Analysis Overview
SHA256
15bb700544c589dba519ae5692062b766d9eced9ed7f6fabc3c44acd686ec2cc
Threat Level: Known bad
The file TatsuBeta.exe was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata
Executes dropped EXE
Drops startup file
Checks computer location settings
Reads user/profile data of web browsers
Loads dropped DLL
Adds Run key to start application
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Drops autorun.inf file
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Detects videocard installed
Enumerates processes with tasklist
Views/modifies file attributes
Collects information from the system
Creates scheduled task(s)
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Runs net.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-17 16:29
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-17 16:29
Reported
2023-12-17 17:00
Platform
win10-20231215-en
Max time kernel
1800s
Max time network
1604s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TatsuBeta.exe | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsDriverSetupOe5Ry9 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\TatsuBeta.exe" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000\Software\Microsoft\Windows\CurrentVersion\Run\Start_Oe5Ry9 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\sysWin10Boot_Oe5Ry9.vbs" | C:\Windows\system32\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1396 --field-trial-handle=1612,5261394436306368234,7280813761924518251,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4772 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=4772 get ExecutablePath
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1832 --field-trial-handle=1612,5261394436306368234,7280813761924518251,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=4772 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4772 get ExecutablePath"
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn WindowsDriverSetupOe5Ry9 /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupOe5Ry9 /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe /f
C:\Windows\system32\cmd.exe
cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupOe5Ry9 /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupOe5Ry9 /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupOe5Ry9 /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe /f"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\"""
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\YElMJWd8YFAaptnoFFMc\System\cam.1340_Admin.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\YElMJWd8YFAaptnoFFMc\System\cam.1340_Admin"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_Oe5Ry9.vbs\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_Oe5Ry9.vbs\"""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_Oe5Ry9 /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_Oe5Ry9.vbs /f"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_Oe5Ry9 /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_Oe5Ry9.vbs /f
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_Oe5Ry9.vbs
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2328 --field-trial-handle=1612,5261394436306368234,7280813761924518251,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store7.gofile.io | udp |
| US | 136.175.9.9:443 | store7.gofile.io | tcp |
| US | 8.8.8.8:53 | 9.9.175.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hawkish.eu | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 8.8.8.8:53 | 96.121.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.178.17.96.in-addr.arpa | udp |
Files
\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\ffmpeg.dll
| MD5 | c3842fb3087cdcdb04020ac38683c289 |
| SHA1 | 329dbcd4a1c79b891b200f11eb50194b85c493bc |
| SHA256 | e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133 |
| SHA512 | 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\icudtl.dat
| MD5 | ebeee4a047743d304a0250c6de3691c4 |
| SHA1 | 2278b8e34ee9767b7ee95755953d41bb4ad6c583 |
| SHA256 | c4b4f339503367ddeef90ea9fa7c0a672af70dad79529ff5e399b7c4fa019eb6 |
| SHA512 | bf5f4cfc8566d73339a8095db0e56ef83d9d21de98f2a6d0002e7dce8d74305066559c327d0d76090885a8a1373d419f192b42ff7d6d8df5af0567c21a2bd113 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\LICENSES.chromium.html
| MD5 | 1d49fb786e88ebadc67f459b504bac76 |
| SHA1 | 3fa2fcae78d313e1d3a8bfe53a06a6ba89427138 |
| SHA256 | 74c3c1f9489a68e567a4e1837b4945d0fa239eac0d0e544108148799502058c4 |
| SHA512 | 16e5fec659ba2b5b87cbfad93242be4513a0bccab24a963f0f780c116d7adc17f3744a5f8013a789e0f548c406fef63baf8f734f71e8479500c259a657fbeb08 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\snapshot_blob.bin
| MD5 | cbd43981f8b4a67059bfe6abcd3d7063 |
| SHA1 | 2a8375487f9360773fe8a84b78e93a59a955fdec |
| SHA256 | 59e14433408c18ffd8f0fb9d7243feb1f8f22c63c4941c6e874ea17bf992b2d7 |
| SHA512 | ce8c5b314be69ecf37d69bd82a0d3d9041abc901b885b9fc3dec402752d65242f389e3f9a1dab84b9e7267e05ada2e933b7130bbd599b8f47a2f4716971059a4 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\resources.pak
| MD5 | 9350cd7a257321d92de03f8c341b7dcc |
| SHA1 | 83c3e110b57ba7313c7b55e0255f37fca27c6c81 |
| SHA256 | 163a267759966bc1dfe49448c5200b6778b1438adbc06613e554c48424bf282f |
| SHA512 | 5d1c923669f09727ae8024703bab86684ce3468d7a9db59473ac3a39215ddc11982ac8a3897362dfc37a23d7e010f7eb53ae9e48238161da08204fac7d8cc6ee |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\vulkan-1.dll
| MD5 | 4aeef8af17d8afdd9a018686bf398c8c |
| SHA1 | 4536f648e57f8fecb7d40fcfbe8694dc0e6f9299 |
| SHA256 | 9d2da1c360891765804974cca302d754a479b370386e9d709857b46fec97257d |
| SHA512 | e72101aa1ce6ea0852cb23350ea7ab188da498befd57f04741f9d91d8d98be833fead0687868639c32aa1d60a3f250739c7f316ce10bb471e9b8974025299f4a |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\vk_swiftshader.dll
| MD5 | 7eb9e7389ef56d618082393cae9e8622 |
| SHA1 | 010b822929562db37fa943e3e0329bcd267cfb51 |
| SHA256 | 7fd43a09050795f786f5b29880ce281102c82c9933bbb9a1f054eb5ccb5eec8a |
| SHA512 | 613e14c653fa5e6331578088ef3075a049554dc2219874e7d8cd7822dc4873b8af1d6ad10492af79c08f7078553724dea6ad6a25784a6201ecf034a604dd9a3e |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 5d94130579cabff7d30d483f12b166d1 |
| SHA1 | ffc10a0788c5e70240f866b6f2971fe46b8e0bd7 |
| SHA256 | 775b2f9622fad904ac5e9f2e1b2d0fa86e80536237a45a7bef7a96c2136201d8 |
| SHA512 | d265e4abde8090494b638869c058a29e306a9a2411de022245e3b8a8bd2b6fc35d0e620b927ed1e22736a493e638237a3764e2d83063a13e2d2cd6ea1eb3e309 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\TatsuBeta.exe
| MD5 | 721bc69c95bd9fb8492110ea1c95b256 |
| SHA1 | 397779eca4c3c6f89426ea98e25c2ef260482280 |
| SHA256 | e3cc251115f528a94f80e893506b267ea73a7ce96b80721a253d5ee19f69f67e |
| SHA512 | 0dce320ee1df79e0400db66566a5bce0d0fa6ef29d1b5ebe2d1cfbc58c2215cfa7d4cd5a8b7474681f74169ca712569f7d5e76e935a268a4e61c716036b80b2a |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\libGLESv2.dll
| MD5 | b687de90b919ea3d7dff98b90a3f5f38 |
| SHA1 | 189a66c43d4f35e4fa5add7fae951e50d4ba56b4 |
| SHA256 | 3d5dadd3bb85bcf8c7f2daf89642fd461402c8ca17332be34c7b0f8be77c58fc |
| SHA512 | 924db5752b4962671b953d3a5037b24f5275fb26086fcda7c59ac010c43ce2f08168b071132107a7253dc39a487d375ec71406296e5f25de3f179c7804a73488 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\resources\app.asar
| MD5 | 802a8b0d3ee6bebc7b79a733961b0c65 |
| SHA1 | cea8d1c2a6d84b8c32db1e089e1ee24e4897b2c3 |
| SHA256 | 44ff877afc0184d402c6d6b157528af8696a0e3f2fb43d31cbd24fbe6b3028c1 |
| SHA512 | 54992b0c55ba8a373b913fd3a194955e07ac2ff1e7c162101ac978448c1f277cda2975dbb1737bd1025fcfaf51c6b718e0fa7127818766046100ad66022ca9e9 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 04aaf77166c028be09459de91c364fb7 |
| SHA1 | f76c067ae306ce0ca142362d470ba1d728bad51d |
| SHA256 | 04830b6526f7734dd5f0f01c63d3d767344ea4cb7e9f7b237d66b09078d84a3b |
| SHA512 | 5d786b1d56c5ea2990ae2a2fa86c9a8fc0685667dd89a321f411243a8644b93e86f71ea93e37218b4f29a39423df4482a2ac160af6b2d2fc5d9d08f6707f700c |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | 56c598fd1e1d7fdfd4c9da1773b81621 |
| SHA1 | ae26ca11e74c1a604a0e0459d1f45e270cf5a33c |
| SHA256 | 9366670fc471283a39ffbfba08dda8d2bb14d67c94c1c4ac36ccf58d47cc5652 |
| SHA512 | bf0a080380ae657361390b1d73a877bde95d9ef772a387ab8d94d46046ccde3d3b6a9f9a9994d2683adb3346d6ed11294f579a63b76a47ed83c430dd5a388bae |
C:\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
\Users\Admin\AppData\Local\Temp\nsqA2A9.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 2cdfddf7b10800f7a264c7728bb0d548 |
| SHA1 | 195c40892c51668bea764ded0db41031b243f68d |
| SHA256 | 21760f3c79c28fff67880ecd0d05a65d90c9d78f8d0a012c0b2d893b8e5a6812 |
| SHA512 | caf9357d0c05d45dcd064414542d1698cdc38432248a59980904db6818f0f7928b000b539e7575a5921cc9fa2a8cb14a4b01eadf1d005b32e16bc4f898873d61 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\icudtl.dat
| MD5 | 7af67b6243317d2e0379db57e1294106 |
| SHA1 | 77f269da7c351c9b600ab3668fb9a5c7ef4073c0 |
| SHA256 | 11ed7353aef720f8091db299469c0973d0c09a25f31c6bf481b6d2c92566ce48 |
| SHA512 | 85d6367dee051f5d58af7c1f5a7db8dd06499cf52a687e90e47c355b32d4718483cf715f7baa32a4a5d0cfb225b894c229386e2969c4bf04d3863d62e7c00061 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar
| MD5 | 111ad68e18e609a5a14b830f3e6aa821 |
| SHA1 | a4bad69f6732a87e842d3ed3a7b17f40200e67cb |
| SHA256 | 346493f1839f46b651a15bc1ec2880017902abbec5143a36bee036b0940e014c |
| SHA512 | 326857b96a65d70ded11053db2bc4f476926ee74068077f6e5d47df379300726f4a94874b2095db61a456fb03a109f2a7adc0b2f1d40068e54d3cdaae653e214 |
\Users\Admin\AppData\Local\Temp\6d406f46-27ca-490c-8e06-7990fafe998b.tmp.node
| MD5 | 5317f23583ba935be25a4c26b3f93828 |
| SHA1 | bdc288a0576a9ca04295c2df6f71e260ae5097bc |
| SHA256 | 41db88f72dbc4ace9b4e6522b19f60e012980345fcb737cab1839ab0bb2f2cb3 |
| SHA512 | e3975f92f6bbd814cec4b6762b7f7475168dd43a717031de0d8055b7f5e4ce01dd011557c1301f9f9084f8a39248630c12f265a195c54c81f1efad9dd5bd91d0 |
\Users\Admin\AppData\Local\Temp\fea2a863-28f2-4f0b-9340-9e0d17fb4e66.tmp.node
| MD5 | 801ee66c1e8f4d4c8fdb9ec1512a39cb |
| SHA1 | f254bc4909a60675fe22d4c8d4228d54834a93e0 |
| SHA256 | 47fef8f833446a246b28c4c72cff803c63e1d0f6d288b129822b26c2a6d393c6 |
| SHA512 | 6ed505abea2465c4445238797f5eb9a99eb80b8713ffe2930d6e1c0efdede23712dbb471490bda4277ade7c253e25c380a65dc11e26e2ed8ab74ee31db1e3ae1 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources.pak
| MD5 | 0c46bcb923d73fd735f5659aa775c426 |
| SHA1 | 9f3ffddaee2fc2bfeacc3011551561e29f5714d9 |
| SHA256 | 26d0500e1c7097068714c5cb3dac5126e6ce644d01e30d6d13b9a1e4ca7dfab7 |
| SHA512 | 0d006e28f7ace87d386a08488a1a3e9bd13c63d19bad3f67786c0d28214686a41d50d0ba0ebf200bb8755c186511cc7b5bb7c52b0c859bd33729e17e69f5c698 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 1a33f7a1a3f36d2c68d8432ea9b79163 |
| SHA1 | 3bfe2e85bdcd9ba92fd5e0e9dedded1052fc04cc |
| SHA256 | df84b6d02f8f4caf7c0a834348bde32ac91939f021ab42cf4ee6faad3215d195 |
| SHA512 | 7edbf2ab494d540d1be8388c4c034002e36b6b43a002029d569322df98d62a387708b5cbcc3a02b8b310878c81ff47f8c259d679bc5b630ffa51e4d3c57d1183 |
memory/4088-581-0x00007FF97EA10000-0x00007FF97EA11000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 02da11454b83e55a32b418bf2735e88c |
| SHA1 | b24561343a037d1c6f97d146ac9e7d16ec86c7d9 |
| SHA256 | fef968b7031f85b7a951409eeddf8793a4e72ed2ca79df9c48cbfd004b5e8c25 |
| SHA512 | 826575fa6e6ba2ec56c11e03ad80272a8e954b2bb5da3e35fd1e656c8a4066802f38e509b01d37c46e47629999df2990ef3024b044d915b316eab962e484865e |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 8f1a08afb21528380f2d63db1413566b |
| SHA1 | 47479b2e05b6526d1e0d6fc010edc03c481d8b6e |
| SHA256 | 90339a5259a67ccb22522d5eb2c2052d683b5ceae8e6a2516d8fc7ca5b835317 |
| SHA512 | e2b52af2ca8aad4d793587807a4fe5cfba96dc7b8cd6f4349abc141f2f73a63c6af493ae486c7eb60145de3e56d82f8ddb30c0207a91c98d5329ecbf59e870b5 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libEGL.dll
| MD5 | 1fb7af00bc52f051404325a41187b0b1 |
| SHA1 | 2e6dbbe0cdaf85487485f1c8ab6e524b76824b8e |
| SHA256 | 5c8778ee885b3375d02ffce4b3f532ade94ddba73e5bf7fb45c6e21ede4ccf61 |
| SHA512 | c63e0787095727716b625f73448b23857c0afb265e3163a3e5a41967d9eefc944e9e08ee729c771a2569bf12069201ff740510a6b55430a799f2bd4fc397c2a7 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libegl.dll
| MD5 | fc7515128149be6b11834a05d073db62 |
| SHA1 | 339f2dbf5cd18056fc0413ff8a77c46f11b79d66 |
| SHA256 | 03cd52bd0e9f4870f4462130b98056ca4022a2d344bf9843b52f66c881f76cc7 |
| SHA512 | 9e74c55a55c55ed72608f89216631ca97110f6e6b3bcbd6a132cea159c53de75e50d8526f0c01e8af9db0953d4444f04e45599ca592d3b40e4fe696410f69a5e |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libGLESv2.dll
| MD5 | 7f85bd4f7ee65ca8e2485c1fae67355e |
| SHA1 | 3f35d42ec6df85e8eae37d16e0e2de15889b720c |
| SHA256 | b35f70ff7523b7b65ba4e5e56ab24ccb1bcc97064cf18ce67df62fe72fb93a1c |
| SHA512 | 43dec3f2f6f6facfbaa43ffee67ab40fd3be53be1e159ee20c85ee4517b5199103fd623a17986841d0d81d9c47d927fca91fe09b9bcb503b9cedee6b7f4f7ef0 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libglesv2.dll
| MD5 | 131795deb0a674fb27506d542bad088f |
| SHA1 | 70dcd12562fb0f3763fbdce605a9143b285730a1 |
| SHA256 | f8983359afd04904f380c5bf05c4909aad64ba168e1d2487429a6020e3ebcbb7 |
| SHA512 | 371396c3028297e3ba67a047f9c2ed21cbeb827bcf4b8458a25b257c3b951f8945178def76897884520af1ccd6f6fd7191d94de31cd35a19e0308316fed0ca8b |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\d3dcompiler_47.dll
| MD5 | e82f48a548e93f57ce6d1e3ef343a737 |
| SHA1 | 1e3eab29329ae3fab4f36f2ff0e4cae488be3118 |
| SHA256 | 6b0acc02abbcc96c01756feb85bda0c8017dd346bad00532fa48990df8de6467 |
| SHA512 | 6f05f6fc7f9fae7360e890bb60edeb37225f695ced8a25c8347fb94f9c6e4c83dbb31ae68fc9a2d8e9af2194ea96c8ed9e7015bcbfebdc4a5b8097c1cdd3f62d |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\D3DCompiler_47.dll
| MD5 | f09fa3b1319558050d4d1a5ea6a39b7c |
| SHA1 | d71cd485e27979627e65a7a560da7e77b5a68f7a |
| SHA256 | 6d534a6ce5a1991e917baa1aecc0c06fc5d2a27ec73b99fd81abaf2b77ff4663 |
| SHA512 | b2e996877cf95e7503686f80b624d42de5b28bdb558cf71d780bc48cb3b814903e12e33a4dbd5d6d6afc7c7839c0706fa9a7b84a84153620426bd5f7fff70808 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 9db32478964bbe7a66436545a27ec897 |
| SHA1 | 22f36da4fa43f63ac94d738bc7f12821c98f3296 |
| SHA256 | 290e243e703a94b113a407bfa9450be836eaf19eee935de05b79f380b59ce98a |
| SHA512 | d5abd559ec178daaa95752afb080fcbe058aa769e7bb56a2ea170ea3715d8aba1bdb7ddc0ad7bf093e34500b71c175d17c48d02c92c703275b084410ce6361f7 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 44873d44f279ce6b32b38d53af55e95b |
| SHA1 | 5143aaa23a594536e5773470289f9c3deda1681f |
| SHA256 | 6646f8f8ea160b301bf6619805a8fbf536bc799929accd2f15c17a8cf34a04ef |
| SHA512 | 91440d55c340a1ac92f393fb01ce5dbdc068086a09fda0b71d40a2441d0a16d36cced4ce7867cea0d2dd90e7a38dc0cfda52ceb61ffce922aeb0ac90b7fc6462 |
memory/2708-624-0x000002AAF67D0000-0x000002AAF67F2000-memory.dmp
memory/2708-625-0x00007FF9639A0000-0x00007FF96438C000-memory.dmp
memory/2708-627-0x000002AADE0E0000-0x000002AADE0F0000-memory.dmp
memory/2708-626-0x000002AADE0E0000-0x000002AADE0F0000-memory.dmp
memory/2708-630-0x000002AAF6980000-0x000002AAF69F6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_eltcitc0.bib.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/2708-645-0x000002AADE0E0000-0x000002AADE0F0000-memory.dmp
memory/2708-651-0x00007FF9639A0000-0x00007FF96438C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 5d574dc518025fad52b7886c1bff0e13 |
| SHA1 | 68217a5f9e9a64ca8fed9eefa4171786a8f9f8f7 |
| SHA256 | 755c4768f6e384030805284ab88689a325431667e9ab11d9aeaa55e9739742f2 |
| SHA512 | 21de152e07d269b265dae58d46e8c68a3268b2f78d771d4fc44377a14e0c6e73aadae923dcfd34ce2ef53c2eaa53d4df8f281d9b8a627edee213946c9ef37d13 |
memory/2664-661-0x0000015DCACD0000-0x0000015DCACE0000-memory.dmp
memory/2664-660-0x0000015DCACD0000-0x0000015DCACE0000-memory.dmp
memory/2664-658-0x00007FF9639A0000-0x00007FF96438C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b2711c97ce71e8c6fd9c502c0edfc3ff |
| SHA1 | 4587d62277eb8d4c40296ab3baea4c3276e86469 |
| SHA256 | a88898281c1cdbc106fe34f5ae9dfdcc1f9c168c68f45e6bf09f5ef2db279447 |
| SHA512 | 3c7254c02ed49fe38e411f04b148fe23d2fc46c950c7d8750d29f34142961b3bb5f5e390fe8b3a5f491d378cc73d9b3963012418a1d69001afcc04561b548d77 |
memory/2664-682-0x0000015DCACD0000-0x0000015DCACE0000-memory.dmp
memory/2664-683-0x00007FF9639A0000-0x00007FF96438C000-memory.dmp
memory/192-698-0x00000238C9EB0000-0x00000238C9EC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 0779c696f60097b538e978e0177735dc |
| SHA1 | 061fb150a7e2275b144a7defa6b8d08d056c74bc |
| SHA256 | adb366436cddbb1633b0ec654b1ead72c6075d0d7aa184e3096736bf2d752f6e |
| SHA512 | ddbf8c414941a9153ee07b84eab7bf1712ad36632d9559b214a8044926c356ca29d7008e548fd4148b8e3d5194ab49d112c7144b0c0fac15bbac025ce8778ac1 |
memory/192-697-0x00000238C9EB0000-0x00000238C9EC0000-memory.dmp
memory/192-695-0x00007FF9639A0000-0x00007FF96438C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe
| MD5 | 2042aaee4a99f11c2efd44e5dc9eebf9 |
| SHA1 | a58030dd672e09360356ae999b7a7d999ba65b65 |
| SHA256 | 013a1854dec98aebf94cdddebad753ecfb00811ab4c2231de3f2024c5260c7e8 |
| SHA512 | 380ee0e78418cd1982745aca097396d4c85ed9401400067ff68cb903aeefad4fe55ea216d9f9b0abad40fe791c73da191b390be1adac851c5309aa133ea61071 |
memory/192-716-0x00007FF9639A0000-0x00007FF96438C000-memory.dmp
memory/192-715-0x00000238C9EB0000-0x00000238C9EC0000-memory.dmp
memory/5936-725-0x00007FF9639A0000-0x00007FF96438C000-memory.dmp
memory/5936-727-0x00000249FA6F0000-0x00000249FA700000-memory.dmp
memory/5936-726-0x00000249FA6F0000-0x00000249FA700000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ce69b4b1f28c6c62f864fe557f4b8e97 |
| SHA1 | c0d13d57059305cda0dca87623dbd938a1ffdb1d |
| SHA256 | 33b11f41de861f2abfd85602132a93bea43d069ddad5ba6407c89029a60e538d |
| SHA512 | 9815156e1a84aaf212a86ed1a960509810e064216a337bf1fa5ff8cda65c5d3915eb57a4fc4c7727df927ec88b0d66864fee91a402a64b3acdf48f3f22ded473 |
memory/5936-747-0x00000249FA6F0000-0x00000249FA700000-memory.dmp
memory/5936-748-0x00000249FA6F0000-0x00000249FA700000-memory.dmp
memory/5936-752-0x00007FF9639A0000-0x00007FF96438C000-memory.dmp
memory/4088-759-0x0000020A81CF0000-0x0000020A81D41000-memory.dmp
memory/7296-762-0x00007FF9639A0000-0x00007FF96438C000-memory.dmp
memory/7296-764-0x00000209716E0000-0x00000209716F0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 757b3434050df564b5990eda3b5d505c |
| SHA1 | 6da098e1c34d9e68a81e4b6fa582fe614f3c912d |
| SHA256 | c2abf9951fcd8b68413e1406d3cbbfeacb5a3a63dbf5adbb2c5148505df65b13 |
| SHA512 | 81d315488c1f50593fe64d47daccb2fa01687ecbb8328203996d5daa6fa1e186b2cefe696e7d4f320ef1b210ceafa26ed63df6f830b67acf96da364ddc350262 |
memory/7296-765-0x00000209716E0000-0x00000209716F0000-memory.dmp
memory/7296-785-0x00000209716E0000-0x00000209716F0000-memory.dmp
memory/7296-786-0x00000209716E0000-0x00000209716F0000-memory.dmp
memory/7296-790-0x00007FF9639A0000-0x00007FF96438C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\places.sqlite_tmp
| MD5 | 119057067d09b55a2b30eb52df5ce451 |
| SHA1 | 19e4f3d4c5c86dd5558208dd93eed416144d9b97 |
| SHA256 | 94ed134bef1de08ba7ccc0a5688a1a159f651992931ab7ab6b954cd1e0bc8551 |
| SHA512 | 7e9756409f1fc23c14c63c00500a6b3bd3de6025a2f0a75e74e2da97abd486a78ceaee59a696f20fbe00dd828e2dc859ecc6569f64880b5cc3ab7f4d53db771a |
memory/7976-863-0x000001C548C10000-0x000001C548C20000-memory.dmp
memory/7976-861-0x00007FF9639A0000-0x00007FF96438C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_Oe5Ry9.vbs
| MD5 | f7d27a70a9b3401e88ceefe94fab7213 |
| SHA1 | e06cebcd6ca4f7f88c2254a7c8ade7a6ac570c2e |
| SHA256 | 2339aff5f64b9ffe948ffdfb4d5bdd1870a8a651771bba734ae372a5cdb1cac3 |
| SHA512 | 54fb9b5c1a770689386e140accc2410b517b91045a7065a836781f35f3346c5ecf2dbbdb6d362119da738fa770e911a1c816df9c21a6c47359bc80acc7d32e2e |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\manifest.json
| MD5 | 04c23766134b234e85cc537b2162efb1 |
| SHA1 | 45c48d9ca30a4580a682f025cc66331e49f6f158 |
| SHA256 | f50f62683347bbca52d7f7de0c877014ae77043753905628644e2d485dfb4900 |
| SHA512 | d246f59ad6d6e9fc8d8d88129302d55cb3d2ba7d52496915ee6791fa0576153070af76ea689cc74ccefc36456df749ac5c8f45cb12702961470f202078bfcb3c |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo128.png
| MD5 | 271847949971c396f77beaab936b7ea2 |
| SHA1 | b32c5a7eec49aa07f8ae73feb990626010c4b850 |
| SHA256 | a55224cdf06a5c2b937ba400604501f8b6ec93bc2c1cff62aa2fd378d504c657 |
| SHA512 | a2e141f68143f370e2b82a1c9c7c4b1c5f6fc2cfc2ad94acb8c5c02237af56f83904beaff3240e20397f0edbdfadf8779c0bd54b2cf0c9899fef59343e31794a |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo.png
| MD5 | 2b67e47cb8da1058770fe41d8b947619 |
| SHA1 | 9eb259b1d377a24a2b77a694cf31c23cef7b8eef |
| SHA256 | 46f616820751849512d2704ddb604666170d13315c4383b8c8611c3e1c2f594a |
| SHA512 | 27c0593d662df228e146c49af6da52e39523523af924cf95ba4890b1b42358b2b8df3cf2667d8f672eece4f7fe098574c4689677768dd54d3b872619c7b9ae55 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\manifest.json
| MD5 | 42ac88deb5c3cfc02fdc1c27319ee067 |
| SHA1 | 97b1addf35159800b90743fcfbb5505e80f6eb82 |
| SHA256 | 28486361faff1827fb9f1871529c48efaaf86027592d189afa6f99b14eb3f4bb |
| SHA512 | 77c4054a3cf061eb6f4f6e9803b74833a8fb0fe352239b5b47cf39ea5eea8104b9da6deab75018557476fbda856f3be8d57e6fe2eb777c45a7a1bdb1e72d02d5 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\js\jquery-3.5.1.min.js
| MD5 | 9ac39dc31635a363e377eda0f6fbe03f |
| SHA1 | 29fa5ad995e9ec866ece1d3d0b698fc556580eee |
| SHA256 | 9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38 |
| SHA512 | 0799ae01799707b444fca518c3af9b91fda40d0a2c114e84bc52bd1f756b5e0d60f6fd239f04bd4d5bc37b6cdbf02d299185cd62410f2a514a7b3bd4d60b49fc |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo48.png
| MD5 | 9f74f11972c3c0b161832ffab541bf31 |
| SHA1 | e5841ba20a229cdeab85d30690509e649e848271 |
| SHA256 | 8b74a0abdd566ffdf15891d6abd3537bffb0abce7f362c737c3de6752e136032 |
| SHA512 | b90f13eb65a4dcfdd596a7d9eba7c1ba5eb1a598e51107ce3dca07c0a0025469ab18c9958eff2b36f7e05a23f0d16d7d9d7c2321b8e1f2a456aaa7bec3ced0e8 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo16.png
| MD5 | 192e90432fed0081abb25295d8f309c4 |
| SHA1 | 5150e93061f39e26688afd60a04c0ab14b510d47 |
| SHA256 | 3216d6864b4f8824b82eb887edf95436dac3bea3f7d43d8988a176e3f1f8e1b2 |
| SHA512 | 9b9b3f85eb9f12ad1b4c8cfc5e672758d879e178179deb28e80e6c3b27871261bf6b52f9066850b5a7a2fd85012b5308eaf3dda882fa40febc9cf6b47f1a4f04 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7efbf5f91e33b754e61d4587e808e79d |
| SHA1 | 9ef68704701a33f80a0c90ee110806f79e642d88 |
| SHA256 | 8e7fa157d7f449e556c9938c494dd956fcdabec5fd5fae8dce5b4f0cb8e54954 |
| SHA512 | 5f33f01fb91016c56cc10ea467dd7753be25660ad831bc1fe460d1ecf232f844a4282b3df273d15fd37dbc945bdebe7afb7737fbbea581beff5b2d6ed3e56087 |
memory/7976-864-0x000001C548C10000-0x000001C548C20000-memory.dmp
memory/7976-999-0x00007FF9639A0000-0x00007FF96438C000-memory.dmp
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | dda4eb6213fb362fb11b332d3e52f875 |
| SHA1 | 557781fa6ccc8d15438fa65ea3e0c36d557ac244 |
| SHA256 | 54aa1595de397fe0a2be1e9c49d9058b26462afccfa5712c1e0b4a7147474639 |
| SHA512 | 775f78e913db7a976868639fb15656891422e08152bd7d188f98da88e296f6d07610c38270c6be53767bb0e924265f50d31802f1e77440e5f02645029b54f79d |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 59a528bbefe2211601488b9d8f5df366 |
| SHA1 | 3f05cf9d3db2a669999ba2694a9b2510292b5dba |
| SHA256 | 5cb8086b9e6d4a6abc2f7fc19c2da56ee168a2d24c4c59312e787f20a1048001 |
| SHA512 | c92cfb3a9fd1725197684d287b8a18028f1382c00722c0507f72039c18dbd4d36dd4840a8859f5a1ee00bf75cc0d53936445632503527044fa6a84103c83311b |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-17 16:29
Reported
2023-12-17 17:00
Platform
win10v2004-20231215-en
Max time kernel
1800s
Max time network
1173s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TatsuBeta.exe | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsDriverSetupvRsPBF = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\TatsuBeta.exe" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Start_vRsPBF = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\sysWin10Boot_vRsPBF.vbs" | C:\Windows\system32\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1704,7827095338831072824,14491167822985064857,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1928 --field-trial-handle=1704,7827095338831072824,14491167822985064857,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=4560 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4560 get ExecutablePath"
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4560 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=4560 get ExecutablePath
C:\Windows\system32\cmd.exe
cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupvRsPBF /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupvRsPBF /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\"""
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn WindowsDriverSetupvRsPBF /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupvRsPBF /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupvRsPBF /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\AQL5YPOxECi7zORMu2u8\System\cam.2200_Admin.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\AQL5YPOxECi7zORMu2u8\System\cam.2200_Admin"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_vRsPBF.vbs\"""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_vRsPBF /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_vRsPBF.vbs /f"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_vRsPBF.vbs\""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_vRsPBF /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_vRsPBF.vbs /f
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_vRsPBF.vbs
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salutfB3G0.ps1" -RunAsAdministrator"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salutfB3G0.ps1" -RunAsAdministrator
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=900 --field-trial-handle=1704,7827095338831072824,14491167822985064857,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store5.gofile.io | udp |
| US | 8.8.8.8:53 | 33.66.178.51.in-addr.arpa | udp |
| FR | 31.14.70.246:443 | store5.gofile.io | tcp |
| US | 8.8.8.8:53 | hawkish.eu | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | 246.70.14.31.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.121.5.163.in-addr.arpa | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 68da9e91321a892f07220fa46b845781 |
| SHA1 | 263d879cbecfba679cf3c8f839f135f60831dc1f |
| SHA256 | a7c33299cef5759701ef89704db5b647c75c06762683bed6b9101f1268af6f94 |
| SHA512 | 26bfcae526f75f71173903542825c1db9d83f9a37a41746d991c3f032c33efb8cf5c9799027dbb992df4d75aa140293f44aa6bff2527373fa199d766e3919e78 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\resources.pak
| MD5 | 0e0671e33afa74a430ee3a043683870c |
| SHA1 | c9bfc0fdc3a801de1505fc98b68acdbe9f9154cf |
| SHA256 | d9bfd2fc3213964a5b3fdd11933b1340b58bf7a20fe069e7dea2891b6b5d77e9 |
| SHA512 | 61402602614a9ef65a7134f09e268711a002345ba27a212a99f38a6b011eff5e6822dd0d8cbc56ee43508315b6970dd1c1be099836a5a967870551eb239278c4 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\LICENSES.chromium.html
| MD5 | a9090cd8be3a9da19bb911f2c605bd28 |
| SHA1 | 765bdcb08fdf49ffe61b38c78d953c9fcad84ac4 |
| SHA256 | 09c4dc74cd70a21bf4cd5157759d4c1d8f127cbced977ccb75ac22cbd9e85cac |
| SHA512 | 9e27ee01463ffa927f0ac8ed38bf0984c7f1157b7cafdf8f7bacfb77bdfd2987f0ab3d0d224d871f11217afd8b733d16d6cd6030367f8cc4d8b4e3ac0cfd3060 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\libGLESv2.dll
| MD5 | db7cbf3e4096db249d966a39bafa6b1d |
| SHA1 | 41421beec455c52ca68bef467ded14f0e14e3b9b |
| SHA256 | 8ad2f4c23e77f38d3e1608cecd6691b1fd70e120ec88cfec0bf98db3bdaecdac |
| SHA512 | 5376a6409f3cf8bb59441cb44975d236f94456c06d70b3614a84631489a56460af31baaeae8652c2016803ae605820e5729c199e4d7e77a55748945c8021c573 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\icudtl.dat
| MD5 | 0f57f31e83e6cada789884e1a74e8f30 |
| SHA1 | c9b4129c2c9ad20189a82e8f41428b42f619c355 |
| SHA256 | e3e735570ecf86eb90d11923045e61f36c3633b65c5728881b6c611e2999be4c |
| SHA512 | 7977c84e46fd6455ff051b12ff5ff793e1ccf61665e46ab19afce219d597e48301c67086afdc7cd5f9e2b0d926bcd65f2627c155f16fdca57cadae55f7ed1770 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\ffmpeg.dll
| MD5 | c3842fb3087cdcdb04020ac38683c289 |
| SHA1 | 329dbcd4a1c79b891b200f11eb50194b85c493bc |
| SHA256 | e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133 |
| SHA512 | 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\TatsuBeta.exe
| MD5 | 57925b911ec0a8f20d49f7e101fef75d |
| SHA1 | 924822ffe47cdf279b62b457dad8b26dde551803 |
| SHA256 | 18e232efd9cdf2a2ce1d4125ae05901dd9cd404bc79dbb165700e7bee38fc353 |
| SHA512 | ef2052ae371d7e2c3992dac46f56480fbe27c3705b9fe35533fba6972cf2a33938d518deed60a1e3034c4acad6a258f09a33f57718ce6c61be51c5a3b3f372b4 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\vk_swiftshader.dll
| MD5 | de2d91476e625278c30a5f69a1892e05 |
| SHA1 | 4d707f6a801611fb437f5c1cba31b0909bf41506 |
| SHA256 | 02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba |
| SHA512 | d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\resources\app.asar
| MD5 | ce68499bd7035f342debd5d85ba456ee |
| SHA1 | 7c4033beb56ed790e687c93877c15fec5a8b94a7 |
| SHA256 | d550dfce22488b857e171c78c6a24595450fe686eac343724cda57a08885f51d |
| SHA512 | 934b997037eeeb45746e08cf6b07ee9fadc5383300a30995a373e53d24d6db52158251baab3e607f43d771b14f4adc1d9727f1280236a231875d8eee2bac5b1d |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 19dc9ee70e7765bb63a66b6826e8ecb7 |
| SHA1 | 1a12f983f8b35cc2955d30657971f113c47dc164 |
| SHA256 | 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f |
| SHA512 | 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | c0b36d56d83e601bf246f7709a8c5f9d |
| SHA1 | b025a6070f7d61c7d1827856d2d4043834fd23f2 |
| SHA256 | 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53 |
| SHA512 | e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1 |
C:\Users\Admin\AppData\Local\Temp\nsv477A.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | b63efca4da4791825f323bef91c83316 |
| SHA1 | 38c430b5ed7c7d34a256806d1b4e2d62068b5b1e |
| SHA256 | 4a9f52af3a229326f7a5b33bb0248aa6d45e1d9c87e446aeb146a26e7a0f9c2c |
| SHA512 | e1375fc7f5d8705d3e5a242cdb3460f24f1590648ded9b4b72452372614cbfda928cf8d225edf306bd15ca3d00516cccabc058f03c638b527a1606efa823261d |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\icudtl.dat
| MD5 | aeaafb57d1b151ab82b3c173dbee709e |
| SHA1 | 57c5c0f6e16d036c51f6ed9c54f11a5ad33f97e6 |
| SHA256 | 409034c58a7f2f5a4b78a2361121674a6527b1a3ecf2d124665b57cdb5fbc6aa |
| SHA512 | 1ca69e7d88deb931812be108c820e907b0380537cbc1e45cbecdfca657606b68c5f824b941d418804dc6884ee09782a6fd6ee2fa046d3f7183a890c7e7eceba2 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar
| MD5 | 87b453c47a6b9dd50b1ac0592d07452b |
| SHA1 | 45c26605eff8c069ad0a0f8d1b742e5e112a3a68 |
| SHA256 | adc118a236574370cc03cd11717c070e0dc661a9854b0160111acc4ab90cdd2d |
| SHA512 | c9032c44f69c569e951c69121ff8d4100c9efaa6f32b069ec321ea922414ada21dd81e9c10018c094eed0c6d7aae57a4a8624b5d138e7c63c1ebba3b7cde0871 |
C:\Users\Admin\AppData\Local\Temp\b108a867-67ed-4e32-a7e4-7780cf17cc4f.tmp.node
| MD5 | 3072b68e3c226aff39e6782d025f25a8 |
| SHA1 | cf559196d74fa490ac8ce192db222c9f5c5a006a |
| SHA256 | 7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01 |
| SHA512 | 61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61 |
C:\Users\Admin\AppData\Local\Temp\bdde613b-afea-42e9-985b-d0d004330672.tmp.node
| MD5 | 5317f23583ba935be25a4c26b3f93828 |
| SHA1 | bdc288a0576a9ca04295c2df6f71e260ae5097bc |
| SHA256 | 41db88f72dbc4ace9b4e6522b19f60e012980345fcb737cab1839ab0bb2f2cb3 |
| SHA512 | e3975f92f6bbd814cec4b6762b7f7475168dd43a717031de0d8055b7f5e4ce01dd011557c1301f9f9084f8a39248630c12f265a195c54c81f1efad9dd5bd91d0 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources.pak
| MD5 | 358393223493d79b4885370c8cf12841 |
| SHA1 | 4baa9eb91dce2a60c0758bfbaa76497272a593bd |
| SHA256 | c2f8d422507e8ca126882116ad38ca0e25c5830f5700ffc4430188c8644bf320 |
| SHA512 | f4124603e1ab2ad623b74d6f9c5bc37161db12b0b191c85d5ff04015f858d4c49b505c93291f3c7d1575e8f109b2559fc9faa87a9a77aa684d2fb73183777751 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 616c342c7f0926cb4cf2cf32536a33fa |
| SHA1 | 5f0fbf7a1c17dd9aad7a77966c60fa269722e0b2 |
| SHA256 | 65e3dfa0358b2f5aef5c95ee161d8fa7d52e96e69028fa6e1627ace3bdbd2d48 |
| SHA512 | d5c44e248f27122e698cd7d0052379dbf6615886db3f1a6d0bc09c4680ca01cc985a1cdba61fbcd26331665204372bc57709ffdb5ccfbb2aeeeec3c4d99a965a |
memory/2900-578-0x00007FFA81D30000-0x00007FFA81D31000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 21a4668b9be72240e9c63ff123246471 |
| SHA1 | 624fc12f769c68b45cf0d95fc5a45927cfbd1dbe |
| SHA256 | 02b7a13ff386fe7a711086bad7eaaeb5b232f6a453adfb78aaefd28ede876d11 |
| SHA512 | d910b39731bdcb773321a74cc715caf06c15ae535ddf8c7b222c66c0d7046cf99d4b9f075e6a7435c90dfc9844b5729a759d3d0b1782640b28daa150c5957c14 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libGLESv2.dll
| MD5 | 0c9aa839c2c353caaab22f032ef1446a |
| SHA1 | 158bc5af43366171f29cfce033493bfcc787b9d2 |
| SHA256 | 809abbd038a92ba0115b9a86faedbd16427b40dc312efaedb72f02ac9efa9df0 |
| SHA512 | ed2861958a1e2bf66f650c880d60d266c2bb0bca8809dd8f38bebb95cea711e535fe92bc18a9eacd07b25d01af3be61b7443df6a297f2df81d1e02ada7ae68a2 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\D3DCompiler_47.dll
| MD5 | b1c78ad14d7366f1a3c0872928a59076 |
| SHA1 | c9d53a0f461f586bf4ae8995d03556634ffb6de4 |
| SHA256 | 3d9093990cc56f62190bc2983ce27c565aa77d2da6e56846150d2859f9c61fc3 |
| SHA512 | 1014b5f2eeba120487fdca56ab1ca4398b9452e3b47450ee98d5df05c9af8e599067b52d5a02de3177397c81abea77903fd104515c4ddda2204620cb969db55a |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libglesv2.dll
| MD5 | 5deebf09a1e029423276f1d17a632e68 |
| SHA1 | cbba1da5f1cdc2fe73a8b02b5e3e31d826a933e5 |
| SHA256 | 91dc81e0e40fa169a5a25e76242c16213bd0d532145ae23fba0e308d6fa42a2c |
| SHA512 | c0626f89a35aec551414b6ea8879d39e82e9f2e5e6070a47b46e37ed9958a28c20f3e888845064e1ac76c8043798e30a83f461c2b6ca3105dd2dc576dce4a813 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\d3dcompiler_47.dll
| MD5 | 6c92deef58c7974549c5fcbec6044eea |
| SHA1 | 8a52470b947970ef99804eb93b97623e44cb5eeb |
| SHA256 | 017c014d288fe4980d781d43532f00f33abd7d33ba5f7eb35ab1d1b86bf0418d |
| SHA512 | d4d28775fa303c6005f47887db814d206250f378cdbbf599a10427e50c1c6002aeb31199d6e5619838bd50f5735855c6a8b6f48fbd14d0d9d04d0b237dc98714 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 2ad21f16495b4dcb63b40ec157ff406c |
| SHA1 | b9948ebdcab9f74d863b9ea5290740519cb6e2b6 |
| SHA256 | 4affafa22dc43c2f44a17b18c48ad06a48f9edd92ac31294f21aafbd8738b3a3 |
| SHA512 | c46c6dd131dc1c503a235869e0150b9f40893b3837e699e49b514bbe30592d48eea654e867fec2d6c5ff91c17bbe2916447a9ddee93e6ae3cc292b4960b99d10 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qn2y0btj.0qh.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3788-606-0x00000260224B0000-0x00000260224D2000-memory.dmp
memory/3788-613-0x00000260221C0000-0x00000260221D0000-memory.dmp
memory/3788-612-0x00000260221C0000-0x00000260221D0000-memory.dmp
memory/3788-611-0x00007FFA612F0000-0x00007FFA61DB1000-memory.dmp
memory/3788-617-0x00007FFA612F0000-0x00007FFA61DB1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 6cf293cb4d80be23433eecf74ddb5503 |
| SHA1 | 24fe4752df102c2ef492954d6b046cb5512ad408 |
| SHA256 | b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8 |
| SHA512 | 0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00 |
memory/440-632-0x0000016918830000-0x0000016918840000-memory.dmp
memory/440-631-0x0000016918830000-0x0000016918840000-memory.dmp
memory/440-635-0x00007FFA612F0000-0x00007FFA61DB1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d8b9a260789a22d72263ef3bb119108c |
| SHA1 | 376a9bd48726f422679f2cd65003442c0b6f6dd5 |
| SHA256 | d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc |
| SHA512 | 550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b |
memory/440-620-0x00007FFA612F0000-0x00007FFA61DB1000-memory.dmp
memory/4620-641-0x00007FFA612F0000-0x00007FFA61DB1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
memory/4620-643-0x000001DBEB540000-0x000001DBEB550000-memory.dmp
memory/4620-642-0x000001DBEB540000-0x000001DBEB550000-memory.dmp
memory/4620-656-0x00007FFA612F0000-0x00007FFA61DB1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe
| MD5 | 06dcc4212923ff5a5cc8820951005add |
| SHA1 | c9b36f63153c2c83a0c8ce9676a90a861ae460b3 |
| SHA256 | 4d99c49097fbc3b8aa8e71c72515ef09c2b77d3fc69fab79394d84ac776d1301 |
| SHA512 | 89efeaa0034d404e83a81af704a25ac1f9ab1fd3e618a9f8781becd13ce6cf2e279fe8202ccafa76053bc8a4f9ffc3c0dd619316cb35ef369532bcaee00c06ec |
memory/6428-658-0x00007FFA612F0000-0x00007FFA61DB1000-memory.dmp
memory/6428-659-0x0000027E6AD60000-0x0000027E6AD70000-memory.dmp
memory/6428-660-0x0000027E6AD60000-0x0000027E6AD70000-memory.dmp
memory/6428-671-0x0000027E6AD60000-0x0000027E6AD70000-memory.dmp
memory/6428-673-0x00007FFA612F0000-0x00007FFA61DB1000-memory.dmp
memory/8188-675-0x00007FFA61410000-0x00007FFA61ED1000-memory.dmp
memory/8188-676-0x0000019492CF0000-0x0000019492D00000-memory.dmp
memory/8188-677-0x0000019492CF0000-0x0000019492D00000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e5ea61f668ad9fe64ff27dec34fe6d2f |
| SHA1 | 5d42aa122b1fa920028b9e9514bd3aeac8f7ff4b |
| SHA256 | 8f161e4c74eb4ca15c0601ce7a291f3ee1dc0aa46b788181bfe1d33f2b099466 |
| SHA512 | cb308188323699eaa2903424527bcb40585792f5152aa7ab02e32f94a0fcfe73cfca2c7b3cae73a9df3e307812dbd18d2d50acbbfeb75d87edf1eb83dd109f34 |
memory/8188-689-0x00007FFA61410000-0x00007FFA61ED1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\places.sqlite_tmp
| MD5 | 2ee24a8e72bd193e446acc1a0bb35cb5 |
| SHA1 | 653816ec9df15a76bea0dda0d0d02c89980661df |
| SHA256 | 5ada4c4ddbb120646f555bfc8b3f4b54b4f2f56ca0822eb909e1949f79ef8ce8 |
| SHA512 | 034eba77eb40799aae28766399c712f0f54d2050e06cdb0cff708cd2c75b9060bfa96e08e056291739198e8f54c96ae30219e710de30b91128f0bb7e6df2a84e |
memory/5836-742-0x00007FFA61410000-0x00007FFA61ED1000-memory.dmp
memory/5836-747-0x000002AFDB930000-0x000002AFDB940000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 107102102e02e48f37f5318c7e113c43 |
| SHA1 | 7fb10fc65c85fb4c050309f0872bc9389dcccc0d |
| SHA256 | 3c3f49948c1e832c86b959c32bc288ddedb500534b74df082f8967fc7f9976f7 |
| SHA512 | b108a47d7c3dd154cad44362b6cd557b7064096383d100e6cd64bfb19c4e2ad878ed4ee800776322ad3cc4bb721fb675b0ecab8f5661024188fa3aa19561841b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_vRsPBF.vbs
| MD5 | 68a5d61fb4436229aa54354481478edd |
| SHA1 | 3e4bc0b3d4a3e07224e615934c3c52e08070a5c2 |
| SHA256 | 01840ea504914244c884dd04f9c96fce55398de781360579823cd416d90054f3 |
| SHA512 | 1764657b85f8fc2004fc530889702758ba0e60147655783946024696efe518e4e5bf552b7554be97bd31492e7727cccb2018593284546a6ac39ac884fe4dd860 |
memory/5836-751-0x00007FFA61410000-0x00007FFA61ED1000-memory.dmp
memory/4224-785-0x00007FFA61410000-0x00007FFA61ED1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 894afb4ff3cd7ee1f69400e936f8fc9d |
| SHA1 | aa0eb6ac58f8997940c1aa2e6f6c42d7c3837e51 |
| SHA256 | 20948b37924c58362ffc5d1472667b53c6d7fc865ad541c901cebf41d04a03c9 |
| SHA512 | 449494468d267f9689a277ce858dac7dfda04ceb568f60170645582fd631901a9ef780da8e420cba8a297edc11cd63a874e3429b95cf90e7261d2b9ab8850e98 |
memory/4224-786-0x00000248ADAD0000-0x00000248ADAE0000-memory.dmp
C:\Users\Admin\AppData\Roaming\salutfB3G0.ps1
| MD5 | 28e4eda7451c625bbe806b745753f729 |
| SHA1 | d29e9b2c2ac5b10188cbae92cffba6827728543d |
| SHA256 | da79e10cdff90aa7f5ab3d3f226570107ecd20d48eb14067c7900367111df5ba |
| SHA512 | 932f53b6cd2aa55ab1475d85528069357fa7d9eea26051d1a4edb11872ca30d02c31c44bed3a48f0ccdbebe556e9d8ec2f4a0815bf177d93ab4272b3fe2fb0b5 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\manifest.json
| MD5 | 42ac88deb5c3cfc02fdc1c27319ee067 |
| SHA1 | 97b1addf35159800b90743fcfbb5505e80f6eb82 |
| SHA256 | 28486361faff1827fb9f1871529c48efaaf86027592d189afa6f99b14eb3f4bb |
| SHA512 | 77c4054a3cf061eb6f4f6e9803b74833a8fb0fe352239b5b47cf39ea5eea8104b9da6deab75018557476fbda856f3be8d57e6fe2eb777c45a7a1bdb1e72d02d5 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\js\jquery-3.5.1.min.js
| MD5 | 9ac39dc31635a363e377eda0f6fbe03f |
| SHA1 | 29fa5ad995e9ec866ece1d3d0b698fc556580eee |
| SHA256 | 9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38 |
| SHA512 | 0799ae01799707b444fca518c3af9b91fda40d0a2c114e84bc52bd1f756b5e0d60f6fd239f04bd4d5bc37b6cdbf02d299185cd62410f2a514a7b3bd4d60b49fc |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo48.png
| MD5 | 9f74f11972c3c0b161832ffab541bf31 |
| SHA1 | e5841ba20a229cdeab85d30690509e649e848271 |
| SHA256 | 8b74a0abdd566ffdf15891d6abd3537bffb0abce7f362c737c3de6752e136032 |
| SHA512 | b90f13eb65a4dcfdd596a7d9eba7c1ba5eb1a598e51107ce3dca07c0a0025469ab18c9958eff2b36f7e05a23f0d16d7d9d7c2321b8e1f2a456aaa7bec3ced0e8 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo16.png
| MD5 | 192e90432fed0081abb25295d8f309c4 |
| SHA1 | 5150e93061f39e26688afd60a04c0ab14b510d47 |
| SHA256 | 3216d6864b4f8824b82eb887edf95436dac3bea3f7d43d8988a176e3f1f8e1b2 |
| SHA512 | 9b9b3f85eb9f12ad1b4c8cfc5e672758d879e178179deb28e80e6c3b27871261bf6b52f9066850b5a7a2fd85012b5308eaf3dda882fa40febc9cf6b47f1a4f04 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo.png
| MD5 | 2b67e47cb8da1058770fe41d8b947619 |
| SHA1 | 9eb259b1d377a24a2b77a694cf31c23cef7b8eef |
| SHA256 | 46f616820751849512d2704ddb604666170d13315c4383b8c8611c3e1c2f594a |
| SHA512 | 27c0593d662df228e146c49af6da52e39523523af924cf95ba4890b1b42358b2b8df3cf2667d8f672eece4f7fe098574c4689677768dd54d3b872619c7b9ae55 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo128.png
| MD5 | 271847949971c396f77beaab936b7ea2 |
| SHA1 | b32c5a7eec49aa07f8ae73feb990626010c4b850 |
| SHA256 | a55224cdf06a5c2b937ba400604501f8b6ec93bc2c1cff62aa2fd378d504c657 |
| SHA512 | a2e141f68143f370e2b82a1c9c7c4b1c5f6fc2cfc2ad94acb8c5c02237af56f83904beaff3240e20397f0edbdfadf8779c0bd54b2cf0c9899fef59343e31794a |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\manifest.json
| MD5 | 04c23766134b234e85cc537b2162efb1 |
| SHA1 | 45c48d9ca30a4580a682f025cc66331e49f6f158 |
| SHA256 | f50f62683347bbca52d7f7de0c877014ae77043753905628644e2d485dfb4900 |
| SHA512 | d246f59ad6d6e9fc8d8d88129302d55cb3d2ba7d52496915ee6791fa0576153070af76ea689cc74ccefc36456df749ac5c8f45cb12702961470f202078bfcb3c |
memory/4224-800-0x00007FFA61410000-0x00007FFA61ED1000-memory.dmp
memory/2900-875-0x000002D5CF4F0000-0x000002D5CFC2F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 1c7dd1084aeb4044852762b7f2687220 |
| SHA1 | 810eacd6954afccabce5c0395904b669cbece621 |
| SHA256 | 590101d29e546ee0cea2da1c2b7c3a2276160d3c3ea4fc5202a0caf6dcef7ded |
| SHA512 | 39b2cdb1eb88a2c501445f03fe9448f58d1c2ac79de5e06ed13355eb87feffc20a2e4754feadb1764e67763f2672529b31c2788a13b6aa94a4389e87698ff895 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 457f740ecef38ab915bbdcbd667f66f9 |
| SHA1 | 781bb6c49644b10dc486e730eed068efb04a582e |
| SHA256 | 5c0d6457b56dade1419939d2b04f1f004cf3cf52cf9f718d4ec0c639db9f0a6e |
| SHA512 | c209774ef01c67302fa594c68d4f614755040e490850225f39ea75e5bf5bd759365fa24525a412389a0695fab6aabfd982abd1ffa1a3830a35adfc4c29baf974 |
memory/6832-914-0x0000020D48330000-0x0000020D48331000-memory.dmp
memory/6832-924-0x0000020D48330000-0x0000020D48331000-memory.dmp
memory/6832-923-0x0000020D48330000-0x0000020D48331000-memory.dmp
memory/6832-922-0x0000020D48330000-0x0000020D48331000-memory.dmp
memory/6832-921-0x0000020D48330000-0x0000020D48331000-memory.dmp
memory/6832-920-0x0000020D48330000-0x0000020D48331000-memory.dmp
memory/6832-919-0x0000020D48330000-0x0000020D48331000-memory.dmp
memory/6832-918-0x0000020D48330000-0x0000020D48331000-memory.dmp
memory/6832-913-0x0000020D48330000-0x0000020D48331000-memory.dmp
memory/6832-912-0x0000020D48330000-0x0000020D48331000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2023-12-17 16:29
Reported
2023-12-17 17:00
Platform
win11-20231215-en
Max time kernel
1800s
Max time network
1505s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TatsuBeta.exe | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsDriverSetupr4i4UY = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\TatsuBeta.exe" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000\Software\Microsoft\Windows\CurrentVersion\Run\Start_r4i4UY = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\sysWin10Boot_r4i4UY.vbs" | C:\Windows\system32\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1464 --field-trial-handle=1684,5508465263420723532,15064865261952678778,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1916 --field-trial-handle=1684,5508465263420723532,15064865261952678778,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4100 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=4100 get ExecutablePath
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=4100 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4100 get ExecutablePath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupr4i4UY /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe /f"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupr4i4UY /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn WindowsDriverSetupr4i4UY /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\"""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupr4i4UY /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\RcVn6feMhjbLun8ewwgV\System\cam.1136_Admin.jpg"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\RcVn6feMhjbLun8ewwgV\System\cam.1136_Admin"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupr4i4UY /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe\" /F /rl highest"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_r4i4UY.vbs\"""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_r4i4UY /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_r4i4UY.vbs /f"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_r4i4UY /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_r4i4UY.vbs /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_r4i4UY.vbs\""
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_r4i4UY.vbs
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salutUJXao.ps1" -RunAsAdministrator"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salutUJXao.ps1" -RunAsAdministrator
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=908 --field-trial-handle=1684,5508465263420723532,15064865261952678778,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 206.168.191.31:443 | store8.gofile.io | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cfc168bc3e255f254ab49d202569d0d9 |
| SHA1 | e764623b34548f6b475de9ac406af6edef43af84 |
| SHA256 | cd9a47f455e226b4fd783bba285141ed648c6a5b4d28b96dab793ffc43cb061c |
| SHA512 | c7c5ee9ed5eee9c13be19e2730cc93365eb64bd039acb33787936e424430a2f4e3323cd2dd28ac0ab6078ce042b9fb07fd9c138f13b24daa2d01e81f7361ee28 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\resources.pak
| MD5 | 4f730313ce77d1baa1f69f3f7b41f96d |
| SHA1 | 80f1d5951f4e9217e4af2bdb1cc7920537ac7a73 |
| SHA256 | 0bc2a48c15615ba68b61bffdde06483d1a75877f84019f8098a33e8ab5334e0d |
| SHA512 | 2691fd2450fe6a55feb905365548ffab9b531fb1d3e134dd8160139548c7285e6ef12e2ba2d3f8c1545b65f38253bce48e08049733d0e0f4720e014b1614404a |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\LICENSES.chromium.html
| MD5 | 9c8c45e3f8643a42546d6fd1bca35a2f |
| SHA1 | c0f79a440d453f143c1c0ed43d6bd83f2e5d81b3 |
| SHA256 | cfa363ce1b609f75a561201a94108be63a3cea95909dc73a483e88bc5267d2fd |
| SHA512 | d2aa458dbb756f8aac1990e11ce5c0eb3f75808e98956c6ddebdebff66dadfde4b1307b62708d2434f78e2b7cdb0ac2b15d13fc1826c00b1e0538d56c1928d35 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\libGLESv2.dll
| MD5 | bba8ebf17e9fd85df10ed613372baec1 |
| SHA1 | 8217629187a04e5dba5161a3a1b312929eedb21d |
| SHA256 | 83862c7da91628f2fd2a3a436a83302a2455482854b55d80f8468b4555d6bd7a |
| SHA512 | ae820f867efe07da4a547938f10122656cc7be53243432d661934232febdf0cf06e06fb6110405cdb5bce22bf1dfa8a41f1bf02bd61e1ef2992ebcf2f6acd729 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\icudtl.dat
| MD5 | 11e68569b4f07aec5fbc2da894ada867 |
| SHA1 | c30468d772909e9e1a44bd1dbc6e99dfe93219d0 |
| SHA256 | 6aa365478030d3ccffe8ce3147bbd026fcbceb8f2690634dabecd4336ece14a1 |
| SHA512 | 93fb28e8ee4fe7d6e15895b6b3985f779b4531a4f141bc1499377e08cee114f82263d4f05b1c81869bd5b0ba72064107ab743dffddb5569999bcca255bdcbb18 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\ffmpeg.dll
| MD5 | c3842fb3087cdcdb04020ac38683c289 |
| SHA1 | 329dbcd4a1c79b891b200f11eb50194b85c493bc |
| SHA256 | e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133 |
| SHA512 | 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\TatsuBeta.exe
| MD5 | 6a8ee9ba55eeb144317f110b448c9594 |
| SHA1 | 6bf2bf14b4b0e81e9123b5c84f5d18f5500c2f0e |
| SHA256 | c585c1fac11aebe53760761d2d95ad05edb35a0339cf7892574a8181e7162a2d |
| SHA512 | 8de092df6b691121bc38706846c28633047530ee401383657ac855200c20494012e3537fc3c2793651dc4a27b4c51a371eb9ba87831243a0903b14f5914e0d6e |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\vk_swiftshader.dll
| MD5 | de2d91476e625278c30a5f69a1892e05 |
| SHA1 | 4d707f6a801611fb437f5c1cba31b0909bf41506 |
| SHA256 | 02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba |
| SHA512 | d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\resources\app.asar
| MD5 | 708fd8c9ca2b6a6fd4d46a5b19a0a3ad |
| SHA1 | 720a340b7e4c26ad4cae415595e248deaf3efe2f |
| SHA256 | 2ce656ffaf772451f6a8707352f52cbad9b3205f4e3654d87d9c079ce24fafa2 |
| SHA512 | b8987bff2b738919042ee8926118a2333bd988db56edff86212247da0046ca623e73897f07ba1e8887b2e9d9aa1162edf5020a5c16ce0cc3cd51ceda485b8892 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 19dc9ee70e7765bb63a66b6826e8ecb7 |
| SHA1 | 1a12f983f8b35cc2955d30657971f113c47dc164 |
| SHA256 | 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f |
| SHA512 | 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | c0b36d56d83e601bf246f7709a8c5f9d |
| SHA1 | b025a6070f7d61c7d1827856d2d4043834fd23f2 |
| SHA256 | 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53 |
| SHA512 | e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsa60AF.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\icudtl.dat
| MD5 | 6655bd37164477671bdf87b6409dc7b0 |
| SHA1 | 23d63af85093504f2cee574b80e4edc4f8358fb0 |
| SHA256 | c7673f4f0bcc4a51b4fc8970b296d2c0b1c88c561d5625546ed289b54c64fbb3 |
| SHA512 | 514c9d36a190dc9dc34d9d6856ca693e52031c67c4f2de4c0ce295f0aa4da7b34355477cc631ee2d2219a36e70573ccf6e6eccd6f25a96e8d127b8909ff50567 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | cdcbce60f4eb9bc83002687959fe9294 |
| SHA1 | b41c449cb45792c820fad3f9cca5d0219ed7979f |
| SHA256 | da9e365f00813bc2f1fcbbe32338a9cd8d8b1ed292880a53cf7f6b15a0827b21 |
| SHA512 | 125b54cb4ae385c5c6ba2ddd88015d9c053ee9c7e6d6bc78a1e0621a620a70961c03fb360acf8d7d0923540040e46062e7c4d520f09fa3aefc43820d8fde7b6b |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar
| MD5 | c1af2f3ab3cd9e4353f1450280f295fc |
| SHA1 | be2086c62e9795e16f985db73ac77993187563c6 |
| SHA256 | 1208c8519a7563da020fa5b95f31fe1df69a275eaff3021c3683a33ca43e8808 |
| SHA512 | 2f619f123d001b30736a54c99baf208c48521961785d00dda9795d251ad64686c54ceeda3c5ba3658174f7d164eacba3189e4aaedbaa531c9de2cb557ed7385e |
C:\Users\Admin\AppData\Local\Temp\cd31087c-d219-4c0f-a7c7-e3968b518189.tmp.node
| MD5 | 5317f23583ba935be25a4c26b3f93828 |
| SHA1 | bdc288a0576a9ca04295c2df6f71e260ae5097bc |
| SHA256 | 41db88f72dbc4ace9b4e6522b19f60e012980345fcb737cab1839ab0bb2f2cb3 |
| SHA512 | e3975f92f6bbd814cec4b6762b7f7475168dd43a717031de0d8055b7f5e4ce01dd011557c1301f9f9084f8a39248630c12f265a195c54c81f1efad9dd5bd91d0 |
C:\Users\Admin\AppData\Local\Temp\ab0fff85-7ac7-42a0-bc41-2bcabb6647be.tmp.node
| MD5 | 3072b68e3c226aff39e6782d025f25a8 |
| SHA1 | cf559196d74fa490ac8ce192db222c9f5c5a006a |
| SHA256 | 7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01 |
| SHA512 | 61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources.pak
| MD5 | 46de20e244a40874cd4fee49120d4b3a |
| SHA1 | 8605ab552a321833558606eb93278ea6b6906002 |
| SHA256 | 81147805d99bafda28dbadaf58238f77085cd7a884cdf566a82ceb11321cf6e4 |
| SHA512 | 10e7e7aa7ee65148a9a739777b27a93d9d688a1b2e92f3916f5816af4a1dc050bc527c396dc6342fa4a109c22dc7d0bc443dce9b749454b72b27c462b08c74c8 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 697112a53e26edbc16f2e66e6ce79f72 |
| SHA1 | ff0a0a75efd5d52a3f2995bb8e881cc5b40efd64 |
| SHA256 | 1bd7ec0882485aef4e1b8becf09a529edb8d7b6f808f19ea57425c00415b4b02 |
| SHA512 | 3da9fe6cb577cbf9d86dd52f48544a061dbea69cb464ced70c26af3253088c749f7b3cf6d1887185574f6babdc8aac369464fc40cfa5b2c359b102a2d5192343 |
memory/1200-578-0x00007FFA0C7C0000-0x00007FFA0C7C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 6bd905ae1e93259ad1673cbd9897a0ab |
| SHA1 | d1f9959ad25da49204214fe856fe94e0bf705be2 |
| SHA256 | e13239114cdaf5ad955e5a17c6f263c72f5e11a54e97e1a55579bfdaca23698a |
| SHA512 | bdc042bb70abb2e09b9ce50cd5fa4e9abbac41952fdc405e262dad23acac52f711487d87ee0afe650d15313e6c78f9dbc17bb5cbea73de6a004ad67e6ce08e24 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | da88b2a4da1b36b72150a4506e807f83 |
| SHA1 | a45f8f509418b7757b9d211f6278300d20ff11fa |
| SHA256 | c6a422215a7b9550d8fa2526e94da8b00be2f4039850941aba38128eee83fd7e |
| SHA512 | c670b572ba1ccc0cff4be8d5b0feba8fa00adda67015baceb99b122367a5c840dd2c4bfb0e88617d0470ab04d4dcbc5f7b95ba71b7f391cb5a08aaa48c04c5c8 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | da47ba26cf8d7f5790a158e2cead1745 |
| SHA1 | c95f81b467f75bcf74395460c2b973813426a1fa |
| SHA256 | fe3014d50fb6ac557b37b6ed0df09582c4ca022c295c046deae2a1c9e972353c |
| SHA512 | a466f75b8ac97b1604b8a554cf437b75bebf81fc7dada2d4b2e76405f114fa8bda21a87b6cd6ed9c4da1a459fa591c60d66b1208150badb425fd38630895186a |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | c9f9f1a8f22d370c843b68894267cb71 |
| SHA1 | 411bd340da5e051172057241545156750c35820e |
| SHA256 | aed3664274a88fb5a3d817748b995309a6c1378c1f41c0dbf783ef097117955a |
| SHA512 | 53808e1cb15d79b0019766ca2238d541f89f1667f836a18cc39ba24f7eec52d9c672c6550d16727855ed3035acf55df60591cafb3ea631d372a610e1235a3938 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libGLESv2.dll
| MD5 | 75ca842bed9122d1117f4dda2cf77755 |
| SHA1 | 1b472a9900445012f3d9da13f3571c36e1fbff45 |
| SHA256 | 7dca23ef7bef038fed962b6d8bd7eff5fef30c89a49d102b1e492500e85e2799 |
| SHA512 | 687942b893d9e7533b7d81c3fadc7016ce3aa950186cc30a5814bfe299105e2bd88e90d1b3bf7668984aaa25fc85c6995c6bc046120e395f8f859b5cf9ea5484 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libglesv2.dll
| MD5 | 84978c270486aa5904c79c113a549e96 |
| SHA1 | 61e0541e8dcb7ad5e10fcbddb3ab752914efdfc2 |
| SHA256 | 6cc350badc24d7d635a65a18cb82ef97986665e10b086792d0a0a77c2452e9c7 |
| SHA512 | 80f1fe1925946c3e77aa511d0b14a31868cd572fdbe0ea482bdcbfbcd9fceb23e747e042f2960f8276b81b9f199dcbb6c0073d72f582e257d4b29ed535e5d537 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\D3DCompiler_47.dll
| MD5 | a98583cf6ae1e8bd7badaaa3df1a7a22 |
| SHA1 | 49c89ff9b66003785f2ba75061ebab88bbb3bfb0 |
| SHA256 | 2b6de902e544f8f627a236a77c1b3714e168d52df071e6827375d70860800cfb |
| SHA512 | 3afa35e2dced579aeec0cbc73aaffe493c791022713b7caabc981061d101cba40872d5ab83bb1cccfed81940361823475429f3ee9e52efec8fe3b382cb6ea678 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\d3dcompiler_47.dll
| MD5 | 5b41c82ccc03e629e8811f02cfa4fb06 |
| SHA1 | 022b081d3780f34b508801817fb904d68093b4fe |
| SHA256 | d3b273f429e0247c261ce7d3388cdfcc2b48d692273b56911f1e9ee58d7cc442 |
| SHA512 | 503e7ea3b75cc981719b0759b939941bcb35e46730f7a71926c1470d140f6ba2e70576afc1418e537ab6c799ccf1a017fa0574857c05bb4cbf9673078d14c151 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0r5vw4xu.emk.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3304-612-0x0000016BAEF40000-0x0000016BAEF50000-memory.dmp
memory/3304-611-0x0000016BAEF40000-0x0000016BAEF50000-memory.dmp
memory/3304-610-0x0000016BAEF40000-0x0000016BAEF50000-memory.dmp
memory/3304-609-0x00007FF9EA210000-0x00007FF9EACD2000-memory.dmp
memory/3304-608-0x0000016BAF140000-0x0000016BAF162000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 352b9cf378bd16a56c1eb098f1c64644 |
| SHA1 | 6d3ca466d823dec3031206ce1f39d5799f88d3f8 |
| SHA256 | d427154ab5e8789065147b8347e35a876d133df49f9541227157739df64b0ad8 |
| SHA512 | 113c5b4022e62aebb332323c9f98609770f6b28d6f06aca4c4da9950427aaab399abcadc6b7035c44f0b48abcf5ac31a7e2c4a721511ca3bacb5b31a37ba99e9 |
memory/3304-616-0x00007FF9EA210000-0x00007FF9EACD2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7ede42e5af61f101ef19de6a68869d0c |
| SHA1 | c396c7496e049b025720409babdb77d646781649 |
| SHA256 | 63157cf1d6056d84a9c37010f9f6b55b9fcfdd60fe008e46b8618c0946f5394f |
| SHA512 | df74d41ba710d238fcb210b9ec63eafbce02cbc8a6ff94e204a4cd2b330592f6ec0ddb4c488b9b879444d8a4408b0b062f1548b786f0978cff793b7dc607376e |
memory/340-630-0x0000023C46550000-0x0000023C46560000-memory.dmp
memory/340-620-0x0000023C46550000-0x0000023C46560000-memory.dmp
memory/340-619-0x00007FF9EA210000-0x00007FF9EACD2000-memory.dmp
memory/340-633-0x00007FF9EA210000-0x00007FF9EACD2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
memory/3460-652-0x000001E35FEC0000-0x000001E35FED0000-memory.dmp
memory/5984-656-0x00007FF9EA210000-0x00007FF9EACD2000-memory.dmp
memory/5984-657-0x000001AD686B0000-0x000001AD686C0000-memory.dmp
memory/5984-667-0x000001AD686B0000-0x000001AD686C0000-memory.dmp
memory/5984-669-0x00007FF9EA210000-0x00007FF9EACD2000-memory.dmp
memory/7532-679-0x00007FF9EA2C0000-0x00007FF9EAD82000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 9b5655b797c26ffc04f79597d8d56eba |
| SHA1 | 8b6d6e58ab350bf1c526ed324e523f4f0cf808f0 |
| SHA256 | 5893e9041f26e97ce9864f245da1211ae2570503facf24a5bb21ee7b858c9548 |
| SHA512 | 89549717ce4b618fc68df01066d0cc1d3198a94e616fa84e563e5cbcd2f9aae4dff4599d5b8e013ab5e8da798c669dd41751d25f988f729bf8bc8ed0fd9645ae |
memory/7532-683-0x0000023A511E0000-0x0000023A511F0000-memory.dmp
memory/7532-681-0x0000023A511E0000-0x0000023A511F0000-memory.dmp
memory/7532-680-0x0000023A511E0000-0x0000023A511F0000-memory.dmp
memory/7532-685-0x00007FF9EA2C0000-0x00007FF9EAD82000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\places.sqlite_tmp
| MD5 | f8c327d0cc7ddc672ecb75eadba0cf20 |
| SHA1 | bfd2e76da264430e5fcc91da8558e38c0f2f8c7a |
| SHA256 | 22ee6ccefc3c0a00882e07431de892192339aa0656b740a434b4e478bbfdaf47 |
| SHA512 | 4bbcd6fcab8ce5fdf2f1e6035e75955fd898bc4791223959959423df9aa173914349c11e116d7e9b30a6ad66196fcebab62cf71fa02e94d375c11c98517e0b3f |
memory/3460-654-0x00007FF9EA210000-0x00007FF9EACD2000-memory.dmp
memory/3460-651-0x000001E35FEC0000-0x000001E35FED0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\TatsuBeta.exe
| MD5 | 1aa791e338a216864de8f4fae9756569 |
| SHA1 | 3dc16667c48b06f5d9cd6b957a618e014254d9f8 |
| SHA256 | 22cd2a7a77745dd392b25caa4d8f22e233acc250324f55623c0fa182ab7e87ae |
| SHA512 | 289c08dfb7eb25d1933579367f8215618e193314a558825d8606bd593a0f015900424f632da8f3624bd40a98bf9c71810b0e3d22f81feaa6f19e268dd6bd7eb0 |
memory/3460-649-0x000001E35FEC0000-0x000001E35FED0000-memory.dmp
memory/3460-648-0x00007FF9EA210000-0x00007FF9EACD2000-memory.dmp
memory/8104-735-0x00007FF9EA2C0000-0x00007FF9EAD82000-memory.dmp
memory/8104-736-0x000002C4AE960000-0x000002C4AE970000-memory.dmp
memory/8104-746-0x000002C4AE960000-0x000002C4AE970000-memory.dmp
memory/8104-749-0x00007FF9EA2C0000-0x00007FF9EAD82000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_r4i4UY.vbs
| MD5 | 088f70d781d602dead4e0e924f320741 |
| SHA1 | dbeb0a7a714cd2395d1e30b2e65435c25ec774b5 |
| SHA256 | 4d1697e5d9e348aa86fb3dbc58b5aaff40bb51ea9b0735b6a6ef36def1d47691 |
| SHA512 | e22db976fdd4ee45e19afce519036fe01e3839f977e7851936232a9585f805ec370d0d66973ce1502596ddddc57601369ebf635b2173f30e1d5fefbaefaa62ec |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 38313610aa2c53241c45ef53eee77502 |
| SHA1 | a360787a1865cb09de211d9641c84296127f1571 |
| SHA256 | 303f750cdb0db15514b21e165bed60ef8bb408543731b1937a05b709530e9992 |
| SHA512 | 1c9c506099b9f98bbc82eeae9a3ea4ccd93c7fed373732db4ea1ae7dc86c77704f282a549da3042bf39e10cbd1c465bdfdf082a7a8ce39c04330e67609cb45f9 |
memory/7524-790-0x000001F6A6650000-0x000001F6A6660000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 36bb833bcefdd2f80a289fc681c87627 |
| SHA1 | 4204fa10680f0a9c2699a9eb52709db1cd68e0b7 |
| SHA256 | 52be5401760e6cc30c6018d277e7ce91aa262b3888297f76e95a20fdda8e2ae6 |
| SHA512 | 233fbb528d3b7196fb967fff74e66dd589b6a302e97774a24fbeb971996aa6c1b17f24f19380873c976978552e245b3dd065cdb9d4133ce554c507d92f8778e1 |
C:\Users\Admin\AppData\Roaming\salutUJXao.ps1
| MD5 | 4fdddf586aed433adb0bfe7362592055 |
| SHA1 | a0e31dcb709ccd9e7078529880c66611d7f418ea |
| SHA256 | 4e26e8214c7ebcb5afa23bc8f5e545dd9c8a782a7ee1d3d40531cf4ee09fbac0 |
| SHA512 | 99c4fe58658e487fa54d82d1c041c2af5efdafc98dc1e079d3a250b973a435aef488e334849a0e052f6b99546df6d6518cf43b4d606edf5fc637169000ae2362 |
memory/7524-791-0x000001F6A6650000-0x000001F6A6660000-memory.dmp
memory/7524-804-0x00007FF9EA2C0000-0x00007FF9EAD82000-memory.dmp
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo128.png
| MD5 | 271847949971c396f77beaab936b7ea2 |
| SHA1 | b32c5a7eec49aa07f8ae73feb990626010c4b850 |
| SHA256 | a55224cdf06a5c2b937ba400604501f8b6ec93bc2c1cff62aa2fd378d504c657 |
| SHA512 | a2e141f68143f370e2b82a1c9c7c4b1c5f6fc2cfc2ad94acb8c5c02237af56f83904beaff3240e20397f0edbdfadf8779c0bd54b2cf0c9899fef59343e31794a |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\manifest.json
| MD5 | 42ac88deb5c3cfc02fdc1c27319ee067 |
| SHA1 | 97b1addf35159800b90743fcfbb5505e80f6eb82 |
| SHA256 | 28486361faff1827fb9f1871529c48efaaf86027592d189afa6f99b14eb3f4bb |
| SHA512 | 77c4054a3cf061eb6f4f6e9803b74833a8fb0fe352239b5b47cf39ea5eea8104b9da6deab75018557476fbda856f3be8d57e6fe2eb777c45a7a1bdb1e72d02d5 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\js\jquery-3.5.1.min.js
| MD5 | c083da98a351e0682f51c9d4b157d7d8 |
| SHA1 | 78bc45e6aff14b4095f1388c609a559cd5e90534 |
| SHA256 | e3dddd7786daee7f11330555e7ea62e309e04c49bf28d8a846bce981bf808cd7 |
| SHA512 | c11e5d3cc02ff5063f231487f977006ea4cdfcd96be8f3d15e3771f7f2afbe1d909ba98cc3ee66f16f0d9a04e08c939e381743a99fb612f75f08fc6c739558ba |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo48.png
| MD5 | 9f74f11972c3c0b161832ffab541bf31 |
| SHA1 | e5841ba20a229cdeab85d30690509e649e848271 |
| SHA256 | 8b74a0abdd566ffdf15891d6abd3537bffb0abce7f362c737c3de6752e136032 |
| SHA512 | b90f13eb65a4dcfdd596a7d9eba7c1ba5eb1a598e51107ce3dca07c0a0025469ab18c9958eff2b36f7e05a23f0d16d7d9d7c2321b8e1f2a456aaa7bec3ced0e8 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo16.png
| MD5 | 192e90432fed0081abb25295d8f309c4 |
| SHA1 | 5150e93061f39e26688afd60a04c0ab14b510d47 |
| SHA256 | 3216d6864b4f8824b82eb887edf95436dac3bea3f7d43d8988a176e3f1f8e1b2 |
| SHA512 | 9b9b3f85eb9f12ad1b4c8cfc5e672758d879e178179deb28e80e6c3b27871261bf6b52f9066850b5a7a2fd85012b5308eaf3dda882fa40febc9cf6b47f1a4f04 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo.png
| MD5 | b6f7c0bab6beefa91a01bda8a321518d |
| SHA1 | 7510b4229c629a79ab2d0ff228c33adae3ffc000 |
| SHA256 | 6ee72374c198ae2ed76f2e252a2e190ea49cf7e3e1da035e58912a5228b629dc |
| SHA512 | 18eb447748d77282be66aa9d3f83a31d42992642094acfbe62b3fd5f848f625312516b4d4adfaaa80c9468ca39417fd372a964ea4bca17faa3ea1f00148b4433 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo.png
| MD5 | 2dd14b6427e7c6152df78ad605263bac |
| SHA1 | dcccc74e004e2e220f1d416e0b1a22b79388ff81 |
| SHA256 | e1ed4a2fb66033d3a8c22109e1262e80c36ac772b4f3f0b17b23d77eb3324cd5 |
| SHA512 | 6037b6370661be9d4b4b7cac1ff407e8c7690cbc6c9dbfb50870bf80195dd2cdc616b79ec500fd7618a6e9da5688ecb5fbc195e11c5a682e734d3287b018c2d8 |
C:\ProgramData\ChromeExtensionsNova\extension-cookies\manifest.json
| MD5 | 04c23766134b234e85cc537b2162efb1 |
| SHA1 | 45c48d9ca30a4580a682f025cc66331e49f6f158 |
| SHA256 | f50f62683347bbca52d7f7de0c877014ae77043753905628644e2d485dfb4900 |
| SHA512 | d246f59ad6d6e9fc8d8d88129302d55cb3d2ba7d52496915ee6791fa0576153070af76ea689cc74ccefc36456df749ac5c8f45cb12702961470f202078bfcb3c |
memory/7524-789-0x00007FF9EA2C0000-0x00007FF9EAD82000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | e2d1bd35b37f154d08374bb0985fea48 |
| SHA1 | c25fbd47a4cc0957ce525ec72f0696e7f57a27a8 |
| SHA256 | a20908f905ce8e2affe666f1bb0a912140e5ff7955fb6a03788b490fc4fa7f56 |
| SHA512 | a89e4dfd5fb2383e82fb84d5c27a67565b0617f7df35112150fa1f6366a609d9c1c6448d54f2f9e5649d94d8afe77f103bcf03d02343b0c2475a7bd4a122c2f7 |
memory/1612-899-0x0000020852750000-0x0000020852751000-memory.dmp
memory/1612-898-0x0000020852750000-0x0000020852751000-memory.dmp
memory/1612-909-0x0000020852750000-0x0000020852751000-memory.dmp
memory/1612-908-0x0000020852750000-0x0000020852751000-memory.dmp
memory/1612-907-0x0000020852750000-0x0000020852751000-memory.dmp
memory/1612-906-0x0000020852750000-0x0000020852751000-memory.dmp
memory/1612-905-0x0000020852750000-0x0000020852751000-memory.dmp
memory/1612-904-0x0000020852750000-0x0000020852751000-memory.dmp
memory/1612-903-0x0000020852750000-0x0000020852751000-memory.dmp
memory/1612-897-0x0000020852750000-0x0000020852751000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 30a94c60fbe2b7edd55f3e37b87dd710 |
| SHA1 | bec37b8a3f5dd175d6ce9cb7cf0ec746496441de |
| SHA256 | b9eae1c1847bd23a088ee53a79b6aa1500a4e7f74018e3ac703e5e7332c6cda4 |
| SHA512 | ce7d5bd2d13b6154c218b39d1ee385159589dbbece7c1342868c25ef95978b009a878cb8feb662f229e41161b8a8463da142e26e8da913aef4dde31cd7ad71dd |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-17 16:29
Reported
2023-12-17 17:00
Platform
win7-20231215-en
Max time kernel
1802s
Max time network
1576s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Loads dropped DLL
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\TatsuBeta.exe"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1240,13329810251059946818,15019707923549008516,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=2984 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2984 get ExecutablePath"
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1444 --field-trial-handle=1240,13329810251059946818,15019707923549008516,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\net.exe
net session
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1432 --field-trial-handle=1240,13329810251059946818,15019707923549008516,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
Files
\Users\Admin\AppData\Local\Temp\nso7447.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nso7447.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\ffmpeg.dll
| MD5 | c3842fb3087cdcdb04020ac38683c289 |
| SHA1 | 329dbcd4a1c79b891b200f11eb50194b85c493bc |
| SHA256 | e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133 |
| SHA512 | 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\icudtl.dat
| MD5 | 599c39d9adb88686c4585b15fb745c0e |
| SHA1 | 2215eb6299aa18e87db21f686b08695a5199f4e2 |
| SHA256 | c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859 |
| SHA512 | 16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\libGLESv2.dll
| MD5 | b6a433dc7b4030fb17bd1683a9606b6e |
| SHA1 | 0602c50532e3f13facc67bd95a048c470e88afcc |
| SHA256 | f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9 |
| SHA512 | b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\LICENSES.chromium.html
| MD5 | df37c89638c65db9a4518b88e79350be |
| SHA1 | 6b9ba9fba54fb3aa1b938de218f549078924ac50 |
| SHA256 | dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463 |
| SHA512 | 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\resources.pak
| MD5 | bdfa339e708ea0f23ed3620adc4a2d64 |
| SHA1 | 82a95b7b022836b6e888f53e69386570c05a1af2 |
| SHA256 | b66ae9eda4543685974d35d051d967538bc57d55c2577629007c534ff330e1e4 |
| SHA512 | ba87c70e1b6446e0a7b62da33d72a36ff92ee54fda64343262bc26afa8166174e76d058ec6d707cdebf2611858b3b4b7e21798febec53da02febd81ade4ce8f8 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\vk_swiftshader.dll
| MD5 | fc509fcab87c61855236a636a9dc4b76 |
| SHA1 | 43aeb1431d7b9ac4b11fc0055201f8c062c59ed5 |
| SHA256 | 04bc5e0dfd850c74b5e4212645d2e7a725fb852afa0df18cd402523434535c6c |
| SHA512 | 11c6957f946640ce96b6b255eccae8805653bb2fe4d81bf73c823ebe4de389e8662afdd26be809a639c55e04e89ac5112b05fbd3ccd8a6b887663ff4133200e0 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\TatsuBeta.exe
| MD5 | 8f4dc8c214bd2c41bca78d36418a29bc |
| SHA1 | 90bc45b0e5eb6c601eb4aed00a6aa03026c1c68c |
| SHA256 | 1f723a966d5f653f8e63f741d8c2e56095167d5ff4541ea51ef5eb9eb46243f4 |
| SHA512 | dcc1f6ffcf83b3266878e753c46cfe76dcc7599d280f219239cd4bdbde03a1a2bd61065fdd532c79b121b935647656bd73c0e1def882ca2ee525ae7a763ce4f3 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\te.pak
| MD5 | bd71351aa721e7b6cfb8a9c40cb6cbb2 |
| SHA1 | e5502d509f6c0382c05183d5b35fb64290c4356e |
| SHA256 | b2928ece63d125cdadf4e605374bad1c4080ab764ca5023ca7168d0ac8237ca8 |
| SHA512 | 74078e528083128c1b741ee3367a26654035ecbba056c80413396b740170328c652a2f5c5cc30e739a344e6206a539d9e464ffe4bca1a009bdd9085c4e3a0abf |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\resources\app.asar
| MD5 | 718ed5bad299c09fd521d6956d83b796 |
| SHA1 | 721251e51536e61744fa92b84c7a1fe727f38102 |
| SHA256 | cec76979be15d5166bb78dc2b9b709bd2c6ee10131e14e47dae795ac581e44ca |
| SHA512 | 03c95eb4fd085665b2922104c1384f80238dbc24843d8967251b5333eefb417e2e31718776ebc604d830e9ef86b042da49b6840cf5d81a782e6236dbf0ca4c8a |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 19dc9ee70e7765bb63a66b6826e8ecb7 |
| SHA1 | 1a12f983f8b35cc2955d30657971f113c47dc164 |
| SHA256 | 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f |
| SHA512 | 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | c0b36d56d83e601bf246f7709a8c5f9d |
| SHA1 | b025a6070f7d61c7d1827856d2d4043834fd23f2 |
| SHA256 | 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53 |
| SHA512 | e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1 |
C:\Users\Admin\AppData\Local\Temp\nso7447.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
\Users\Admin\AppData\Local\Temp\nso7447.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | e253fced6a32b8d73b07fbc9dee92d0c |
| SHA1 | d06884e8c8e5dc4d49a1928364544d11daec56db |
| SHA256 | d46ea3ac192a5ca2151fb603aefe61755e5a6a0ff1035a0487b4aa8e0ac7ce20 |
| SHA512 | 621b58f856d70ccc4c4330531956867f7ef015a52fc271b7720e1a9ae47c0f24f7ecb4a948805c7def6571adc4aa7c108224a1dcf0be68fc7f3b8d2676435d18 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 043053b9ac3b6502e7b7c3073cb7e72b |
| SHA1 | 0d2454cbb2c3773cdbadbe282890051bbbcc7944 |
| SHA256 | 94de29c0ec54261d67098bf013246893337e675bd9affab53c6a7b284be0d43f |
| SHA512 | 8544669d3137be56fcd9039e49ba3861e063c31fb4833f9fd4b9b9e03a8862fcfee29dd8d28555910af732209a9799ae4349f88f58835073c962e0af6647c759 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | c729c8ed4e9b5cac14d4e4c34ba36568 |
| SHA1 | a00d650ce055bea6e95c94de0d0e7d052c09e52d |
| SHA256 | 33aa2f2cc95ad2a26e46778f7ee9c7f4ba816cbfa7c8d802bf1a3506a632ad55 |
| SHA512 | 14fa0f6171104ac5aee9e055388052ca32e7dbc073b16063c28afbbd5caf562d5622538b2ce2e64102cfeb917c21ff515dc013cdaefce266d79f0063fae6a7e0 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\icudtl.dat
| MD5 | fd17e1f1c16b5ff983f144df2f7bddc5 |
| SHA1 | 26a2b35971a07158f8c7dd898677e907b9d08d0d |
| SHA256 | b2f92ba2934ff7e0d5b13afd036c7e806940b05e86ca73737506dc036fc2943f |
| SHA512 | 09f6769918e7ad41b3b8bf800167f809af4683f337d37ced5b14df958c48bba86616df1e5c9f9de7996c251eb4894ac5a3af2751faf69204252fd8576a4bbc44 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources\app.asar
| MD5 | 5ab339e6f86a2cd78bc6bda2d9ece432 |
| SHA1 | 559b672c95166faa1dcc58b4aee3d0ebfd4fde15 |
| SHA256 | aadc612877acafbe4dd0e1f693e39c1a723071ae1e45a9ce16b0cc2170270fec |
| SHA512 | a6963364d273fa72c86146133ea7c4576079e92764ec37039ca7aead76d6a5dc0e65cd9351ad86ed17b404b3b57a24f6e4e92f2f88cd0a711007ae38a00769fb |
\Users\Admin\AppData\Local\Temp\4b200f2e-e4f0-4739-b43a-67233b42ad3b.tmp.node
| MD5 | 9fd3005e644c740b3697147e30821a4c |
| SHA1 | 23c83ed5c00cb9dcc149eb448fde6fc20de16249 |
| SHA256 | 7a62ffdd89e4ffe16f5c081274a8fc2de319b314ec74624fea746eceae824456 |
| SHA512 | 54e5170898961d3487835e5e62f0c5b9ffdace4619eb8f9c90155d10d7123f4f21886b8a671ca8ba64cda99ee6250b3d9e8ac12fb9742c7eca414d82a8443f37 |
\Users\Admin\AppData\Local\Temp\b7c59012-bb39-446e-bfa6-b7e361f2cbe6.tmp.node
| MD5 | c4dd9ce819243ed621681a37133bc179 |
| SHA1 | 09cc7f356c9dddf4dadd7a2db724a82076687416 |
| SHA256 | 9b0b28d4d2f040f8ef02b47119e9e0ba79c32f5cd3c8582fc1203564db0791e0 |
| SHA512 | a9eb21a124b3665531775aead0e41898e8f1ef4939f69e868efda78a5bb1239c732378e5f89a5fa5ab442cf16f3f09c46938f1e4c989ebb2801b4721de8c854c |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\resources.pak
| MD5 | 5236680edab6fe4c1e0be9822935dd60 |
| SHA1 | 18b3957ae91198ae434c391d85001a3ff1e31853 |
| SHA256 | ca7c2c9444565f0d6357bb70104350c6ca2a927c3f7403a98a655ece4061ed28 |
| SHA512 | 893deed1236959688d371c339d230a7d3c50221aa7aa422638388b3d962fffb61272bac5d37de51a5dea7016d8c994755ea2eced7ee509d74d3aeef693a51e92 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 6d9241d53ccaed342ce7480b556f50dc |
| SHA1 | b406670238813059713f68d0e578c1686078ccbb |
| SHA256 | 294d75f604cd3ebc28187283de603eeb910f55e0874abbb25514e894583b7061 |
| SHA512 | df4a84a559123d7e9474931e3b7c5aee0c428550b86f257eb1340fe85c11658d488efdd41b201064f1502b4b1e40761723ce07a7231dc04253cda2a4182197bf |
memory/2756-580-0x0000000000060000-0x0000000000061000-memory.dmp
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 521c7a9a66b87ccecdd25d5ce8705e8d |
| SHA1 | f9c2b4cd1d9f36e6aa4d3571c31092c95fb34b2a |
| SHA256 | cd1d51fbf3474660e5a96fef4bf9125be09f3901938f37d0757a362b75795e42 |
| SHA512 | 3998df9b454b584f3128c7dafdcd3e7f48dd418159af676f97581148d45bd13dc3f501616b43f07392bf1072ab31278c033a9dcbadfbe9cfb4d86f7edfc4895e |
memory/2756-615-0x0000000077D10000-0x0000000077D11000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 516c263a20ea9c1761de0c37025c4bd4 |
| SHA1 | 9375176026b1da196398c58976b98b1aa086bfaa |
| SHA256 | 6eb9103744021fbc59c7737fe946cf8f824d2039f9724b256edff25dfc327a97 |
| SHA512 | 2ae5387addb31986a7fc692c4bf29a5277e7a1947cb16cec177e0f9a48508e832be1a60ab4d96a4cdb1010b17aac13322491b60faa0136dbc1a53fcfef3f3f8f |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\D3DCompiler_47.dll
| MD5 | ce37826b135e8ffac65adbe08fe90b03 |
| SHA1 | d2fdf0e4a67986c7adfac0387641c6e6e872b227 |
| SHA256 | f0c073064d42b6b8b1be8ab4fbe740649cd696150371b8ba0d0f28cdf44ab602 |
| SHA512 | 91e83dd73809f6b7ddc7dec2577232c1c683acf0d31152ffbb607941429cabef8580b40707ffa02c721d36b5ef8654d6b8c7af8ab687ddc5608b69be8c438468 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 90c7bed77774c5fb0c03023465498a9a |
| SHA1 | 200d44ccad8091af62af74b38f0bdf7a138abe19 |
| SHA256 | a3e3a4a59d608d0a3cc0a4f43189356ea2323e46ee8e22bf11e4bb91f2823e19 |
| SHA512 | f30fcf56d945ee7b25a5f59fc8fbbf9e854336ff64c7e01fc1591968c5ef79747b383507f44ef483e2f2d43752fc5772768c5858b75a28e3a963256ac196f8f6 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\d3dcompiler_47.dll
| MD5 | 0c2b3b97228debb6601bbf92b09a4f8d |
| SHA1 | 2f06a9d0695a0e8a7578054b7a79aadffddb04f4 |
| SHA256 | 68a5ea1ed6dcc18f6df27d86e82254c1667581e2b40c1c8c1b6682d930b2449b |
| SHA512 | 9d13406145bcdc676aa5232e6b3be9e45ee8261ee0c1f3fce448048d784bc234f57b62d25535df375ebea45dde26963f8106ed74a06c90ea8437be2ddb674d81 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libglesv2.dll
| MD5 | c5db9252300549770c4266931d8e8aa2 |
| SHA1 | cb2dca5e25bdb16fc468ff31e4135bfd1fd81fd6 |
| SHA256 | aa8406a220719d61635db0e21424d266f3808659b5bd74e9a4bddf439493a8cb |
| SHA512 | 6ac8a90a7b51c2dc708fc47eec65c7c4a1517446818838a0f82f0047105fdf0c5e9f0572f74a558e61ee59e247c15a6a04bd951debb69093c852d67ca8b40dd3 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libGLESv2.dll
| MD5 | f3e018d8f9a3cb3944d53fcd862ad489 |
| SHA1 | dcb8f5600c29fb1a555ce69993bc952f49052e83 |
| SHA256 | fca8538a538e3d414888efa8ab7d3b3e32f2b4a0a458d8d84b261b15dc4c9a8f |
| SHA512 | 66d90e09fcb8156bc6ae3cba32234a1de5e5ad79a3190bd02a3214ecd32cc07b53177e75871a5cf978b5eda534a77deb0af6e1c4f6704915baa7066867ca6927 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 1b00d60046013bebb2a4087c09182f79 |
| SHA1 | 6edffe6c64f6b28c008c67c9ec63c917dd544d39 |
| SHA256 | 471958867a7fa345911c0d8794c77471c54ef932e555659a80232523e60bbf27 |
| SHA512 | adefc21513dddc455f505b95e8d4cb081e0e2da8f7d7a0c36a1e00c14aefc6e9c2db84bc0b9c70953ad366d9b25bf713a6561cececa4cc13e033124d7187f77b |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 2e00b53ddd800e5cdeb7e3ae629428a0 |
| SHA1 | 0615b57e2a2bec3a385b6738c3630c21ddd0870c |
| SHA256 | bf13cb66486d8aaff8f0a1dfd1a308de1db1671b1e357ba4f005cde32046a009 |
| SHA512 | c3837e5587ea019985a5e593c93dc67c83f312164ff91edf2cbf3000d07e39eb6e0ac1caa0b0ef386f4956b8c7a1d9484e8b18547ce74d2c3866fc951770d77a |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | ce612f2e4b5182e0227d8b335acd9609 |
| SHA1 | d746a9f3ed48ad63f426f5eb7a26ead10ce5641f |
| SHA256 | 63aa2f253c5807c2b7e2bffadee8b41a1b8fe665d4045d26f3683b809891e998 |
| SHA512 | f37dad2d6895c948391e5c5b358a343d53edb5aab8b32b2a4e2d43f825b1a8908acd167f3610cd45420b8c68f42316a5aa391ba44247690eb558bc52dd6ff936 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | f48eac41205057b92e1d8cb2e376f4f0 |
| SHA1 | 7581559c8bccea302bdb737725843deb04d52401 |
| SHA256 | 756f0ba2899009539c692c7491d0b55cdf83ebfa97058f104b1016c946f104cd |
| SHA512 | 82b261e25e72b07cbdacad8ed31ab865343ab969e2496851184a199bb2b0ee79b8320e3dd27b506e50c6a1655a18b788baae4e48bc12ff1ba9429f9f653679d8 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\ffmpeg.dll
| MD5 | 543749eb657dfbdf3df9e6188e0458db |
| SHA1 | 02b29fbdaf74613272fe1e84d0acd98083396a43 |
| SHA256 | 4183b4a198e1e1cb96e0512139849da403e5f107aa58cd7027014ef1fa2dab92 |
| SHA512 | f3b531314f4004de6f2708afda866fc8557fe9639b62542e79f5c92bdf3de7aaee1bbf606ea873144076610f7a08bca9a7e66cf6f518ed057e784f7974233f9b |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\TatsuBeta.exe
| MD5 | 52e487d2494549cb791e3f7a5ef86305 |
| SHA1 | 9d54b01cc120e4b8583fe40228b60a777cc7ac08 |
| SHA256 | d3c686df62e05baaef8044f85227c3753892b3c245b0cb3c8d87fdc7a7b8c9ad |
| SHA512 | b457cc947e5b39ee84964a049454099dc562cc1e53380baa884cf7ea3dfb1668112ce24a42241f8fcdca53beea71c503c390c30bb35fb1967c6bb400bc2b4f1b |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\vk_swiftshader.dll
| MD5 | 9db1be0a58c230752aa710a2dd0e069f |
| SHA1 | e879f232042c4f901ded43984f881c73aa060fc9 |
| SHA256 | 56e9dcbae5d6814abe6470e339d330be481af812ea4d0724d3a63e524aa24f10 |
| SHA512 | b15c1411543b84055b0f6a71620422996e72fa5c83b534ce6dab2e2a4c7ebb3d8dd8e909daf97efc3610466fcf3bfdb25dcab2199a3e663b171a1404e7c23591 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\vk_swiftshader.dll
| MD5 | c37de9afbc780f2b1b332681703755c3 |
| SHA1 | 42d81d0123e1620d021e673ee43630f6c1f075ad |
| SHA256 | a7e459132e83750aed73b65b44ab9d6abcff940b65ed1105288eb5c0348153c9 |
| SHA512 | 6f88c8499963db3741d8202453ae855e6b40fc91a830a3eea0fc024db6dc51bff7a2acca843c45aa686866b71c0799a280edf58143a63966d15d5d387225f8c0 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\d3dcompiler_47.dll
| MD5 | 94d4a40528992cf150847a3fff1b17d8 |
| SHA1 | 6dd05dd606feea8cf88620cc4c693776b1b72ccf |
| SHA256 | 3e97f187559cd0b7d17af788b7e767474a30257b7e06462c48b64020473ca579 |
| SHA512 | 7e29c2c7fc205b0ea28ed3f4619866f1a86743fb945dc35ff74a13ae8a513794352c6539f1efe78f75d9602bea26c0cdcaf8730c2f585370384c1ec82cd2db0f |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\vulkan-1.dll
| MD5 | 4aeef8af17d8afdd9a018686bf398c8c |
| SHA1 | 4536f648e57f8fecb7d40fcfbe8694dc0e6f9299 |
| SHA256 | 9d2da1c360891765804974cca302d754a479b370386e9d709857b46fec97257d |
| SHA512 | e72101aa1ce6ea0852cb23350ea7ab188da498befd57f04741f9d91d8d98be833fead0687868639c32aa1d60a3f250739c7f316ce10bb471e9b8974025299f4a |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\vulkan-1.dll
| MD5 | 9e4529ac3ae55af5428be92f4c1b10c4 |
| SHA1 | 177dab9d73dd65e4ecc1f3dbf7280dad74b42374 |
| SHA256 | dc1b3c4676a8a769697fd2d9d8ca963a49ad6c34db8ce48fa42dd0b704413452 |
| SHA512 | 3902893ab2d879f350dcca8a9974f1355dd682509ce0c62fbcec1dec7393ac9069a3b0a01a977243bf78210496d5a5cd3a2667207b25f66785e9e7c1623f5b8e |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libEGL.dll
| MD5 | 72643df680b99748ab606434f73b3fe5 |
| SHA1 | de164c4d6e3691e373893e7f1dc10af16b5e437e |
| SHA256 | 34010f56761829fb8d9b6527d84dbb58464effa23317682c844f0ada0fe3dd45 |
| SHA512 | 73f92e00de95819456012be2d95e3077ed020ef216fd2dd6080c8f69390fe6887d2c7475d08382e4f6ed7107c0a8c781672e1be98c0696d17fc71dd2cd823d37 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\libGLESv2.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\vk_swiftshader.dll
| MD5 | 2e59ae9ad005adfa0be5668046922302 |
| SHA1 | f28edd73ddcb37312037de15a7e0912e7af4bbee |
| SHA256 | f463d4897684497b1973ff1b03ea54a30e5f541fbcb4121e75e9b020ac669c32 |
| SHA512 | b55eabdf572b3a9ffa521f0f28a803867ea97522f296c493faec283b670a67daeaccc6163f6775be110b81737670d0b74675a517d67dfeda02f03a45b7d729e9 |
\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\vk_swiftshader.dll
| MD5 | 1384f8abd0d850103d32b0f25cc95780 |
| SHA1 | 505662d08fca220500bb6cca9f3093d7d1d67c48 |
| SHA256 | 1368df34be6c90dc096a3b8346810ef3a9f93600242913e9344dc68dd9a1c87b |
| SHA512 | 33d1bf4f32060bb7ea1b0ca2479454bdbe69b71d45eb3074be9cc88ec8425dbf043693220ce1f2c2e3659b8e8cd2efc370e733a2ab4bd4f0ba4e6dbf7a870b97 |
C:\Users\Admin\AppData\Local\Temp\2ZdG8X2gWoTdtwlDbFyg86mVpDI\vk_swiftshader.dll
| MD5 | 88166aef18c270bd5c7411e3b77d434b |
| SHA1 | d759b0ae25b04ce68bc5c067ac2ac2d8dfc31606 |
| SHA256 | ce81a38162ac9a793d308eebae25b077b932166d9154fd08384d0e70bf374cdc |
| SHA512 | 29ecab49e32b1cc8146e1c4f91f27494b4c6ceb35a713d7bea1605acfc700e86f5ea8e55ba354642b97e63c322d4c3fb56ea98db67b8a727b1c05ff4b624068d |
memory/552-712-0x000007FEF39C0000-0x000007FEF435D000-memory.dmp
memory/552-714-0x00000000024F0000-0x00000000024F8000-memory.dmp
memory/552-713-0x0000000002690000-0x0000000002710000-memory.dmp
memory/552-711-0x000000001B150000-0x000000001B432000-memory.dmp
memory/552-715-0x000007FEF39C0000-0x000007FEF435D000-memory.dmp
memory/552-716-0x0000000002690000-0x0000000002710000-memory.dmp
memory/552-718-0x0000000002690000-0x0000000002710000-memory.dmp
memory/552-717-0x0000000002690000-0x0000000002710000-memory.dmp
memory/552-721-0x000007FEF39C0000-0x000007FEF435D000-memory.dmp
memory/552-722-0x0000000002690000-0x0000000002710000-memory.dmp
memory/552-723-0x0000000002690000-0x0000000002710000-memory.dmp
memory/552-724-0x0000000002690000-0x0000000002710000-memory.dmp
memory/552-725-0x0000000002690000-0x0000000002710000-memory.dmp