA512 | 817e27c7a49ffb2cba0baadbd6323f34e6d24b44d914f30fde4889bd92126dd16579c8180020a97dd342fb59b79a48624250ca0fe2399ff008f790eb9b54690c |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 724537a28b33bbaaf556d16263ceb6ec |
| SHA1 | d023e9c65697daeed833a2208ea6c69bc2d5d591 |
| SHA256 | b962842c369de73eb02ab3c2410ccca8813459c8345699d5b7e0376cd49733f1 |
| SHA512 | f33ede3ada0243a07238427800920b09cb4a2650136ee3cfe267393be40f3bc000b09939b48b2f2b91ab8e1726ee89701093f22089e6e2b8f5daabf2e379e171 |
memory/1380-634-0x00000251C19D0000-0x00000251C19E0000-memory.dmp
memory/1380-637-0x00000251C1BC0000-0x00000251C1C36000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hhktvuvx.q5a.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/1380-633-0x00000251C19D0000-0x00000251C19E0000-memory.dmp
memory/1380-657-0x00000251C19D0000-0x00000251C19E0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 17286868c0a043ae5d2ff5798b6a3163 |
| SHA1 | b83b23cd57c7fb2c937f5bc18aeb7ddc955b5401 |
| SHA256 | 40321e18ed0b9eb7e3bc937d3e207ea2039ff45267483ddb4a51f7974475dac6 |
| SHA512 | e15c11982c0569a389a7dbd0889edd1ef9a8ffb21c0e8ffadebc10e1353f4485524b18ca8e041c66c98d05fb984544da122755e6c2a25728453aeaf4175bdee1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6f02ef89735d701a8e45b57008d727bf |
| SHA1 | 4aca2cc7b9ad631edf6c7b346c11211084eaf9d9 |
| SHA256 | 4d50eda9cf091208931f9232bf20e19e1e7fad36fe690b0940ca14cf833aee91 |
| SHA512 | aaf21ac53ab13e370064317745ea73c4fbc9b2f88f7464e004c1ba020d3b9ad105d2061a09a0901e9a7b8b59330abbfa454f8f2fc6bd9f4fc0ce2189af1c15ad |
memory/3988-672-0x0000016419B50000-0x0000016419B60000-memory.dmp
memory/3988-673-0x0000016419B50000-0x0000016419B60000-memory.dmp
memory/3988-671-0x00007FF8DCA10000-0x00007FF8DD3FC000-memory.dmp
memory/1380-658-0x00007FF8DCA10000-0x00007FF8DD3FC000-memory.dmp
memory/3988-692-0x0000016419B50000-0x0000016419B60000-memory.dmp
memory/3988-693-0x00007FF8DCA10000-0x00007FF8DD3FC000-memory.dmp
memory/1380-632-0x00007FF8DCA10000-0x00007FF8DD3FC000-memory.dmp
memory/1380-631-0x00000251C1A10000-0x00000251C1A32000-memory.dmp
memory/520-711-0x00000137520C0000-0x00000137520D0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | fb82c81a6951b6e64abbbaf52d8f9eed |
| SHA1 | 1f2083c490d32bbbeaa88081281950e13da83fbc |
| SHA256 | d2ebe1dabe5e23ce84b68fd1aec2844cf269497769a1ec263147f1f86a2b5c5d |
| SHA512 | 0c73ebb503f07083930aed8eef477e950151a1998140555ac3f27cc345fe5d62acb8cf516a633efeddf043aecf825dc8125b936b1fd2030c8c1c9dc7aa9d3aeb |
memory/520-712-0x00000137520C0000-0x00000137520D0000-memory.dmp
memory/520-709-0x00007FF8DCA10000-0x00007FF8DD3FC000-memory.dmp
memory/1448-739-0x00007FF8DCA10000-0x00007FF8DD3FC000-memory.dmp
memory/1448-743-0x00000248F8F90000-0x00000248F8FA0000-memory.dmp
memory/1448-742-0x00000248F8F90000-0x00000248F8FA0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 1acfedf84869c85a21d35939deaa5209 |
| SHA1 | 404c3b5468bb325af88f7f29cb5cd4d727be4ff6 |
| SHA256 | e5b2983f4018e3b329d2ceec9fb3d4d8cd89cf8d30a1d95b64b053054a130895 |
| SHA512 | 7d981f3be3bb753013ad5e511079448d0cac9a084b803e2094d4bc2fcc333a4bbb7506ec668dc9e632e93f3c577d2615a53927dac7a8ff10dd9c42cc29dbf7d4 |
memory/1448-763-0x00000248F8F90000-0x00000248F8FA0000-memory.dmp
memory/1448-764-0x00000248F8F90000-0x00000248F8FA0000-memory.dmp
memory/7568-771-0x00007FF8DCAB0000-0x00007FF8DD49C000-memory.dmp
memory/7568-774-0x000001DD6FCA0000-0x000001DD6FCB0000-memory.dmp
memory/1448-767-0x00007FF8DCA10000-0x00007FF8DD3FC000-memory.dmp
memory/7568-776-0x000001DD6FCA0000-0x000001DD6FCB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3d30d5d1df7738c5b2369ee947075d65 |
| SHA1 | 662886a237bca2cb45bf6241162d0f6f8c80fe46 |
| SHA256 | 7cee05c3a2161214ac513200aa4da2762dfbb76644ff96e5b8d9603a0796517d |
| SHA512 | 24258585f7d6298e66b2a61600728d81dcc893e75a6e716bafd7196e86811c0d152639c44ca332dc35125b38ac588b621ba082e1650152c269c7a7d47b7a8cae |
memory/520-775-0x00007FF8DCA10000-0x00007FF8DD3FC000-memory.dmp
memory/7568-796-0x000001DD6FCA0000-0x000001DD6FCB0000-memory.dmp
memory/7568-797-0x000001DD6FCA0000-0x000001DD6FCB0000-memory.dmp
memory/7568-800-0x00007FF8DCAB0000-0x00007FF8DD49C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\places.sqlite_tmp
| MD5 | 4ca5e1be5b69a9bc2e4fb4800437f206 |
| SHA1 | 218a479cae142008b50fcc2da2a51a7c801ab89e |
| SHA256 | 057ee17daf82c9bce24e91c55b4cd99f9b51dd09c67339c06bae5bd6c6b78205 |
| SHA512 | 8e59d76fdd23018abafc55c5fa173c98be9ed3f0615fc7b31d6052e2384d954a6df89a9e58d857b624d45f01eccdd73b106234e84be42606b7193e255f56df8f |
memory/8140-845-0x00007FF8DCAB0000-0x00007FF8DD49C000-memory.dmp
memory/8140-849-0x000001D8BEBF0000-0x000001D8BEC00000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6f86c6e4a022d70327f2a86b8d91f478 |
| SHA1 | 1d345d566e89fcba4181f1aac893683debcf30a4 |
| SHA256 | 380853c85bdde7c8eb5bc282a97ab274f0050c3ea3e220d4c0db29570d356cba |
| SHA512 | 951e71011d34146ea1db43fea3c2a7adb0d214ecfaa0626f041ef0a6393599fb8bac758e6b7d19a749c383227dbdb6c65a460969d29312ff75b495c5c718371a |
memory/8140-848-0x000001D8BEBF0000-0x000001D8BEC00000-memory.dmp
memory/8140-867-0x00007FF8DCAB0000-0x00007FF8DD49C000-memory.dmp
memory/8140-866-0x000001D8BEBF0000-0x000001D8BEC00000-memory.dmp
C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo16.png
| MD5 | 192e90432fed0081abb25295d8f309c4 |
| SHA1 | 5150e93061f39e26688afd60a04c0ab14b510d47 |
| SHA256 | 3216d6864b4f8824b82eb887edf95436dac3bea3f7d43d8988a176e3f1f8e1b2 |
| SHA512 | 9b9b3f85eb9f12ad1b4c8cfc5e672758d879e178179deb28e80e6c3b27871261bf6b52f9066850b5a7a2fd85012b5308eaf3dda882fa40febc9cf6b47f1a4f04 |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\manifest.json
| MD5 | 04c23766134b234e85cc537b2162efb1 |
| SHA1 | 45c48d9ca30a4580a682f025cc66331e49f6f158 |
| SHA256 | f50f62683347bbca52d7f7de0c877014ae77043753905628644e2d485dfb4900 |
| SHA512 | d246f59ad6d6e9fc8d8d88129302d55cb3d2ba7d52496915ee6791fa0576153070af76ea689cc74ccefc36456df749ac5c8f45cb12702961470f202078bfcb3c |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo128.png
| MD5 | 271847949971c396f77beaab936b7ea2 |
| SHA1 | b32c5a7eec49aa07f8ae73feb990626010c4b850 |
| SHA256 | a55224cdf06a5c2b937ba400604501f8b6ec93bc2c1cff62aa2fd378d504c657 |
| SHA512 | a2e141f68143f370e2b82a1c9c7c4b1c5f6fc2cfc2ad94acb8c5c02237af56f83904beaff3240e20397f0edbdfadf8779c0bd54b2cf0c9899fef59343e31794a |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\js\jquery-3.5.1.min.js
| MD5 | 12c69a0dac6bdbb08fc5f3fdb2bddda9 |
| SHA1 | 8516dcf7563d9eb4f9300d54fbf5a4f0d834b472 |
| SHA256 | 2a62ebafd6ef9e66dd69c2b90145a43ec10897cb5d64ba80263f6de8f5b2e23e |
| SHA512 | 129f3b7e6e58268bf2fb6b072f0ee872166b94cdb57aba88aef7aa8c43fa7ea620d6b1a418f06790f2a0b52792139d9e8d9bb9b3924052509bb8556431bb9b9c |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo48.png
| MD5 | 9f74f11972c3c0b161832ffab541bf31 |
| SHA1 | e5841ba20a229cdeab85d30690509e649e848271 |
| SHA256 | 8b74a0abdd566ffdf15891d6abd3537bffb0abce7f362c737c3de6752e136032 |
| SHA512 | b90f13eb65a4dcfdd596a7d9eba7c1ba5eb1a598e51107ce3dca07c0a0025469ab18c9958eff2b36f7e05a23f0d16d7d9d7c2321b8e1f2a456aaa7bec3ced0e8 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\manifest.json
| MD5 | 42ac88deb5c3cfc02fdc1c27319ee067 |
| SHA1 | 97b1addf35159800b90743fcfbb5505e80f6eb82 |
| SHA256 | 28486361faff1827fb9f1871529c48efaaf86027592d189afa6f99b14eb3f4bb |
| SHA512 | 77c4054a3cf061eb6f4f6e9803b74833a8fb0fe352239b5b47cf39ea5eea8104b9da6deab75018557476fbda856f3be8d57e6fe2eb777c45a7a1bdb1e72d02d5 |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo.png
| MD5 | 510379dee7a2859073aa4596eea68274 |
| SHA1 | 86d82bf7ba9420fac85e16c2313c7a582d0c7ba8 |
| SHA256 | 282d56734d8f99e12ee67f3ea80a8e0bfd8d285e923498a8352a946378163b49 |
| SHA512 | bed1d926d521658cc69baba6664e269605a24d2fe7eeffd8de9bc0cadae91844d264abbad96563594130149710a451e46a6884483fb36a48416ec47e87687a7e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_odgGQr.vbs
| MD5 | 53c4fc3dc1961df7519afe3b6532b3cd |
| SHA1 | 626bc01598d4bfaaedba695300a4aaa77055dae5 |
| SHA256 | 9c070bf5de0a75ef721b2c383f6b1e49bd53bd5de328b5200676c2434036f918 |
| SHA512 | e81294bd36ba4f5bf6174e883ba8552ac1727b95df986f458b9b033a3ef7f4a5a2634bd321c3ada683eacb89ef9373dd5a5b3863540968076c4b7b91b80c086b |
memory/4216-1000-0x00000180766E0000-0x000001807677E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe
| MD5 | 10fc15edfc417244a6f9a043c7ac0f21 |
| SHA1 | 61c92aa7ebe1a41fbfa540c17c3936dda3114681 |
| SHA256 | ea1866b57a4cd899b3da621dce68b758d4f4a512004571684597a584f8926b4b |
| SHA512 | 7d438147204fb81ebfcbf828400e84451fe34d1c0eda0dfb6c4a95b08f0067c7969d9b09446cc3a70c70b3e19052026b9b702a1bc48fdc158e9c9e6c69e7d0c0 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 12dfa99497aff1dba993a8874fd265da |
| SHA1 | 8c0545d32b111be458b88264cf480cc72dbfedc5 |
| SHA256 | 235d6b6dd4a8d491480d3f0e962ed3755c5fd62d966291ce671bba60020a592e |
| SHA512 | ce19a4968d18f212995fd5ff7dc75188c812511c9950fdab0bf6f88a6f91300bcd28fc992e406a28159e0359d9b43c085b87ce7ff349660ea7d74d1ff3511df9 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | c0d3ab2d252e709aac084a67d9079f4e |
| SHA1 | 072e1782d903f2b9c23159c918f86dc7ab80379c |
| SHA256 | 4791c18a9000f5624c370ff3debf8f8cf1af58f153747054d9eb5cbb49199424 |
| SHA512 | 21069d1d55756f49fba78859896a9d75946bf93530b0e94b2fc8ae722f7905928077893380418cf8b5915b984720527b234cd6d07d27d98b54687df742b1f36a |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-17 16:14
Reported
2023-12-17 16:18
Platform
win10v2004-20231215-en
Max time kernel
119s
Max time network
147s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TatsuBeta.exe | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsDriverSetupXQf21x = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\TatsuBeta.exe" | C:\Windows\System32\Conhost.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1712,6019390131181944689,13345544434814780051,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1960 --field-trial-handle=1712,6019390131181944689,13345544434814780051,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=1832 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=1832 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\net.exe
net session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=1832 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=1832 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupXQf21x /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupXQf21x /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest"
C:\Windows\system32\cmd.exe
cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupXQf21x /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupXQf21x /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe /f
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn WindowsDriverSetupXQf21x /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\"""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\""
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\BvDsxpYZp9gBQHhZVmkq\System\cam.3924_Admin.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\BvDsxpYZp9gBQHhZVmkq\System\cam.3924_Admin"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_XQf21x /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_XQf21x.vbs /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_XQf21x.vbs\"""
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_XQf21x.vbs\""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_XQf21x /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_XQf21x.vbs /f
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_XQf21x.vbs
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salutbOKGA.ps1" -RunAsAdministrator"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salutbOKGA.ps1" -RunAsAdministrator
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.178.17.96.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 151.80.29.83:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store7.gofile.io | udp |
| US | 136.175.9.9:443 | store7.gofile.io | tcp |
| US | 8.8.8.8:53 | 83.29.80.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.9.175.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hawkish.eu | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.121.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cf0094d801d4555551fefde57dbde496 |
| SHA1 | 602730727ceafcd7ee4b045c09e2038089cfba9d |
| SHA256 | fc15efc08bfaf673b6255609b3a8bfed5c10920a37143fed75cf3a180f9a1561 |
| SHA512 | 7b9bb58fef0a2927b05a0a48b35e95eba390b119978f4f9ac685d8b36c395a3e5dc10d8498c6ff0487e4e83a7dba14b2553371852ca61f373be93ee4d4ea7dfe |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\ffmpeg.dll
| MD5 | 9b2a570555e30b635acbe943dbeec42b |
| SHA1 | 08b7c738497a14d32722272308008e07c674c01b |
| SHA256 | 613d7788d70fb2d311037d88b16290f04de15a963791778fcdd0876ded9a933f |
| SHA512 | 92ad837e49409f81363e3e5a51c63616f774faa204f7434cd90aacf3b91dea0f23ba0929e23c0b4f0a8bc1435c76da354dc7f37afec834a71436ad6ea626c980 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\libGLESv2.dll
| MD5 | b6a433dc7b4030fb17bd1683a9606b6e |
| SHA1 | 0602c50532e3f13facc67bd95a048c470e88afcc |
| SHA256 | f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9 |
| SHA512 | b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\icudtl.dat
| MD5 | 30846fa2103fbf071fb7a4c43703cafd |
| SHA1 | 060be93ad650d9fce91d60e4b516e00bfb4ff4a3 |
| SHA256 | e48d62a9cf91bfa1005e5fc5befdfad279e1c87324b4bd1e55b6bdf2b55f7a97 |
| SHA512 | 775be9e7f1c8eabf09ae56f39cddcf31610a6250bc143a0028c22d4cb565229c5bf7bb38b60ea7e1ac74b4b24427e0639f78f51310f6be6c6be61fbb33fa7e5f |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\LICENSES.chromium.html
| MD5 | df37c89638c65db9a4518b88e79350be |
| SHA1 | 6b9ba9fba54fb3aa1b938de218f549078924ac50 |
| SHA256 | dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463 |
| SHA512 | 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\resources.pak
| MD5 | bdfa339e708ea0f23ed3620adc4a2d64 |
| SHA1 | 82a95b7b022836b6e888f53e69386570c05a1af2 |
| SHA256 | b66ae9eda4543685974d35d051d967538bc57d55c2577629007c534ff330e1e4 |
| SHA512 | ba87c70e1b6446e0a7b62da33d72a36ff92ee54fda64343262bc26afa8166174e76d058ec6d707cdebf2611858b3b4b7e21798febec53da02febd81ade4ce8f8 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\TatsuBeta.exe
| MD5 | 8852670f983f0cf33f800779e0eba09a |
| SHA1 | 7cf056be60373039dd1b938b6484e8b87d724428 |
| SHA256 | f151dec61b90f990fab069b1370708a97d0e8225736a290a0ff460072b6daaed |
| SHA512 | 309fbcfac7cef9800a8d74f663379bc655f0e4ac6d29887e7366f54d55df3fbc226fef0e5e8d3640f583ab93fc2865de93c50dbe8613a7440618915826de22b6 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\vk_swiftshader.dll
| MD5 | de2d91476e625278c30a5f69a1892e05 |
| SHA1 | 4d707f6a801611fb437f5c1cba31b0909bf41506 |
| SHA256 | 02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba |
| SHA512 | d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\resources\app.asar
| MD5 | 7316512112b7650c57ffaf41180b7d75 |
| SHA1 | 58ee50a848662d1ebd2edc90edae4a092e60e3d5 |
| SHA256 | 85fe0c8cdbc4e146aaa53fd7f3c8fdaadaf10d4e686e33f4ac7e722af4bf3c78 |
| SHA512 | 6ed5014e7e20e5ed7b7778d27ac594316e3ccb2d39b8219f0a5383fad3e08cf7406bad8b83fc1e7d8ca55595010b9b4e9badfc69f7ca19394fe10dc86c3b1106 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 19dc9ee70e7765bb63a66b6826e8ecb7 |
| SHA1 | 1a12f983f8b35cc2955d30657971f113c47dc164 |
| SHA256 | 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f |
| SHA512 | 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | c0b36d56d83e601bf246f7709a8c5f9d |
| SHA1 | b025a6070f7d61c7d1827856d2d4043834fd23f2 |
| SHA256 | 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53 |
| SHA512 | e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1 |
C:\Users\Admin\AppData\Local\Temp\nsg2297.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 3d1226489e4851ea7b85d3e3c1cf3bab |
| SHA1 | 8ae060684c52773b217064fecbae94546d919947 |
| SHA256 | ef72f90b116e119e93032fae1c3b855ec79c864d4e30e3ce0e797de591a576fe |
| SHA512 | 015b10dd8b05c4cdc64952743354f06fcd1ec2cfe9612186a99b312375078b7663fac0c7c994099d41df2f8a5d9e8c1e239aebd4d247f384cca827d1967a72b2 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | c3842fb3087cdcdb04020ac38683c289 |
| SHA1 | 329dbcd4a1c79b891b200f11eb50194b85c493bc |
| SHA256 | e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133 |
| SHA512 | 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\icudtl.dat
| MD5 | 4e16b7cb346ca4702109f321ffe21ba2 |
| SHA1 | 9d9b50d5eb73ccc2dad91711bda5c1858c84831c |
| SHA256 | 4660ec18d57a3d0fcc0d974750d006f62c7c4a294d2515e4392b7c7f8b08752c |
| SHA512 | 7b106633ee350de3bd99871a231f68544143715978434a68ad527a52f4bd39c000f4366793bec2ad3a758f6046df00e681a091e4299ccdd412d1cab7fc127bf6 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar
| MD5 | a57cc700f5251524cd27560b6d007d56 |
| SHA1 | 9b45b79f8aab426ad90e48b4e3962d4913490ef3 |
| SHA256 | 29b7a32983235a19360efa15130cca4c85127e682696dc538088cba7ae74790f |
| SHA512 | 1bb264345d39d391a822b8f522ae18ef730e63e8431d5bb7a3abf0ee4d0ec364f3f495f3522edb4b4f260af6ef7957d8fe5611fd01d3c226ffe3738b0b4d880c |
C:\Users\Admin\AppData\Local\Temp\3cac9d18-524b-4458-8abd-f503a4c52fee.tmp.node
| MD5 | 5317f23583ba935be25a4c26b3f93828 |
| SHA1 | bdc288a0576a9ca04295c2df6f71e260ae5097bc |
| SHA256 | 41db88f72dbc4ace9b4e6522b19f60e012980345fcb737cab1839ab0bb2f2cb3 |
| SHA512 | e3975f92f6bbd814cec4b6762b7f7475168dd43a717031de0d8055b7f5e4ce01dd011557c1301f9f9084f8a39248630c12f265a195c54c81f1efad9dd5bd91d0 |
C:\Users\Admin\AppData\Local\Temp\8cb8f87e-953f-470a-88f0-63189b59ae3f.tmp.node
| MD5 | 3072b68e3c226aff39e6782d025f25a8 |
| SHA1 | cf559196d74fa490ac8ce192db222c9f5c5a006a |
| SHA256 | 7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01 |
| SHA512 | 61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources.pak
| MD5 | 1b5a11734f2a637ee1bef6031d9df268 |
| SHA1 | b33c23c2edea4bcf17aeb5bc6dadba33476973e8 |
| SHA256 | 4f9a4894f6efc0c853433c2a45e4e10f8f6b3075783ca04739d0877c9e9a9abf |
| SHA512 | a5049629e6b9cbb08f1cd062f9dbca6f45d0258ed08c72c3046ae756701262a5adce3492bb81627b45004eb08ef260035301bd9eb40757ec0997812efea429ee |
memory/3732-578-0x00007FF948C50000-0x00007FF948C51000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | d8f4fb5a10e55e0d471fefb065a604a7 |
| SHA1 | 496040059d0fb9ca2322688ca86dc857d0122fb9 |
| SHA256 | 52e7b582240948d156937ad26a2847459e84a3a2ab3ea1c00bd08cd563486e38 |
| SHA512 | 67a85a5f008a5705aeedd5cd4221a34d8cf5ee0ce1fd2f12c75fe2adc0920a44da43bfd6f098c273d3aa5cf70582e836fb2bfe65a73cf67a2ad49f11d68d3f81 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 328e266be79d4a8e8644111190faab48 |
| SHA1 | 39cf368d5de6de1336c04c25902db484caf6aff8 |
| SHA256 | cd4ce9cd1f72b9f460fb42a28938b5a1edf49d82c4cb2ed7a7bfb1fb66cf5274 |
| SHA512 | 910f1282c838ef7844477e85bde8acf341b57f724bbd4f69fe3c7b6e8e4c7094420c34c18ad400bb2c2fee561d16bb11eec71c974419117d505105fc6852e2a3 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\D3DCompiler_47.dll
| MD5 | d3dfa6ae2ab792028b5dd6e0c073a1a0 |
| SHA1 | b948ef4d5feacb9708136c7ea127ab0329c84df1 |
| SHA256 | fadfb726557658a39bfeef8018b133dddc265552cdf1bd512d637ebd1de83cdf |
| SHA512 | 153e9ccbb264d6660a26f9ab168e8ce0dd501cd626b862e2a0b637aa3b333640c900dcae2521d0943cd23f6369aeb6dd0ab5ea552b7d3d8c9e797dd0cbde9331 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libEGL.dll
| MD5 | 80f8c1d16fbc0d30322fa4efcb13edaa |
| SHA1 | 7ae5f784cb0734c76f1e3fe6c9c76cfbe2c01109 |
| SHA256 | 42aa37cce3741c7c4adff44e9b823f7978824cc6bc84ded8313cc19703b9b8d4 |
| SHA512 | 6f51d8f1ba9c956668e750909ef9b68181a5f00c072ef80e87158f85faede4af364b22bd1e940c43ba02260ce400d7e4bd35ad5be398e85277a23bbe1e62eed9 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 8ef6c0d8fae95d37534b8dedd804a98f |
| SHA1 | a40160a6811d5683c49b455c93a13dac37ada7a4 |
| SHA256 | 374fb06628d5ce2de3b95e9e61226a0cd500367a3c46aba417a6028b651262ea |
| SHA512 | 5248ddb4a6b57aa1d115b12c5435444167d2fc42ac286b182e7e60229b751f9ef509da44392f1965d50d312bbe9e75b3fa11299067ca2a240a942a9a34c41691 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | cba244910fd84acdf60ee820b1353f90 |
| SHA1 | 9794374ad9f8cf23e4936787b1a6bf51e35a43d8 |
| SHA256 | 87b1153fd328fe2647b8750ea5a2574b2e17c4a6546020762017e69a5848321f |
| SHA512 | ed439f11515330a149b10db9f7cc1709ca097de17b1b922d947cdba61a8271765311d80980e504d09941eb7df7d576b647110c6ca7e577ca6e3c87a22e953b84 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libegl.dll
| MD5 | bf4a3969cf46435c1becdc74055cbecd |
| SHA1 | 6eba41ea0d9918d5cfb1812c0463a00a7abd13b7 |
| SHA256 | 4bc96af192ec2afe8122c73e7632bd507c8dd1f4cff80e300128c3ea6daf69c3 |
| SHA512 | f9ae145fe36988b3188f817cab57079ae98643efc9b796e0c610edd891225d1afc3d6d61f1f7625c3bec46616f44e0acf7fcbb024ecdc6e0b1c6ef5418e63fcb |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libGLESv2.dll
| MD5 | 45b7e617a4ff20d5a5b645d4234b2855 |
| SHA1 | 00305a63c08b1f359417853c9d38c1c76e1cf261 |
| SHA256 | 56430b1589aba996de842be4d57c682d1384158ba7fb1c17f6af2b4e10be8b76 |
| SHA512 | 5b09a049b041c3195532abeb40eed297cf125a13466db40b5d06f91fcfe08600f17534775b8f83d7707087e26810ae6fe9078321ae87b1b652329ec7e5c8f1c9 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libglesv2.dll
| MD5 | 8d9f0af69683b3fb08d1b15a97dae7de |
| SHA1 | 05c99176ce5d35e7e6621ff1041027ccae5316ac |
| SHA256 | 81978d5edbfdf12afb648ef9d7f4340f2ec0edf719ea840e9581b3dcb65feab8 |
| SHA512 | 5f9673412cd7703bf05de494fe4b5919b99c8073cf86e1f9b5025f35297c7edc6341a082d500ff31bb9096022e5066ba2ac3d74bd2e2de7d10ecee7f6149a807 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 2a7e64fbccac63cc5d96ea7e07539316 |
| SHA1 | 334f8525a17c05dd83e916b264bbe6e5dcb89703 |
| SHA256 | 548fdde11ad905cfd4d1c170c5e94b5450fa80e62eb0832b8adf62a68a7718e5 |
| SHA512 | 3a39306a117305a0b73e77016aee18fc2ebb484cd2e9481b5fefcdfddf737fdf279f91ea46b9473ce3c41af767d9c41f7140ee978a105bd98d5834c28f34a432 |
memory/3732-601-0x00000219DB630000-0x00000219DB65B000-memory.dmp
memory/3124-606-0x0000027775E30000-0x0000027775E52000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3furs5el.dmf.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3124-616-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
memory/3124-618-0x0000027775E20000-0x0000027775E30000-memory.dmp
memory/3124-623-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 6cf293cb4d80be23433eecf74ddb5503 |
| SHA1 | 24fe4752df102c2ef492954d6b046cb5512ad408 |
| SHA256 | b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8 |
| SHA512 | 0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00 |
memory/2556-635-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
memory/2556-637-0x0000024D34C40000-0x0000024D34C50000-memory.dmp
memory/2556-636-0x0000024D34C40000-0x0000024D34C50000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a6c9d692ed2826ecb12c09356e69cc09 |
| SHA1 | def728a6138cf083d8a7c61337f3c9dade41a37f |
| SHA256 | a07d329eb9b4105ba442c89f7cfa0d7b263f9f0617e26df93cf8cdc8dc94d57b |
| SHA512 | 2f27d2b241ce34f988c39e17ca5a1ebe628ac6c1b8ee8df121db9ad8929eaadf5f24ad66457591cccf87e60d2ba2eab88af860ab9c323a5c2a9867045d6e7ba3 |
memory/2556-639-0x0000024D34C40000-0x0000024D34C50000-memory.dmp
memory/2556-642-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
memory/1980-654-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
memory/1980-660-0x0000026A59280000-0x0000026A59290000-memory.dmp
memory/1980-659-0x0000026A59280000-0x0000026A59290000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
memory/1980-662-0x0000026A59280000-0x0000026A59290000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe
| MD5 | e54e0ad5a5267e2a02063ef809e9c54b |
| SHA1 | 866373dde2f697e507c00d971902dc78d73407f4 |
| SHA256 | e5df0d5aa9f65fe75570d79944dd693c67b97d643c93cb43631edbe3df3ab6cd |
| SHA512 | bc382aeed8c0bce7c1147ba2c4e8b404f63840b1d8f588e78f3a6adf0d0fba8a46aca4d92848967239f4f8ed84976b4fd3c7b15fb9fd21d54368e14e081df10a |
memory/1980-665-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
memory/6196-668-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
memory/6196-669-0x000001816F9F0000-0x000001816FA00000-memory.dmp
memory/6196-670-0x000001816F9F0000-0x000001816FA00000-memory.dmp
memory/6196-681-0x000001816F9F0000-0x000001816FA00000-memory.dmp
memory/6196-683-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
memory/7648-685-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
memory/7648-686-0x00000162DD600000-0x00000162DD610000-memory.dmp
memory/7648-687-0x00000162DD600000-0x00000162DD610000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e5ea61f668ad9fe64ff27dec34fe6d2f |
| SHA1 | 5d42aa122b1fa920028b9e9514bd3aeac8f7ff4b |
| SHA256 | 8f161e4c74eb4ca15c0601ce7a291f3ee1dc0aa46b788181bfe1d33f2b099466 |
| SHA512 | cb308188323699eaa2903424527bcb40585792f5152aa7ab02e32f94a0fcfe73cfca2c7b3cae73a9df3e307812dbd18d2d50acbbfeb75d87edf1eb83dd109f34 |
memory/7648-698-0x00000162DD600000-0x00000162DD610000-memory.dmp
memory/7648-700-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\places.sqlite_tmp
| MD5 | 5d1662a4ccbeb6588f7ca615a6a697a4 |
| SHA1 | f2c3cea16f63f2972bd2fde63477031e1382180b |
| SHA256 | d3e2c272c6ac5cc0373be265aca1060144e94dc3a99c55a1932a88e3eb76acf0 |
| SHA512 | 160245619ea4110f0e2605a590908d4f7f9fd87fc6106d6b4a8d40dd3f127e67da7ae0cdf290d85a363b5c61651bc3a49bc72aa67edd4e70c7e76d2be51ad0cd |
memory/6704-749-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
memory/6704-750-0x000001FCCA300000-0x000001FCCA310000-memory.dmp
memory/6704-751-0x000001FCCA300000-0x000001FCCA310000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 747aeb7f37bc0acac929c83afd572152 |
| SHA1 | b0dec40fe11f3b4b62cbd944b308b3013d322d0f |
| SHA256 | 39a1547207e7375e8f8e9fd7376dd55d646d4cafe8cd97622403a714b7f13bba |
| SHA512 | ad75ff2b88c0f3fd88a7dddb96a46582782d570442ba37f95a19334e8f9fcb720160fd62f03581d58d6ca9e46788d5b80eaa2280f2e0ca3a66e3085ff2ad7727 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_XQf21x.vbs
| MD5 | 78ee92ebd3ccd03970f84cca32d14672 |
| SHA1 | 38521e84c15e9d7b8cf8d495bd572c4ebd43dfc2 |
| SHA256 | 72761f0ff6d2cc045039bd5a6aefd65924c8ac1b78ede5a1a10db3fd26e88962 |
| SHA512 | 00c61aac3bec14f7e97688dd2cb111922b90c0df1a912810125cc18e3ddd02c7b6b6a5d01efcb22071409243fb5669b247ebd5919f886b357e478ab096234708 |
memory/6704-764-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
memory/7852-798-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
memory/7852-799-0x000002667A620000-0x000002667A630000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7e4931e45212557f39a9653169729809 |
| SHA1 | 4d756d81b44fe93d3a505585965430b46a909e88 |
| SHA256 | 6ecaeb69785e87a117f5e11cce5620ce8b2dcc3c18508b185a57350b01b47273 |
| SHA512 | cf5da903bcc57b8e96d9c8a4f488db8d2452ca6cbdfffd53e7382d59dcc0eb21da4df983fa89a918eaaa8aef31344f4a51894be0c6284dac4ef7eb96e4dc601f |
C:\Users\Admin\AppData\Roaming\salutbOKGA.ps1
| MD5 | 28e4eda7451c625bbe806b745753f729 |
| SHA1 | d29e9b2c2ac5b10188cbae92cffba6827728543d |
| SHA256 | da79e10cdff90aa7f5ab3d3f226570107ecd20d48eb14067c7900367111df5ba |
| SHA512 | 932f53b6cd2aa55ab1475d85528069357fa7d9eea26051d1a4edb11872ca30d02c31c44bed3a48f0ccdbebe556e9d8ec2f4a0815bf177d93ab4272b3fe2fb0b5 |
memory/7852-813-0x00007FF927710000-0x00007FF9281D1000-memory.dmp
C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo.png
| MD5 | 252b4fda07550496d330d819f15ceb3e |
| SHA1 | 650584312b310219a26d5fc20cb1804bb6c4dde5 |
| SHA256 | 39eafade0656a3c0bd723ad576b1f00a0d625ebeef80ac01f965165ffc28cf1d |
| SHA512 | a18529cc7325d3fce5fb5d32a63b74a8e2ff23a027c12fecdc111f14b1c601079512fce3ff5484a686aaa0dd1ea20083570707511541e4a6d7615053f3ffac49 |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo128.png
| MD5 | 271847949971c396f77beaab936b7ea2 |
| SHA1 | b32c5a7eec49aa07f8ae73feb990626010c4b850 |
| SHA256 | a55224cdf06a5c2b937ba400604501f8b6ec93bc2c1cff62aa2fd378d504c657 |
| SHA512 | a2e141f68143f370e2b82a1c9c7c4b1c5f6fc2cfc2ad94acb8c5c02237af56f83904beaff3240e20397f0edbdfadf8779c0bd54b2cf0c9899fef59343e31794a |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo16.png
| MD5 | 192e90432fed0081abb25295d8f309c4 |
| SHA1 | 5150e93061f39e26688afd60a04c0ab14b510d47 |
| SHA256 | 3216d6864b4f8824b82eb887edf95436dac3bea3f7d43d8988a176e3f1f8e1b2 |
| SHA512 | 9b9b3f85eb9f12ad1b4c8cfc5e672758d879e178179deb28e80e6c3b27871261bf6b52f9066850b5a7a2fd85012b5308eaf3dda882fa40febc9cf6b47f1a4f04 |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo48.png
| MD5 | 9f74f11972c3c0b161832ffab541bf31 |
| SHA1 | e5841ba20a229cdeab85d30690509e649e848271 |
| SHA256 | 8b74a0abdd566ffdf15891d6abd3537bffb0abce7f362c737c3de6752e136032 |
| SHA512 | b90f13eb65a4dcfdd596a7d9eba7c1ba5eb1a598e51107ce3dca07c0a0025469ab18c9958eff2b36f7e05a23f0d16d7d9d7c2321b8e1f2a456aaa7bec3ced0e8 |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\manifest.json
| MD5 | 04c23766134b234e85cc537b2162efb1 |
| SHA1 | 45c48d9ca30a4580a682f025cc66331e49f6f158 |
| SHA256 | f50f62683347bbca52d7f7de0c877014ae77043753905628644e2d485dfb4900 |
| SHA512 | d246f59ad6d6e9fc8d8d88129302d55cb3d2ba7d52496915ee6791fa0576153070af76ea689cc74ccefc36456df749ac5c8f45cb12702961470f202078bfcb3c |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\js\jquery-3.5.1.min.js
| MD5 | 9ac39dc31635a363e377eda0f6fbe03f |
| SHA1 | 29fa5ad995e9ec866ece1d3d0b698fc556580eee |
| SHA256 | 9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38 |
| SHA512 | 0799ae01799707b444fca518c3af9b91fda40d0a2c114e84bc52bd1f756b5e0d60f6fd239f04bd4d5bc37b6cdbf02d299185cd62410f2a514a7b3bd4d60b49fc |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\manifest.json
| MD5 | 42ac88deb5c3cfc02fdc1c27319ee067 |
| SHA1 | 97b1addf35159800b90743fcfbb5505e80f6eb82 |
| SHA256 | 28486361faff1827fb9f1871529c48efaaf86027592d189afa6f99b14eb3f4bb |
| SHA512 | 77c4054a3cf061eb6f4f6e9803b74833a8fb0fe352239b5b47cf39ea5eea8104b9da6deab75018557476fbda856f3be8d57e6fe2eb777c45a7a1bdb1e72d02d5 |
Analysis: behavioral4
Detonation Overview
Submitted
2023-12-17 16:14
Reported
2023-12-17 16:18
Platform
win11-20231215-en
Max time kernel
5s
Max time network
150s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Runs net.exe
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1312,10744602816836265123,10843793195445033174,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=1104 get ExecutablePath
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\net.exe
net session
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=1104 get ExecutablePath
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\"""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\VtSLD1tDTOERI4JPAf6f\System\cam.4796_Admin"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\VtSLD1tDTOERI4JPAf6f\System\cam.4796_Admin.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_B84Sr2.vbs\"""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_B84Sr2 /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_B84Sr2.vbs /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_B84Sr2.vbs\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salutVLoVP.ps1" -RunAsAdministrator"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salutVLoVP.ps1" -RunAsAdministrator
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_B84Sr2.vbs
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_B84Sr2 /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_B84Sr2.vbs /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn WindowsDriverSetupB84Sr2 /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupB84Sr2 /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe /f
C:\Windows\system32\cmd.exe
cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupB84Sr2 /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupB84Sr2 /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupB84Sr2 /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=1104 get ExecutablePath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=1104 get ExecutablePath"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1916 --field-trial-handle=1312,10744602816836265123,10843793195445033174,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3628 --field-trial-handle=1312,10744602816836265123,10843793195445033174,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 136.175.9.9:443 | store7.gofile.io | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\libGLESv2.dll
| MD5 | 176f70a5db9cfe4576946e6fc4226478 |
| SHA1 | 6773e3855901a1a4a1646b059e82821e39b065e7 |
| SHA256 | af752c75dc314d7f2d06da357694afc06dd9c06ac1bd7a5a286baa9236d8d4eb |
| SHA512 | e243a9ee9e30d0b28d93a58edb48a9196c97b3c45b89ac2357f05683aa62b69f596d44788b8be84877c6aaf0aec864ed05bc8babd364d3fefeb65d0fcce01cc9 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\LICENSES.chromium.html
| MD5 | 109a1b507e1efe3edf3cd75e7f8eb866 |
| SHA1 | 749e5df5089c82ef8cdd7fce28f4c9716067e873 |
| SHA256 | b2fa147684a3460ae24aabbe0107631d1410f3a61a5ea08bac4ac5d0d71b8936 |
| SHA512 | d02bafe47b728d30d92daa025080a5e56ffa336681f1539ecf1ba97e8038e4bd0f0a55e88483428a9c619027763b3266c22c07fef1605441b96b7e4cbabd5180 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\libEGL.dll
| MD5 | 255fa7db58692bdc8ff29f4d34420eed |
| SHA1 | e2e73978f4ca8a661dd180732d08a2a2700ea307 |
| SHA256 | dea9db8ae45088faefff41071c64c8495e3364f130772dd12cba968acf143367 |
| SHA512 | 5f6377e2999d36218db7194a9d358b6eb7e5a314239cae5f96c83ae6c13869df1233bf3d04b794aa86599595d521631fe52890e70bf362a1276ebb73fe6e0f3a |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\icudtl.dat
| MD5 | 56bef440facc91a428a1de70e338438d |
| SHA1 | 0d2561a3529bb2153f7f10284b79581d59ed7b1b |
| SHA256 | 8704cb6e778a4696cef8f0cf04eec0d7b4e7ad3c1183231a6d430be29f23f312 |
| SHA512 | 04ad3cb0f0a12f043b531740c78c220e35a6c117a5a6dbfe974c35408c707b84acf933ecf4937b4faac84e5e1ac35b80789843f0e757a56bc010a54bddc7f609 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\ffmpeg.dll
| MD5 | f6c5d4a1c308de1e01b41f9fb5c73b7a |
| SHA1 | a7f8fbb6d4694efc22e243f0c4fd795c56768522 |
| SHA256 | b8512ef3e203a1d7fb0ed3369265053b0b7bf8a6873ed0636bba3ff83ba6e3c2 |
| SHA512 | 1b8fe6916e62bc944c49543cb9eb0ab753378fed3ebd508c13e824a39f3d9f69a6bd118c705ef9ebea541a80e0f25931b5052809751d2ad17860bf8fb428e2e8 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\d3dcompiler_47.dll
| MD5 | abd30be342821ac8aaf9b2a234358224 |
| SHA1 | bd7f677c6012c30f8b11e8dfc48ccb67bcf0496b |
| SHA256 | 378701c75ff7cf79ceb6d1672564a036b4551df37f8483807fe4fb9126da287d |
| SHA512 | fca2129a4ab6cbf1e8ee5218014ccb9063e890b859d9f01b7893c3d491ca19f7b800c788b497c619ddf23c8ad636ba75b511fd31119066a15da5b7d8e7838080 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources.pak
| MD5 | 212e0e0c04294424a669eadc81fac621 |
| SHA1 | 0587b52714ef47cb32668f48baf4478b6ea0e0a1 |
| SHA256 | d8ec441278705fdc0c98b0c3213968e6e41ac40729b8e7e737b54ff24d9b06d2 |
| SHA512 | 8e14679a1044e857f7342dbb87726cb6316a1ca322cfc847e630dfba84e3bd9c50630c086d8463507ba8603b72c05c4ee6f4e5b3e02b8f19250a7889ec8015f6 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\snapshot_blob.bin
| MD5 | 08bc02fb5e8a7520605c2afb33e4d589 |
| SHA1 | fc3c48d1f785aa635fbf7c489a16b6d58f472280 |
| SHA256 | 62208424f7ce35d9f4de1dcf65d3969d42d749d8686c7e717ce45c91c68d01b0 |
| SHA512 | af922a4ffa0fa258e40826e4311b8e9be1c80e03fb251cec05d8d3dbd51635a2161744d8fcca1cbc236c4bd1a43e9ea580573d8699ba3292bd4e1160f2de9a18 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\TatsuBeta.exe
| MD5 | 09cedfdb7e9f8a172cfeac9775534f56 |
| SHA1 | 9ea047c1983988075753efff371ac74c491dbe7a |
| SHA256 | f367f71bbf2a893e51f295e6e43c30c447128d6ee709ff05389f403c22c4c250 |
| SHA512 | 3ca45b73b1604bc36f6982488143ce25bbe0ffde76571128172f38bcbcef1b8bf9b52ac9f6c0b16c7a0f0239bd15be4b91ca675e07b3a522b2809530b89be19b |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\v8_context_snapshot.bin
| MD5 | af404f553bc36570abe248cfa6b0b408 |
| SHA1 | 061c441a7cee53ac9bb117603238ec5644d1c284 |
| SHA256 | b723320322c0f0df9d52cc10ec314c93f70cdb10e9c81d400affa7779c1ccb3a |
| SHA512 | 376549bb4521110eb8978363e95b7f9dd277e73bfc1e07949d57cac3ca625334550b20ab04e4861416bf9ce6bb88e97a9f10d36174da92495a6d8ecf1d891378 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\vk_swiftshader.dll
| MD5 | 09ab40bea2addcce830edfebeca7b328 |
| SHA1 | 2bdc1a313bd15b53469a4026ec21707e380046ef |
| SHA256 | 816fe66f930033547b690ef8ce57530289f3e11fe8d3e669db640f3189d87c2f |
| SHA512 | 612377042010b8185ab4f9220c7862f4df1260e5b73943e979aa69162f6eb6427aa071a9b25e8231a8904e17c9250ad7eadc34e67069a212ed837d72f4eea89b |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\vulkan-1.dll
| MD5 | 324ab141c68113a863afabc9c89c2a57 |
| SHA1 | 9b54824f551e0bcb580f240d7fad2625d8b918c2 |
| SHA256 | c23613bc7fa8181ca5be7b1f21304e9da2c9f6c16aef8bb382a718388c818761 |
| SHA512 | b0355723b78d8bbade75187258be6c826a5597aa10eaabedba4480651f34b9063b47c1f08ebb754185bac43b5c81b94db310c616fedcdb2ac10f7c8c75bfae2d |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\bn.pak
| MD5 | dc732319b49c8e8529df4b6ffad857f1 |
| SHA1 | b8cfb6119952737b52b5f33efc228e27990bdfe7 |
| SHA256 | 8a65b33e58420cfc2b01083bc9e4e1a55dcae29f1ff84ea83a45367392cd24dc |
| SHA512 | 2715b65450eac95f755dd01ed698ac51f222f0fbd2dd462e8426e09d408d0a2515447317a697ddf0db2ca693e90693995fce7ba222dd06cccedcea361958b027 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\cs.pak
| MD5 | 98b22306cb21c353a80ec9f4d905b6f9 |
| SHA1 | 5b6dbc79ecc316e9baf3db2fa5682363dd546577 |
| SHA256 | 22f9148fd58133a8573622bc5ced127d1c47e2726d7ad50a7306105bd5f81591 |
| SHA512 | 39998234317275378db0687f75e84fe66b843bcfff58c1e003343837352ec383fa14c881266b96942032308c10824ea317319f859bfb5e192876f50addbda759 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\da.pak
| MD5 | 84fb627ccb25a477c592fd6157ffbe67 |
| SHA1 | 7bcce466ffcb760a7123238f92d7dd32d6e5e757 |
| SHA256 | 06c38d2622fe3eeb47468efd6be6b69ba0ddf3dd09bd55055c89849b6e1359ed |
| SHA512 | d8789edf577355019440da019837d75ef812c234b9790bc98c433f21590cf01ea0498164d2acb8a0effed122c73f8d036fef782f24b857405d9bc1432f1602b5 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\el.pak
| MD5 | 7b25af5b95eb965040db23a64d02308d |
| SHA1 | e67bd1673f9d84354edf532b12f59d65ff9fa3d0 |
| SHA256 | 8c5f509bdd0bf5692ccde8323b63d75f5d145fa909adfb0de182bd7bbdae4bf6 |
| SHA512 | 69b4543814ae970decd578c2a6acd311d10a85a49673b32b3a3ed83a0ec9c9addac2e36e9460dbda9abf0f41639a98b4e1267deccb2e0a370bf5baec5cf2d880 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\de.pak
| MD5 | 82ff1d4f792b6e968331251068eeb0a4 |
| SHA1 | 477f375ed2584b4655361b6a5aa0eb1936a4ff6d |
| SHA256 | 7287c41a51805acf54263354767ea5732595444a704b21ac308388a202c751f0 |
| SHA512 | 8afe26c41e04b2d89db86b50e8d77f7245a3c5f46417e4423cf26a8fc8788c768bca19d4721f23f3a9e401b0ab495e42378e3395800ce31b0cf5d8eecb730aff |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\ca.pak
| MD5 | 9f02eea45e6c96907b9c583c4b1f3090 |
| SHA1 | f7c44cfb5d3b4ea75e60bb2a20258dcbc13449e3 |
| SHA256 | f407e20915a5a2681e53892b512a83dff82b6ca35fc02153b58c5272e9a17286 |
| SHA512 | ef82b38b584538a5a904eaaecb513e5ee85a7ee714dad33bb19cab58606a61fd53223b2f8358c1c0fbb6e2920dcd1856a2d044c5bd9030e7cfd35976e3c4aab7 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\bg.pak
| MD5 | 4d02410bd9626fb77d9d5b35eec22d5f |
| SHA1 | 211368413ed3d944efdf87164b8b269535c5d231 |
| SHA256 | 41d0c431771ae4489b32c890a86e3bc5f4b9ad2ee3dd1e0c4a73b255ac52d0ab |
| SHA512 | c2360bd51b79bb8eb6a1ac280fcd21da469da27b93900559d8584bada0a0ee61edd741303153fec94adf86b8e21cef591fbe69928b2272de4275f615cdd68b08 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\ar.pak
| MD5 | 8172572f97897fa26b96ad7763071d5a |
| SHA1 | 4498f51f5ec3a64bbb6fa5e307d87740a25b537e |
| SHA256 | 0d552165d34bff1e2615f3214847f63395690130a01ba78083cd3e5007e42ce3 |
| SHA512 | 72e4765e2c476078b38d7eae1018072426c1e6a9959a8b1a9ad00eae539cc29bc3e4bc210241f2bd9ecabf981f6b6df1490a0448146162b42b9cf2b26b08a21b |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\am.pak
| MD5 | a0d8a4e4775dc63e6af15ebeadf89381 |
| SHA1 | bbc2c7428dc13c041e62180fe289e8dc60a1eec3 |
| SHA256 | 840131310511356d643e68a1029f854b58b9b8fe608a78cacb0d7c66bc192b80 |
| SHA512 | 5c4a3af11d68d7eedc24a2ed6f0ad928ec43e410e9274de8784e77c1ec7dd35bf4c0e120baaf5c2bb8f04ec8abf6489bd1dbc5830ebbc4df9080f382bd8a30dc |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\fi.pak
| MD5 | c1752fa721fdf0f47124ba3242796f41 |
| SHA1 | 3afb7162bfba88fe3cf9e6b13e950e43622ba836 |
| SHA256 | d8bd6489cefbe131a4b1aa0262ef0b6ce2b31527ee90b75ac5a92f0b795371ef |
| SHA512 | 937efe9f6e9dc3c2ca713814ec98fde007d571413c62da17fa2ae75f07e4dabe3ad06f457046a22cf4726373a253780e11da9b12e6e761b1d216e232f4de3708 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\fr.pak
| MD5 | 8aff971330ecbbe61cdc91afb41f79fb |
| SHA1 | d54b84c474b5b3d4b99e62fe74d0506110a72e4c |
| SHA256 | 61dcf216279148548ffa1b527d4c7292eb0aa87ea0a38a6d6aba4a95a9bffd1d |
| SHA512 | 53de1d032939c1fe2c7769cf75da90c99d639bdcef23fe7b3253e20cc1338b127cb32e64cf00c802e672a3b38751bb25c5a02050659d850437ea77b102851483 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\fil.pak
| MD5 | 7009336c9a4007a7a3ef7ef27622737b |
| SHA1 | e4ee3a44c50af777d0b094bc9eb6f7d3715f53dc |
| SHA256 | 47c2e5471809d0b13b51296d02d0534335c8e96bd7aecb552a8d227a95000ecc |
| SHA512 | 919213d7dddd8808c6c91936042dfde25569337f401cae257e3a8fda56336c054214a307cedda4112c38a4ab901ecb450354c0282e401ee5cdc54b6ff1263e2f |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\fa.pak
| MD5 | 15b269d6d9dc5bb304110a1deed8f587 |
| SHA1 | d30a0d8fcc05f5a64b2f8c0c2f4f89309c229de4 |
| SHA256 | a7bd45eab5b9228fa53a60b56f5a5e03cd74f3bfd5aee0c471b7528cd9a828b7 |
| SHA512 | 5d4434c3d445f9688715747d812fa24ac2d39c5c5460333621281a0a062f03eed26eef04e534cd10181740e2be45e531eefb40a7f3ed07aa213d9395290ed680 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\et.pak
| MD5 | d2e2b66b25e12eb51334c879a35e197e |
| SHA1 | 7241a1c990ab461c443bf6ab806618252ff452bf |
| SHA256 | 7b1231d846bd7efb6313138fc32fec1b2dcfe3cdea03be38f0fcfbe85903c5e3 |
| SHA512 | 531cff32f07bb11340f93aa83c41c564c2f9cb34f83c5603502a298c39cf791b0bd8e32c51ac0ebec91b26577fb6809e3217dac858dc203fc8405b668992f8e8 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\es.pak
| MD5 | b04f1dd0f68074139b561a2b37a5b312 |
| SHA1 | b0008f92f27651ec5f7b7f81060ee27661523271 |
| SHA256 | d43a3b5184dd83dff29635bd2b770ff0dd32afe8734b0b40bc3aa7558056992e |
| SHA512 | e20a6827672d104287dccc2292f845daa0a40f8a14e3d8fc613f8c11e14e66f439a17b9d04cfbe063ee549ab9e3dfb2fef161016f4952148db710e75d3abec3c |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\es-419.pak
| MD5 | 20f6e56c1826fbc5013ec4f11c9d7510 |
| SHA1 | 6599ecb515fecee7659aedb900c1c3bb63c114ea |
| SHA256 | 2c9aa3a36550c73422b56a70f29b9162fe6420ed7c06162ca5e473b151c4e72f |
| SHA512 | 7d2ac74e765c8052017ca6bd72ccd4ee4f8e8d6e5203594d530de2b0ede2dc54c2112fad9b553bbf8329c8f78f8535a1fac9d66ba898a2d18c6ea2db4b977151 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\en-US.pak
| MD5 | 2a4e25f076dac465111f298494352036 |
| SHA1 | 30866ba747b3d1cea0f462797f3a6d098f88922c |
| SHA256 | 612489de41668ca64d2ff1208915373e67dbb545745cd6d3189bba260e58e6a8 |
| SHA512 | f309e16d778ccd718f86377b100f1185368eec9bfb95e0ac46f66320166e79ffafe9cb46b0b42fea8345f7cf0b863d3400babbc7b5cb8fd27df8d0aa11b2fdc3 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\he.pak
| MD5 | ef3e1c79e8428e370fd29fecb588b359 |
| SHA1 | 3f947fe483de4a36500be0519da3e08f0800a619 |
| SHA256 | 4af6126b4668324fc01116d76d7570772d5a017e39a756d9789d9465d495086c |
| SHA512 | 2449a3ed18a0cf79e017114e446b9f866ae83b0c355eef6059f9b7eb403612518d2a0c03843b237ebd4927d1728ce8fab21e7202f92d7545818264d7a5f080d6 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\gu.pak
| MD5 | b38e3a140afdda89d97213f3105c9373 |
| SHA1 | ea222a1ed3c833983337206f62d33893bf51403f |
| SHA256 | 5410c748856b3e39a06a60f83e860fa1331b41b401d89d2d55297d5361f4a532 |
| SHA512 | f581bdb66dd26120936150b8173d1219f00044f5435244e0a7ff12c94c9870eb210d2e58b56f97e6c2e8ecc946ae002f115ae9eefe96d821cceba78c6da19609 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\lt.pak
| MD5 | e5cf5a4a5ff88f2153eff9c4710f48d5 |
| SHA1 | 3c4b74028c6dc0973b0b27eda8bed2eeb5a00d51 |
| SHA256 | 1ba39f24cf1b65fa4f375fc72a455a6c8b685ba0cb38a4fbd66ed47c428c6dd0 |
| SHA512 | c767c79aca42576d963e5cf53ab153ebac37b7b6f4891fe95a33f1fa59eaa3eb7998a1b9f258844eedac01288e6ed1da57bb3a7d441884265acfc1e7d76a4ebd |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\ko.pak
| MD5 | 19476b70056c0d030ff193d6770cdccf |
| SHA1 | 780a440faf9d3f9013c521ebcb6485fcbf514194 |
| SHA256 | 0d8cfe4d3163decc3d2f91f71cd3cf4893c7049bbede7d06af622daf848ca2d0 |
| SHA512 | 28690f975f36c6c294a7a8eb3d45aef8f6d5f7976d70e0177d5c21839b491f0f4e245275a297697d1c0cee45feb1d7a4a41c77ab94b86e1f18e07bb6e08cbccb |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\kn.pak
| MD5 | ba170f40e75d9087804318a0969ee83b |
| SHA1 | bc09b9764f05d9380f6a940b429b84d98159c7f1 |
| SHA256 | 9987b39697b806c66d7d3188c1093db9a056c5e7ad90914adf8d08ccc6ec1f38 |
| SHA512 | fdb10ac021719557c570211f883ee14d8b9152056ab6a3cce7b5749ca1e4e38bf3a744005502774f15e9335237d9b652c5f2506314509533b5bfdcf528aad55b |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\ja.pak
| MD5 | d6b62b13fa27bd360a055f08ed8a923d |
| SHA1 | 4dd62fd04472b89daee7428cdd5bbf1818b4d139 |
| SHA256 | db286a81ab05225a1e2028527f5b64af17b342ab163d6e74c8df1420399eb690 |
| SHA512 | cd04de2e9d7edc93c9ef0a10cb350b11761f2b00059dc2e2b91badcb7e530f764314da31f819edf5e0a17f684ee392de518c371e58ac9c17f65b5d6ba7ac2246 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\it.pak
| MD5 | b1c1b00f80749c40ceb3a64ca2ca0557 |
| SHA1 | b9d4668908ac11fc0ee52fb4ccdf174eae441327 |
| SHA256 | dfa30f696b31d5616452929be5709dae2f980568c00019d7e074b17067613b8b |
| SHA512 | 8f452918df196cf3227105c487a5d1997cac19a451720d1870a57a30c56e1aed87ffbdbf91990e596d26efcc2940dbc0fdf2c2703d1620e89b0cb25b73a658e8 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\id.pak
| MD5 | 8813c32e726e3c3fa6e2a6252c4e485e |
| SHA1 | f5659e6b9253ca405a844ef3b331e22b25d1ba6b |
| SHA256 | e6aa197104099f8bef78cbdefae697bea128b7864749e622dabd041a9cec41dc |
| SHA512 | acb52dcab6c95ef4e3ee6a5a25d55ff42a69edbdaf4d38740146e6a1fb0d3242c7b3befc426ddd72ebc752dfa192a536b37d1f749291e4443198a394f12b5d46 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\hu.pak
| MD5 | c187ca9cb8debf1330f12184b68fc81b |
| SHA1 | 824b23931d5d8a27530faa9950b5009a720f8100 |
| SHA256 | 55a4a6d4037ef3a0430868f0772e157f7ba622b66428fa7773943d36c6c3ce84 |
| SHA512 | f4e3a817da7c27955d9454c16a7089eefea56af7c68b12a3a58279afbe301167b39c1225d3f02b3dbacd0ddcde5120cbaf827db2c0ec0af35664caa99de78d52 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\hr.pak
| MD5 | 54c853a7844e5d00475e69cf09560791 |
| SHA1 | 4f305c7fe35056619705491adc5d184374d95543 |
| SHA256 | 43d2dfa4d05fd1edca340dd90469038b6106c6354685e88c7dc7968058e1f1f9 |
| SHA512 | 94297dc59c92f22723f2b49d6d4b6a225ff8a648decfafd6a7bf2c4fc22123ea6542afdfec2311e0a6253768a3adc36401155a1f27012b2786dc265476d13bec |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\hi.pak
| MD5 | b390e17fc30aed6a8a5494c55d01df35 |
| SHA1 | ad0f1263bfe5d6584356828ade2d6e6b08d5dbaa |
| SHA256 | 2a1ea29592051fac39255828a6f89eecaaedaaf0d1e30d9bb885a182e9d3f01f |
| SHA512 | ba49e6ff2592be069e2c6e181be942dba0e2b0ab99fe56ffe80e65fe6a05fde9d1a130c7d5d7b787780b0fc3a40b119c82cb32001aa72961249168fd9ac9fc23 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\sl.pak
| MD5 | 16c324b4c5a9f9025def51042515c9d0 |
| SHA1 | 9ae15020959cd8c569988dfdd056425e77a5da67 |
| SHA256 | 0f60d931370635bb40a01872be4cc4a900e23999e2dd264f6c162a6a3ba313e8 |
| SHA512 | b516a8ed5f28ab330f17874ff0248192b5d21a7783a0237fa934e2e07af59f743ac254ac92e75891246e8d20943f9b902927add972e6e7dbc5fe3aaabe981aa1 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\sk.pak
| MD5 | 10f350c2b9e958eff391cc239f1a256a |
| SHA1 | c6b9706198ac7c55283f25d35c67a15155a3de64 |
| SHA256 | 09d0beb27c7d0a3e5f2e1640ccd6da3fabadf16dea5720f6ee5c66604db434fa |
| SHA512 | b15b229b87488682250e4d628144be54fce19a8aa31f34114ca323ded9f3bec429ebd0585b2c1f7ad92668ba0e2fbda94abc212ac4715e830ae81b4b03bee434 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\ru.pak
| MD5 | 3332ab6e2cda9dafaefb0d9833c7b64c |
| SHA1 | 32d8b4e36ac2a4f4ddf2550876dc39eef4a49c68 |
| SHA256 | ba8f4207b55b2d56758a592cd20c62809e20816c216c1ad3e8e7f507a4dd0754 |
| SHA512 | 9698f87d38a947d1fc6bd832f25aba99eb44a63ef87853f3ee723ee979fa96ae4743ce5aeb74f8d32639e1569c694da8ac5469411de221cd8b85b98c1dc98287 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\ro.pak
| MD5 | 39c397cdb9d8bd72d47d55d1d8037f62 |
| SHA1 | 2bad41fd367ee6d77aba4360a9c6ec61b0a35b76 |
| SHA256 | 2e27f8951d9600df538e6fe48cf645be36ce8d3c2226ff4a7b16c1eab81f4daa |
| SHA512 | 95bb19e2866e84e5db6356db8768463d660ea098d4e2945742c369600ff46102a55de795e2e5c4a7beaa2e281c247c0a2390c692d63d6081a84978ab19cf2010 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\pt-PT.pak
| MD5 | a3dbcb2808fa2d386e7fcc7cb112232c |
| SHA1 | 0804057fedb023d29cedc73e465fbdb1970d0922 |
| SHA256 | 7196b4d0900182fae2c24fff36163921e2c6f87a63f00fcd1c701374dda75aeb |
| SHA512 | 5120652d63d5115a11318c4746ff3848a8c761dd158db3df2a4d323c86d6f03618916150584b55763e1a3bbcb598603bf6827f707c67db611b8a96a9112bfa41 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\pt-BR.pak
| MD5 | c58d020de45533f516621520a22c4f03 |
| SHA1 | d1aff683456c5638c1a57cd7b28308ba9c630af4 |
| SHA256 | d570b6549574cccb21bf7655f9c41261c7ff34c62fbccd7fa73e6184bc7a51b2 |
| SHA512 | b2e12c218a4645be32a17235a4be82ee8c873d1b48b22aaee4bdfe4bd6a043b1425579c8925a62ae83a8900dfa62d246f3921e35561ed0928973d36fa3022350 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\pl.pak
| MD5 | 0388403be4ec61270486640247473431 |
| SHA1 | f641d0b277bba6dbf5595ccb425f4831f8a81c37 |
| SHA256 | 5b99e2d6d9ee352fadd07b29a702b6c3f1b4eccf5884ca7da898d8ed5753dc17 |
| SHA512 | 4c1efdd6b62851f2d8337413664a2762e8ed4427c79dbd829ffadcdd381020c6586995353684191b6b6a565cc9aa093e1e622550fc2bbcc0eb668e659b180bcb |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\nl.pak
| MD5 | 4d9db526a617cbb250fbb13ccf621ca9 |
| SHA1 | c3b52b80fa7f00cf7b6737b3103410b124083095 |
| SHA256 | e3eb8cc12746cfa5ea8653036e460ad0ca927e3662102bd64abd0d08e6f511b3 |
| SHA512 | ef424699ce32ce02347276824dd50bac54cffaa129fae192dbfc2f36f9a0799807a4d9f24606084b04cc47ef4aac5b77be7068ddebea0762c3885dfd4cb0803f |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\nb.pak
| MD5 | f6abba25d34eebb7893759588ed88693 |
| SHA1 | ff33b324b2c497d5d530b1e360680fab0ccb581b |
| SHA256 | af72107c1edebbacbea5530a8b583b9d7a5f7a62cdf498628b91cf7ec999ef0a |
| SHA512 | b38e23e46813a4840feac4930280288e9eace518d7625dd05528276f56e160d673fefa0aae6a5b36e748ca0376b7513d1a1ddd1e869bd24e97d5fd0679e1b777 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\ms.pak
| MD5 | 67167e32c6aedf9edc9471aa20fe3fb0 |
| SHA1 | 6bc3662725f57196bf241155775f3862405561b1 |
| SHA256 | e75cf18483684f3936cca4ac848eff923c4e9e4cc8b87bb8a70920d373f09175 |
| SHA512 | b74799d42997269acf566ae9138e445a499ac7e1829a73f4502c3f40216d39d24d59989d33dd0f430642450f4c4f330c5f923fe1b34db611f6714367f30e0439 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\mr.pak
| MD5 | 66b0719a9eb215a1204ab8b1227667eb |
| SHA1 | 18b15cf0a8b463e71e5e67a1cbdcfae35356d50a |
| SHA256 | 3e1081295663d08d4714d33a33499203cf051e5f2466cb2c951e65a6755c1e9b |
| SHA512 | 0f7890acd3d943e32f2958653e160f5bbddd517e9b194c2ff5f685ae31701d221ffbaccd69eda68fd44f9e7f698e185b6d221c4a2ebc7be374220f0d2cea11df |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\ml.pak
| MD5 | be1229f6d89547f2f92f3da616a20ca5 |
| SHA1 | f2bb2a02095c274f5794d86ac7d3074115afd698 |
| SHA256 | 0dcabbece0f728febd023c1f0790ae6de3dcf967c63686be0255ae864a659f51 |
| SHA512 | e08a57e6c6893a1eeaa63093b820fcf354946e3fd975709d6c97b83d325c1f7fd255891f6b6c3bca9a852488970a2d1aab8258ff67cb9d073f9a2e33406c59f9 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\lv.pak
| MD5 | eb3934e683f665bdad2c099149e3517e |
| SHA1 | b5c03a9fceac38ada7eeff2455105768a78acf54 |
| SHA256 | 259cca884d55842dd61aee81e2d24373647b49cbb4ee27b41a7762d40db0feb0 |
| SHA512 | ebd7a506feff898939ca34aa8033fd50a306cc0c6e1df4287c0425fad1e9330e8657290adbb85e1baa11056d4839734ea7c09fbd384aa8604d66de816e033883 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\vi.pak
| MD5 | 78d70405f221f174bc97c37addd522bd |
| SHA1 | 6d71e9f53d57c1f3ba5daf6cf346e86fe728ab96 |
| SHA256 | 1ccec9891b5bd45567c56f60d6142e189388b76326f7f9eaffd25aa21a8e14e7 |
| SHA512 | c70bdbc3ad69eba80ed3d7558ac1544a76f0327b976facefbeb99ee74bebd6a24c923c6ca1530416ad91fc11e454d9939ec98673f5a412d646c4203d100e76a7 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\uk.pak
| MD5 | 1b8cf5e47a6c70aee19b86702d63cb2d |
| SHA1 | e4cb54555ef3d952e9f9663f1a14a7245076e64b |
| SHA256 | 6f155169fc20d82dafc2d6d7a52c5f5a97b9b04d19d252f3710f18c969481eb8 |
| SHA512 | 9f0bbfbdc0f9f8021a0eae949265d5a772a3b3eb51ae75475c4c2fec9e2806a460be3a6ccbb9e45f061d49f41c0275aa90233bc7c87c3ba29a2e4f7c6712edda |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\tr.pak
| MD5 | cf7ae862be5d7d6ac06b9e752d1e6357 |
| SHA1 | 336276b0de18e94cfa14a35594fe6ba348898487 |
| SHA256 | 2fddaa16954b191a626089e249361e131be21a41f37fe85283d8344ca1ba45ce |
| SHA512 | 404fbe6eed92363bd2970628b1d632b58fe9af4f102a5eb0d45223814b5742888944c3e02294d09ea3ae63ca8fa5c2e21948b149cc0cd663ec671d335247886b |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\th.pak
| MD5 | 120b3978b4b2bd87a8777364b7c476aa |
| SHA1 | d6d336c3089b1a290b4a0c002468a89c1f071374 |
| SHA256 | 812fc5b8f32ce36185d48c2add8fd286b8c895143bc5ce3c6570149ef68ea0b1 |
| SHA512 | 0803a359d679b4ee896ce4e4fdbc0c2ccee19a6ad12a7c6706a752eee80cb5c02cac6583c4071830d6f6adb10f72f231f9145fe25cb61982bcb433a4a34e1d7f |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\te.pak
| MD5 | 7614f7aa169bbbcf2630d622a4f43e41 |
| SHA1 | 9a8ee087e85bab1e1193784c01a1171869001bcc |
| SHA256 | f65a73d8703877a18e35fb10e82980fb4d2e65d2d274e3aca3156a3f071c5816 |
| SHA512 | 82d9f8c432b994a22eb45e8ceb6f6a4df84a78711aade4c36004bba38918dbeec2c150ab5037029970115d848e22f933685b03b982720125ad10c603f9656193 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\ta.pak
| MD5 | 5c46104211e62e2295c0ec040f31ca84 |
| SHA1 | 7874e16524ec034f7aa58afcf1aa3b912f935afa |
| SHA256 | 7362fcca554e73a5b698122345e63f49a8bf57a3bd7361f0bbc75924bc179e1b |
| SHA512 | 8f9e159897fa0a6c0ddacecd116eb0956ca20ac5817b9750a3037391bd7f91d194085ebb6ce3723bf4655b82e3098e0ca0f8b6d25fa2c1bae50debf07e1aa494 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\sw.pak
| MD5 | a554588b55d2bb06e745b56f8729d5a4 |
| SHA1 | 89b983e6b2d8e97720b4161a6aa63568241defc2 |
| SHA256 | ba980717ce1bebbc17d4d71cacd1615ab8f7cd6113079f0f600d7951a585214f |
| SHA512 | a180a4d59de2f8732a730a9dbb137c0bc9f94e37df24c12543d1d138134c321f8193801af89d1b9c01f8a625b3335b5633f0687ab17b9c59fc9d731b4f52d7d3 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\sv.pak
| MD5 | 1c58f935e3a3ddff6579494572e518be |
| SHA1 | 41dd80930b53609192238d1ecad387866cbb85ef |
| SHA256 | d13eca047acd9583178ab15bedd5661caec7ed20e1b8d5fd752deedd7be8a845 |
| SHA512 | 601b10c352ef3d319a8a6deba9e23cc17454f6181188ba9d970d5c4e3eaa3910d88c18c8dcd744e0e06b0757d052a392f81d85c308cfaa2dcb0824e461d07b52 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\sr.pak
| MD5 | ab1f290f1b023fdd027d658067f3f22f |
| SHA1 | 0b03e9ed994454c2a88fff0ba89cc9a221abeb6a |
| SHA256 | d0ba27b96f90622eea429bed9797b2e8ad8e8a27e1f56de78c7865f179109d8a |
| SHA512 | 2c63f1c4d00af67af01392ecd161efbce67e0cd4d260090a83a72ea70a0368ab162f9533ff463984d29ccfd8929545757c63562e0d82f150581f5fc9772e62e4 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\zh-TW.pak
| MD5 | 747d501c5a43d4d1e7f5882916f8de47 |
| SHA1 | 2e87a34e0a5b5fe83638d1550301546e9a8b209d |
| SHA256 | 10a11c863dcaf09fff7d46afb478f0cf4fd9e8317b01591f0d0ffc4498bf1c5f |
| SHA512 | 37f22f7942e82ed173f90310b3da3194693fbebde9117e1c8ce14a19eb5a169339ddd6219b9c410e183de8a03509c17dfa3421244d1cf528dfb7e4443c45ceeb |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\locales\zh-CN.pak
| MD5 | 40ec6c93540218275cc80f3b4e5da207 |
| SHA1 | e777123acf398f25edce77e290941dae9ea34664 |
| SHA256 | 950f960ee72cac4b751aa31d5ba6e9a7c391ee194c36d266251a0d260656e967 |
| SHA512 | c424acc84430ab5e6d0f19cf182172edce832f45698fbf9ce3a395d9be16943d0d2f96d618da12cbd52a3e23ee7c167d52b4524a498b976850b41c885e947af6 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\resources\elevate.exe
| MD5 | fabd5e33d12eac8230750a90e9ab5dc9 |
| SHA1 | 6eaadaeb6675153eac83be010fd619de98a107cf |
| SHA256 | a6a44031823a639dfee55d3cdb9b0ee7d5a99ddb33109f35e920b070af9d6b90 |
| SHA512 | 9abbf5a9b234368e3c833d8c25c0c73f71cef0a42d3b3f964619a083f80803e79709619da445a056624fa7a9bd69d6b3423a472e2a8197c1772d3ac54754d670 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\resources\app.asar
| MD5 | 0fe67c5661c49e82d2db4c6279046449 |
| SHA1 | b19e03fa42ad577a5838f5fa0622be9df49b1493 |
| SHA256 | fb1c3f75dd10b85282340f657ba632c6c012f90f7fc760b3beb178eaf71f09e1 |
| SHA512 | aaef7a10afcc9fee49e538e2537b78c3a28cf22d1f890cd42e8111fadf4c521f3cddf21313451635a25b50c67f49f442e89620a5511e87233f4ea47081c55ae1 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | db1ebf0636cf71364b066b7e571d9eec |
| SHA1 | 3d1b4af7913f502d4917947215d2ece91ac72f76 |
| SHA256 | 9e9b0ac8ea2c9823949784c3eaee526db93a0dade7158e21febd85ac18bdc99f |
| SHA512 | c2fcd2292b5c5f109f366e36441634c99a969aaf42b979ae2008855ff6b912458f8c8cad3a3361af24889e4227cbb4b48ee9aa872eb110312ac5d8ed003cd571 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 3017b84934d996b81788bf81927d95ff |
| SHA1 | 159ad6a56746aea6b0bcb84dddcdc2609b2fda7a |
| SHA256 | 36196b4a9523d45fa6b8157f268a40d226ae012e8ea75442ffcf35113f1078fb |
| SHA512 | 0739cdeb40e602c4f9370d4df50ceec00792034873d0f263151fef6c7e8fb15c557e493d32b84d0cc2926f1963c170a36b5364659c49d0a0c2cebb1ce659941c |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | cc371e12b84351dc571a89ade513605d |
| SHA1 | 0c3129aaec9fdb658ee6979d448c7740bc0f661e |
| SHA256 | 4d0d77fa8fe89facc65c61a60c0ea37b25280e366bbd2a83e1e55275cb6f54c2 |
| SHA512 | cee5338a9785d3d6a297bf98f4c69c90ef35651673715e2e8c66e2a3efadb15f0d5f51883fb3ca352c464fa431121bcc35405454e36c4849f05451e56e431570 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | 95799e5e5af19974c0bf44ab79816557 |
| SHA1 | f4c775eebf1a3da9940910190b5305de281001fd |
| SHA256 | b55dbb76c4fa29341f4a20e11eb56ef9c1f1c04d3cc71f749fa5d1c220845dc6 |
| SHA512 | f8522c46db5e00c3014bdaa5278fcc772fac6e414dba9516de87516759e9419a5d48bf2429435d68c0dcf1cd43a4c4cbc4cececb2bfd67a20d164929d4829f5d |
C:\Users\Admin\AppData\Local\Temp\nsh7FB0.tmp\StdUtils.dll
| MD5 | a4100116a9d7084d4cc691677b0cedfe |
| SHA1 | eb1a26024f2eaa0dc1bc93fc41d5bafe4136169a |
| SHA256 | c0e82ba463f56f8361e88d2ea7b529352148d7970d0fb992c5d07f080c0e8ec1 |
| SHA512 | 15712faf6a13744c0dcd46e2c511b839a08300c107f408b890d1f4d72e6033001d60bbc0d5e81c36eceefb75033c1241c364433138a446875210abc2d26e911e |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | dc826bb5de10737b56d3bae419099efe |
| SHA1 | 24a1d3beae75303567edcf2e53b1c0925ad67d07 |
| SHA256 | f5bcd9024c7318e0be0e75c83bd246e04ada1bed2e02852560fe3d2609f68e15 |
| SHA512 | 7b7c8e6f03e952852f859a4e638dca4d1ec35a9e7b0df2257489ee177b251457a98ca393290e9e1bb40421eb26e507684caa4a01726d4f388d28e83acd4202ea |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | e0892022176696e4f6e52432f0b98db1 |
| SHA1 | 838c276a39984678bc96b3cb97cb361bdfcb8f0e |
| SHA256 | ee18cd73366e2d9d8e2c39ae3ba53b08a014051243dbbc9a8f1aa21e451a4ee9 |
| SHA512 | 8b043d0ca4cac9b4bac740a9e58b8e6e2d786a564300f21ae10d6428aa52092bec104e4018bb8ccbc13e8d8ea1d2315b1d3b7ecea5544f0bd2fc196f0c069922 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\v8_context_snapshot.bin
| MD5 | db56cbf17e7dcdcb4ff14da3d31e130c |
| SHA1 | 430a38e5bfb1a0e7294953acfce6b7f79f2d816a |
| SHA256 | 34327a4dd1b94e8be16ede180b365fc7e9d5f555cd741293dcff6069e14f9aab |
| SHA512 | ec665ff19a0e12cc54883969720bb3fddec8a59787234c31228a981ea941b40e2ba526681764ddb3ec8dd1dfb382ad668e4ed4849fc4b4ce0965d126ed018160 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\icudtl.dat
| MD5 | e7df2772cbf80236fb4a03bcfe9f3ac6 |
| SHA1 | 0ecd79d27218c20181a1313d908cc5e0a9525da5 |
| SHA256 | 1d4e28510f741882612dfa1ba2b17527fb2568a54e3fa9efce04a737f4b2680e |
| SHA512 | f3f06feb17e3f6be1a5e55130984c79edb8238ab6b603c8eca0b199ca1db741a883daa983810cd78e6920c5ed04c9dc4ffcbe794ebb3efd98d49e6b3fa6cd985 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 09e7f7796e37a327da8d809a63572d76 |
| SHA1 | 9d3efb877da7b0f976bb4e7ff6821c8bd2433e1a |
| SHA256 | caa66cb4a8d40642c79aef8e36e6dacce1d5986453feb2ed727ff79f8f1d5390 |
| SHA512 | 0401849f5785a3f280d9b7b040ba40392b08481bc3b60e1c3b892484c9cb392bf1befbc0adfb0a3bf137a8f4cbfb69d29e8f71165575b36e2d6215f0a00b69a2 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar
| MD5 | 6f54f7fb244aae514ade8b8ff1652a1d |
| SHA1 | cf6c2fa7c3cc40bbaffadb469687200b60227755 |
| SHA256 | 5c16e1794d957ebb7e6dffbec92cc448d60ac9e66740d5c20cd37849f5cd732d |
| SHA512 | 3820b5ec4d9806257b4bf2ab486c95d104a6afa61cdfb80a56e05c548c7c30eb5fba8815d29524c3cab87926d52bd1f6e9ccacddbebb400624057351da2469b8 |
C:\Users\Admin\AppData\Local\Temp\84f95a1a-826f-406e-86ac-d9d77d251f26.tmp.node
| MD5 | 0bd27bd66ed87d439194c29980745bba |
| SHA1 | c7be0dfec8ad5a4cff71cca2e9a29b3189570615 |
| SHA256 | dba0ac0d9039a059bdf9b144de089f236e25ce4ee4c1c7dcd6d1c5b75ccf1545 |
| SHA512 | 6059306a33876b32c26389ca51e8806cf7d872a66d212fd45f7a7e5bbb0f1fca37e0cba74f01d206dd7f54f65c3fb0181b496ab0f2198d88f70fc5f70b6c8781 |
C:\Users\Admin\AppData\Local\Temp\b0ea7096-96a1-421f-a9f6-3bb62008f9d7.tmp.node
| MD5 | 97a96665009f57887f634e37baab711b |
| SHA1 | efd00c760c6f96252bfd01e1d8c4b1e4c24a7f08 |
| SHA256 | 8866b880b15e00446607b3fa9fd6b776f802d4b7c00be2c64314538256b2002f |
| SHA512 | abfd14c4600f687dcbeea043a8483ff5910e5dce4dfaf6c675d6657a7fbdd14c84b1d95f2af90a33d551762de31b2aafd179e99ba02c0839c1ea85ce5bfda939 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources.pak
| MD5 | c24d27cfa0c5c7fc327eb9d2f245acf7 |
| SHA1 | 02a06be56c6be639a6a3f62131631db0212ffb42 |
| SHA256 | 0809662acc3e628b134629c1c8423211c43da5280de8e70f73ad4b5a289c93ca |
| SHA512 | b8ab877de8ecde79fbe0d60b73c60bb33b9d54041fce51dacfd66bee6e6327e813ef29460a631f72b48790b6d085a34c69c392c68b8699542c933b2653e76edf |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\locales\en-US.pak
| MD5 | 6d473a5247df4dbde080b309d0bc7727 |
| SHA1 | 2358819690e0fd9884c95f0403ec49d4ded4e12b |
| SHA256 | 85c0e28ee2718c1132bf1f23813df2aaabbbaa4b7bcee0d011461e928ff600e2 |
| SHA512 | f852e410e3325187d8b505b0bf0f541e55ac1b44cbb6cfd82075c61681c13929f856e35e6b783ebb2f21358167a68e4b5a0f8a21c2ff1689c95ca7ec929b8617 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\chrome_200_percent.pak
| MD5 | 2acd9da749cfb5803db1b56e77f470d6 |
| SHA1 | 271fe8f6ddc4fbb192ad58caef82299fad54cd6a |
| SHA256 | bc7c27e48c147f274ae327e22cdf30894a49a1cf825f3898c1341f57b257b8d7 |
| SHA512 | ffdac45d5fa0bdba9a17c1312658b91b5e9ebcf84cea5fa45be50be1a70f57975dcf4a13758b6c68e7f97238b6970ebbb16b80cf7df19549f029af4385d83020 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | b8695e1fa3785313893f11e6b032963a |
| SHA1 | dd8c651e0573e73bd0114d0b965e4b1e707b66f8 |
| SHA256 | 081a9159f2603b8cc1db0d560ebc23347fcb6e9d39abd89d4e5b64bad5ac998a |
| SHA512 | 55b8e64b53deb0598a2d3ed4241c00236d32241c19c045fae3d89bfa5eebff8882613003e15fc31bf35120aaeb77f57318167905eb8e2b43585af45c9aef95cc |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 639065d1542bcd0d0e4ca923d28f46cd |
| SHA1 | 33204b72fb2924ae2a5f26e202e8306f7dfeb913 |
| SHA256 | 8523f8b3673c34a2b2aba530e44eec4fe2bcc4c61a797c11407d57f95d2ac22e |
| SHA512 | 692bae308bcb92f06111f7dc9bf155b614cde2e5eb861b0f7b49dd9dfc79038db3df1ba4b0966389fe906275075442d3b838e2eb6e359f13f6247cc0d17b1f5b |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 666699575a381fa162f1f5345473d48a |
| SHA1 | 3f9034c52cb418ca9a2757c900931354a6117ca8 |
| SHA256 | 82da8e8773b2fe648d091480a688487dcef24205be283a5413924c98ea8dcd10 |
| SHA512 | ea14ab8d0224f4ebf6fbd5f890fec3f7fa29f040571f5d695ef71df234587ba402e3b68101df7270902088483a0d1fb3899fc6c9533877e55e2e23ceb80b2fa7 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_f4csmsld.z2g.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/564-611-0x000002640AEB0000-0x000002640AEC0000-memory.dmp
memory/564-613-0x000002640AEB0000-0x000002640AEC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 70b5c12959dea82e64a05dec518878ac |
| SHA1 | 844ef1b5046ddb6dbdd2d2e661c0816f76379a49 |
| SHA256 | 48e18b18f8ae0e0a0129f36bb801af13e9e429254348fc8203e357564f378283 |
| SHA512 | 5e710a93a1ed5828359675712aba9db288a66ed1aa469cedbabcfecbe8a7c78c2a4c86ce199519acb713892e5875e69098b31eeb340d6f06452111d5481648b9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 1a11402783a8686e08f8fa987dd07bca |
| SHA1 | 580df3865059f4e2d8be10644590317336d146ce |
| SHA256 | 9b1d1b468932a2d88548dc18504ac3066f8248079ecb083e919460bdb88398c0 |
| SHA512 | 5f7f9f76d9d12a25fdc5b8d193391fb42c37515c657250fe01a9bfd9fe4cc4eab9d5ec254b2596ac1b9005f12511905f19fdae41f057062261d75bd83254b510 |
memory/564-617-0x00007FFADFE70000-0x00007FFAE0932000-memory.dmp
memory/3360-630-0x000001DAAB670000-0x000001DAAB680000-memory.dmp
memory/3360-629-0x00007FFADFE70000-0x00007FFAE0932000-memory.dmp
memory/3360-633-0x00007FFADFE70000-0x00007FFAE0932000-memory.dmp
memory/564-612-0x000002640AEB0000-0x000002640AEC0000-memory.dmp
memory/564-610-0x00007FFADFE70000-0x00007FFAE0932000-memory.dmp
memory/564-609-0x0000026423630000-0x0000026423652000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
memory/2240-654-0x00007FFADFE70000-0x00007FFAE0932000-memory.dmp
memory/5768-667-0x0000027C3EF90000-0x0000027C3EFA0000-memory.dmp
memory/5768-657-0x0000027C3EF90000-0x0000027C3EFA0000-memory.dmp
memory/5768-669-0x00007FFADFE70000-0x00007FFAE0932000-memory.dmp
memory/7432-671-0x00007FFADFE70000-0x00007FFAE0932000-memory.dmp
memory/7432-672-0x0000028BEBC70000-0x0000028BEBC80000-memory.dmp
memory/5768-656-0x00007FFADFE70000-0x00007FFAE0932000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 9b5655b797c26ffc04f79597d8d56eba |
| SHA1 | 8b6d6e58ab350bf1c526ed324e523f4f0cf808f0 |
| SHA256 | 5893e9041f26e97ce9864f245da1211ae2570503facf24a5bb21ee7b858c9548 |
| SHA512 | 89549717ce4b618fc68df01066d0cc1d3198a94e616fa84e563e5cbcd2f9aae4dff4599d5b8e013ab5e8da798c669dd41751d25f988f729bf8bc8ed0fd9645ae |
memory/7432-682-0x0000028BEBC70000-0x0000028BEBC80000-memory.dmp
memory/7432-684-0x00007FFADFE70000-0x00007FFAE0932000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o1s7lgd.default-release\places.sqlite_tmp
| MD5 | f08d04ae92800b14a06c640bfcb53e82 |
| SHA1 | 714b4155d276604cf4dec5dccaf017a69420f0d4 |
| SHA256 | a9a00bbedc32d647c4358e85b23f20fa9f39e79b6f1d1d2f56e5fb80ba6ab240 |
| SHA512 | f4317b651017818178e337c87960f7a13ac5a945942dc1efae335b8bc17bedc5532be2c1c5d3ef8ae2d25b087fe97649d959dbef696ffd9506a83df0227736fc |
memory/4356-737-0x000001C2EBC30000-0x000001C2EBC40000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 9727080e411a1a3acddc368446e8792e |
| SHA1 | 8a479e5c1ec2aeba4021d9ebe8604d214ee7e22b |
| SHA256 | 828c90db8468efdbced7ebbc77428e710f3a4b8d74cc46b0be3ded118b348ba3 |
| SHA512 | bbe71b367537dbd32e50049b9d85156bc861f94f3dee28f12e7ec832f35db8aa8e76d66d5b5a326d57d265a23eae8327016fb6579062a260ea35e64123e6e1ec |
memory/7784-790-0x0000021BDB590000-0x0000021BDB5A0000-memory.dmp
memory/7784-789-0x00007FFADFF20000-0x00007FFAE09E2000-memory.dmp
memory/7784-800-0x0000021BDB590000-0x0000021BDB5A0000-memory.dmp
C:\Users\Admin\AppData\Roaming\salutVLoVP.ps1
| MD5 | 4fdddf586aed433adb0bfe7362592055 |
| SHA1 | a0e31dcb709ccd9e7078529880c66611d7f418ea |
| SHA256 | 4e26e8214c7ebcb5afa23bc8f5e545dd9c8a782a7ee1d3d40531cf4ee09fbac0 |
| SHA512 | 99c4fe58658e487fa54d82d1c041c2af5efdafc98dc1e079d3a250b973a435aef488e334849a0e052f6b99546df6d6518cf43b4d606edf5fc637169000ae2362 |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo16.png
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo.png
| MD5 | bcb9191c9f3dfdf3489672ff446b16b3 |
| SHA1 | b54b8678d888447a7e2cda1848ca5879dd5e6c3f |
| SHA256 | b81c6f360d5815b3eb6e31801389d881ed7e8665c00b7d08e117d6035acedf08 |
| SHA512 | d9c4ff2472dd40f87484940086d11b1e43c4b6a3f579bfe57374b2d7c0aa2a5ef9504401ef5c367024f01da91672f886b660a017b4c7716da9c29a95cc850e44 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\manifest.json
| MD5 | 42ac88deb5c3cfc02fdc1c27319ee067 |
| SHA1 | 97b1addf35159800b90743fcfbb5505e80f6eb82 |
| SHA256 | 28486361faff1827fb9f1871529c48efaaf86027592d189afa6f99b14eb3f4bb |
| SHA512 | 77c4054a3cf061eb6f4f6e9803b74833a8fb0fe352239b5b47cf39ea5eea8104b9da6deab75018557476fbda856f3be8d57e6fe2eb777c45a7a1bdb1e72d02d5 |
memory/7784-804-0x00007FFADFF20000-0x00007FFAE09E2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 36bb833bcefdd2f80a289fc681c87627 |
| SHA1 | 4204fa10680f0a9c2699a9eb52709db1cd68e0b7 |
| SHA256 | 52be5401760e6cc30c6018d277e7ce91aa262b3888297f76e95a20fdda8e2ae6 |
| SHA512 | 233fbb528d3b7196fb967fff74e66dd589b6a302e97774a24fbeb971996aa6c1b17f24f19380873c976978552e245b3dd065cdb9d4133ce554c507d92f8778e1 |
memory/4356-749-0x00007FFADFF20000-0x00007FFAE09E2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_B84Sr2.vbs
| MD5 | fb992f70b1f74f563ec45eb328aece90 |
| SHA1 | 9906856611aae0cbb1846bf52fb01adb02e02779 |
| SHA256 | 618cc5cdb5c3231ff65c65f5b535bee320caea74298df97ef3d5429ed1e3d1b1 |
| SHA512 | dce107065c508c51ba1fdac5049121d11c543e8747be59ad124ce9f8dc9c3a608ba427d5bc32829469a6ec9dd72d3219a431bcc42634c1f1853493d3e711a246 |
memory/4356-736-0x000001C2EBC30000-0x000001C2EBC40000-memory.dmp
memory/4356-735-0x00007FFADFF20000-0x00007FFAE09E2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe
| MD5 | 92e13455f7334ad8dd134d4cc9bb0c25 |
| SHA1 | 047c11388530ad39db4c103cd9db38278abc8b3c |
| SHA256 | 9df50b0f60a7e79822b3c7a2f47f20245e0c35172c8a5c93542c2d7421eb8068 |
| SHA512 | edc0e679115127a3b7e96e80da24e57b00063070bfdf4a85ac91642dd6133319149f723e5ac1f83b4b2b61a0e2a39a6cf42ed28f5cd4aade361754a9f3d3bdb5 |
memory/2240-651-0x00000217FDAD0000-0x00000217FDAE0000-memory.dmp
memory/2240-650-0x00000217FDAD0000-0x00000217FDAE0000-memory.dmp
memory/2240-649-0x00000217FDAD0000-0x00000217FDAE0000-memory.dmp
memory/2240-648-0x00007FFADFE70000-0x00007FFAE0932000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libGLESv2.dll
| MD5 | 2b1f4d268cb06c8f986adbe47f5cd3da |
| SHA1 | 5f68a89a6b046a8f3d4c6e41fe9c402dd6d7abbf |
| SHA256 | 9cbdbc4a16b8e090a7b0352d78b4f2ad694a0af88f5730a092e579d7ca120145 |
| SHA512 | 1a2f7a687023276925b12f457d6989b03fcf60269ead43ebdb099b8c037d8d33331e3e6872dc2c8ae7de8819bb811e2ba50f5ea4a300a744299af93f0c10dc5f |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libglesv2.dll
| MD5 | 043a3f8f947c54a4bc67a36ccf1aa2f5 |
| SHA1 | 9a8ab0323129ab064c22b3ccaaab5ecdae15d69d |
| SHA256 | 6ff3e4fc37129e885ae826dc8ea4997815233b7cb0572502465abd1f1849aed3 |
| SHA512 | b9d2ad9336e58336cabff41acf6d35fcbfa846a165fc001ee381d118e0edc90fab481b89a744024764b634a483f54bbf2e32397d367136c429081252bd53410d |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\d3dcompiler_47.dll
| MD5 | 46c84ee3b22bf6a73553b7dd4673af6a |
| SHA1 | 9a5bb9ad0970381150b40934c4e1177c88deb389 |
| SHA256 | 4dc41301a3724c10adb87d5da28cf314c16de71ec40047dce1f25d8b01dd3a08 |
| SHA512 | caa1f30b128b3351f0ac6feb7850cbbb769a6777ead16e42bbdd2095699845273f57134a6f42051f61f8616f65ac7194c51c25dfdbca2c092e23db6c4ded676d |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\D3DCompiler_47.dll
| MD5 | 89910ac130663c8dce70936b25c20034 |
| SHA1 | 1c351c3a80e08b9647d8ac765c1293fe9cbf31f5 |
| SHA256 | 6e0f850ba0ae746cdea5aaef3b4e394aee8ff057c81ee8b4f44f085da0b76a7f |
| SHA512 | 91b735d6dc992eab310e5f1835a1c907e1493be6f16a7108846ca5667b72682216d8592ed4a1c20091379f1e0bb033c06ea3d6663fb1b9ffa1e3045abd7da143 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | df15b53fb3969c932140b88005d72d6b |
| SHA1 | bf9f45cd8be7b84221eca09ad70fc5c0ed7f90b6 |
| SHA256 | 6f465f4b90afbe749caac22401e31c7e57ed587e02023bc66872acbb4a8fb052 |
| SHA512 | b2aede1db96d0b79427a29bb23acaabd8469a40d219b9b519082494ec2e606c3bdd75138347dd564b54b5db617d28a858d082680ba19e4f743a5f061904f0762 |
memory/4836-578-0x00007FFB02D70000-0x00007FFB02D71000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | f731a3b3194973624e4593d48b81f64e |
| SHA1 | fc026015fa17e28409f2d6fc3ac4ba4c2e4afe0a |
| SHA256 | 58978c4b2300a8ae518abe284654deaaab2dae8f3c223d5985f847bb3b852445 |
| SHA512 | 7632c4de108192ccbccc7764a2e892ee4e9acb9f1d44a4c39f4c5961351cf8311a449c2dcdf35fe070954dfeeaef0de7f21b0375ef95cbaa825e906f62e117f0 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 200c81fa428a3a57ce7935f5681f2fe6 |
| SHA1 | 2682a3fc18d28ac85266d411a6448e6e74c50af6 |
| SHA256 | df745f3d690b8828c4a74d983e4eb68374678e1500c1c5a1b405ce4e6ee935e5 |
| SHA512 | e3fedf9019e25f93fa166c7576b427fcb3011709261dd5f1783c6fb3b66cf9d605513fec15ac23278854cf9123453ca431a4595a4f35264fb91eaa5b6574cdb7 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | eeaae28c06f0a9d9e740a185b7f79620 |
| SHA1 | d14a16a3b4a1976f4d4beb1e8671ded5bd4e6a73 |
| SHA256 | 998d03e52d6cca5cd0bb89c07907cb1245e182f8ad92eaaadbdba9f3f6aa8dde |
| SHA512 | fc675a262d8b6eef4185f67ac7533d9a2158304df3e9e0ad602cf09b3efc1426c74ddea4c2293d6d842e4e627ad691872de9744d4b92e733fec69fdb64ea0502 |
memory/7552-899-0x000001980EE40000-0x000001980EE41000-memory.dmp
memory/7552-909-0x000001980EE40000-0x000001980EE41000-memory.dmp
memory/7552-908-0x000001980EE40000-0x000001980EE41000-memory.dmp
memory/7552-907-0x000001980EE40000-0x000001980EE41000-memory.dmp
memory/7552-906-0x000001980EE40000-0x000001980EE41000-memory.dmp
memory/7552-905-0x000001980EE40000-0x000001980EE41000-memory.dmp
memory/7552-904-0x000001980EE40000-0x000001980EE41000-memory.dmp
memory/7552-903-0x000001980EE40000-0x000001980EE41000-memory.dmp
memory/7552-898-0x000001980EE40000-0x000001980EE41000-memory.dmp
memory/7552-897-0x000001980EE40000-0x000001980EE41000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-17 16:14
Reported
2023-12-17 16:18
Platform
win7-20231215-en
Max time kernel
12s
Max time network
158s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Runs net.exe
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=976 --field-trial-handle=1088,163888158362797258,3180453921456259745,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1380 --field-trial-handle=1088,163888158362797258,3180453921456259745,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1388 --field-trial-handle=1088,163888158362797258,3180453921456259745,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=1736 get ExecutablePath"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1416 --field-trial-handle=1088,163888158362797258,3180453921456259745,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=1736 get ExecutablePath
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=556 --field-trial-handle=1088,163888158362797258,3180453921456259745,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
Files
\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\ffmpeg.dll
| MD5 | bffd88be230e662bf4d2e09e1d37d304 |
| SHA1 | 52a1afb8298698a548001f6902e3705192db4876 |
| SHA256 | 96fc1c4a83066f0d8c5039c721a6c85dd6e52709b027d36d984fdcb70356bd79 |
| SHA512 | 137c71865632a6b4506b618c62ad838368aa228e1e559da17032196b71140525d61ad5bd26ab92992d42a0c9444287244a6945b5b7b11ea9ce7d5234f94d6fac |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 4bd170ae7b8e2e10a7f0a57be57657ad |
| SHA1 | cb107d7a812d110223ebfd8d73332aed28703d2f |
| SHA256 | ab0a6bbccdf3535bc6d0ab98008461428dc12eae42a0570f75b40d0a26296148 |
| SHA512 | 9c83664cd3c88fed64a3a9347a306fb4579cc8584320707eaac69de516462f46cf6232ef495f851d0e28d39d60f6b1268de9e6fb1821e1aea6bbef853f2e5469 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\icudtl.dat
| MD5 | 32d1cd94f541926d27fc483ce2b4fef5 |
| SHA1 | 9a12ed44eb1a3fa3790899e0c65eee849fb74f0e |
| SHA256 | ec4a12b47659e52e9a9afae64c42cf745715d82f47e4a50aa74ed94b8979d465 |
| SHA512 | b56388686b92fed065515b5e38da345536b7313d494569f41a41cafa35a97f9d658bf495493ffca18667165b51eca00657d2f86aa53cfff290640a25548922ab |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\resources.pak
| MD5 | 67b75227d2118e6633bf15bdbe07d84b |
| SHA1 | 46cdd06b93e4a6a454cc463e65c4fe1c1c39fbfc |
| SHA256 | 23224c0a79f0a82bb3baf8a2eaa1e2984981e5efdd3355507ca9c6190949b437 |
| SHA512 | 6e70281e50e05e7657e469c4f54cb7165b212f79a323de3baeef86d02d43fdc7c759054a9617aac94f4103f874fff3176823b557693e81ad95ca221b3bc852db |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\LICENSES.chromium.html
| MD5 | 9d3da9bcf3518d3b8e1226ebc4bc1cee |
| SHA1 | 45a43361ae97ea31e2b1433297f5645b4170ad91 |
| SHA256 | d25a9eb311639190865f205629a5453fb34c145116e8de23363aed41e4d64ef2 |
| SHA512 | 5c800612ccbdfe57051eeb2fa2cc834c70050111eae2d0c5b34d07a61b4c503006631e317c2b305eb2e5c973cff6efa71f30f166aa2d1eef9a1db8efe524a9ce |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\libGLESv2.dll
| MD5 | efb2d43d109b028ed69026e3898ab7dc |
| SHA1 | 511127d658beecde5be42d28bc9d1bb7bd9feb9e |
| SHA256 | 5743bfbc995adfee17cdf5455261c380cf240edb3b7ddc8ea4ae16301dc3d8fa |
| SHA512 | 39895b67ee081699f97e941a255f8f55f921c1d527d50454361f7dcdebec9f19d18bf0eec199358e6879a105330d614f6615d114deb3697deef24b8666604d21 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\TatsuBeta.exe
| MD5 | 49a4aa23a04a270163866c690657d2ac |
| SHA1 | bbad81f0c5553a8917b8fee4041c5d5177c31873 |
| SHA256 | 0da2c3930b6f315d80758f9d9436113a2c4350b6cfc55e256cafaba2b518e186 |
| SHA512 | e0778049783e22706dbaa68e0c5ee961cff79a287f3def63fe531b10741652b6eaa9ca6734ba390df3d0ed8e46da51322ab02ecdf43746ecdb369558d4d175aa |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\vulkan-1.dll
| MD5 | 37411a16887dd3f3f2a74958b84cbad6 |
| SHA1 | 29a8d02a7ddcc11b6c2d64a8da74b0b8367c91b1 |
| SHA256 | e0c51a8bff04e992d54922611334ff24faf6cff24d2eea0b097f158b0e6fe382 |
| SHA512 | bd3415bb4fc4a799942232334d6c32222baa967432b6ad8e31e7654ea49f36fd02732e716008c77fc8feb34dbba363e0bc334f2a518a5f67697984c3f09e746e |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\vk_swiftshader.dll
| MD5 | 2e59ae9ad005adfa0be5668046922302 |
| SHA1 | f28edd73ddcb37312037de15a7e0912e7af4bbee |
| SHA256 | f463d4897684497b1973ff1b03ea54a30e5f541fbcb4121e75e9b020ac669c32 |
| SHA512 | b55eabdf572b3a9ffa521f0f28a803867ea97522f296c493faec283b670a67daeaccc6163f6775be110b81737670d0b74675a517d67dfeda02f03a45b7d729e9 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\cs.pak
| MD5 | 8105e1b1560e7684781ed0c71f80a308 |
| SHA1 | 620d730c3c69f185b777bb5182a0289af47af4b2 |
| SHA256 | e40b9e3d9acbd2305f4c187368f20d21d3a07d1b038e74f793481cd5ebf77ded |
| SHA512 | 4dcdfba2474f43de2e8aedf06b48efd75b591ed64ca8fa35827fad0022fee994e672c0a05a2156b80e6e4f97f7346ff8d6c00ef1afa10f54fd6e03189cf5fafe |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\es.pak
| MD5 | 34345a76acb1e85ffda7d54a6c5f49c4 |
| SHA1 | c2cb57eca2d055c1300d396bcecfd2910a00b30f |
| SHA256 | bfaa94a4ca6d408837be93e974741b65e09fa917fad7a61c9f9d5dcd03e3e68a |
| SHA512 | 9e9af2718b717005a7ab6edc16bb5317696e19b73b27ecbf49d4db009fc8c4e477db87ca6e6286875ea86ef580bf0b3ecd5a865ee85098ba2b11248dca2c73a2 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\fil.pak
| MD5 | fe8981db11ba6945f3faa8de274237b9 |
| SHA1 | 5dd3ae083fc807d90ee8df523547f897803d202c |
| SHA256 | 51c4571b0bc6b07f78bf345bcf98e49f28280539649637e8fc57da5bea290238 |
| SHA512 | b24283774572371002b94d0763be4b3e49b3922a279c235b752be96e0003511accdfe39df55794df021d04ddbdfdf76a89f90da25040b4aa78d22fa654a03a3c |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\id.pak
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | e421a9aad5ffeb13b77a4bc8f619882f |
| SHA1 | 1473747d68015baa58d9586a462b671057c5a63a |
| SHA256 | 6666abbbf58ccd038f5a2dd2ba4efe2a410703dd8b2a6b345695c71003c89c29 |
| SHA512 | 8f4437c93febd760a8c7098d85dae48209dfcbb57b98f47ac61f5a2fe25afed8608af4b0b7c0b517f3b8ea9ec4edf5376b0a791ba5010bdeeac7ecd5cc17f61c |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | b5daf858992d583f8d77ff58911b2bb5 |
| SHA1 | 9e51ad1d38649f126fb9438141bf514f226dce3c |
| SHA256 | b71b4510aeaaa9b56fe7b47b0001d9d0748ee620a7dd2b2da00b4e81290dac36 |
| SHA512 | c4b5d8e1689fb7904c732a56d16189e5b089fd728bac76f4b6c5a612b8008cdbf75662e7fa1aa457b1cfad511d62ff8b8f36c066b7e90e0ce47bc0c6961961fb |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar
| MD5 | 3f5cfa7aa3dedb86b5fa2cbc69d5c367 |
| SHA1 | eb37709724bac978340f95b213a7e7b9d3b6bdb4 |
| SHA256 | a20ee5054d599ac3e8f8a65b4dbf72deaf0bc68e60125bbff0612e88a21d20fc |
| SHA512 | 5ce6258986debfde67be2e2c3555bc1c4e8fc4cca94a2cccf865b72a99bd3d8a8329f148a297ec684c5715a25eb05a22f4781ea65e9ebb83f5f91f21453140cc |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\icudtl.dat
| MD5 | b8a8de4b8c323b9ca22ec538e938111b |
| SHA1 | a512f95ef86fdd36860c1c2b2041de6340a67b49 |
| SHA256 | b1c7da3ae626425b49de0046067eaf0fcfc236069442d9e374eacd55c6b421e2 |
| SHA512 | 8932a3325e132e46f4a9fbe2c6cebbd6934e7d202638370fa1fab46a7c53bc7055a9ac52f6f079b3db850a02d0acbc2d0a2c92990353734c9f051dcab83ec1e5 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 1c3c17729cf1df626ce69f440f967302 |
| SHA1 | 3aaa4a96480439bdebf049032b82fec0993636dd |
| SHA256 | 9a6fa7b1fa19b64aba24648977d882df44e1a6f9a91782d2c9ebfe99b484d663 |
| SHA512 | 7c3675b49d65e907822573351a82fde755d1b049c9ba05b921e87f178717a1277f0324ed2334ec81a6fdf0cd80a15acbde06e175b59962fea04c723bd179f92c |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | b88d918bee21399836c913c973c64706 |
| SHA1 | c1a684a75ebf0ab83db5066c051ea6ab768f32b1 |
| SHA256 | ff3164aa6ca026d887fa01ded8fe66580bfaab00fe569360dcb06065c4181e04 |
| SHA512 | 389641bd8a7581e94d7c0132b97e67fa0e6c47cf0d6a8e96a1f4a5046c8b583386401bd3c338020cfa4b9b6923461ca1694021ea50b3fc213cb8c71a2d5d33be |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | c0b36d56d83e601bf246f7709a8c5f9d |
| SHA1 | b025a6070f7d61c7d1827856d2d4043834fd23f2 |
| SHA256 | 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53 |
| SHA512 | e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 19dc9ee70e7765bb63a66b6826e8ecb7 |
| SHA1 | 1a12f983f8b35cc2955d30657971f113c47dc164 |
| SHA256 | 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f |
| SHA512 | 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\resources\app.asar
| MD5 | da11939ea0e0ab2ad6d69872e0218686 |
| SHA1 | ff9388463889e35da876ca6cb12840c5d16545b3 |
| SHA256 | a2aec21519c75deeb7b25dd4ed3b054619a544b2e9594b6a9be73da2d44ef489 |
| SHA512 | a29847db545bce85a01e6780feb361bf13fd79f3aee68f761266496f53cff88a5af2dec2146b581ac205d93209f6ec03f0774f57d9cf6afc6ce13e408bffebf1 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
\Users\Admin\AppData\Local\Temp\0958e1c2-28e3-418e-8e82-4060e926e1a2.tmp.node
| MD5 | 5317f23583ba935be25a4c26b3f93828 |
| SHA1 | bdc288a0576a9ca04295c2df6f71e260ae5097bc |
| SHA256 | 41db88f72dbc4ace9b4e6522b19f60e012980345fcb737cab1839ab0bb2f2cb3 |
| SHA512 | e3975f92f6bbd814cec4b6762b7f7475168dd43a717031de0d8055b7f5e4ce01dd011557c1301f9f9084f8a39248630c12f265a195c54c81f1efad9dd5bd91d0 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
memory/1184-580-0x0000000000060000-0x0000000000061000-memory.dmp
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 5f50d383ebd4dfc5708445f02bcf0413 |
| SHA1 | ab085e6addba18b97422d4d58a4a5d35cee05554 |
| SHA256 | 984c3e8139986d22888803d4f8445c56017c344428a0c888da750534167eb179 |
| SHA512 | 3034d1a3473c53db1d3446594068b6882679d4dab53e4460b86c55a3bed0df59aaaad5cefbf957501d0c00299311dd5dece63b42d157fe241c4583cd2ce2f418 |
\Users\Admin\AppData\Local\Temp\4abc51eb-746f-4885-bb5c-1b18313271d7.tmp.node
| MD5 | b4fdf467dc977d888e21a3147fc95b3a |
| SHA1 | a1f87f4971f4d0513f596c160f23d7b8d72664d5 |
| SHA256 | 78b2cc032c1950a5c3d7b439a52ba52e45068083675ab2577ebb419e9172fc49 |
| SHA512 | 1e6bed9a5e6bf18803c9e0325a13f04f3376c5a23980830ae7c8aa79846576b0cb2f9b6ba01770c2743416f159f6d36b9b13669ae3404f75915e785c76f2e77f |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nso8C0B.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
memory/1184-614-0x0000000077660000-0x0000000077661000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | b26e46db3602f9e0f24bd14034e1b8dc |
| SHA1 | 00215ad86f31930d1ade02ce7d26eb3c07841b93 |
| SHA256 | e04f611b6eacfad8dab3265e5f8b1a90ee7db13106b2e34581f5d3e6f9ead8ff |
| SHA512 | aa50477ddbe7d9b89ea6a1bdc8962a43ac8c3f6d6bcc53a7c347ce5caa0f43926ee85b86b7ea95c42607a5b992e1fcced1f77ec78bb68661b109921b2d8517b3 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 83d028e1e8dc759ae056fcb80985cc4e |
| SHA1 | a3f43720b0912e9d3abac43b01da8eb3f5e0200e |
| SHA256 | c5a53ad07dbd3e8659190637a20802bead2b4ec053c91bb8b09fabe2089d3c37 |
| SHA512 | d48cf55ad19b52c993fce6231d084f80f9f07c833895d52f87ffc06d266d631c39b873b3016a569cb8569671674020a849daf633c3046aa07b6f653dbfce5b6c |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\d3dcompiler_47.dll
| MD5 | ce37826b135e8ffac65adbe08fe90b03 |
| SHA1 | d2fdf0e4a67986c7adfac0387641c6e6e872b227 |
| SHA256 | f0c073064d42b6b8b1be8ab4fbe740649cd696150371b8ba0d0f28cdf44ab602 |
| SHA512 | 91e83dd73809f6b7ddc7dec2577232c1c683acf0d31152ffbb607941429cabef8580b40707ffa02c721d36b5ef8654d6b8c7af8ab687ddc5608b69be8c438468 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\D3DCompiler_47.dll
| MD5 | 30049cfaccd1cd28ae462bc3ad2b729c |
| SHA1 | 838cf59660e641511a663d57c896959daef01099 |
| SHA256 | 09486b1f07d2a9dfea994b3a92c58a748595aa73b54f6d0b98f1c89cbeeca550 |
| SHA512 | 58615ff819a033e572f8eef76672a31c7a4f89649cc74694a7da5838bcddd04ede2383df373821a30a406bf94304f48f07ca85a2cb0273b3404b7d089459f295 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | bacf30f2b5b2ed6db58691ffc803b0e5 |
| SHA1 | a66216b8de6bdeec8e122252a656568eb0e80a14 |
| SHA256 | aeff80ed2b536b39295793349c1f54a821db0d758860ae227dd9d20754a4f331 |
| SHA512 | 27cc81cee01f5ac4202aedaedd20bee8da82b2b211aad889b33817adea310508ab7b1bc95c179342814f14bb8411b7dd183710d2150caa6dd3b7beff213a9c51 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libGLESv2.dll
| MD5 | 0b8665410e1aaa0795e10b2897c8c292 |
| SHA1 | dc336e3fd9a0a4c063e615270e2a018970589f4d |
| SHA256 | be5b579021c5e9b41246292f448f080ff08cac0ef35a0675289f03005265d589 |
| SHA512 | 7298377aafb5e6884f5fc40d9228fecdc33f313e3d06c0a34c7bf59f3e079732005c0d647ab407b94ad746a5eb9df10ab80212a80b116e3bd9371d7ee23682f6 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libglesv2.dll
| MD5 | 3eea84e8fadb2d8abbe826a934a7c6ec |
| SHA1 | 02a534e92cd03e9a886fca3cbc259ea9a1101074 |
| SHA256 | 82b421f9c397dd8cbf994d27e5142e449dabd82fe72392721bf343cccd933b40 |
| SHA512 | 1352b350738cbe7773961cbc7701b941a5bc8967d8ac0fe1b9639fa174164b2fcce8a15f84d0af748c3b08b50b33e5f94dffb920472e0dd4fa1032dba6d932e8 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 7e7a9f31cbdfd9ce9993216ca7bb35ea |
| SHA1 | a10e0bdf9e82b198a4b1fd25b50d85e51f0d780b |
| SHA256 | b760c2d1f0db86693c26686c31fee4521e284d069f3e74d3e70c4d54a50267a3 |
| SHA512 | 2f2cb529761fdd01c51deea8b88aadeeb4561eb9d93958eae1298511b14d9a2e27b25be0d5e2f3d7f533065d32e4b24ce0f2f94a2f484c31c5279a88c4f08b94 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 4e28b262857c4e2551bc018684aee08c |
| SHA1 | ec0956cf13a6450800874efda760e5b86f4df864 |
| SHA256 | 155a883015926878300483dff27500ad39f076ccdcc15cda4c4ac14a5170c876 |
| SHA512 | 715b43bd75620bf1684926e1ecc4cc7b39a0690dd7cc5725d5482bc42a1b5fba0977f4779ff6c230fe4969d7c9a1b90b060d3ad8f1283cea1d24b25d93097dee |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libEGL.dll
| MD5 | 246323c83b7360d65170010b0fcfb8af |
| SHA1 | 4d38f14263d2b8d28324c458dfe7bc97a0077a18 |
| SHA256 | e513f752dc1523876ec8718cf2990f2c3f5d42e3afa64e5db849e390f8902990 |
| SHA512 | 0c30de1dd3f29e19a6a6f8a38ff340cb22a42f3f27257bac33e4ee2d1cf337ba0c2720848f5dc554d060d55dd96a5f4cc97d314a76903b55ea4e6dccdfe08d41 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libGLESv2.dll
| MD5 | 1a69ba397361a006aa2b5caddc50a7fb |
| SHA1 | 468494f1d9be9fc909e1c49507ca6e33fd010f8b |
| SHA256 | ec30e487814f2528e30f2a954a42227bf200c49485d11e794baeedabe98abc44 |
| SHA512 | d4a2224800956df62e465bd0b43bdd5ec465fd272049fa521f088b4a0889e0d40738e69d1c870c3b8dfc17d80752fbabc1ae2b931614bc99f307b87717a792b5 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\d3dcompiler_47.dll
| MD5 | 92ad5151ef59187cd55c41310382a5d2 |
| SHA1 | 0456996735df57ba284e335cb4e0475b2e509c67 |
| SHA256 | 496798ab7596c61ec6b648a58ebad8f9173469eea6206f2386a778c4f4c7a351 |
| SHA512 | 65e57c433d6291329c24543ba1ec212db6d9cbe7c2ba432cc77abc15e65d8505d92bcf1c7a7e97a2edefdb123fa6d851276135f5d1988751190f5b8fedfe61d7 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 52aa4979a3faee70eca6fbfbed749f2b |
| SHA1 | 3c8d7b5124718b0f0620d347b86b8ad72a217c07 |
| SHA256 | 682deec9c5d612ba5df5e600c7226ca699965f1c1999d2861a39f67a573e20df |
| SHA512 | 2d0cce6e2068346eefec4a89bcb5d63c8eec0202dd4d6eeb9fa18e5f90387a082b0d2cca52be75f47f15c34e069893aa63ba259691afad9641104a4e170679a8 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | bf80c4238b86c6d2957674bc6e032b94 |
| SHA1 | b0f1c92e15861d1c47769d0721fb960364232a75 |
| SHA256 | 7fad43e1992f42ce3a8e6dc07ad75a287e72e2bb96333d0d43ffcca75dd2b0d7 |
| SHA512 | 1ff518201d5006ac1cefe7b9dec5e9835bc44d2da4d0f000a386330eb5d258d61ba8033917e62b37ccccfcf856eaca3c38dab4b6220860454e80adee38c7b180 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | fec1fc6ecaec789058b29effec402036 |
| SHA1 | 7e2f247d9e749e4b87873556f90160c760b784f6 |
| SHA256 | d8dcc3c5044d0b4696593f04cd2da2ff0a9d7a55dde6ea0add1d89ac63baa1a3 |
| SHA512 | 98bd1b25f8f20f60b26a1bdf2b8a01b648baa1f5512ef1a364a93b27adfc483cb06ff64c47129873347d76622342f13ed212c9f3a7d582dfc31d46c1f93ab2ad |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 34779be7653acd1d5e83feaeb764f86d |
| SHA1 | ac2ff06e98a2237ff5b3c5732983ceb6c6b5a78b |
| SHA256 | 6a4f8579cdeeb9c219834c91c6a2149abe2b7c361d7252228d62366a6d10b8cc |
| SHA512 | 5b237ea5d77df0f7ebd1455f495e68c288f89c8e6907b30badac72f48550b73680dd29befce4c98646beb398ebe1a64c742d7c80fc159637c3193bf664b4f805 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 3e6081cf8da20ac43514cfb44b4d6338 |
| SHA1 | 47fe8cb68bc44cb38ce72ac44eb6964de61e6c49 |
| SHA256 | fdf4adaded16ca70297a30d9b44c691827bf115106a30a3127aa90a93edc9294 |
| SHA512 | 182e2173a754d1683d4b8c0d2e0c625bd33a84fe1e3ea178754243f0cb17e62685f360372beb0825b2a568eb7d4913bbce57dc8453b2dadd5471ce3c7a1a94fa |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libGLESv2.dll
| MD5 | 50abdc2a131f73ed17f0904aff710cae |
| SHA1 | c96a7d88150653fd77926146ec2dd9eb25425ee6 |
| SHA256 | 15ca0fb3c51c48a1671bc1040a24263727b76baea4520c16d59e814c3c95bd03 |
| SHA512 | 8221a9cd67bb47c00298e586e7e404894b88715d999560f5ad4314b9034d5b02cc01cfee4c2eb0a8fc1b951b56ce1bcfee65ed9547e0bb864a3e242626e25ceb |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 2e16765ba631c20064aad3327151511d |
| SHA1 | 910183ca36ccdcfe1fbe73d4c1d2d0931a827bef |
| SHA256 | c576f927c6c802fd913d5c685a85cc04a7a3f62a74a1b9b0085823bf890964d8 |
| SHA512 | 895e47290ab8f04b4092b43136ec2bd5f599b011d633088f591073eb532f8100ef5f1dc43403bd709d6a3690dda6453374629a71145634dc8e5580bcd165cac9 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | bc4cd80f8f55241be7dd4924c83afa69 |
| SHA1 | 4df7d81c31c1f02f69e5d9b2910a4768a7b13169 |
| SHA256 | 9bbc5cb32ea49f2fc7ce954a12a908fcb9fdec4ea00bb35cd463b5dc9e35c858 |
| SHA512 | 681991a6a188e3d4faf36c02b1b7f80eda49c5b28619d2367088c3f591b2d9acab67bc679fcf42e951c47b1c96873dff9e393c678a129b0c765de09db459908f |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | cba244910fd84acdf60ee820b1353f90 |
| SHA1 | 9794374ad9f8cf23e4936787b1a6bf51e35a43d8 |
| SHA256 | 87b1153fd328fe2647b8750ea5a2574b2e17c4a6546020762017e69a5848321f |
| SHA512 | ed439f11515330a149b10db9f7cc1709ca097de17b1b922d947cdba61a8271765311d80980e504d09941eb7df7d576b647110c6ca7e577ca6e3c87a22e953b84 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libGLESv2.dll
| MD5 | 102adbadde6f89c780b75e402819331c |
| SHA1 | 951187238208643758057a57efd290f514256969 |
| SHA256 | f3240b44b4f854d01471506564f0e651e7d6485ecf90331b3fd837450bb520fc |
| SHA512 | 1367d6e1059de28895a91f179ec9c8c036b9311d625e20448a2337de260db7b536d24fa11d593003cd6b26a51bd48eb525a0502f29973434878161348f3cd8f1 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\vk_swiftshader.dll
| MD5 | 7eb9e7389ef56d618082393cae9e8622 |
| SHA1 | 010b822929562db37fa943e3e0329bcd267cfb51 |
| SHA256 | 7fd43a09050795f786f5b29880ce281102c82c9933bbb9a1f054eb5ccb5eec8a |
| SHA512 | 613e14c653fa5e6331578088ef3075a049554dc2219874e7d8cd7822dc4873b8af1d6ad10492af79c08f7078553724dea6ad6a25784a6201ecf034a604dd9a3e |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\vk_swiftshader.dll
| MD5 | a340ebcf4730dc5b2e15eedd50246af4 |
| SHA1 | 2d011dac74b0a5b56ae7ff00f73533a9b1cae552 |
| SHA256 | 9acf86dad8609ee0ba4a65f46a658bf8a75965d1b02a302e3e79dba7f1ee658b |
| SHA512 | b3c30aa21a7b9b31a7d55c4b2d36e0239304b509497d041cf4dd771ddbac4535e69c1d2a84727f6599b2fede0dd30b1f8536744c76bfc49b5b6e9cc1e9b3fc82 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\vk_swiftshader.dll
| MD5 | 5528804cca6af4c16b96dfb82ed7bdd7 |
| SHA1 | 5dd9f1fa81ef76bdc0f78767143a766971eda003 |
| SHA256 | 7147f22e4693899f692e6f476fd85c272dbb85be062b1b7fd522783ac4f43d03 |
| SHA512 | a615283b6029656225403138f500578b3b77125c5b6c2778df5d7f0b26fe9d9548ae1081691635968387b9b6e3373bc83635f0ce202891e9ce63210be36c8e87 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\vk_swiftshader.dll
| MD5 | 8b60f7b1003198f9b620454dcf873e4e |
| SHA1 | 2b98a56aab668f1cf0724e198ef3146bc1861aa1 |
| SHA256 | 31e0b70036df6d5460002cb435e7dc5a951f48419062b48f4c60b389327822a7 |
| SHA512 | 4ebc878ca9c0af95b79218b9fe8f711d11c9df92b74698e03fd35b9f4357dafc359b053da62e0eb1e4b5a9dc19700dffcda5f5133c1c7688d9e071d71849bd57 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\d3dcompiler_47.dll
| MD5 | 00460c2cfd7459068ad5d1b6a5142cc7 |
| SHA1 | 87b74b6b6ef9e1c1b2623a44977b6c9b7b4a17b3 |
| SHA256 | 71c9ce833e589c3ec57683867387e8685a003290ef4e3898419d2a3da7dbf819 |
| SHA512 | 05c4c783c72db44ff094d1e6f6fd5300f9caf9da7644bf4a38790bf94a8589eaacf53fb6007f137186c889a3b392fdecfc6a44d5b282576b2928591164993235 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 54dd6f8cda74840af69b0d9971403b65 |
| SHA1 | a8d0a46a4ed89f03842c1408c1e6a0d2ea4a02ae |
| SHA256 | 3cc1e9b98ba0029dfb4732e141f85b0f791665691b61b6757ac5a1d38af5dd1f |
| SHA512 | e2e7c8c733c3bcc9f46c7608f015bd0ecd27eefe464fef882d9b6105f1f49f28f87559aa21620f6df7085003b9486dc92c509f3f9d9f0ff25368ede0ac3f1332 |
memory/1832-788-0x000000001B3E0000-0x000000001B6C2000-memory.dmp
memory/1832-789-0x0000000002360000-0x0000000002368000-memory.dmp
memory/1832-794-0x000007FEF36B0000-0x000007FEF404D000-memory.dmp
memory/1832-793-0x00000000026C0000-0x0000000002740000-memory.dmp
memory/1832-792-0x00000000026C0000-0x0000000002740000-memory.dmp
memory/1832-791-0x00000000026C0000-0x0000000002740000-memory.dmp
memory/1832-790-0x000007FEF36B0000-0x000007FEF404D000-memory.dmp
memory/1832-795-0x00000000026C0000-0x0000000002740000-memory.dmp
memory/1832-796-0x000007FEF36B0000-0x000007FEF404D000-memory.dmp
memory/1832-799-0x00000000026C0000-0x0000000002740000-memory.dmp
memory/1832-800-0x00000000026C0000-0x0000000002740000-memory.dmp
memory/1832-798-0x00000000026C0000-0x0000000002740000-memory.dmp