Analysis Overview
Threat Level: Known bad
The file https://github.com/NovaPatcher/NovaPatcher/releases/download/NovaPatcher/NovaPatcher.exe was found to be: Known bad.
Malicious Activity Summary
Irata
Irata payload
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Looks up external IP address via web service
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Runs net.exe
Modifies Internet Explorer Phishing Filter
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
Uses Volume Shadow Copy WMI provider
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Collects information from the system
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
NTFS ADS
Enumerates processes with tasklist
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-18 15:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-18 15:31
Reported
2023-12-18 15:33
Platform
win7-20231215-en
Max time kernel
51s
Max time network
145s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = b0b2c642c731da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7EBA0471-9DBA-11EE-9853-CA8D9A91D956} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Runs net.exe
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/NovaPatcher/NovaPatcher/releases/download/NovaPatcher/NovaPatcher.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe
"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe"
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
"C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=992 --field-trial-handle=1152,1274697624581907679,6448962839881367973,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=2172 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2172 get ExecutablePath"
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
"C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1392 --field-trial-handle=1152,1274697624581907679,6448962839881367973,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
"C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1412 --field-trial-handle=1152,1274697624581907679,6448962839881367973,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\net.exe
net session
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
"C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1380 --field-trial-handle=1152,1274697624581907679,6448962839881367973,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe.60vs2lh.partial
| MD5 | ef6270cc76b6bf9e4caa4312124fa9ea |
| SHA1 | 0d539179d779c69d8a6c20e9aaa2c3e7fa4ad5a6 |
| SHA256 | b4b8ccdb2421f0e614db583e9aade9d13a8aee8e11a0bce1f948450e86b9ea37 |
| SHA512 | 42cc080a679a09b32bb7256e80ce73577ec044122941befd76e53274d0d65a40d7bb605bc3b16ef6963b43fdd11c6c2be4fb1a66ba80a4b13c936697870c5b2b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe
| MD5 | 8d40d29ca578ec702c22086391a9d5ed |
| SHA1 | 906d8a73cb1fa1f4c93b1d40fe0608645745ef5d |
| SHA256 | bd5705a1dbd69e51c17de2e4b8abbb277213ead8bd5e4fcbf9bbe3c3005e5740 |
| SHA512 | bcd224e412f5c8606f0dfd6826eed8ed9ec6c57197ae5fa3f13892f09a957ef03aab9da15e2e0de199c7e2ed7893ee8f1e2b1653fbacc04ae553af5c4540ec5d |
\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\ffmpeg.dll
| MD5 | b3e06973e4ae021dc699c243b4e4ec9e |
| SHA1 | 7ae27e0d4c04e7ffb906f3907b8918320439a952 |
| SHA256 | 953472f2fa38d64c27944c08a8afe9da7d8b45e6e5cad7affea4360c4a888817 |
| SHA512 | 0cfb6c543ef88641a2360732aa306349e5aa80113466298036dc615e30e187e01e346e8735afe937144b09f4e4101c0b99b394c790d051d8a39c8ce50a32dfdb |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\icudtl.dat
| MD5 | 25acf98f499281cc2f039f21414ac8a7 |
| SHA1 | 153290280e190d06fd45cebaa398fdcc8659999b |
| SHA256 | 7d0fac006011f55237e14e999fae0e50e2d9b65a134a14e9e2f837b149d8f44e |
| SHA512 | 6e80b7ccd6bb491fe8b795ffc4a547a01a4f503ccfd0553b9d01d798d9ba901f1a19ce6ad0c7aa1f128ac67576adeeba0dcd061b504514d29509db26463db065 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\libGLESv2.dll
| MD5 | e311d905194417f044a35fb7fd60cc8f |
| SHA1 | 72059a67a8d128cfde61215cacdde90f0b5d09e0 |
| SHA256 | 53f543993e138086cf7f5110c17f6ddf9b04aa315b4b65df436792e42cbaf962 |
| SHA512 | 0eb5509cdc75808dc678219ea405820add803752f980f8cbeb0af2d1993313f444c327e0f81b91bc3e72341300cc7042c9b6deb6e072574e4da8d9ccab7fe815 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\LICENSES.chromium.html
| MD5 | 403312883814be149b7b4797398f7d04 |
| SHA1 | 9c86e3aa6a3b6e36c1d182f77750e133142ae638 |
| SHA256 | bbc970a5e507291ca9e31d72f45cedd1ce41bc8f863e1688f8728192980d6de9 |
| SHA512 | 02b7bc0d9efa279db5e86346d325cdd2c66eb1690b9de97bd80a99b8e740e5e52f20d4f369e6ed5319870687346b4cfc1c3a11e9a913b3bd105c664430f8c8a8 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources.pak
| MD5 | cb616d54ef2d11d8c86f47be2b8d6d05 |
| SHA1 | fd7eb08e5280d0e6222233d4e747ca413fe15eb5 |
| SHA256 | 8900eafb2775a2a1f715ca70680873485418fe28fa465452b8e6f7b9c4cd57f3 |
| SHA512 | 3153cc91efb6f3ea7e128a5695d029829b9dc33a94afc8b6aef17dc57ab558df4732f85a1773883b54f47dacc52de4236496299e1ff0f3b8a9249b9eea44df74 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\NovaPatcher.exe
| MD5 | 1262f9a2cfeac34cd65577219b2fbcc7 |
| SHA1 | 443dfd9eca4636f5e2d974d70baef40eb960c2f9 |
| SHA256 | 2d61489a352487673fa3383adc24123338db8160549e2951fac37e9f13aad0ac |
| SHA512 | fabe2d6086f2295a91ba02fc3803aa6b1f85011644191013b24478d915a9767e561a3f4437b74d78fc9c717559f72fd27f1aedcb3e02cde98bc67aa9d26ca83d |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\vk_swiftshader.dll
| MD5 | bd6933ea463e8fa3a4e44417d7674452 |
| SHA1 | c76d986fd2b0b3f67656d1385fa7453ea225ffc9 |
| SHA256 | 5be48b77c6bdadf1df332e2725b376b4d639ad15422b1d0dcc71c53c9cfc580d |
| SHA512 | 73506d71e648b16c1ca1b5360b263e8afe4136f15b3a5b25fb342d93ebfe910f1654a24abc3f2437e8b28f145b015f5676712cd4913c6d1ebb746f5d51f5799e |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources\app.asar
| MD5 | 0650627661e2c597caf459b6b798e219 |
| SHA1 | 628cc25668558b2f42f189d7091a0a32c10f0017 |
| SHA256 | d189d6ff4c764bdb05a4da49c9f1625c465c2560174a4b04cdadd7b0ce3c9f4c |
| SHA512 | fe9c82c007ffa9a081cc0c65656d2b03c7725348f10ed67f27cf5ab3a9f984bff8fcd91ca07fe19bd36acab24b8d1891d826e75ee07acd045df0ecc0db54aaf5 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 19dc9ee70e7765bb63a66b6826e8ecb7 |
| SHA1 | 1a12f983f8b35cc2955d30657971f113c47dc164 |
| SHA256 | 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f |
| SHA512 | 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | a278e192b332e2007221501d91142d0f |
| SHA1 | 9900b08824762dbdd01647bde7de86ab1a54c86b |
| SHA256 | 017745c674af6ec01ba18a86395c01d8661183be96984f02ba565b2c70fa0239 |
| SHA512 | 724eccbcb550fe8ed29d5a8fc51e9af87f92c5b930987ca5a8c85cc37998a2ae31dff5252ccdb9a9f4209197a9a9edeca39b249e90cf53c6eaa944fda0f89524 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
| MD5 | 20d4ab92898299a5df76e9e0335da9f5 |
| SHA1 | a3e1bbea7c69936f7d3f03aa2319e8112bc2043e |
| SHA256 | 55a07cf5b6c8f3184a2af4d3aa932ff8c564a8f182d5ede209844a236e16ecdd |
| SHA512 | e0707211fbd35f166949b088940c6d157dd53e84a488ac0a0c79e7d3dd651ab952db3752a8ad12ab8336757b5e3d9ff0373e587be6c8ca15d47f53ab60f5c1e4 |
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\ffmpeg.dll
| MD5 | 572d63da4b213276f4ae6a2a808b8d1b |
| SHA1 | 4d8e53d49bed7584a361888481aeef5f35f1b8c9 |
| SHA256 | 013a0d708b398fa4d6833cf2d9db9490524252d9d5d1e7cd16bd7f427bc8b36e |
| SHA512 | f9ba358283bfcb34acf7209ed63a769546a13ac6f0aa3ed639aca9341d2b4f5ca7256a33e57aac634ff30b47a3251dc71a9d8c74f515adab8a59b1c92e2c9d63 |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
| MD5 | bed7b0cdb37065d23721678015ac107e |
| SHA1 | dccd0298ab3e2ddf641904d612ce112b7e3b8127 |
| SHA256 | 3250c558c1c869ebb51171e1c39c7e1e31bb1ed8ad6ac5a68874c84fb5763e9e |
| SHA512 | 7b2c6c1931e3e9adde549ad7a37a5dd4354a145af04e89acd044d3f7b71b4ecc72add5f9ff62348104bc88c3fa222d6ff3433808738b8994e03ceddad43eacbd |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\icudtl.dat
| MD5 | 9ad5c33ff75a22fddabcbf52e65e6f0c |
| SHA1 | ff0358c3460c551a438547a09a2548abe18f83f3 |
| SHA256 | ad689581164c9f9ffe4919a09de4907936ee24e0ee491a7d438c20e712c4c808 |
| SHA512 | f2f8676ad2698f5e7bc125c7fd489a495bb76d88ecf76e5b7d0e06367f9e6fd371a8d147d538b7de9017cf574396958584b6822323efde4a5a72b1b63b08bc00 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\resources\app.asar
| MD5 | be26851f09fd24178156ec748fd9faff |
| SHA1 | ef44a11868bf79e80f39853a5a9a7e515f20c34b |
| SHA256 | 2232e1cd457e2b507d9568b7cef13c4e9d4961a5bb8fb2b071b86a3a994caf41 |
| SHA512 | 4617841006a1a510884de33f21c6b04dee6f75726a209d090d06bbfc8e7479f4af1f193d9d9a3ddbd40f54faa2eb06bfe851ebd0d6f84b71e033b20994a2c09b |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
\Users\Admin\AppData\Local\Temp\b940a46c-f525-475f-937e-c612aa19aa9f.tmp.node
| MD5 | 92cbacb8a87125a3d8817759fdc2e326 |
| SHA1 | 5bb4d8299fe7bddec780e24af2c4b00a8800378c |
| SHA256 | f723e31ae33bd9e181a4e281fb41280718d57bc712c13c968a0ef8a3694155f6 |
| SHA512 | 2ab375bc488f7f369052e8da3a68facda94da95d89560b30f9d836e4869702a40438c92b6b60f78fd2bf15d486661a58c07d232c5f4989a47de1f19e21e987c8 |
\Users\Admin\AppData\Local\Temp\e2d61214-cb61-49ae-a15d-2a8cac8ed1ba.tmp.node
| MD5 | e308f8720161c3748a175ab20eecfd5d |
| SHA1 | 13d105369f907165e412a9a6afa04dcae68fd799 |
| SHA256 | 2ef1d87047413d0bf9f5b4869936befd517bfd61a8d23b40abd42554c2175156 |
| SHA512 | d76a63fb1b0c2cd856f1bd4076bd2243a86d16530fe864a16e6af90987e8ffd0116f4072bfdc3b4fb854b5b3a97d7026180d224c9df7b86bfa558ef725a30896 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\resources.pak
| MD5 | 44792054dca0eb596f0db1e13e3987b7 |
| SHA1 | f33054b794c9496dc16ca667516072ed69064fb8 |
| SHA256 | b48fc03a4893e36d29240309bd8b49c031246496eaa211e12ceeb6ca6e9dbde1 |
| SHA512 | 20baea0788c9b6e68ccac8e3075c3adc4e3de3c2ee8b962541a6eb4477a120452b217c109ec4f682d68fce1cf00c0fe572866faca2de5288d3f9803e3e7108d1 |
memory/2804-617-0x0000000000060000-0x0000000000061000-memory.dmp
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
| MD5 | f1002c0281e2813b2d2de55e4d1f519b |
| SHA1 | f19698fe7d371132c9af9457e8749ea3da8c4542 |
| SHA256 | 6fadd535fc952bb43aef65cabe0d0252ac3db0cc9d1557b093a6852f9e4ac736 |
| SHA512 | 6ac045c186d6b0e88f694ffdc0517659741db3a2589a3128fa83c7d2ef916dd60e96f7a73936ce874f909cd0f80947b00c3e30f34c3897fc1c9de5fd699779bc |
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
| MD5 | e3af9711e3f60a794af981922e29083b |
| SHA1 | b2d2854bd09ec1aa58fa77472ab5c6122cc55f4f |
| SHA256 | db52ed434bcace011cdf76c473a322ed9f1ca99c500effba7c4c8547a817f5a8 |
| SHA512 | fc1c59e4f1c3d6cf4e3ddef5efe64cf92705daa5b9f75c20e1a6eca75b0ffeb28c242f044367395c83b4ce6dcce273c9891a3a0d20523c1aa2a339cdeaf8806e |
memory/2804-652-0x0000000077A70000-0x0000000077A71000-memory.dmp
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\ffmpeg.dll
| MD5 | d4d05deabcc94358511e3b16e7d47f4d |
| SHA1 | fad235c505ff4ec2ecfcbdac0cea0c6fe3954d58 |
| SHA256 | 778eda19571478dc6e832607a616aac536309f192a44d09a63ac666799e0b31b |
| SHA512 | eb8a84d0f304c658c5edca3edb5f260935a4f7816e515193de542b01e52ae9d8094615954f5669ff58a599540ab9b9f3cbd82bd01609be5c2e7fee69a2e1b12f |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\d3dcompiler_47.dll
| MD5 | 7733262ca28482a42f2ee21dc3bb837a |
| SHA1 | 2621f00e0f7115f859821739b50500bb26af78b8 |
| SHA256 | 320659e5ad327432f1b110f62bf951e6319d6c89471f05f7f80b497e6aa31b38 |
| SHA512 | a47aa9b01a0f444a2674c5271fe435b915ec3eb3b97a281c02126d3711187dd3e2fa47f7ba9f2d4f597cdb58fce0550cad12d5d82dbd034e52eb13d860ae44ca |
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
| MD5 | 6735381f42fca6c201917d4b50db9613 |
| SHA1 | 40b98140ddbebd2d43934e59ab74254f542de6d7 |
| SHA256 | 2cf37e34756bf27054659483237602018b75d3c43c991d6fada88b1850a46487 |
| SHA512 | 044cc51238380e45424733d5f5e2929d7f7f33466f3bc081aa05805281477c602afabe08dd2bd2b62cd8eb13531bb6e8be9df2de915dc62294868708e191ac1b |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\libGLESv2.dll
| MD5 | 0df3bc3e6e3c45d1ed5c0e57f94ba366 |
| SHA1 | e4cda3902cdac324b478b6ce982c03e87d496cc6 |
| SHA256 | d73d6a97ad81b7a860b4338e32e80708770b26426ee2300f2be60cf9cbc95361 |
| SHA512 | 875022b72e3668331c01da20ff2006d98d847b7f12565059d42dfb066fe8989668195719bcc42c6c920f93a4fec5ed3ce1be573790e748f6de2d06d972deb363 |
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\libglesv2.dll
| MD5 | 0b8665410e1aaa0795e10b2897c8c292 |
| SHA1 | dc336e3fd9a0a4c063e615270e2a018970589f4d |
| SHA256 | be5b579021c5e9b41246292f448f080ff08cac0ef35a0675289f03005265d589 |
| SHA512 | 7298377aafb5e6884f5fc40d9228fecdc33f313e3d06c0a34c7bf59f3e079732005c0d647ab407b94ad746a5eb9df10ab80212a80b116e3bd9371d7ee23682f6 |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
| MD5 | 4def69c5ec27261d3398b1774c868564 |
| SHA1 | b7a930046d9df6b80ca669e3ba8abc4d2426898c |
| SHA256 | 0c03bc4b8983c97282844901c5dcbd28cc5aea1b992c651fec80a5a0f0e7b3d9 |
| SHA512 | d5cd67b1d7bd8f3995162c779b1ba865bc62cc4d48e831181f2de41b1a4a48783df5892515c86b0a4e56c07e58ce72ec361123a4ce198bf5f80a1d0e4da0b612 |
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
| MD5 | 8de23944265b01c8031d04811326a9ed |
| SHA1 | 5619bedf4d7edcf22e5d56257b25556231f86e18 |
| SHA256 | 383103957cf6f850fec86b930c07449cc010194ed120458e58cd9aee7d412357 |
| SHA512 | c678abbe454c2db08f99c723b7122d36322d0b91b2fe9b3709d388c090ffc78013736439bb468853cee5d196ad1fe16446183c056c263a37948a4d0220fa92e2 |
C:\Users\Admin\AppData\Local\Temp\Cab951E.tmp
| MD5 | d71dff97ca86ca16c3db8bdb5285fb35 |
| SHA1 | 271c01246897497d069b81ed37af296cf6c1e498 |
| SHA256 | 4a19255504acfbd49c4e1aed722c7e62b50b5742b860eedabc5f46160f8aefac |
| SHA512 | 1fed2a183296b563e35d803927e539d28169895f6ca5b522a1c714f222a2d3e578b1e167b19568b5ad4800b898f7ac041c7bd8f6bb02d1361b32cbdcfb0f682a |
C:\Users\Admin\AppData\Local\Temp\Tar9540.tmp
| MD5 | 69b8e2fe3bb7142b759bbc3bd3092cc2 |
| SHA1 | c55b032e44415d77a1a2f3f6c6c049b7cc32afd7 |
| SHA256 | d31cf766104ab57466eca8c74b0b1dc3f7729270b60df98dde747087ec3e8bb4 |
| SHA512 | c3b3ca6861a0e35822f0c5b6085f7fc1444b051548aec4362723d1b7a14b72cd832335ca29eea23ce8f9fb71f4ac76c6bf2b58a220722e7843461bf095970b7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d03e9ed08921401fcd4a84aebfdb8f76 |
| SHA1 | c349e5d132e4630c2fdff81ed0bd8a1583e35b25 |
| SHA256 | e3418cd2f78fecf816f6b8572915bf07e8b981c4338b909a5f6a2cb06894465c |
| SHA512 | 24164ba4d3ebe6ecdf1a438f25285010d0a2249f8d14cf360b1a540b6e4cd72204ee27725f18a9e813f1b3f6b8a38c30178e050f1a1633f224bf4375695221ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a5b0cd741dbe46ca6f406828f20e6a0 |
| SHA1 | 52fe9ff0c9a7abb880d1ed9a5583bb9b60afc7f5 |
| SHA256 | 6c098b4ec3766691346adcb70de0b497e5de641b74fa94734a4991f9a1d585ad |
| SHA512 | 6084d6fbe47de5ca4f538d179c2f11e7bab3b427f6cb62dcd599baf2f2b1bb60fd9de7c0d600aaf925d257a4a226aa654d5d8b90ea0a4a4630a34c2b9a29112c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df7fd4759a269193edd147897624bbc0 |
| SHA1 | 26abc1c80b6f5a32f0611120b5b44138b2d21d10 |
| SHA256 | 5a78bb8d6f00b672d8bd553315dd3b4a0711ad3274a2e8f82942dc450fe5212f |
| SHA512 | 7ef8386a5affdbbe6a808214e14e8c40734f8704bbed8620f551e64871c36a8840c0a7dde9680dccb5d5d6e0f90f2c578c16bbff0a31cd981a1edec421c21bad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eca8d4318de1f1ec42b64d2812ca792f |
| SHA1 | 5767da1c8d64faeb376095e387670e3cc834cad3 |
| SHA256 | 693295435aa691e9142326553bec3c28dc3e1d04d803028d7a45f75e6261fcf6 |
| SHA512 | dc1511147a373428f5e5cfbce27892aac2425162007f8cf88e818cc759b7437d03de814db32361adea4e66ecc02ddf7e5a039b1d1a1a6639b08de229a309c3c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0672b62b13b725ae32449d3c082fbee |
| SHA1 | 137d5cabb8ad174cb2aa622f4b5ccd6fddaf981e |
| SHA256 | 7c3c1a8d682615d65550cdaee5912a6758600480fb929a2ff5a581ac0609ee2c |
| SHA512 | 6af144ac67a1422218971ca89e93710e157daf2901ef68e166dc0509424a4850065343c06c88a68e05d14b6e5cbe0022debfbfa51ee9d0dc57e012f916ea0364 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 911782733d3832685d18178cd4129324 |
| SHA1 | 3abab0f3fdc897d41be4b03e8f3411a70d0fdebf |
| SHA256 | 8c950c51101389960076c488265c22301cfe8a16abb226d11bfe8678f7158f09 |
| SHA512 | 30ad28edc33a145371d21f74935e5ab0b11ae4ac85818e780215ba894c89435404275ab76f2edd2fcbcbb133787a9300a9978fc1b97b384c364250c5edb33196 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5e792652137dc2d417f8b14e68d10d5 |
| SHA1 | f815cb1c51aa533e3a965597b529ecfc5b8951aa |
| SHA256 | 4e6443a029ece318bb18f1f5c60f084fb727eaa141c1667a24c367b60fb1b776 |
| SHA512 | 0c956a57fbda070c35103e6ddcb9be88976e8efb622fe4f31872e10c45d6375c13f37663f5d9dba7047ba0cb2f5a5f364da7d5b37b6d54a55a1b6a7369c03554 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60e597f19b190bd850fc22aa03543b3e |
| SHA1 | 72702ec27a21c5d971fdaff3f51adfd136f57972 |
| SHA256 | c8406eb053f774c6f1b6bb8423ef1b72af8973348e69b367565b3cc51021e989 |
| SHA512 | 57c1d3bdad50588431c7a91a7df58d3c3c400787b7230fafb2d324e27bd759e62e10d6e4b294b6f1bee0214c522093ca7b528113a95cfff5ab3ffbad19c1bb24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea6233ef10e53c57d657ecab093e0f06 |
| SHA1 | 206c21a8468ddf0db784a7b1ad4892454891e06e |
| SHA256 | 176e699020ce3d830cb2763ed1ffe8bec6a4717a1e616560cbe7a13d7de63cb2 |
| SHA512 | ef09b843f55eb7f1de04d987ffb650d7be22b1c69db922944f48db48c60bb67f087ca1c1ef394a40ff882e806c1bf773c09c572be97eec95a26c23c61dcd56c3 |
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
| MD5 | d279c491d6fa73018c640baae0542295 |
| SHA1 | 49d68c29290b2f6f802ecb9ce6fa5250c02bd93e |
| SHA256 | c893d90f81e6224fbbca1eef26ef15b7806c7b774e7fd0c80d42ddd64c8d476a |
| SHA512 | b9ae2c1cb01b549cc4879577ecf428a09b980b818b0b84daa0c73e4f2df3d575e8bb00224c84809d280d010c6e2348d852ce7c5b4308a9c26d67b90b4d57c55b |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\libEGL.dll
| MD5 | 240fe2f63e030494949c3aefbfb16aa1 |
| SHA1 | a2f2c4298c0da0215f78a979ade7a51e6dc33b49 |
| SHA256 | a0f06c1f986e5db370f4430afeba70e67544cdb83eae5363ad658d4c1d9201d4 |
| SHA512 | 755a561963215c4c4b856427d62edf7e2cddbeabd6c7b8fff9e80f24be86ef9e57fe9d5771507775fd52310404ac9e36859f52cc9bad7eb56333bc4edd4758e9 |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\libGLESv2.dll
| MD5 | c28b74bddb5c56bc08cee2cdfba24591 |
| SHA1 | 8b073fbdb9f5552f4c4333b20e8ff4063dd1518e |
| SHA256 | 8bec94018614cb57f0856c89e5cb26d5c0fccff08c3f8c5edba95a0d98129e0f |
| SHA512 | 964d39400b1e08d87aba4a7131ec5c856817a01927910beec6e1122989099483279dda39682c2d233b86dabaf945bb8915304d32ecca0e60bf73a334faa93c69 |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\d3dcompiler_47.dll
| MD5 | a5ee15126188f28e9fbc2bd6fe015298 |
| SHA1 | e042049db5b1ba4bce0d952ec24f551f59cf5651 |
| SHA256 | 8e4f07b3892cf602e0484b9d5d49f1d2c171788a2a652eef971efee9fdf978da |
| SHA512 | bb8f6917b1a9e6ebc928479986693b71f6efad6d0395f48b446d1a3ed37c1df160455ad2f29804cd905741c95f588e2d8eb6eb0827104a2f1c6ef68a126267fb |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
| MD5 | bfef944d2ac7aa4c9f778d895abde2c9 |
| SHA1 | 763667077b83f2f5b71e4817f93b39f92b9e2b97 |
| SHA256 | e3e602ed1870d7686f689c337eae7b2c2af56dbacdf5fd4e7fee1023e18ce042 |
| SHA512 | 12209f12464a7bb34bc18870b9ae377a896bf57c12a02b1324116529297b778a13fb6847fbec653508a0df996f720202e7cbe029de01810da3bc895ed6247500 |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\ffmpeg.dll
| MD5 | 9f5fa489673b8aea5fc91cc6737ceb82 |
| SHA1 | f13b2a02b77823e8012e5faa902fc7533d36b92b |
| SHA256 | e1392e4690f070e6430797fda7269c9462952a6c72b71d8eccbd300d1f303acd |
| SHA512 | fd0c1d3898d6aaf8013816b75f9a1027c8759bdbd1643fab61dc2e5b896797b5d782a7800127a7e0eae738f158d15be1bdc373addaf61ab9e2ea6899f684c7fd |
C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe
| MD5 | d954a1322d6649bc19e3d5f0f40116c7 |
| SHA1 | acf495b10ebf5a18a340859ace9d14ae17f75896 |
| SHA256 | ec04e4034f9912cf3086e664843e35b0e5100a6711fa92c83b3533b60247b401 |
| SHA512 | 97beeb3d539d732989c29bfe854031fce14f172e2339a1f8b4452dabef990d2141eb51e5ad87dfb0df007c384f6f60f125da858e7aea5ff0e9bf2f554aa12d07 |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\vk_swiftshader.dll
| MD5 | 9acbef7d5eab7486fed176b95e97c725 |
| SHA1 | 86c1ce556882a1e58074465ba959e0c87fce0e06 |
| SHA256 | 14db9a16bcb6424cae6395954006412d82868d9e15ba82d77ca62930e0a4836f |
| SHA512 | 39e08a402f10c3e6b7a92c41426ef6e69f9b4516796b908697be9eadc9fb4b2a9efa31c3b20cf71ce457e384c0053167a8b8c6908e5e4b959187a6f6dd97d744 |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\vk_swiftshader.dll
| MD5 | 2e59ae9ad005adfa0be5668046922302 |
| SHA1 | f28edd73ddcb37312037de15a7e0912e7af4bbee |
| SHA256 | f463d4897684497b1973ff1b03ea54a30e5f541fbcb4121e75e9b020ac669c32 |
| SHA512 | b55eabdf572b3a9ffa521f0f28a803867ea97522f296c493faec283b670a67daeaccc6163f6775be110b81737670d0b74675a517d67dfeda02f03a45b7d729e9 |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\vulkan-1.dll
| MD5 | 4ca92caf36721f570d7df09dcbe1416f |
| SHA1 | cdc88fc5862e4b8ef8cd6d83f0741686ac51a087 |
| SHA256 | c63cdd4ca0338d02813bc89091140bf749f86423c27564402aa7eab25a172849 |
| SHA512 | 6b2c0a0b0b146e0fe5f5a4a60d6dca25f9720e7a02498841c6bb0d5ce4f76a72c6912fbe21138470715b7c44654738a7a7c24e65107808e731faa99c6b547d21 |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\libGLESv2.dll
| MD5 | 7c53c90f3741a2108df70b029219f353 |
| SHA1 | 6bcf80314f74b9cd4949491780d548bf247976f0 |
| SHA256 | a1fb2ad4a24b803099eb8275cb0ce8094ecd70636e5dcab2c286d789ceff1698 |
| SHA512 | 7efbb0be1a47f956d7c9c9818fc3a9c9dcbf4a27476d94f1d07d4eab8d8c1ee1ce550d0175ad4a0ed6f77441cebb02dc456e11f6bce4f9d1c022bca060e206b6 |
\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\d3dcompiler_47.dll
| MD5 | 46598a097badc1ee8518a359ccd01c79 |
| SHA1 | 79cac587e2f3ac74def355253ae2162c0f92fa45 |
| SHA256 | 9946dd77f45b02bc8d6561fda17a977bc4873256ee827153f0895601e51fc599 |
| SHA512 | f371d7fc3f5c71b4a6e74d9e07822b9127e74723e182e842dd94c5282b4c8f539e3ba19e5027aec2dc22e89c1c1b3a8e4a9770e72b364e87b3d969a457df5312 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-18 15:31
Reported
2023-12-18 15:33
Platform
win10v2004-20231215-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Downloads MZ/PE file
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 168219.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NovaPatcher/NovaPatcher/releases/download/NovaPatcher/NovaPatcher.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8a346f8,0x7ff8f8a34708,0x7ff8f8a34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eb20b5930f48aa090358398afb25b683 |
| SHA1 | 4892c8b72aa16c5b3f1b72811bf32b89f2d13392 |
| SHA256 | 2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35 |
| SHA512 | d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8 |
\??\pipe\LOCAL\crashpad_5068_QSHACSSOOACAFQPP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 14dd4401a7cbe561b452c9552eaa8f7c |
| SHA1 | 36b751544af4ad257ef941f51793c397ff9dcaf6 |
| SHA256 | f997e84d8ccce4303e6b28a36d26666ea73b104ebf1c89cdbfd9a2697071a460 |
| SHA512 | 54a9897327348567609eeb4e138476ff4e163ffd4113e3b1070f67dd80c6ce9146b9da6fd97f042269ea4d48cdc03269785f7c16067cff8eec3bd43c7cb1c722 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bfd48c71a443241e9e5213a22868b3f9 |
| SHA1 | 07f9115197d29ad66bd5483f7b9ff7a222b00354 |
| SHA256 | 499256ddbb36ed3591f86bbf9e39232a3c48608a9b110ca396096d3612985070 |
| SHA512 | 17ed09997d9ce6e2aecd220698fcd9da0286903c74131c665424623a882ece0f2b7d7067e1d8bd869f789d71f24387e8ff3dc49082dc2f46d6eb3592e2836093 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3496ba3e88a22dbaf7846f4631e1cc53 |
| SHA1 | 8ff971112fe24053efa7fe10a162d8103aee52ee |
| SHA256 | 2311301d775d30661ee2a369074185c1458d5bb7c92d69a0a600ecd6cb2ae225 |
| SHA512 | 64200f833a1aa7b3319ec6a8c4d9f5d46cb58ec22fc19d25d52f4fe2c16a47ccb4df8d9b6eef111ec663bda333378ca7ee6d6d2053b1f6528684f84d6c3c6cb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 2bbbdb35220e81614659f8e50e6b8a44 |
| SHA1 | 7729a18e075646fb77eb7319e30d346552a6c9de |
| SHA256 | 73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd |
| SHA512 | 59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\Downloads\Unconfirmed 168219.crdownload
| MD5 | 2d75966805ba62146241f8872dbb0ffc |
| SHA1 | 352a1bc5ca405848a4b4fdb8a68db50423eb7184 |
| SHA256 | c5a802fb4227381d058f9f69544fbc2432114af284f3374660903c2fff6ec02c |
| SHA512 | 64f8ee35d7abf705b095901cd6572b7d89a1a7a439191b4a3d89349f77206ca6d0aa48e2dbf5202ecca85c51a577c2366b45ace71d2dd8dda2baa18c2a262595 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f5cd008cf465804d0e6f39a8d81f9a2d |
| SHA1 | 6b2907356472ed4a719e5675cc08969f30adc855 |
| SHA256 | fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d |
| SHA512 | dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d |