Malware Analysis Report

2025-01-19 06:43

Sample ID 231222-1fmqnsddhq
Target AORadar (1).exe
SHA256 0e52092c6be962256a45af18f76bef752a126d333d3eb56332d274940dd9f088
Tags
irata infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0e52092c6be962256a45af18f76bef752a126d333d3eb56332d274940dd9f088

Threat Level: Known bad

The file AORadar (1).exe was found to be: Known bad.

Malicious Activity Summary

irata infostealer rat trojan

Irata

Irata payload

Loads dropped DLL

Executes dropped EXE

Looks up external IP address via web service

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Detects videocard installed

Suspicious use of AdjustPrivilegeToken

Enumerates processes with tasklist

Collects information from the system

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-22 21:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-22 21:35

Reported

2023-12-22 21:41

Platform

win10-20231215-en

Max time kernel

90s

Max time network

206s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe"

Signatures

Irata

trojan infostealer rat irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe

"C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe"

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

C:\Windows\System32\Wbem\wmic.exe

wmic os get locale

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

"C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1640,7981405363394991023,5898302230275761751,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=NaN get ExecutablePath

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

"C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1820 --field-trial-handle=1640,7981405363394991023,5898302230275761751,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo wlan"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp

Files

\Users\Admin\AppData\Local\Temp\nsg9353.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsg9353.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 826faedcc14045e64a0b9c282c373e8d
SHA1 900cf502dbcc1bf0aa4bc6c46868452039b93236
SHA256 85df56470b985f15027ba85d21b3e208422a25dfdb58f6b94f090fc294174bdf
SHA512 7dc43252853c57b11c6972dc5a083894596fe7147d8ba2bceb9eb6ffee25a26f68f3f482138cefa7e2758fa958c82b0e4f88cafba6eb56a5cfa32f3e4a95fdee

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\d3dcompiler_47.dll

MD5 40c4bba1c28b73e96f136116f3c64c66
SHA1 4078b25737ffb6c44eff496aeb7045181d536645
SHA256 5a078fd1218f8ca360b7dea86ef40854fdd425ead98b5d583e2a9ae2ccb4a2d2
SHA512 1aff7c437eee5e4bf59a52b13551becc249060af483cff83922ddd1a6d55ae27272c0122cb97d73bbb98999c8643a0a17dd7f80f31fc2b7562269b12d570b98c

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\ffmpeg.dll

MD5 68cda971768ce584fa1480a7647032f3
SHA1 5cc1b2cae7ed48df66a566ba7c82746882ba1f7c
SHA256 e6456bbcf3184dfea08451f95685d2ad84bc876df7cd191a03d594ff599b03d9
SHA512 7bfc2046b06578fa8bcab5ead2fb728dbe0bddcc2ef2158b11e792a7a3a493f0e1ad464f58a13787b3d905ece7dc5bb7aff3b90b97788bda116596e1d929ce72

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\libEGL.dll

MD5 8352fd22f09b873193cabc2932be92f0
SHA1 5bd2b58854b279f1733c5f54ea2669ee8a888d9e
SHA256 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
SHA512 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\icudtl.dat

MD5 3167bd3b98f72a88ec7f1ffb22ecf5ad
SHA1 a559975603adaf3e13cca1fc2d27a74fb8238f36
SHA256 23af562d2966df987a4e507d65e0b83abea384d6b9cf7c274b67611169a65aa3
SHA512 d6a7dcd40d299c49997ab41d16aa3dafa53bfe491d780212af8df68359c55b1d9388e7123a1badf2b95487298eb3943ce1be0b19f5941b2c6a82edf256c20c72

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\libGLESv2.dll

MD5 88f4c66f046a91531a3528c8120f64f8
SHA1 8e406ca390ede6e8055927b8512974511a48e674
SHA256 cb038fc79c10d4e72a18d4c58550b181b2aa75dbb6fe74f67ad7c04b936e0974
SHA512 315612b1ff28e3dcf792c1d6c4a29a1407ad55829a080d1d83adec17b451174e80838e30c871756617ee74dceffca7151a631cc5063ffbde12201e6dbe25001c

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\LICENSES.chromium.html

MD5 325ca74641d52b931b2a3eb8ced47c17
SHA1 6acda68e966dab4b42aabc058a47c9c631347a27
SHA256 a9f23728d4b747079d8d3a6f4e4434ee7a30277245858cadcd417976de977c78
SHA512 c501e9c062530cb67d0a54dac1837a554ef8849959180627a1dd541107a10508cba0531f3de0ca4837ec6967696da7259e297e9a489986abf32a3f16fec5fcd5

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\snapshot_blob.bin

MD5 29f36c8b6254854c7d3998cf3f470c46
SHA1 74e3f47e3dd7ef11723690152c4f2044a557188f
SHA256 0c4a456367bc17af4a8eb25c2dbfa887fe28df3dfd30c68bb8aebf3aa0ad88bc
SHA512 dd8815a00a7af8c7e1b250d11ea3951bc3df46f8abd1e8c06d7e4c9397c369c87f3c9e73aba3fc9328ead637b53a687407b3009d5c4395afa7a591ba2ee76857

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\resources.pak

MD5 4eacc3f6e10a9d294bf2ce60095c75e4
SHA1 ba494c9945de2726060eba1e5bfacc5c0d7ce4b8
SHA256 a4fdff25f4a9f6b9b73c6da8443d099cedfae3f777987181f7c41359bf5542d3
SHA512 ae16f8d0213f97c3def9a5f754c2bed3a9e783d174f513af92ba808d398f1899bea954d72e178a4f6dc47a285b86c3b9d5f5f5021c2ae140fe459e630e29befc

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\v8_context_snapshot.bin

MD5 e3adb221a1bdab64b11c6e295bab44bd
SHA1 a7c88dc1f69f55e5868ec90c8c136cc62cfc254d
SHA256 dc68fdb8452dcf2d12c43cb5b36d9faf38eba15bf77864b79353f400d287b34a
SHA512 6349527f39fd8522bfecc106d0a2281bb0ff4196d444e5b113b9a30c2d6af78b01b16bd8a0c033d29e12e20b18e15e857281bf0120546d71ec619a9c0657e503

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\vulkan-1.dll

MD5 3a6319c1f010e304b1c96a1a23fe27bd
SHA1 72027e3a544c8bd8780c14284b8e44cde3c98e7b
SHA256 9f34db54264deb1bc2e3176f7b4e4dc05bea805eeac6f750f8c86e0b86098469
SHA512 53e0899169c6aca6b82deabab8cdb7c4907697aaac833495b4569c4c8ec797207105a1c8881d32a700211c0464f1413689c469e214a081d986d72e117065ab16

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\am.pak

MD5 e18a450ef034b42599341c3d09f280f1
SHA1 2001c8a85904962ac3a96938eccc69ad2c110fdf
SHA256 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da
SHA512 ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\ar.pak

MD5 6f3e791b4d35ee7d9515614d128752cf
SHA1 181ec3a84fb3e89336d77f24f562a2cbe07619d8
SHA256 e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60
SHA512 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\vk_swiftshader.dll

MD5 db87acac8a92adf0db4452eb6fa70edc
SHA1 5a432adab63b122edf4ef02c1c6d1ef0461af47e
SHA256 106ecbfccdb218a327fc5e72f39158fbacc2de175f9984c67a494e098c1e81ec
SHA512 85e244ab697cef8696cc237a6f5c674f3731c915dc8861e72c58cc960f57cad59edfc456c62361600e70febffdce5157db991d774104104d0715d8f3daf32d5c

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\bg.pak

MD5 5ba0c7200362c9ed55610cc8b66ef53c
SHA1 d45239c2f1b00885407771a41a7776fc1fe8fa3b
SHA256 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7
SHA512 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\da.pak

MD5 55a8f5883805a65c854d25edb3959209
SHA1 d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268
SHA256 e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb
SHA512 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\cs.pak

MD5 3cfd9dc564cfcc33cc5524711365c376
SHA1 2e5016d2643017f37658262122974429f18625a2
SHA256 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee
SHA512 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\ca.pak

MD5 423651c45566cd90ea5edd8631e823b8
SHA1 13bed4173a08bcbfefba034aada3d838eece6d16
SHA256 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414
SHA512 e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\bn.pak

MD5 4c4e58a91e88b86d2c13c36f0a73091c
SHA1 10f4c1d8f15fd46ecf89eb49c5374f20810c6d63
SHA256 9cdefda122a668b5982da62d8b02d80625a4767a96937ca4c630ca018db5b807
SHA512 ab0db7e71a7692ac46a24b5a6f2ab8ce3d181770ba177ade19a2a1221d19babd73f5e331e667bdd4e740c19b959f180bbad3b380f79d4fef92b323864bfe7208

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\de.pak

MD5 b73344e5a72fca6f956dbab984c123ba
SHA1 0561073aa40a63a9ce9930dd18b18e12ff139b2b
SHA256 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b
SHA512 e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\hi.pak

MD5 c24bf82e50cc815ab92f883f201e1e38
SHA1 d0e463acd6b2864a1025d09db78c8ca66a808fe0
SHA256 060b876e70901c57130dcaa7b86b9d33b68cbe138251d19a7601814babbb0a0e
SHA512 00fd8ce8c5bfaee852be8d94495152f1e4d98f75cd740946f1853e128fabdc1797720470f50bf5833268e6b5f445b8ad37facda63ccbc895793217c9b20609c0

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\ko.pak

MD5 d6e2c18c9eabba59b50d147d942125ea
SHA1 0918879203c2050b4f9f449f5616e430897ba0b9
SHA256 f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76
SHA512 f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\pt-PT.pak

MD5 ecd84b296d3bb312ee18e21017311986
SHA1 f5625523f85c10723750834a54ff59a2dd886fb3
SHA256 fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94
SHA512 e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\pt-BR.pak

MD5 88ad860c73676ffb4025b5c691f29942
SHA1 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558
SHA256 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e
SHA512 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\pl.pak

MD5 644c0ace25d6e532b56510a736c6bc2c
SHA1 1bd0fec952107b493da04c46423da634ff3e1504
SHA256 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7
SHA512 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\nl.pak

MD5 cf6b1cbfd669e9461553974ba37a475e
SHA1 b33867e9bc7fd88ca98a76dc4bd756bcf18887aa
SHA256 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864
SHA512 e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\nb.pak

MD5 b61e42f66d581b6a8929cdf5fb10662e
SHA1 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a
SHA256 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e
SHA512 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\ms.pak

MD5 6cfadaa784e687e6dadbcd80e631bc9b
SHA1 481acb75f525055bf4e45ecabe0eadcb9c492106
SHA256 fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71
SHA512 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\mr.pak

MD5 91092d52da25176179890c10a5f871b9
SHA1 7ef6340b94b20a5060c603e674ff30b9bd85fd30
SHA256 8d219336c548ff4411368ee0debb30ffcaa5d89fa32139ae247d0e17f3d61360
SHA512 b84ef461171d6ce177cf96826ded922358a07f3de77d0640c8bad5b4d5bdc66388d1b6d1adcaf46e4894c78c5afae76a63af2277eef8dd52c4baf58588cc8faf

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\ml.pak

MD5 67e175a94a04e554111bc5591d6664b7
SHA1 afba0448ff6d52e9e6c8a3e7cf03be8e671dc86b
SHA256 e6b52674cc433f05dc40e08e968cc5c48a1a749c8eb1fd5b3fb679b885b2567f
SHA512 1cc83843bbdbbeffc4b1c5f995cf6bcbdbd4ade974204a5471ad10bb346bdc8ed9149f6e964adfb4ba5905a7532d02e71e80f0fd259b2e39d15029b69cddb716

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\lv.pak

MD5 264c6e20b3088ceb4dae5773cef0cb55
SHA1 fb6ff83ff14df008092bc3ee73bda7491e8e090e
SHA256 a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda
SHA512 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\lt.pak

MD5 2d4fca437a7548893dc4b51fa5b33c33
SHA1 c1493013d7d981ea9223716e415380992de65c2f
SHA256 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769
SHA512 b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\kn.pak

MD5 5115cde84b4c674db412619b65433004
SHA1 164f33e7e2e9f685a579da492a6fc8806beb6cbf
SHA256 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7
SHA512 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\ja.pak

MD5 dc0a079ac7bf3893ba37607ede2cce0b
SHA1 9f08c6a265bcbfc2c268b6e816bc654024a56aa6
SHA256 5aa36ea185423726b993eaf56e2cc73494bb2c825eb8748eeb0447612d912818
SHA512 7efcd79f700c6dc27f9305f54d3f2dcc911696cc75d4a42ebe255e9165ea7764f168486972c1988125aa2cc44a150ac63d4a65b1c8d0b6abea7b2506ed8268c9

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\it.pak

MD5 5aa225aad4f9fe6d05ec24905a827d88
SHA1 f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22
SHA256 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab
SHA512 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\id.pak

MD5 e40cb2f3b4db379e4d187aeef0dfd300
SHA1 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6
SHA256 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5
SHA512 b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\hu.pak

MD5 cd456d1a7d0dd156bdc7f25dc3b95142
SHA1 705401b084f44ca8c2ee789feec4fe7f89b2cda6
SHA256 5ab442f5522938370da774c9a1f0bf0755e74444f8e9eac2713037b89ab56c88
SHA512 211e13b149c702362f92378a6cbcbdc589f9f9f100cb10514df14168cb37eec2fa38dbaea90546f0cb07d36a6ad276d3b571e94fa5db8cf836a2d3790ff746db

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\sk.pak

MD5 8f13d45af711d04507acce158681d6f3
SHA1 7974947d3efbbff98099215f95feaa817394f9a3
SHA256 e035176913594686529c3be45ca5fc435bf135fc82cd09e1e2abb174c8c6ce47
SHA512 bdd6894f92a09f0bdbc8796377e1814325afcf46271bc34bd8c89cb610cedc15aea91b5bec720e0ed08ad3693577cefd506a93fe3d10d189246a65a0ba87f4bf

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\ru.pak

MD5 b2e30edc51c24cd562f44de73f1ddb74
SHA1 43c5ea7ab59437c9049cd82df3385c48bae297bd
SHA256 0e772a7ea920d5e4f58b406869b3d98d894e6a74a416b2db7c9a02d6aa2b40e1
SHA512 48246a04d00427a50140d97bf900ac8892edf518b7e3241dea1b75af61f7164a22816a9a4b2cf166612d8bc8b4253ec696a3d9eb827f89725d2ca3e0f805996b

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\ro.pak

MD5 24b01a438a3ab9699d4ca97c081b5e82
SHA1 0d0b082544d23425a74199fb0a6c11192f0bdf7d
SHA256 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca
SHA512 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\hr.pak

MD5 6f92235e6ba003af925a2d6584afd27d
SHA1 3ceba61e9c2975466b6244188f5ea72aaf042fc7
SHA256 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840
SHA512 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\gu.pak

MD5 93a936adfe165797c7007aba3a2253a7
SHA1 23388b1e8f8392e61b2a729e5b8af1c62653e1eb
SHA256 9fbae04dfd2a956e21e45c3398f4a29d316d8236d70ae719b3860e788b2a2b38
SHA512 2fb368a2b3adab5c8959c40e4dcc880a8149e2d344da8b881e07f1d8ba50211e33a9bbc0c93c049603fcd2250e8707cd7967f6f365420ae55a5b50ea792488bf

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\fr.pak

MD5 c3095ce1e88b0976ba7bef183d047347
SHA1 b14cfbf6e46ac1f189595fc09660178525301138
SHA256 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272
SHA512 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\fil.pak

MD5 40bddaf97f64dfea9ebafc7f82166f80
SHA1 90d1fde3c0b27d2184f0353991259c2a92c7820c
SHA256 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2
SHA512 d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\fi.pak

MD5 cc592d91ce8eabaa75249cb78b889376
SHA1 f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac
SHA256 b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20
SHA512 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\fa.pak

MD5 a487c870858027f2dcfbccdc261623a9
SHA1 938fe9745db2f6eb1fdd4dc5f7dd2e219663d839
SHA256 30140ab91eb7d48428cd0f2398bb17aef623b061d4140f5ae99c57f33033fa69
SHA512 85982f50b81a187a2951867ff6586fc725de71f57af39346bd6cfe1debb2ee63e90cbcc796243434ac50ec78c33b0698368662053598db3073ed2f99c3945afd

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\et.pak

MD5 c76db3385190c6840315c4497e40258a
SHA1 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46
SHA256 e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f
SHA512 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\es.pak

MD5 f83d8f7f6108786c02c2edbf3d85f147
SHA1 57781d9d9eb7c90cdc71f78e25d0763045b6d29a
SHA256 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d
SHA512 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\es-419.pak

MD5 b261b1efe945365588befdf68879040f
SHA1 616f44a5f73f0449b483f36ccf831db6474a10d2
SHA256 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4
SHA512 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\en-US.pak

MD5 0bb857860d8c9ab6d617cea5a5bd4d00
SHA1 351b744d95846bff2ce5f542fec2e87439aa0f8b
SHA256 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816
SHA512 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\he.pak

MD5 6a02a37e1ca3215fa9ee0e1b0fbcf5e7
SHA1 89a8a126c0bbf536ac58e29fc50e045fb1b88220
SHA256 f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986
SHA512 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\en-GB.pak

MD5 52e2826fb5814776d47a7fcaf55cb675
SHA1 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b
SHA256 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454
SHA512 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\el.pak

MD5 38440b98bfdf5ed496da0f49d59534c0
SHA1 1498d9207ecaf4923a47271e24c68a817041c82e
SHA256 b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f
SHA512 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\tr.pak

MD5 40491896ad21543f339467186c5efb40
SHA1 695dde7cc35056dcbf0a533aff8299d4c6b61bd8
SHA256 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa
SHA512 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\vi.pak

MD5 5f4ffa498fe6ca723e59a3d5e1783869
SHA1 368bba1fa6b14c2a68ace8c020d4fadad8054101
SHA256 9dd4104798bf61e8ecf03aece9d6d94908912efc481e4fbfea8f78f15edd2d14
SHA512 0ecb9c950c4db6c2838fea3a0bacc714fb0acb7b759dd4bdbc0bb3ff78b21644624007cf28a0d5ee69537271a2d3acc000c22722fb032a251c410f00d38037ca

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\zh-TW.pak

MD5 c2c35fcedc3708b5bcadf36587393002
SHA1 31d72402cbd44ceb921cedd806259c2cd14e411f
SHA256 cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac
SHA512 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\zh-CN.pak

MD5 a45f389cfaa4cf21877c7df43daa768c
SHA1 76f3f40f60a0a110d8592eef47301eeb5121e6a1
SHA256 4b1704138e910e185e5efd01ddf7d4251255a0a57a05021c06f108dd65e22907
SHA512 4f96ea359736dc54d3acaf5e9326affe5f8c868d747f36ca29e586083cb664403834102bfe802a42e21a69de65a51739169a537cd4ab84afa47b8b0bd11070ec

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\uk.pak

MD5 d791b1ecf2931b2fb0c31aac170c7cdc
SHA1 02be115a9ff94fe5250651b6de4323eafc44fce1
SHA256 ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22
SHA512 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\th.pak

MD5 45721668d1272e0691207d24fa460fca
SHA1 64cbbce8a6e6d58e6463c5305aaea6014110149b
SHA256 5a8975dc452da0877658df24f765bee6aeb4459c9a4e2a6dc4fc2a017dd72525
SHA512 8eb6a5bc133550dbc65d568af3bf410258d911cc543f764c49b8a0449aa4ddc9d7fb38a1d07ddee2d7401f789a62dad423501760a56d47fff444933fa2e72631

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\te.pak

MD5 cc5ba24fc76b0b0ad7af90eea887830f
SHA1 77361a688a3adacf0fb17d4a90d57bbeeb144fcf
SHA256 7224a1d5b7e8739eaa38e614ebc5a2a221d4015778f1f95f11402922aa123f26
SHA512 a73443dba581ce1216527c1e3df8a17c73fc34199d58b7663175d1119eb8d754e52742d141da24f14bddb7d9a872615c4745987405bcaaa9a56455dd409925a7

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\ta.pak

MD5 b8cc866826699709181738985b2a6a2b
SHA1 b292e0842f2f025a64105024ab300f7e692614bc
SHA256 6966ee3da62f55759dfe2d1782ce2b3c35ab59bc4713b8730029505608b0c850
SHA512 178a035f963956ba74a02624cb890bae40904243449365789862f6cc73d3a044647e5da039580fa12a27b38b632c0065b23c7cf1ee6ecbc2d1fa6398312a37a4

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\sw.pak

MD5 99e385ebc1ef8d3daddb3a171fa79edf
SHA1 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1
SHA256 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01
SHA512 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\sv.pak

MD5 41e76f7775fc9a2d6e3c02c46e9b32f6
SHA1 088c15c74a68bee69682bf89c31055332b68c84a
SHA256 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13
SHA512 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\sr.pak

MD5 af7083f2a4bd95dcbe792efade352662
SHA1 dc69aa831836016f6e66c6079931503d534a7862
SHA256 e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd
SHA512 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\locales\sl.pak

MD5 e015b6f5042be2dc96a4e23dcf035502
SHA1 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6
SHA256 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4
SHA512 b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\resources\app.asar

MD5 b0a6568d243e0f7e888a12ce3a868515
SHA1 af0fa3fe5fecdc51b704c05e8f38b75b727ba1fc
SHA256 46af5b11ffc78060449a37f8df6398e65d2639736724151fd7e56a97733ed0d5
SHA512 6e21a84f3905638b8ef14ae3dfc3b96ebe2d9c8fbe901a55922fbcd188ab680646887dfc0713247c5c9f739278f86d14af0f48bcabdaf6e8df173fa99b2abaac

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 6118e374d3da57b7ffc491d801adb525
SHA1 36c1c805464ad539627f31dd4a999a99e1ee5e43
SHA256 3a4853eb5080da3a1987e2a4607b28a2a34db6347c5bdcf64d12f6f03a93126a
SHA512 4c7454d1befc372a6789b9ee94b3fcf0e8fe9cd2ab9e4e81944aa9556e9fd69c1cdab53b09cd312b37385e4738e84cd78e2436cbb192ac85ef85fb23c91592b6

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 471b15abc9f2e98fb7ed7361d3f045eb
SHA1 95b5798d80a9410872f6ed485ae2b43ca3745540
SHA256 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004
SHA512 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 7d052885a80cb63811685b99961404ef
SHA1 3be96b392bb5d39ca6fd70acbc92754c59e53cee
SHA256 4bbd73c2e5f1d843c0291ceae7caf5e63192b2b868ba4ab63ea70aa246a96ae5
SHA512 53326cdffd51c95b0318b86019957867900b50d2d313b57d7dba016c9f9c94792c44087a926eefe5d8ffb105793896df6f479472bc2ea4b16a170021d454211a

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\swiftshader\libEGL.dll

MD5 607efd4304cf736612206db6957f5b00
SHA1 5d5510aced5d0d056c25889bb25c89eb1a744e30
SHA256 d6a3578dcb28b455fedc26a5035a4039d1fd4a7997409503ff20dd6fc965e362
SHA512 b989fd8a679d947091bf9f7b6ac60191404be4141f6521f77dc1a6b03eaee98574a096ff70abf40f4792278538580ce1ed64439b1e673341d304c6e34c7d43ff

\Users\Admin\AppData\Local\Temp\nsg9353.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsg9353.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 ce65d7afda46d226455a8ab4c5d2bae7
SHA1 f04f524f6d0dbe3716b7dbf9ad9040b3e7156630
SHA256 e78e4a5063ed454a15f2d7e35ac2baa9fb8df3dee6c9c946a0e7ca52200e24d9
SHA512 585bd7a06a85c808609aba3950478e50996bc5788e29849d5f7313e0cd63d8fc665046c8f38b4babbcdb68e34ea49421b1abfef35bedba24cc8ba0fdd21b4291

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 59275a3f6e389cb39e220dc6d349fe8c
SHA1 ced0967d3e481a9b4c10af92d83e838649f40d91
SHA256 602a787fbe0a4329728062804cd94a2645244c5276ba1f4c80d0b4efe4cc2f93
SHA512 6814adc7a0e1b7de2a99809f69b53511a3105a5871e169cfbc510a312768c27b99fef387a60deae51c89190b9781e8e0716b6a7ada234f40e18bdf0a05bf63df

\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 61216099398c32c2fce7248350c8212c
SHA1 1e1890f4e8af737d81aa9a71585d27f2cc5cd8d2
SHA256 ac214dc44e09c0d4763c17d4b2351e1e73b7e315291e8c703c430da7c88e44e3
SHA512 476cf954b60399d65cc2a1e76861df6b5d82fd17dc835674c5d1f2b84590a556b7e8ffabd171fdb58fa599ee1c2f719adb29afce17d35cd832617a102edb8362

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 b0428d734729de99bf583c8945b6f0b9
SHA1 51faf38c534798f8614a21185aeb7063bc54c4b0
SHA256 7fe19dd8d58b3df5ebbf3994d6ffc66cbd4c9fc420b9803916c9b0cd7198f838
SHA512 a422fe04dafc70f6dc8549eb81232b4ed115a53e40e6a043adf71466025f8941042b96690a9444845150355825c0ab869aa0f2ccbf595abb923ac617e36431bf

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\icudtl.dat

MD5 e29a53b261939360f593506892f564e5
SHA1 68b908ab7e8b61878dc94098e55e3cb6350bb6e8
SHA256 5b1979918c81138cafd1c7151349a3b2379914a42a0a3f8b1082fac4b4dcf9f6
SHA512 3121719f9bc446e71b12da1c60109c85400d2b173bbe286eb61be3d340c58a2e730df0d49b1f5e9fc0c0030ffd4cc14b0a7bd816a729b956031bc09c454d3236

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\v8_context_snapshot.bin

MD5 f0f1d44fbfbd4aba09e1172be3a70fbb
SHA1 2543f170ccf2cf2d5ce132098ce6bf93736b0583
SHA256 bd31760dc1458caec9c0eaaf1e791917671e431a302b4b12d4a98e4d3874fcac
SHA512 ddfaded8655ceae71601533d98a283add5d8ec90327a182961b1e5c88925d0c2db3b19a2165f35dd449e62035cfdd6add8426e574025f9ada67fcf1214e3e132

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\resources\app.asar

MD5 f272c87d3215bfe7c0a17cb12a6c226c
SHA1 362a1ce3b4ae524255f36e2657c430219bf68bbe
SHA256 c1c94f20bdaa98e996920cb6281d4d13685bac423a8a15c3f795bfed9242bbd1
SHA512 8f12562615c336a1aedbd464e6d2b0eeabda048489d853704c2d4c8dd812122251217527b6e995128eb26d571a2eaa9c9661140a3113fedf824cc8882e845539

\Users\Admin\AppData\Local\Temp\60cd2447-2b22-4c2d-9ee6-bf977f228ea4.tmp.node

MD5 dcd7b9382f44dc0dca64f8473670e25c
SHA1 91b338e25dfaffeeb3e80907b3766947dd42315d
SHA256 0b7b903e5ef9af9386821bf0ce4b084f1970e5e575d0f78a35c6f661ad420822
SHA512 918106da1381d403d61657f3cc94d232d83e3db0c9ce8505a402244f54d394c5789b8c3964ad32451cf97dcce1bf0143d6c5a9cd11879e9058d50d7dbb7def4b

\Users\Admin\AppData\Local\Temp\89948e14-0052-4641-bc91-ae50535a72a5.tmp.node

MD5 c157b099dda803554953cd7a7813b5aa
SHA1 5a6c11f418ad0727d0bebbabfd8fa150521fca70
SHA256 fda70dad254ec343c1ae1ab67b46362fa928a345982bd21225c609a7cdbb4f6e
SHA512 c4658bf8aab4d3da8287f11ad9f16ecc74e58aa99ef23a99a2189b36bb605a1cf775d3c5025e8cb8b616f685199335bfce066f25b4bd148af1c5dc89eda0ae6a

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\resources.pak

MD5 b30d68932438c6e0a7ba283a7c1e59b4
SHA1 2ffa74c4fe02f837318c5a0650acf27157a157c8
SHA256 f98353983b9571367797b282500560ca2e1470ffe5ed5adc622c93ac9311d3fb
SHA512 7facaa20268148a0fe427cf9ba4600cec9cd841abb54d8bf770426cae431cc133ceb13514899a0a7412eb4d342fc33befb6a403c644681774bef3e5a246ed072

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\locales\en-US.pak

MD5 8663b6889c7416d3dbbcd7c52a463f35
SHA1 6589771a14547dc8333d5b10e5478a6495127929
SHA256 68256c5e464c1b325a8d4ba873049ec478dfdc318417d442f62d2a675148feba
SHA512 f9cfbb21044fe1a14f5a0c2949d8a695244c5cbf305c8a7eba9c8602c3a2afd57e16e578446240a34672f7cc944f7443bf5fc536334c99a01fea8de362af7910

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\chrome_200_percent.pak

MD5 ca9fe4836bb30708241f26bc3be61487
SHA1 4f5eb83c67b4447f15e092c6f6fd7599c5340575
SHA256 59d34a0badaeea3732a9be0c0dba62b8f3708cd0118a9476f89698191923bb58
SHA512 7c23607482528fb3401a61df95fd222029622b3616a93e115b3ab23a0162b5b222a0f5130048a08eae08745805f81b9491265f8d5688c908b11759bca1021d63

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\chrome_100_percent.pak

MD5 807001e51ac22db45cb7568445c3f401
SHA1 1806f34c4bcfed3c2b55c9256d79aa7e168e4e54
SHA256 7c62ee0d3c1e7b0ffe5eebf7683aff60c7126760e599d6969eb3374bbe148d3e
SHA512 63e13b028007cbcb0b50a746751f71aba3b62b8ce38f2c6a5ea0a105248a47ac63033f806a58b50fce0bdbbd319918c375c50f4bdd416fc36285e95f5be62c83

\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 d26e41558b994d6d8fe6afa7cd2f2361
SHA1 6a15b091a6a8a43c51557922089531b98a0e76cf
SHA256 410349522a486aac2c2c3ef4fc37ddd77eaf997a417f615d1d4a0e0d4b870136
SHA512 c99a6bfa9568bc139d482098d631a0db17fafad1a1839ec4f850dcc6b0e42e067d8ad796efdcc570d31684ccd205264f552e1cbf714eb22440f31ba1ac5aaeee

memory/1036-585-0x00007FFCFC260000-0x00007FFCFC261000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\libegl.dll

MD5 ff9b558db302143f71fabb836b655fb0
SHA1 526270aae8377e0ffd41525054b6308a3e77eace
SHA256 f277af7767bf5f9e9ecd3b88c8501ee36a3507cdb63ba8b0a5e738065ae65bfd
SHA512 319e11bdbf5784fba91a1fa25d7a5e7359ade9fa4ab2ae5b621458b1a58814c3a8e43d6198574a1ca623b7bacffc3d49c0f817386ab4bddd3197f16dc3c4b895

\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\libGLESv2.dll

MD5 08e771cd1e2ee20920b7cf4850bf28c6
SHA1 b9ac9d3566fff52bfac54c1fece32bec0dfc0b91
SHA256 aeaef0274669b45d56f01ded4919c01babaef5f63c07c89f3f28e20bd624f237
SHA512 764adcd8f5636e578472d9445c0a0d5efca96ead8d53645286a059e63b9c0d192f81fa94b52c418e139bcda2f42cce8a5adfcc420d516c1317fcf6c5cfb28c13

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\libglesv2.dll

MD5 7695d96f219e3c5a3f6f0fd9ea9b01be
SHA1 bebd8a2ed0f566ef48b6582a8260fd5f76854d57
SHA256 978468297f9892b0a161f044368d9dcaec81adc29e3eb424cde0aa4278d9c4f8
SHA512 bb919c0dddd03ad25d60b738e3aa5b6203f42bbc7b8eb5d5fc2066046be14e693588046b464fc1a73d2537e6fb19e03333107e7ce99b4e37fd8b3a06b759f172

\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\d3dcompiler_47.dll

MD5 7d8f1622cf02396664df1e7b4bbc45e2
SHA1 5c1b6a70ec3cea48cc2e5aeeb99460244131a839
SHA256 88921eebc1f5c03f0f8b16fb22805c86b5e484d9e6602a339296ee2a3c62b7cc
SHA512 60e6e1f74c273d2f2a7210459bf06e13c68f2921fdbd561749882a3aa35c1037d63442a8484ff771702944c07c89f298e55efed46e957b426618607258d733c4

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\D3DCompiler_47.dll

MD5 1d44a0f4bc124c1a91a6e2113397741f
SHA1 39739d7736c9964626fbc93dff327c655e1f0238
SHA256 e7e677b2ddd1e37627688d1d2463059cf37c192be30e370dcbeb985df2f52e95
SHA512 241d27f31d23abfa16b31978afe597ee048f994ba3747cf08960b8ea2979f3540d567d89c97086945288f48f1b70916b0208beedf7d86c483d7edc2b00cf848c

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 a176fcd821d2d468512223fddee50c30
SHA1 a4f979e35bb537895e2644cd1f84b48346045bc3
SHA256 adddd418cd40d867d31ed44de1af81f57e66ec3f599f9b891c8fe2488c9c0840
SHA512 210503312c44dd15f6947a8ce661834b3347d2818ca5896a387adc8cdefab68c8c90c8e59df04f30812c4fb99f7a419c50fb6061037e3db1b390f5f519e0c489

\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\libEGL.dll

MD5 b9de2f2f0da5215e44c285ac82bf9bb1
SHA1 0df6318cf5fc222c0dc9dcf2541121fa99311fd8
SHA256 3f8df07bd1f7b7934795ee5cac464d5f04531aae411a41ea69297212006f4a9d
SHA512 ea4f706d9a88b39688c4bd2f7d67bf17a59fad7cf54782d6d163174a0e055e19e0aaefd41095194e43fb7938eb7360678c524aa9331e5df70645859acfaf5a29

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 f3827de0b3a13d34ae28b75f522c059e
SHA1 1c51aaa542b42e3d89e50323a07fe54e276ce4e2
SHA256 6f4cbe303771dd1d3a02454d4ab5a5fcf1d12907cb69b70212c89b14fa945a2b
SHA512 303c4f4125fbcd716657220287b572b686b4ddd668f3f18f417681bfedb39a8c0d6f9a85d800b03ba86cda288a37ab82ae2a506187e4ef3f118638eb038a0860

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 2b745b03cc2929d65714aa7aa3be8f85
SHA1 d9dc951729dd431f0c5385302bdc8113b3aca664
SHA256 e113efb4f9c495bc984e732e62f18cf1824022d46a16b0257193d146c4ef8498
SHA512 e0216bfebf9c2be3ed8c5c27bcb7086d88c8ff849042bac8ea9e51b5791e30c2e902c0b69520052ad8d9f6cd51b12198b050ea6dc0531d678cc40694ebbe12f5

\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 9594312edb0d34a6fae4bf6e9ac26f25
SHA1 a6db2c6cbe39ec35ffe2a0d6be9871afd5d44240
SHA256 c9091daf8a4965d23046ff9bb9051e491724733ef1f3738e9371597c64e96147
SHA512 90d16fe77fc8b1b0a0273015009bbe9a191d7c1e539649f1812fb54ac6749e8ad819a9c0a9869be666c9a1c9c6b5f456525dd5b7a0b976f2ceb5aeb66370e35c

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-22 21:35

Reported

2023-12-22 21:39

Platform

win10v2004-20231215-en

Max time kernel

5s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe

"C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe"

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

C:\Windows\System32\Wbem\wmic.exe

wmic os get locale

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

"C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1708,16773283165102716559,16531501018922912303,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=NaN get ExecutablePath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

"C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1968 --field-trial-handle=1708,16773283165102716559,16531501018922912303,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic PATH Win32_VideoController get name

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=NaN get ExecutablePath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\XBXU08K5InTk2IIqnMxf\System\cam.696_Admin.jpg"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& {netsh wlan show profile}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\XCABeQVc9FZr_temp.ps1""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\XCABeQVc9FZr_temp.ps1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\XBXU08K5InTk2IIqnMxf\System\cam.696_Admin"

C:\Windows\system32\netsh.exe

"C:\Windows\system32\netsh.exe" wlan show profile

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo wlan"

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

"C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=756 --field-trial-handle=1708,16773283165102716559,16531501018922912303,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 190.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
GB 142.250.200.4:80 www.google.com tcp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 51.178.66.33:443 api.gofile.io tcp
US 8.8.8.8:53 store11.gofile.io udp
FR 31.14.70.247:443 store11.gofile.io tcp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 247.70.14.31.in-addr.arpa udp
US 8.8.8.8:53 hawkish.eu udp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 51.178.66.33:443 api.gofile.io tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
US 8.8.8.8:53 store9.gofile.io udp
US 206.168.190.239:443 store9.gofile.io tcp
FR 163.5.121.96:443 hawkish.eu tcp
US 8.8.8.8:53 96.121.5.163.in-addr.arpa udp
US 8.8.8.8:53 239.190.168.206.in-addr.arpa udp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 208.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 183.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 181.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 41.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\nsis7z.dll

MD5 4e405a25988687f88310477613ca15a4
SHA1 da893d7c3ac5daa4ca0aa24bad2656526061fe5f
SHA256 ef844225f59b55b32731f019f72208fcb81c117a05343ee992245a43d7d91ad5
SHA512 d68e1f7946c360e039dd347fd591ab32e8920bc0241ee9911163d92417e4b125a067b678399d9b702511da6995341681fc4ff761ea3749f9ab19d5c6e85b6265

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 b990e8616d93c6d4a06b7cdc2f643057
SHA1 45c09ce396f2136910b09c1de343dc07c30580b3
SHA256 4a6a5021c8722fac79ffd544d55799a2b6c19e90bdca40ae6d2efb53a38964f5
SHA512 3745b0d1f60a10f46a0748345e6a8aa245aef3e5848e70b125a200ecfee5f4f518e3d2ceda0c13663d3c1c79c4aa68f1fe7674f770d0f672e8afed23ae120cc2

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\chrome_200_percent.pak

MD5 1eb2705401b71f2dcf31f326cbf659b4
SHA1 8173f9449e6d17a926e8bdb9d4f73f92a3641540
SHA256 997c9e3c8966b0820ee8635be125524b469dc190c8fe20a0bad3d87466bac969
SHA512 9a42a9fe86e250d233d9a9875276e788c31db62ea1e86c6a343a1d942c26e2e7ea77abb66ed25bebb84bea50aa6b695e1b377be2e82fc757b672e17f076674bb

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\chrome_100_percent.pak

MD5 809cc94e00c51577acd8fe2cc7752943
SHA1 55df725494292cd135b2f3c95b52340633df3d7f
SHA256 c24f418a8ae0f75a18cb1f006807c677d76e18432fbc9fc1de2c1f31610c3ead
SHA512 4b9d7678757d3535b3c3e8a1bff83a3de5803a004bc17a77b2cd002cd2d143d398d54c7a99d95cab4cb4b4a17ac2be16d10ec0dfd66eb83a1209f50b9c6a6eda

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\icudtl.dat

MD5 7ef0716750f199b7d98569cf6b5cd342
SHA1 8675b4735d984cdd85faf9e778fbd4ab76433fb9
SHA256 6e779eccd969dd1f6982a026fe8d9b9151f599f81f5683e31c2274bcecc5823a
SHA512 5830a9783ac366253306f5918531405c6fc7395ebef17023262c0143df2cd5c2325106dcaf1d5313e4a285412c4fc8090a48ff8ecfcd6fc9aa04a6c5eaac5ced

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\libEGL.dll

MD5 af75b488ce80054e88cb97257599e6fb
SHA1 5f914f3caf0f5b531d5141a315d45675d6e65d7a
SHA256 114fae02f138489bc4337a634a52ddb6a8d665fe95d7b976fe31006e3b8b9a90
SHA512 1ce98f8f8db8e2f1dadc277de50457e8a56cca8cac506c5e929cf1ca49022f6faa3406d3e29600877c9f5fefff467ebaedf62dec094f2c9bce7dacb105039020

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\ffmpeg.dll

MD5 4f876935259799504adb90628a1647d8
SHA1 542e75c0b9c4f4d46ef0190dc26b3cce26001919
SHA256 6bc3b5aecb42258c2eeb91cdf3c1ba148e0d593756df2afb7cf64a29f96df56d
SHA512 b6252fa22165b31c4f5f9deca6a246d1229e235ac29c5f404379e0cf4be5c5ce4aa45d20ba448bb2bb435d4a6431c3e380d254aaecfe4709fdf80ce0cea519cc

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\d3dcompiler_47.dll

MD5 87b840808ba55ecace54e498b5391717
SHA1 a39f102f70efac24c9d0a354e6d3e3326b64fe98
SHA256 41d7126123578306f78c85b3034f3295068c133ba063db56b4097fb6de5e285f
SHA512 1f15c34165ac39c13476074aa573363c751576fc74e45c194e994c2ebe681cf35c0d380bc1c7181b26a2e452cda61e9dad25d0643c2b2e7ea2a575786ae8e9de

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\vk_swiftshader.dll

MD5 75a1937d19af7745e7e9db0844bd197c
SHA1 728fd3c8b8541b2b1823cb50025d4093c36495d3
SHA256 cbe6047ae3e0b3518bec645d3ba010e20729706e2505b34171560a2fec336a01
SHA512 be0db66f55cd68f3c291e0bebba028162de0b071fcc30e64d39b134434af15ec5fd7b898e03f5e2aae8bb27b5652f2b0f9827ad4ad72b5848eb0aa95bf4e9c86

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ar.pak

MD5 11d1d8fb5d0fa5d86789dcc4f9c98569
SHA1 0fea77190a4ca0998a8ceb78a7d570e089e343a5
SHA256 225a02bc7aba965d182f15025bbf46758436e2758f0c1ecd09a023f2cc0e9a4a
SHA512 a79cf2fffa14d65088343f6ce49a58a54f3684c50f9ba528e78e5ffdeb293c7d14576f312ea0077f1f96bfbc65bd87169439262c0ab3756db31255fde8da6100

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\bn.pak

MD5 5be00692037547074c5c3ea477319e42
SHA1 bf679b7a3ea75546fcdb446c1bbf9d0541cd41fc
SHA256 6bdaf9eae14a52ddd742ee59aa229faad7bb2ef1c6c61c99e8e2a9fad379eff2
SHA512 1775bfbd901bdd52a3ec20db9fbddd712053ac9f7a3b5d7972e4515f8e58563b1e3b21cafcbf0c4670b06f2efeda95c943dc450ea38fc9f2950ed0c9a09c6704

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\fi.pak

MD5 cbfb4d0713cd7289e240c3fffc9acf35
SHA1 7f111e6b776f8c0cb35d005b7b5e8490c2f3de44
SHA256 d52a8122f76a48fd15b9645ad480084e8bb1f0e896066f25fee1966a513ed4f6
SHA512 a4f49904946b60f276310976cbeac3c0faac89b1f33d9cfd3d85f148a06861975acb610876676c48b955523cc7bc90705d5393b92f0c5d30817ccd31414e572e

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\kn.pak

MD5 3abfd3e751266c3d642b5358e555f225
SHA1 177762eebad7497d980a07c986944a9f65a8c331
SHA256 caeb2a9638d96688334c887f9d33ea88118532dafc299b78746acc8a54b5c9e2
SHA512 eeb726dbc15d9b98f657514ac013ea6eb65d8659eeb7f53ae3c7a956e0208a6b53a3fe22913f0f6c389e00b29cb1b6cff1f4079c0eb41c1e33a3a4bf6150e806

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\pt-PT.pak

MD5 e2b2bceab209b5fdbd49b4a9944efacc
SHA1 4050804e9a315d83309fcb372f487c9ede69bcec
SHA256 95cef2ca83d426958d800b71e7c7bef94a7b7c0ad8fe23e4880e1fc2b788183d
SHA512 e7e7e4822c5498804ed11ffc46889e25846edb09250ff1c0b2a56ad77eb7604785fc860643339b3c922b7c91253fb56aebb12d99e1555813dd67c1760fb883be

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\sk.pak

MD5 7bcf06a1ac7adf37de3bed3b6c7ad23e
SHA1 8d8c39de4910d4d8920199fb7b352200222a8fa7
SHA256 74de798d62d95de3753b3fea76b2c811733fe3ca9ae8972baec0384dbb703b78
SHA512 5e557f9d29ff9ca6a2ea049a948ef2469d7a3bfb49ee3a732aeaeef201990fb418a9f279c118d7a1f28eca5f346375f5f86cbea34378eea650f9122851ce0ae7

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\sr.pak

MD5 d16c3a6264af5fb2c184640c42be1154
SHA1 362b0fa810c1b1042d167e8bb535a4e44af3992b
SHA256 83f7122d258a7a8066c2327000ae0c493cfe8530b2e94f12e153b5c8c3dd3ebb
SHA512 2fe18ec94cc51a133af04a5d0870a739b1ce811a43eeaa9f472e156fd98c1276e33a00b589c903f5677ac9c39024764ad85b5c373879795f9c15c500de8b4903

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\zh-TW.pak

MD5 0e504a8c7dfb008d248a94745dfdbde7
SHA1 0b2c00643b5c9bd0c6b505c375f2d037accc0bea
SHA256 c6d179ab151dc7ee646fb24e290ed2c5ef6fce7e134c4a8da4e0dbcf064a7635
SHA512 335e6619e703ae396861543a9e0f65a131de87fe11b779df71fc6e9334897f378a1353c24a18b4c8bd5c93448874c45099abffc870eea135efbc64a277696d8e

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\zh-CN.pak

MD5 cb1b12d9a922eab33312718aea6b8c34
SHA1 26bd8603d4016caa917a51328e10c8aaef12ec02
SHA256 6fb3e7a5a18cbc6dbef74cd69074a367da86d963f5c02667e64731c103d877af
SHA512 7331de2de6e863a4c7b78e37a3b43b36e072c35f31c60de16feff83e114fe305a80cac4129e528ff11b76cbc232d83048c9eacfbfeca1be787aeba5133d10e58

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\vi.pak

MD5 5136abed392ef5d8730b3b8ba66d8492
SHA1 68c2995710d7c955425f91287ed229002a5915bd
SHA256 ef881862f347d3b9f3d8b509d6c9643857ca11f178b700afbc6231162faa0b14
SHA512 0e7dd4a61602172985934f035f70d7fcc8295040050fcf1ed88cd6579ca1fdc3f4b62a97564135f3114c1e0d0b8edc206d03614183012d1622c85389c54743ad

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources\elevate.exe

MD5 d7dc7a1fa9173a04c05d1a76b80a7904
SHA1 1e31a4b33917c586c2160e0ac99c0dcd473178c3
SHA256 51c4757c9c75f075c7afc1d2c2dd6c8caa07f1d30dcdd7ddf0d357415be26000
SHA512 e77b9e956562671a3c044241b55cf4aa0f2befbd4633bf2fb6439b9debf0f5121947127106b0817fa73850c5b8b994e4afcccb955251bb09858421e63ff92350

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 207dd32b0471fa6f722f3dd2458e12f2
SHA1 af66c4ff54c21767013faf6ae4b2626f2f18f620
SHA256 46b54511b2f28e4b7996f311360c7358dc43759872992cc47aa92df1f3ae4407
SHA512 6ee67aac7b307e1fabf1b7ca0e69d234413d286b0ae4b605685a488a5a03a24d80b593b89d2e58397dc5a03318600439308a60c6679092111648176fecda80f8

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\StdUtils.dll

MD5 33aa9c83981c7f391f569eaebd10e823
SHA1 c46398ffb89e5bfb9e031afe112dea7cd18fb185
SHA256 c2a25205c60ee53516b4105081acd22861274eed6ba855e2a51ed389f09c75e8
SHA512 b45ca5ce931e66df258e42d2e2f432dcff4dda0a0d4b910d2833d31dde919f6b59b898f84c18ad901e9ab822327ba6adcbf3d2ace6bfa8dc9d5114e36cf5d6bc

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 d426f8903969915e0e888ae719469402
SHA1 bc72c9ac3301014638dd0b8fe0abe00c59bf3e76
SHA256 e31f5951a091a80ab999df3badcd401eb6e18d0123d3a196b9be8d1eba251b26
SHA512 b9dec9259243618b6353fb84efb509a8caa297bf2d9fb82d3e825a0865e9d8b24eaffd713bbb5eb68a68a9d383403afb314353c7cb3b2146d3ec94c61ce9fa56

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\swiftshader\libEGL.dll

MD5 746ff02ef0a0e9115051c9ca30a3dbb8
SHA1 963af35819a2bee9414e9ca1ec41d03422fd23f3
SHA256 db77989e19b854ec249fa95c12d6c7eace78e0ed8812c0346d31022f7e004343
SHA512 ffc7e1eb086767e8313704530f25453b2dc4318f912843570074d0c9e4d84c0be139cba87ded36252953453bf67a350263fe8fdd3dc8b4d553c4ea05aecdf5fe

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 471b15abc9f2e98fb7ed7361d3f045eb
SHA1 95b5798d80a9410872f6ed485ae2b43ca3745540
SHA256 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004
SHA512 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 0ebc5d5e56171a22b2222e068ef47304
SHA1 f3db665439339e155f47284c69742be1aa6f51f1
SHA256 3ae60b17ddb948e8586ce4f37580e1bc234901de05fa0b4fd701638ec98d0b5d
SHA512 2ac5e9189587c27d5167e5dca54992b0d2cbd42bf013928db6897a2c9b60634afe44a972df0ecb167ee208ff6158cd4e4d4bdf72bab3c0ab172c0ec3cda744b9

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources\app.asar

MD5 0589baa2d3ef60d7f97c6d8602a85056
SHA1 1e446ad333a1be56fcae79764838c9dc7b2f50f9
SHA256 7c6ed9421222781e129682f8eafeb48e6e87e7f23f66d5bb1aea6a3c7bf64565
SHA512 a9e52424e1dd87f80df03b3b71bf415f4baf795510b4c7c16a98359d2506df4c7aef967b13dc2ae27c9fbc75d04a9d849b7c570b827191e1a0db995d7f1748f3

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\uk.pak

MD5 87dc3a7f8772edca9de6fc2a0e3fb4d8
SHA1 b55d831818b23505339d68bb927f95de498e3450
SHA256 54daf525de321478e9d874ad35a79921c3b912f627f9b0cae9968cadabce344d
SHA512 60af746b13a56b2f4df6dc30fffde1ec2b15e542ab4e9cb432102c1ea708a3676cc5f03eacf1b0f48c1a3c13c679af276ffbe5768833d794708e039aabbe9105

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\tr.pak

MD5 40491896ad21543f339467186c5efb40
SHA1 695dde7cc35056dcbf0a533aff8299d4c6b61bd8
SHA256 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa
SHA512 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\th.pak

MD5 5ee0b6932ca1b3bc623ac5b1c60a3158
SHA1 3fb36fab423c2075cf61c3d99c105e2b25e596e0
SHA256 4efd415b8271d1f0123a2fe4afaaaabf6a77b81db9b0aabebdc470127102fff6
SHA512 f7b081fe98414cccb3f8fc68f97b97940bb6fb82ca8d4f4cb734a53e80c9971a2505e448af1967b7cd3a04a9fc16b22e83fe01fd017164d0001af657ff3c1b88

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\te.pak

MD5 4ddab6c25e5b94157722213a95c3c0da
SHA1 c133a407b1f74ae75b3769302f2ff66822ede2ab
SHA256 d4a2fb10e496bbf2d744337ed762ff47a33eeae4ed3d1d667e1e9061de985770
SHA512 1154a9318604082f1b19537be0cc3ed7d1f8ed353aed95ec82b6bf203493f7ceca6c8996e50c314593fc7b2308f5172d5d4d1250aa9d253889dff108d022b296

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ta.pak

MD5 32e536e86a0a84801d6e4a9708c06545
SHA1 0705c08a386c4d9fdb1c3464fec1ac9d112d26eb
SHA256 a3f64326da4f0a280eda5b5b2a7c2ae6e1a7f27a0f76984a7dc34c7ef5422c1d
SHA512 dbaf1151ad9577802a5598c5d7ac0def1c1218d5e772ed2bb43a4b98d433dd96ec7747641c0a7d4810fa747670c824c106fed1c30e02d3e1d57f7f8449405254

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\sw.pak

MD5 99e385ebc1ef8d3daddb3a171fa79edf
SHA1 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1
SHA256 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01
SHA512 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\sv.pak

MD5 db02c78f300841a842ebe7a8573ed97a
SHA1 5635cf5157251630e572bf59ecd0124643a7441f
SHA256 d0fc9fe3ca7b68ad534661650de3516bf2fd526cd19977a6af2c853ce111728a
SHA512 6ac3c8a7b2ba07a5ba4f2a018ddc980eb628b0b2afaedc5d36e805df13ce7a8d1b097213cc8933cebc100028f76bed0e5922013f5c2a1e35a3ac26ab12370ae7

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\sl.pak

MD5 62d438b30f01a6e5a47d62004989008e
SHA1 27358db8640a1118bc478a1b49fc84ae146849be
SHA256 d1be0dd826398bf6425ae3cea44d0a630066974d88f78280db940dc627d1f519
SHA512 b6c10e320a2772bd176d85d43751dbcd0a907ec898f7b26e62c5a94d66aa74c96b0f1cc790099d0809a8b153258c2cea7169cc80fc980cbf613b3ec909bbf713

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ru.pak

MD5 c7f039810c5b9e9ed1f78d48e0938c3c
SHA1 4df175a68d89e2d20da9b97786c456c7e30226da
SHA256 756d14dc49127c90577fe07152e424da8e3c59ef9de1432d4e8273ec5de74621
SHA512 7e941935606360db94a49807bd40d9f85132ecd314bfe5f3eee008dafc1cfa2085f418df23b8998278dce5512c5f00e9376aa1a2e9e2adaae0f447ac1d233529

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ro.pak

MD5 2bf1922ffd9947c2898caa6feb06c12a
SHA1 3b5ab129cdc6422b689ebaca5a14f4e9af66109b
SHA256 0c98dcab67e14300351a0c5f19fd17c1e1b7b732e1452f1d332c5f7c19b8260e
SHA512 d32dc075cc06c172f6a6fce514a44139dba728bcfef77638c2f18cc58fc1de9ec723e0b1e2db42f2f482b5139ae8cf9b0bc69b9334b8d4e34437d072f8084dee

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\pt-BR.pak

MD5 13361814e55cded46503fb5e337edfcc
SHA1 23567065075384d0a8a4bc198cbb20c5777a22f5
SHA256 e44d6e367ba170e85488806528acd9bec284dee485ffe37e15396a3afdcf4115
SHA512 478da116eae99819c2fc37a8f7642461be3b57207d2659aaba47a39168036fd765a7facb58c3d6362961a06a3cbda67a258fe1969ee921b0602bf105be352a91

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 447d7d898e675a3208dc3f047702a114
SHA1 bf065e0a4d31794cfde0a9acd7ad79240eb24ca9
SHA256 7c7aeb6a15999295e598a50cc8268c00496f36ddc3d3690f569f44d2658b7e40
SHA512 1af7b9bea8af07443672ba9d85d531e073ddb6a9e4aa647a357ba579d423c04934800f7eebf9a389107002a50a0419eb3cffb02a87deafeb93ad067c406dd4f6

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\v8_context_snapshot.bin

MD5 804be0ec173b297baa62876dbd750830
SHA1 6ea301978cb34ff638d650b0942094d9d266342a
SHA256 3c30d9ca5e81a79cc25dbf366051ea18114c1dd4cf39dd8b3d0d12821f32d142
SHA512 82fcd4edf0e12478a00602f6ef433966d125b612c0314ae0140b7e59625d57b30386b78f32e464c4a8395593c0d74926318b4dd0b6bf66e6d42d671682a4fa55

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\icudtl.dat

MD5 7c0f24ec66effec37322cf5d23d0f49f
SHA1 9f6005d674f4dbd4bff8904a2a6aa69d013c6597
SHA256 6397ed7fefc2b8e37c07c8a86c5d6cdcb9ead2ca7b625ee1a21883273d604a8a
SHA512 bbca49b42e402f3075d90e680128a3ad0383e0804c47dfda51d8a007d0e5bcc1c4b5019eb67b9694d461400ce7dce37d3f85159f9e2f753596b122b122ab58a0

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 15868a3757e2d41922c9251ec1cf909c
SHA1 6f1075eedb6c85af57c86dd8a3a35dcc6b978e08
SHA256 257b1b9362d6d80f7e3999c7ab7883bc7dd33aa543ec9084a9fa7cfc771f8655
SHA512 ed783ac2b7b3b65e0c87c87fcd4dfb79dc46b25a97239110cc6c8786742488c301bf8430d1fd1e633ee549623e440e2fd8faec5b660306711d8c4300612cf7ec

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\pl.pak

MD5 793072a3ea8a18697f3e5137f71ba25f
SHA1 a075909eb57af6656aaad54eed9862ba22b27494
SHA256 a4dd95503803a57b6a431402a9f71868e199dce9af2b1990421ac84d76748960
SHA512 719b6e77d12c69935d5d53927a879842ad7fb89593856360e5baf455d77765b6150c79fe193023a2976864ae5de76855fc1fdb104abd51f73b19af2bd16dc145

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\resources\app.asar

MD5 7eb1664f2f78b33407d98541c7274f89
SHA1 b24a98955d2f0f8ffc85747951e777ca94b1f752
SHA256 f26fd5d4f5bb6265ce7e996412c627fe37f48ccace066c8862e1bb27a12725fd
SHA512 a1dabc6513438a2a486617dbc9e7e193cb22948fe136ec9dfdecb6e95e46b14cd651fe0cd8ffaff16bca4326926db2bc863f9b3ce0950872d409f531882fb7e4

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\nl.pak

MD5 53233cf3be0fb1b1c7cba9e84348dcbc
SHA1 2b6555ea4361b1cb6b635b7ed3c3f72479f091b1
SHA256 3abb909dd78bbad84f8230d1ead7521944c87b719c5d23546bb7225c62d1fe28
SHA512 f35282925b513260f35f7751f974cfc20063c8a2470bb0e1e6f27e6231a8fac3611ca656dc8ba2eaba460ea6333bc9c09d09976603a08e96a68be64207dc3de9

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\nb.pak

MD5 b61e42f66d581b6a8929cdf5fb10662e
SHA1 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a
SHA256 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e
SHA512 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ms.pak

MD5 6cfadaa784e687e6dadbcd80e631bc9b
SHA1 481acb75f525055bf4e45ecabe0eadcb9c492106
SHA256 fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71
SHA512 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\mr.pak

MD5 79dece217f66519e7bdfd9a42db43040
SHA1 9f20bcdc38d267b592247942baa335e46d5b7abb
SHA256 f0021ef943d137eb80647d4c7bfda73eb7999caecf3d49ed3a83277dffe51ef0
SHA512 88602d8a0a5d82d162ae273fe12a460434f6bc0c9d0acc288fbce1a1dd42bd309a86c68d02330b2b6f52d2dc71b97e88f4e3b263c7b29962492d1fa9e5958232

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ml.pak

MD5 f731dc70fd8c87e04cd3ab3bbdfcc431
SHA1 9796c9c9b769c69aa992ba493665e54bf8b90b06
SHA256 e57874b170a95da34f4d95acf65b6e0d289f8e874f260ad42e17d610b1e79588
SHA512 4c6592b58d0d4ed68c133892c535fd2c41f1cc5ae1a074d6ef3e0514abfc6001337bfe0c5b349d5231ddaaf5fcf849ddfea8b695c0ace5ee0fe3d702df1338cb

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\lv.pak

MD5 58b719840395aee67d85f9a18e1fb50d
SHA1 c517dc10e48f45db8f354597658e5b44fbd1fff2
SHA256 fe10881730a0a56a207a4b7fd6101681b484d738682337b45c90b1014f6c3bd8
SHA512 bb7f00a99a2018e6996f3f6bc871a8ca1460d64091da77d2176edb20132649222e95108fe80bbc6b2fdbb1d1f3e3c5964065cea5ea780a0191f9ce743949a6be

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\lt.pak

MD5 2d4fca437a7548893dc4b51fa5b33c33
SHA1 c1493013d7d981ea9223716e415380992de65c2f
SHA256 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769
SHA512 b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ko.pak

MD5 d6e2c18c9eabba59b50d147d942125ea
SHA1 0918879203c2050b4f9f449f5616e430897ba0b9
SHA256 f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76
SHA512 f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

C:\Users\Admin\AppData\Local\Temp\5f552b90-2bd4-4c53-8632-16d71617961d.tmp.node

MD5 59cdae26de02461825a4149b5e31e503
SHA1 caa329a7e46457cfe45103a92c031d9e6891e36c
SHA256 c7db323572bf769f02e0c73152a032b9ad309c4a50ba714de71075f1eabe5cea
SHA512 ec74da573e8fb860f758a89bf55b1f5cfca47345bd71d2b5c1fc0b957d64d04de805b16b5b0847fb5a959dd196ff2b0dbb615c34c5d6be62b99f808d4b50963f

C:\Users\Admin\AppData\Local\Temp\4ca03bd6-0708-4c20-b943-f69931f21432.tmp.node

MD5 1a67467fc60eb875235d76650090e8e4
SHA1 0ed664a49bf8a9cef8a1d07c63847aeee80afe74
SHA256 c7c49c21679b015bd91376710e64b354f7293b31f27e90d6ec69ab90096af6f6
SHA512 2a17e0c0d7aaf04f80dbfb7a9f69e543dc3f78b96ccf9c12e0e2121a6c75b990a9fe77045241aec3af2e6b0d57d8339865f0ef185fb7091d1cae3b136660a848

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ja.pak

MD5 833e8c4aa70351b6be7bd403e4e9a0a7
SHA1 46ccdbdea35deec8ef13a5fc833776875fad187b
SHA256 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0
SHA512 e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\it.pak

MD5 5aa225aad4f9fe6d05ec24905a827d88
SHA1 f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22
SHA256 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab
SHA512 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\id.pak

MD5 11bf9b6f33b66fa99521c56549ff0f2e
SHA1 d7e5de2abe19c939165d296cdba90bb9c27c1afd
SHA256 835c2ab92c19f3f3d9c6a7ed4ed54980dab4d71f8bc249dc7041abb4e825adec
SHA512 364f9d65c4165dcb08cc1aa9ba8d021a0f866013556f23fcc483e005fde983f398916886ac2534e5203a546e412696ebcff5e331d1a97046ddb8e13853ac0dbc

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\hu.pak

MD5 04f3cf4c3c8600d2945430adc660bdd8
SHA1 19740b583328fdd64822b27cc38a44006b8bb8cd
SHA256 5e79e169b8c7d740ed20a907a7f1e3e4e7b496a7d8aa627669c3c054d8dd2f0b
SHA512 b1ac65ca40e9c9a046c704b3896a756fc1fb080095462f42aeeeeb8fb21511b5850650865d4a5c6e882c24c9eb1f1a8b757dd6dd1ba0d45bda417329cb586e76

memory/1824-580-0x00007FFE77490000-0x00007FFE77491000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 20b6d4fe496b7acc7da64736b0b865ed
SHA1 0c6997c265ec9e9d99d6edaebd38b5c3f1c1a0c3
SHA256 ec467d5f1e3d27c7c6b8ee7d6ab6c08e4a4f9ad7cd9dbe080db6ddc74ddb4e3c
SHA512 b12884471d4cd8db464f0b911e217e8eb55d873497134e23a16c3c79753dcced98195ddc8ff100904ca2150e18ea133f086b7b1b1186a86b94f5ff8a18acde9d

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\libglesv2.dll

MD5 021db3f5528c5641fd74925551c5b4c9
SHA1 0c5772c45304f66d34bc997a0bfe446aaa919e5a
SHA256 97ef8cb9208921c3466a0317991a9811db25fffbb75301072ee4dc5370d65d06
SHA512 0fdcd29ce6c957f8b89b0e72ab431a73f2093b16358f39f8dd59284e9d22962117d3d8ae939436ea225ea9246dc234d895dcd8bc1d865e403515aec9c7791aa2

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 f1df13d85ea3e3c04b01cc59741f1bdb
SHA1 63ba701047b8bf883c61a6fa741aa8cc9868a7f2
SHA256 a3f9ba41dec78e0d6032ae0c5aef024935350181ba353e1e9d0476602c6f3bc7
SHA512 a4837bd0ffc58fdf750679719ab46bb617a8c2a7b2036e4a039e47147098005089c22b43db82dd338a91cee88052eed1e010a4190ca1e2edeb799dd17b381729

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 5bd600e797178533a494555aa9df1f0d
SHA1 0c9ea41f2ff1302dc9c7f1a55ab3948e323c80ca
SHA256 b9335761c1562253aa7698c5988bc2801d77e6f2c86e62576fda4353eecd0e71
SHA512 6b5dc979c6ea69188e955951d2122e84ede75ce804b583d0056be38d1d2eb80f7b3db419398135c557282b4605512d11c23aa0c2765240d39f167938babb5866

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\libEGL.dll

MD5 3a6aaf8167c95374b8cc65d81f0e0f30
SHA1 3a30892e48642c17517c64fc61289f83b3f3f592
SHA256 b76bcc6948c9aa5d126c8793e8217e3849929877462f34ac03ed63e15238311a
SHA512 a4b9dba8a6cd44a4146fec8151ff5c30afaca2c406b6cd71fab28f55188bb4ea7f763c80a8f2962715ec484261c9dfe89299982ce6a82accfe9009bb1da6a420

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\libegl.dll

MD5 c13875869b43f89bbd06747b08134eee
SHA1 4d55eb9c10f91454242c303dcdaf5427a9427d8c
SHA256 b1b63f0c35f556c489b3154cde4bb0d23d9cc0507233eac8ee735bbb4d7edcf0
SHA512 0ebb6b62cbd6a373f809e4c4e1a44e3050f1ee013d712fcf9e6e8797ca31812aeafd2ba0602581b08c24514ee1f2c187df028baf1fb25356a58887494cb06f8e

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\libGLESv2.dll

MD5 dba6818dc47d8c24fcfd631e457dbbc8
SHA1 8b7efb29585f2b4c908581bdc8880e0964deb50c
SHA256 71225c86563492da5ed935c1b3f5a2334cf1b8ef7296c247ad22766d657cd4ba
SHA512 bed8b0ccca8ad824512ad4c9926de8d1232a338df104608f037ef16f7211638d5b34826f7f2038dc56d25433cbbbd9c03a199ac22e97f6d4a114acdd12dcade4

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\d3dcompiler_47.dll

MD5 e19a43988d1bb62d3b57d2ecd54dc930
SHA1 32043e4b4ccb334b0de446d12ca93e08d7ee2cbc
SHA256 44ec84a0ca9f6de9ba4b157d84ee8acae1ab666aa2f736a491155c597fc4980c
SHA512 29e26e29f564d2609b2649ad2891e4bf7e56fed8a7b7fab610dd813e1d1ad1b4b2cdb25da4645b85aa74a92d6e772d1a2701f4a7243cdbdffed2fe795169caf5

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\D3DCompiler_47.dll

MD5 744de89f4ca4eb931794008fd24b70fe
SHA1 22e4bf65204b3288c334ee2091f4ba51524aab39
SHA256 0b5d83e93bcee8f9c683f246561dca1c963d124761dfe3c3587094a37e8e2649
SHA512 80022381f7f17d596005bf9b0073c75f45e819c8914dcc6a85de4d50b7336a94f155f6394f8e6a5a6634e05514f25dbe4423773b3409ca08ed78198ab260130d

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 3a911580a8505cc4fdc72475e7c9979b
SHA1 23f7c003fd532c5e432517fcf1c9b5e17f08ebf2
SHA256 2fc7c121f5204955c6b2ce764e90014fd06dd901b675ff54b43f543ae889fbb8
SHA512 dcd4eaf46154e60c292215179078898494cf7f8d73627b694fa5bb1cbe8beddcbceb401da451b74627a5f3126bb008201c344e543a102321e6a83801d7c39e4d

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 3e9eb1dfbf95b00e1e417758b3fc99a4
SHA1 5466b738b9d4d09fe1617e7cc00edee44d8d3ad8
SHA256 46a69be163600c950b987d344042e852c42e004c65882b80bb0fa7e3cc5646c2
SHA512 00c4b2650019b82f689288e79a29de6104bd0b1098020f10403cfb1762986d195fb68e0f505396276997d85e420fd308dd0ae45d7210cf35f10b045f3376d731

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_t0oppnmb.el5.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3724-603-0x00000277350F0000-0x0000027735112000-memory.dmp

memory/3724-615-0x00000277351B0000-0x00000277351C0000-memory.dmp

memory/3724-614-0x00000277351B0000-0x00000277351C0000-memory.dmp

memory/3724-613-0x00007FFE55EA0000-0x00007FFE56961000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 6cf293cb4d80be23433eecf74ddb5503
SHA1 24fe4752df102c2ef492954d6b046cb5512ad408
SHA256 b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8
SHA512 0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3ca1082427d7b2cd417d7c0b7fd95e4e
SHA1 b0482ff5b58ffff4f5242d77330b064190f269d3
SHA256 31f15dc6986680b158468bf0b4a1c00982b07b2889f360befd8a466113940d8f
SHA512 bbcfd8ea1e815524fda500b187483539be4a8865939f24c6e713f0a3bd90b69b4367c36aa2b09886b2006b685f81f0a77eec23ab58b7e2fb75304b412deb6ca3

memory/3360-634-0x00000201F5AA0000-0x00000201F5AB0000-memory.dmp

memory/3360-633-0x00000201F5AA0000-0x00000201F5AB0000-memory.dmp

memory/3360-628-0x00007FFE55EA0000-0x00007FFE56961000-memory.dmp

memory/3360-637-0x00007FFE55EA0000-0x00007FFE56961000-memory.dmp

memory/3724-619-0x00007FFE55EA0000-0x00007FFE56961000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\XBXU08K5InTk2IIqnMxf\Logs\Error.nova

MD5 b8417b8a3f9e60c8322b27bdad8c84e3
SHA1 3946de013bb8dad19b758a9cedab25725a4ac78a
SHA256 780c1319c20cfc6d608d621ccd5346c2b958cfb67e468e9e8b7de134b5624e9c
SHA512 8cda54524b4c678c4237ecf7c6f7f73926d24f7b0070fd511129ee3df2d73df1cb2d53bd308e03a807a3d673ec36e64534ad4cd78f30faefc6e319317a1f1ff1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\places.sqlite_tmp

MD5 e3e0a79fc1b464d4fdca820d9afef044
SHA1 1a8409f96f392d514d51bdab7e30cc681a752bb7
SHA256 e395e3c79fd91f368453ac14105ba59f875c48ea358c80219c127599adbd4f44
SHA512 a075278cfb1fe8c94b3ecc07af86033103a1538c45cc3c61f39ca0f1624e2a0ca86a0a2e9206f7e109f6d6694cafb470c1219a50cb2a850a1771e0e033c36dbd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 6ed223fae827a8e5d75a466ee3510c93
SHA1 c08dfaafa0f19846cd7e54321af5ec9840da04f1
SHA256 13c919f4609b840577de907bee5708e9fe9f52920980107360d46274f80cc450
SHA512 32a7302b43468875cfbb823ba088542f4295b96757a93e017090586bc2999fc60710fac2753435ecf1fb6b82c8b0c59dddaf3f6a802ba6e5ba2ff8e5812b021b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 dd3a640120b74eced395c983b745644f
SHA1 8bb58115021ee22fc94237e8b2ed83aae3a7a891
SHA256 41c05803e5d15e17ae8ea6d6be44b1143ad2fb173d4c3e33f414b756df955fc7
SHA512 b330a0c77943b77c75d9593bfba5c11a0e25e815708f232a3908799661abf97640074980a662f73db7ab736d15d78a107e2b39d93864abed5a0e7c09e1b14407

memory/436-861-0x000002BD4D820000-0x000002BD4D830000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 189b7f4f5611bf454c91ae26a0489edd
SHA1 72c6243c09280e76d47d27cd265c4952247834eb
SHA256 33ad1a67661d9086d05093e36bc88be42623f90009cc8a973dec2d583a1a275e
SHA512 af0428fbcd9e413732b9ccfa101dca3580505b9dfe9acfaa0c38516b429f61e8471d90a384527a7f48b4f6fa6684d4de87d01abb44f127cbddcc574d68239ac2

memory/436-854-0x00007FFE55FC0000-0x00007FFE56A81000-memory.dmp

memory/8372-874-0x0000016877960000-0x0000016877970000-memory.dmp

memory/8372-888-0x0000016877960000-0x0000016877970000-memory.dmp

memory/8496-897-0x00000230EE2C0000-0x00000230EE2D0000-memory.dmp

memory/436-899-0x000002BD4D820000-0x000002BD4D830000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\XCABeQVc9FZr_temp.ps1

MD5 b5392afa45470ea59b61ecb5f41c0c5b
SHA1 3a2c855b3155e93c3f914c7b46289de82aa24685
SHA256 4dd87ad5f181fc8337ca2e2dc988d97568da27ffea93d446727825d6b64574db
SHA512 18de95bcb56bf91a5f2875a187934b747defc569d8110e294b57f5f9a6642bd38228cec643e4cab5e09cd6eb9b6177cd2f3ebdc472cb248130cc40f130eb3537

memory/8496-909-0x00007FFE55FC0000-0x00007FFE56A81000-memory.dmp

memory/8496-898-0x00000230EE2C0000-0x00000230EE2D0000-memory.dmp

memory/8416-896-0x00007FFE55FC0000-0x00007FFE56A81000-memory.dmp

memory/6604-914-0x00000132C30B0000-0x00000132C30C0000-memory.dmp

memory/6604-913-0x00000132C30B0000-0x00000132C30C0000-memory.dmp

memory/6604-911-0x00007FFE55FC0000-0x00007FFE56A81000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

memory/6604-939-0x00007FFE55FC0000-0x00007FFE56A81000-memory.dmp

memory/8372-942-0x00007FFE55FC0000-0x00007FFE56A81000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d8b9a260789a22d72263ef3bb119108c
SHA1 376a9bd48726f422679f2cd65003442c0b6f6dd5
SHA256 d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc
SHA512 550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b

memory/8496-933-0x00007FFE55FC0000-0x00007FFE56A81000-memory.dmp

memory/8416-932-0x00007FFE55FC0000-0x00007FFE56A81000-memory.dmp

memory/436-927-0x00007FFE55FC0000-0x00007FFE56A81000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8d460ce715a00afd56cda62e926b8b17
SHA1 3aa1ed2a3cd5e6e1a3240f222492c9e49c4eaf22
SHA256 195c9d4857b9486e312f80264b31ef7e9ba014ececd7731397ee75ce8d8f38cb
SHA512 1b9efe45bea12e59e552dcce73d597ad431aa274621d96e5a3d146e28cfb11d9f5af256f0bc986e8d4d043f6352b9410d01ddb048bd57445f544502eaf28d969

memory/8372-868-0x00007FFE55FC0000-0x00007FFE56A81000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\resources.pak

MD5 f9985fb9252eeee8719520866a5fd6ee
SHA1 2a8b6a96bdb1b6dec04a54da48aed2c339971ee2
SHA256 74972617fdf5d1e90228e878fc24a277dff8799048e607e026122a8dba9eae14
SHA512 d7ad1e8048cecfc2d31d6cbdafac5a4f6642285cdcf0f721d9191cc8a3e35bb18dcdb203ddb51be4aadefe64a2cf23b52e5943a6be0046a08d9d4e9a280809d1

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\locales\en-US.pak

MD5 0bb857860d8c9ab6d617cea5a5bd4d00
SHA1 351b744d95846bff2ce5f542fec2e87439aa0f8b
SHA256 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816
SHA512 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\hr.pak

MD5 6f92235e6ba003af925a2d6584afd27d
SHA1 3ceba61e9c2975466b6244188f5ea72aaf042fc7
SHA256 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840
SHA512 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\hi.pak

MD5 590e9e73df9cbd83cd87b9c03848fec9
SHA1 da125e60a5a2c51a2d6219d3f81688bd22237b59
SHA256 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9
SHA512 fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\he.pak

MD5 6a02a37e1ca3215fa9ee0e1b0fbcf5e7
SHA1 89a8a126c0bbf536ac58e29fc50e045fb1b88220
SHA256 f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986
SHA512 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\gu.pak

MD5 63a7fdc4eadf8ef1c35c72468a0ce33f
SHA1 e8d064f0e9c8a6a8c6ccb036711e292d011d9466
SHA256 e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c
SHA512 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\fr.pak

MD5 c3095ce1e88b0976ba7bef183d047347
SHA1 b14cfbf6e46ac1f189595fc09660178525301138
SHA256 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272
SHA512 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\fil.pak

MD5 40bddaf97f64dfea9ebafc7f82166f80
SHA1 90d1fde3c0b27d2184f0353991259c2a92c7820c
SHA256 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2
SHA512 d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\fa.pak

MD5 6458a239e994d8d18315deccd35389ed
SHA1 75c985f43503a6c44645786d46639a6b555ae163
SHA256 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34
SHA512 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\et.pak

MD5 c76db3385190c6840315c4497e40258a
SHA1 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46
SHA256 e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f
SHA512 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\es.pak

MD5 f83d8f7f6108786c02c2edbf3d85f147
SHA1 57781d9d9eb7c90cdc71f78e25d0763045b6d29a
SHA256 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d
SHA512 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\es-419.pak

MD5 b261b1efe945365588befdf68879040f
SHA1 616f44a5f73f0449b483f36ccf831db6474a10d2
SHA256 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4
SHA512 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\en-GB.pak

MD5 52e2826fb5814776d47a7fcaf55cb675
SHA1 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b
SHA256 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454
SHA512 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\el.pak

MD5 38440b98bfdf5ed496da0f49d59534c0
SHA1 1498d9207ecaf4923a47271e24c68a817041c82e
SHA256 b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f
SHA512 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\de.pak

MD5 b73344e5a72fca6f956dbab984c123ba
SHA1 0561073aa40a63a9ce9930dd18b18e12ff139b2b
SHA256 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b
SHA512 e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\da.pak

MD5 55a8f5883805a65c854d25edb3959209
SHA1 d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268
SHA256 e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb
SHA512 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\cs.pak

MD5 3cfd9dc564cfcc33cc5524711365c376
SHA1 2e5016d2643017f37658262122974429f18625a2
SHA256 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee
SHA512 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ca.pak

MD5 423651c45566cd90ea5edd8631e823b8
SHA1 13bed4173a08bcbfefba034aada3d838eece6d16
SHA256 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414
SHA512 e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\bg.pak

MD5 5ba0c7200362c9ed55610cc8b66ef53c
SHA1 d45239c2f1b00885407771a41a7776fc1fe8fa3b
SHA256 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7
SHA512 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\am.pak

MD5 e18a450ef034b42599341c3d09f280f1
SHA1 2001c8a85904962ac3a96938eccc69ad2c110fdf
SHA256 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da
SHA512 ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\vulkan-1.dll

MD5 b91586bd80e057a7f62bdc4422744812
SHA1 a1df644421ece2e740e5bf0ed98b4f269fd85c39
SHA256 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02
SHA512 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\v8_context_snapshot.bin

MD5 47014c0f81bad6d216c617c9c63bf040
SHA1 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf
SHA256 e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178
SHA512 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\snapshot_blob.bin

MD5 c9ab741bbef53fa0e84952b8891a5f5a
SHA1 e2dcb8d034e07243537c86371de0c52bce62cee1
SHA256 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4
SHA512 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources.pak

MD5 491d716e036c6fa474333f2e572bf212
SHA1 bf91a7ed4b5fb3906849bc36421ebf4c5a664fd2
SHA256 08099bc26fe43631a3d417844fa2285c24297c311301f7bd5ab37c864254075a
SHA512 768691b92afe14185073e9b0072e3575515c37245925c0b7d10925890fdca8c28e0002bfe7d9edf4bf8615640965fcfdef5c76dfd30b553d155e979b9fdb1c93

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\LICENSES.chromium.html

MD5 95d91b0e353b774d77e8bc8ae9e3862c
SHA1 fede3c878f3f4cd6aed3ddd84f628478096b2a98
SHA256 dcc4bba0afaaaed22d10d19e627d179f92ff14596765e489e10309dae623b863
SHA512 65a94f6a7f3048ca81881597215e2e5cc5c179ba6ca4fe5c8bd0767a3e3c54130734a62e0dc6676d29e6678b83e83cc93f1a046ff452b45c79dd45992b1bfa43

C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\libGLESv2.dll

MD5 67bf6d8df66676565382acbe622be48e
SHA1 09217026919c3997fd97cd0ca61fd65f57785b1d
SHA256 e9b2ce31ae8155abfe6e728417e8d0d195b0d5f19fc2a136c07fd2faf25ceb71
SHA512 14b2ba56acbe52c21bc5631522467e4ea91d2f3b7cee67c582b0c69d9b51ec23719cd1d952872e9a1a5e7dd5827b5a9eefea2177a1b76e73e0dbc0dae3bfe194

C:\Users\Admin\AppData\Local\Temp\XBXU08K5InTk2IIqnMxf\System\JQGVKGNK - 2023-12-22_213739.png

MD5 e082072067e465d009120cb0480a5373
SHA1 33358dba654d8b8aaa054e7680fb48c4d7f4c930
SHA256 27e5014bd3657c6949b06f4ac9d152dd8118403e2a5b1a5bb9be973d0895a002
SHA512 f459bb70d9c82a71e1c19b847473656319e106d03a4aaab8cb63fbdb1c5b8ebd42cfabc549b10b6d647721712670dbc45c74dc9a32656316dca26c3a59b4b8c3

C:\Users\Admin\AppData\Local\Temp\XBXU08K5InTk2IIqnMxf\Logs\Error.nova

MD5 226f83e49a3da0195e4658e68ae6f5e2
SHA1 87077990ac3044a7c7247090840f92231aede222
SHA256 3609376451c0ec16d99fb89a26e570b0ab8b59402bbc072861818ad59f201dca
SHA512 29c23dcea4ee4de3c211134be6bc47f850b85d1868f4da3fd95a89545609573d1d4bb4e4b6a7e9cba61561145d9d65f2ef5865b4feb821e1bcf4f5c24b2aedc0

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 5a9a308937fcc585e6411fec261c289c
SHA1 2e3618c7bb69366c478da6b446f64a1e02c103ed
SHA256 085d13622f1c54cdce33996a6deacb1237ea60789a903f819202b7e7b6cfa289
SHA512 0801d290c31643d166e8d53592791e7309691e7b2d193599c25108c4fa672f68d00cb92e8493d6f0c22afd6c067096f51b3fb190f1db2e65d7df96c92e8b7650

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 e2ff0af53e5a4d270b4d8cfe1e74b51e
SHA1 95bdae6c4338ff44c28a6182bddd33f62b7fd055
SHA256 88348e7446b87dde6d9594d3805c9ed333d9105cc1e5ac47437c916fc68e93d8
SHA512 f4721d85cc71b981505cc13b9e04420601af76769d552b76ff32ff4e711a88ceed9c7294f347a57e492eabe2c0797237ba8299a71978f7da47c4d61fa9825497

memory/8636-960-0x00000253D6E70000-0x00000253D6E71000-memory.dmp

memory/8636-970-0x00000253D6E70000-0x00000253D6E71000-memory.dmp

memory/8636-969-0x00000253D6E70000-0x00000253D6E71000-memory.dmp

memory/8636-968-0x00000253D6E70000-0x00000253D6E71000-memory.dmp

memory/8636-967-0x00000253D6E70000-0x00000253D6E71000-memory.dmp

memory/8636-966-0x00000253D6E70000-0x00000253D6E71000-memory.dmp

memory/8636-965-0x00000253D6E70000-0x00000253D6E71000-memory.dmp

memory/8636-964-0x00000253D6E70000-0x00000253D6E71000-memory.dmp

memory/8636-959-0x00000253D6E70000-0x00000253D6E71000-memory.dmp

memory/8636-958-0x00000253D6E70000-0x00000253D6E71000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-22 21:35

Reported

2023-12-22 21:39

Platform

win11-20231215-en

Max time kernel

5s

Max time network

109s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe

"C:\Users\Admin\AppData\Local\Temp\AORadar (1).exe"

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

C:\Windows\System32\Wbem\wmic.exe

wmic os get locale

C:\Windows\system32\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

"C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1684,11017296847646085528,5748712445840289531,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=NaN get ExecutablePath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

C:\Windows\system32\more.com

more +1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=NaN get ExecutablePath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\System32\Wbem\WMIC.exe

wmic PATH Win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\vsK8O0HEY2zr_temp.ps1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\RpmhdTVKKFP6BsaUHoz2\System\cam.2808_Admin.jpg"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& {netsh wlan show profile}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\vsK8O0HEY2zr_temp.ps1""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard

C:\Windows\system32\netsh.exe

"C:\Windows\system32\netsh.exe" wlan show profile

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\RpmhdTVKKFP6BsaUHoz2\System\cam.2808_Admin"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

"C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1896 --field-trial-handle=1684,11017296847646085528,5748712445840289531,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo wlan"

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

"C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 --field-trial-handle=1684,11017296847646085528,5748712445840289531,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.4.4:443 dns.google tcp
FR 51.178.66.33:443 api.gofile.io tcp
US 206.168.191.31:443 store8.gofile.io tcp
US 8.8.8.8:53 hawkish.eu udp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 51.178.66.33:443 api.gofile.io tcp
US 206.168.191.31:443 store8.gofile.io tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
NL 52.111.243.30:443 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\System.dll

MD5 7723ce8ad408afb3830f11cc2ef3f501
SHA1 9547aabf53a3fb35f22272cce87e7006a4f60bb0
SHA256 125c65c918a80c3f04073d5146a9ceec6406ea9a5805ea5533b085c6098211bb
SHA512 ed94dc8b0ab2bd11d2d15bebf8891258eb57e693c41cca941d50681ac6ef85ffd8cb656c223fca394ec536c715e7fa99b9efd7eb37a903e6b0263681aa46ec66

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\nsis7z.dll

MD5 a1179b52b14681137fa959ea32a98442
SHA1 cc3fcdbec6c105f8266d935bf9a3a76edd93ce94
SHA256 135c8467ea5e7726584768d511c0bb7d8eaa453398ad7c1ecb4201e45e7118af
SHA512 4215b9bc27c8e213ec0b80bbcbd13c4fb1f2792ba9feeac3150668727b2a221f96ec24649dac1c8606f2100c4354294fdee598ca3ffec585de65e46826a7e880

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 70292ca1a9cf22e1e9d1603155566ab2
SHA1 7fe18847496a90ae4e994bda9aec55baa01af60d
SHA256 3d6a17db682775e4229e8cf26b965329f73e7a7ace87af8a7ab15815e36667b9
SHA512 3994c7f3f458aa460a14a8166bdc469616ec8dd7060255c1400a334fffc88b03b72ccf15a2bd9a0ec76e13fe2b59e1cba324901869af43114391ff7ef8fa99b2

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\chrome_200_percent.pak

MD5 90e97e64fa2eafa69d1a7cb35e5fccbf
SHA1 fabd34f777eb85850a54caf4fcdd8ecd4a62274a
SHA256 6f3d933bb9a23c56400109c422ec3e8729e0feb09a6d1e0eb197dd30b425c2e3
SHA512 cbef4a6c7f1643be7063a3b4b259305d8e6c73e10a5a78a0cb40518973fb0c8322f045af287740332d38c013039fd4dcf7fcce8a38dbb0bf37aaa5335d118204

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\libGLESv2.dll

MD5 72511a5f8d6e838bb169398c0cbd7413
SHA1 c4e6a1a7ac183caf9db6ca3d1a959b22e0181aab
SHA256 246241be7b57c057782918465267bd86509a65fad84780dc47bbb2332d54d487
SHA512 a0931efbd2536f0a00405752c623e9967e40d7aa716e85c112b1c43ee0136c72fd27b0315986b057742e21cac241cc159fe4d67e201adecb09e3294f5642c5f9

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\vk_swiftshader.dll

MD5 3468e5089dc8306f5a0943b33cbd0025
SHA1 e7125d142f2265e46535ecd3ce5603c1a2b86460
SHA256 8e168e34bf26aee2fd0b372aed31f3a9489c2f82de1ee72ab794165cdb787f16
SHA512 9b67e14387f91096ddd291c57155e5aceffd8d56e45f818a094404cebaf59536f64dd4f51dd95286aa3daf965910ee1052641159006e769a118f247bf3fd805c

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\ca.pak

MD5 4a45c6af15a161cf728b5189bcc6ddf9
SHA1 4b3003ff1a4fb3534cb35ec6d35f7f8c6afdffb2
SHA256 171703af891d93350a3a6e6c923c7ae7dd9ec42e685a7b8c82bc564f230f141a
SHA512 16c59cc7a88a6b816a5a77ddb02a40e7192934d8796e596fba32865c91a53dfaea1eb6d5ca97befd28023ff275a5e9cfd0f29c2dae50c8009041a8e096c75665

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\fil.pak

MD5 2e95f8221aa579f0dab4053824990824
SHA1 3f4e6b2893544188f16acda93df9c8b785022c92
SHA256 f3f37672b7fab666ed3612d9c7dd30615d16d8f203784d9de965b9694e5a27ed
SHA512 fbee4653c2720f770ccfc7fa3de64416c0e6816bda3d1cf31a0c163406a01028fe7b448506e1bfeada2d2a98f2903c5386637f245971568f3e042a9519f76432

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\ja.pak

MD5 8edd42e315add870b405520298fda15f
SHA1 cdf82fc6519fdab11ea4911aa2724f1d75379633
SHA256 cf5e2d4ff1b31e36b4f6f40a68c8b8a8c0f1619c6b60bb6d28c6584bccc97ec3
SHA512 bc9356a571467f82cb306bd2c1720c46d46706338f619662baa3905b5402e247d23043919b00157ecfecc297fbc3ff03e4c37cec3d01beb14198616a4e4b261c

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\pl.pak

MD5 abaea4671abc112b2108b078e0e40a96
SHA1 d2d3579047cbe430e2522d5ed060a667f214eccd
SHA256 140328aa2011fb6930695e6242683536b5c7f48450a852c825e94fd7fa025a2e
SHA512 9ddb04b848f55c6bc3d2edfdc7c328fd00fee3d2f3ae29bcfed5526e06169e3c8db8154e38f5b84a1c797696d194c29509a3aede23e6b9fc0f2df034d66ea804

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\tr.pak

MD5 eaf8af085c42b5b244333bbfbf759bc0
SHA1 3681c5218b38d5b05a62474d77dde2a2415c92de
SHA256 10afaeaaffc8a01fc74c636e1efd5060826dd4909403509ee51843f667d0d056
SHA512 aa820c94e2dc114c9f78a27e7b519f499195b65c3f8944dcc8f8738a67c3de12e88fd128d7a04f2b43492ca304cebcd03c5dcc87143d38a49cb2a135c14b627c

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\zh-TW.pak

MD5 d65f9d6eb0d1c6eb14b494d93d9ab2bd
SHA1 ca835746ca005a905ed9be4104085dad58fbd33c
SHA256 f8a74b84bab4278baef9f01f93a634b2231683905bca73ddbd7825885c8951e0
SHA512 b5c8a2f88643e49f9d210ee67b117e6447597527e81bf8f4dcec97aa398f68b1793fdda166f2ca2dd4f3ab64b8a4c292c8eb197a28a24cdd13ea33ede06bb3fd

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\zh-CN.pak

MD5 708815308dff1e6375c94f51174a43fe
SHA1 f8fa68cc3a4a5a7b017456e43b3a9581a6f98d02
SHA256 3364035f04303fbfbcb1f4960ed0e832dde2c7a2edda924911a2ecc1ec20b0ed
SHA512 363d5fd43582cedc2c47dcee09e2f0b5eb3967d82e162c4f58c678fb442bccc6dd3eb032cb92c408b1f927c54490c07cf2c4ff6716cf9120ffcbf6cbc57f6fc1

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\vi.pak

MD5 e046dfe9f56ab86a1b0e5e499e051546
SHA1 9ecbeb85a610d31b3500219d9a3217e2d9bf8a20
SHA256 6610d9e6c6856c3cc8da5439805d012cc3de158dc980e716ff08c4204a1f073d
SHA512 12c00d093b732fa6ceb1303fa33a96f46e350078f556993af0a81b45f2515bddbced91159e2148f3ae54f4c21d92989e40e747e8fdf80cd44d688b0c7fb2ab70

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 18f3bbf91c70076bed5a01d171249562
SHA1 eef9e3e61c4970d507b2da948813015bb150ce43
SHA256 28d7b27983d4ebd87cecdc2659fc5f898f52e43d65051b98d152f19460d686a8
SHA512 8bd44862acc9c8f739e4f934f879a3b4bb0da3aad8a8a81e9ca4755a56f521ae431a1f6af5a0870144bf5ab94c33db1393503d66f700a93a39900fa180f056af

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\StdUtils.dll

MD5 77fda1c3f9db06a3018ee699ef625657
SHA1 0351ffafb8b949a9a4aacdb7f4238218686b10b4
SHA256 2e2e9750735c62e64d49d13a1fbcd447d5bfb0c3f59b1cd8f7b70954cfd16896
SHA512 7e1743f1d2ad5672fae732bae04e8e04a177108c53c0711af15ea4f8173d47e0ed2ddcf30cc12f5a9ff46d4b889ca7693c3b05209377eac3ebf3476e0a644b03

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 6a75a0c173adc27f348eba7921d29234
SHA1 4238ac4952600ec6e34ca93b93c4b60774a9638d
SHA256 ef75f861d29915b4375efa1d360497309e7f6526a60fc2f5cebca1ea15d09ffd
SHA512 65f6fd920d87e2d1aeedfec3d38c75eece687ba05781f4703479462255f53046f7fca867e322938c43250180fed0fe80af5309cd96d60c6833dc00fd53729b07

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\swiftshader\libEGL.dll

MD5 a033bdd26bbc10e034529f91599a0f56
SHA1 55e389c3e78d8763546c1c403223800f165739c7
SHA256 af6620569e6d269f081c25d0b9d1ed005eac9ed6dab713023318d02b3ec5b6c5
SHA512 70e3678845750179ac62e9d656a30eb7f4fac1a7df29685325b41a563f9e15f0257842d5e8d11456b122a5e401aba4d9c2416218914994c12bce99b12d42e59f

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 4908a0aed48cebcae69811610e8c7383
SHA1 3973038c3728df8aa2c11356ac13459ca9112732
SHA256 8f17bd4b93257dd630e612893fc6ef54b648bb6a04a39b721649e36ed1dd644d
SHA512 dc5830a2772aafba13fba3e2f9a37b57bfd8e0174f93a6ae1371ab2516ba7f23aec26f1c0dda503562d07bdd21584ed2beaeacd5518b1da0b2a541c94d911e8a

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 a4c65922eab67cc80cc27e055edeaf09
SHA1 071e38edda04fd906514cb02711bbec479432570
SHA256 65a914d86e945f14437ec725aaf501896c363c270e587e9ede2001c38b7a8aba
SHA512 c97227ebcd11d9819d10ae5878e5a3bb40aadd478eb4bdb1610fa79b4fa893c52b56f61fe536712c81810497ba21f8cc43bba9861e01a89ff73bd8f04899ea79

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\resources\elevate.exe

MD5 f077263516cadbd47a397072546e08b3
SHA1 07691d7c47dbedd42c09ebd42dd3c5b5b4fa440c
SHA256 730366442aabc8e969779835f6099ff58d15ff3dca20dd5bfc4d5e55bfaab834
SHA512 62c78462b5b0d35e92cc1b46a0ed7e3b796b5719bb78ff31613337c43598f1495682f25fb3eb8601e541a9a4ca48288f99c90f2efe6a5cbeccd11df6bb86d161

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\resources\app.asar

MD5 9f34545072f1d48aeca8d122a552a3ef
SHA1 4dd946d5c36db769d704e8a3c45fa2e271ec418b
SHA256 d8a9b049fb723fe61a4585247eed7508d5ed95bbd01ba3a606fef234a8124ed8
SHA512 4d55f455566093bbde10ca3a38cde5b1c594afcff046db2ba95668eedcbc24ff8bb5fcbd6c916c22634e81913206bf5ad35e08cc10ed3d4fdbd0dc42e02ea8db

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\uk.pak

MD5 87ed92a18768a2adf451fab622bb2f14
SHA1 ab26723e2a7f94da36b8038f73717f05c865ee85
SHA256 1b7174918dc5bd02e0b4b63d5aebb96e2ad93625cc7399fd6c53897d08124489
SHA512 c184fb0dc45f40d78b803075653006fb4e9bc41954e3bad6232ecee38254e67ccd8da3f3ad844b8db64d4db2a9d68dd255887969d5f6b6e4077cf8b30189de79

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\th.pak

MD5 06f06c422e9a89e8f1fb096e9c770273
SHA1 db2186fdfac2c17b31bd2c4c3d764a6089bd969f
SHA256 1ebfd96b47ce8798193d179f605955601b1bec468f01fbae0494f3ed5722a92d
SHA512 25fe624ce88a26916769eef4d314516fcfc5ea60e67b98c52f973096e3f9df997867123c4a15dfdd0830b65d29ae98fa155829531e33d10aa939375c4e245d17

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\te.pak

MD5 d958b3f93b3c1bcef20ddde77a39e85d
SHA1 de3a58ea7770409e3c8d226b2557f08e358266f2
SHA256 09d85cf75851c523304deb30f3f40dcd190248c94dac4f534214f247678102e4
SHA512 14fe962c033ea6ec84beb3aab975b979ad51b8485e3cfa323df15340d6328e0e823e8c9bbde55e0ba51528e4c946e97f737d6af5ff756ec5858ef54ecfff0900

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\ta.pak

MD5 5321af203400005ab577c413f1d460a2
SHA1 d62c4fc4b2622e1e165e3671b927b8bbda096279
SHA256 10ba3ebf6aa5d65716d36dc913dd2135afef4e8c412d31b37408cc87a6c046d7
SHA512 feee09220c63e4fa55d708d5b9a197aa510daeb692e0b339978344fcd3d08a9c29a7146218df66eaf2b1be3b548bc81bf0680698c3db48bef4b8600eb27c4ae9

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\sw.pak

MD5 157be051447a00b2eefab2f0ce3e097e
SHA1 db53378a8681bb1f158f02d41090b8a5ff3c0e72
SHA256 67f9632f32afdee2ded2b39894e02ae9ef6e5273c213ebb21d2a85c924630c49
SHA512 cf427f5a9807f03df0c811b5a83cb6ab621e5fd95f46aaf9ee26bf9961b1fe19608d684c01b737be57fb8e33c731f0068c0aec92c9c7af22ae7d2052cd57823a

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\sv.pak

MD5 5e4b1b640a622e63249df2061534f96a
SHA1 62144085bd820196cb32de5356ac43a590560bbf
SHA256 53abbed6b191d321ef36e9478c860f2920ec2c86a0eaf4fa708a58d60313e28d
SHA512 90b1cefd6a3477e6bc3f9c5c58bc566ae4bd8f75508d5c50b122f010e3bbb7e0385a00a73f1c1bfbe88290bf4f401170128f881cf886823fa4a5d29324d088be

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\sr.pak

MD5 531433283800aa7d182ffd6167232044
SHA1 5c6099f1d4757c0601eea0020144459ed463ca2d
SHA256 0775c9bd946f31f0fd1949b1865dd21acbfee76ab06040a9dc4c8f5a8cab3457
SHA512 c45951a418fba025721477d3569283b37f2dd7a82ba7e24aeaec7b98b820b6fc31b7b6e35efa1d5cecf3f68a63a048519baaa77bd087b834bade747da2dec419

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\sl.pak

MD5 3d64c85fcf8f8f52477754729f55a440
SHA1 ecbb650616e8945bdc71100e8c76daf738e0105c
SHA256 bcc95e1d6beb957e142cad1aa2c4d294153d8b6f3303339e465ffa04c9dd0cec
SHA512 aa72b9802630ec9ff659a2062a685846bf27e81961b825adf672d0e0649a9850821b12327f62e562185f0bf300b68fcfd14307db6bba2ec02e3748f98bce8452

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\sk.pak

MD5 d97ec89a81f9a3e96665b1b9038d6ca9
SHA1 36ab5ab165dfdb9dbfb92d7ab62ddb991def65bf
SHA256 dccf21754f722c15888ad2119452dbdf2949e2fb9effdb4f49e0b093d05cbcde
SHA512 9a6efbb746ee84a0471139b4528bb7e27d288635dbf6a2a9871f8ef8ef0ac47cf4f2961b3a2497c274325091ef7f18fae548b1acd92c18b9d756f56cbc23f66d

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\ru.pak

MD5 998fddfe5226c206e20cd28e103c27c3
SHA1 ccedfcd70aec5db593159e4e54999878594bf9cd
SHA256 09297ca404dc6f215933b1d494bcccefb9cd52dbb350a21376e73e4ad019659e
SHA512 7d2eacf0f9fa1fe7284e56aabef7b19be5df6de024c6dce85c9c00c83deffb644cf77239abc2eae8f007e568fe76831a7ee7fcbd9fddc5295d970f204f59aca3

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\ro.pak

MD5 7c8cb07a949c045b567b3e08e7218ada
SHA1 6646e0699b5ebf0e44f3c65cac31894eef152e83
SHA256 c0d89c64c0af852d919ba552af55f5ae73831de3dc22acb654b96856b136e5b0
SHA512 fc5853eeb3b9c026afa278c317d8b8f7a57b1da6ceaa5bcb7e76d24b5cfd62e54f56f6e435c20acbd89e4804655552abde7cbb49d86a16ee9147b7429f001d1e

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\v8_context_snapshot.bin

MD5 eb26ee17b9341e6af9b76ff72803db65
SHA1 2b023ea39d835cbc7744802b1ea9824f3cd4ac59
SHA256 346d9a1c58f37a88f1fe0de43c935033688626cb162dffd972e0dc54daa2d7ef
SHA512 7c39034dc83daf6419ed6427ee25ecf57e9a4b43c7a457771822258142aafb725a7781a518a950f05de106aec2f38b6e87498f2e6feea1d7ca80a6eb53b8d801

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\icudtl.dat

MD5 f9b3bf6c5ddca79eec228a3e46516736
SHA1 78d8fa4d754df20633e351d21baef972c73a2ef9
SHA256 f9ef6eede08fb2ce47cc0c03b9c3fe8607fd19950294ba706793ba54283b8224
SHA512 0a3c1ee874fbeecc05a707b075681ffdcf8f7aaa5b6ff01a935e5fa5c29921c7acf74ffbe6e12249fc963cac06d0fa91b7c6df799935070d1283584fa5d7b202

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 83e600c92070aba133654f7c66630850
SHA1 393f39c32e3394e14f05cf90c1e66907a9c0baae
SHA256 b8b2dbda7f336f28b5407f742118a090fb530a89892653d76b6502957c70d6f2
SHA512 c008117ba38d98e2a45ee1fd5dc0ce65f5241316c4b5dfc3c46743c3eb81d7f92ea59fab0aae013a7764b172e9331e89425d409619d65747fa71420b824fbee6

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 06b7fb418b38281c370a9eee4e3381e8
SHA1 80fd0c1a9f30c73f2b12a83866c7a05d5b22c089
SHA256 204791814706f0aa333882ed7f0546db25c494928a89e3192dbc08ed88e26976
SHA512 c32cd65d342fb2104581feb2e97fbfd4d4e46c835611757d0f008e104f6f33f5d13ef8fe29f9f1d9870e131b3237abcb1dc8e22a98df2048950010e97da636ca

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 6f8da06e1569b81280f5dee77dbf432d
SHA1 28b8197a096c8661e2120b0e8517e0ca24471d81
SHA256 fc9cd714a9d2f4d1d2b3e70a0e287036e18c73ce60e91e8cfbf3936f2fca8e83
SHA512 59aa22266c95b9c4dc05c88e59b676ef2ed99251f955b4b30400543e5b84cea9701e4090c995cf63f39f4a36efaaa160df5ddf29ba229452f48a23de3e465808

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\resources\app.asar

MD5 45f000a2c9a8396e896c4bb44956efe5
SHA1 8af2f56850a2f7b38642c5e5fe61d32e9464e535
SHA256 685da262c0cd654a08df484b6bd9898ce5c044a4926820a1424d71757a88c057
SHA512 c5c4f3cb6ef87a7b778dcfeb33b9c0d0cf78533d719193dacc41445801500b8edef79084a613496363582f961fd6d93b53d629d204f5a4d3a8260701ff664c81

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\pt-PT.pak

MD5 946771a40ff66f6accfc86b7c6ae583b
SHA1 c2c83f9f86ea5ae93a0272ee9ca3367a475cd670
SHA256 ce1b19252e1a977ed583bb7b28c5d4e34252b0433c1a5e332ef3fe7dc25e8f3e
SHA512 143749a829e2caa242670ccdf74c38d056953fb043f2445b9921ddec96aaf869f3e0e2bfd3c1ec681f881a7fe4f9baced0e8e14849c02139e6b5342e2ecb8c2d

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\pt-BR.pak

MD5 fae22c1981ad8e56cded0013092a0dee
SHA1 1ed8fea7ce0ac3bbaf988b56d5bc70421920eb8c
SHA256 8147a1e9c2fedf0476475d7cc54c676e134663d61ea495e06edff07d5658b158
SHA512 7b557c5a3f3366327dbf272cebcbd776489864481c40a39b4c08df240928142e18a0625b739c9d643f314aaab9e790a739a06b539026508533e51fec1ee0c6fc

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\nl.pak

MD5 fd9c9413b3e375f4d54c730d544a36e2
SHA1 0a446b4e62f5c7bd3c5db6865f9e049fe840abb5
SHA256 0975aba7af4e0f54e42cf1b428835a8648562407ae925cd39501ef44bf7c34eb
SHA512 e48472e1b8a26a3acd0409478fa66f17e8e2ae81697ed06398b1a97378a75b7b9451104a1664d1c9e7f1d3c32ef7fb47d91f728314f60b798cca62051f21be2a

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\nb.pak

MD5 693910a9dd4cf7d3c4a8bb87e3570dd0
SHA1 41fc41f7aeffd7df7d821965719ca01027fa1621
SHA256 85d7a5065664354488360c2e2d3fbf18893a0e2042d5b0d7039885ec63be35e7
SHA512 b0483db0714ff97b91fed571da91b1978282d2d6de307c106d71dca75b21fbba1c280166718a7ffd33a12d2dbae92ea4b14b99e85d63720ea002dab3512eeee0

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\ms.pak

MD5 2d8770808a6e83fea0e66c34f0baeb92
SHA1 45ef3825c00f12d8fc481c6c0b398410875f081e
SHA256 31aef7a20eb087b8b8bf6207928c43213d0612123d0de4897c6d2cab96795817
SHA512 f19a2c56b86b30210baa5f9006790a8d7d3f9a1d81c965a87bb8c42ee39884075e93bc345a3eefef84b9a401018fcaf35efbd16034ad3de53147c77e72987909

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\mr.pak

MD5 6bbffc6cc0c4a1ac54c7c874f774c6bc
SHA1 097937e81f1925d146c24b733e53416b88cf0822
SHA256 3f1edb9c4129062cda2b9ef3e932289c44f37e9469e228a02943c941202c5d50
SHA512 baa3f8d4f6cb08f68e749cefd6376102209f5a098004351717b69b00f6bf39fc62d830c3194632aeed953bc5c6f89863e5ecec7d0af6035505fe59772c654bde

C:\Users\Admin\AppData\Local\Temp\4da14612-2ae1-4932-8782-954cec520d72.tmp.node

MD5 3eb6794460ea2660621e33e3b36c84fd
SHA1 5d41e2eeef56039139ffb0221bf6b71b4d9e6f61
SHA256 07f0bfadd2e3611a0ca0113d57860365edeb6f435db200baec92b65de4d0e26b
SHA512 6c3507f907faf7abb940e5672b62c23e0426f86f15efbba8a6c06373567c0631edb12219d178f83a5cbbb705f1b27161523dc4a6988dd2e0af2b8ea4f100a815

C:\Users\Admin\AppData\Local\Temp\49a53c2f-248a-4bbe-a1ef-85257a4177f3.tmp.node

MD5 1084a2633516325ab9e5ad6e93cd4080
SHA1 386545fd75ef42f5157b13b83ce373f5f0ee474c
SHA256 41c0d68c431eac636dd4f6d843ee4ca5892a4395cff3904f2ca7ef0037681571
SHA512 4436ef15e6dd6b9a182d3f7de3644ecaec66c7f16dd364dd7d777f94f4087a1fdf34a3646a38c9d0af1b572747927dfa523c2b6586799727b42c97c012856ccd

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\ml.pak

MD5 89bc457dcce531820a8ca43a65d1bb75
SHA1 e73b3802b7cc92d1628b169ee0e5271f52d70811
SHA256 434b3f8330b9549b4c2040d189a7d1711308fe52d30ed6a99c3bf6a93020b167
SHA512 dc23a1e27596e143b9dc969e3882693342282603b18577210abbe62a956a1b60ed13e0e3f7098be2432d69c7ac59f3a749a43afbb8726960b9c77357f5597380

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\lv.pak

MD5 fac8ef3f60c8e2155422ca07c3e1df5c
SHA1 1aa7edc077ca9fa194efb0efb2031b37fbcdf33c
SHA256 7f2cff89c0628d5eb9ba65842cebbc49719d830e3d947c4e0d96871df5241811
SHA512 51d88621a15d4df74e569345a2c27742942daf9650005c6dcd0cf53d58ded42006f08664234d5efce6144a4a0bd2ec11980b3903afed40d9294f11c1b0ccd3a4

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\lt.pak

MD5 2d4fca437a7548893dc4b51fa5b33c33
SHA1 c1493013d7d981ea9223716e415380992de65c2f
SHA256 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769
SHA512 b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 2c6827f4bdb5b6473e7772f6c75c140c
SHA1 5739b9b9abb1b1920bcce5b900dc0fb5f34fd2db
SHA256 fb4bb8f8ca0183d296fc45cd259ca80da6679946f674d76983823ddac60309a8
SHA512 623b1d6d047f81438c346a04dffe78c779f194753b17ba4ded2f8aa794e30eeb6cf101deb036081cfa8157e87d623b1bf1b03ebb76a6768b5ee8002b2b0bb61c

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 f7398234d806b40847fdf0ac567ae301
SHA1 11ba5ee863bcd58ba3ce9bed6fd9216237ce12eb
SHA256 819c54d60b276b63aa5089c1fd96ce70af34f8fa1e4d7ff033e300e65776a6b6
SHA512 d6596369e0901ac360b18d13389da7a56f215634789b8be0d4674179e70909491c48ab8c7c4ae3a852ceb7fe48c111698e9ae42d6b506617f6c4156c27cc87e9

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 238fa8d06d99c625bb9ee76749d8b43d
SHA1 be5a6f1fa7ffc7d78f82e743a9eb353bf01e3943
SHA256 ec5bd655a9457715ba763a9d6371d127c81f8b0338d38716820d01de88ea05ba
SHA512 1492d1167dd9fc4ef18f4d605c98940625ea580cf2ced6ab2405b39465d9c174da464257e690f0eea99d32346ba105863a582c59a6c84f4a18aef543634a2291

memory/1940-611-0x00000165B8950000-0x00000165B8972000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_to3i4kx3.bhu.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1940-615-0x00000165B8940000-0x00000165B8950000-memory.dmp

memory/1940-619-0x00007FFECC000000-0x00007FFECCAC2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 88dc70c361a22feac57b031dd9c1f02f
SHA1 a9b4732260c2a323750022a73480f229ce25d46d
SHA256 43244c0820ec5074e654ecd149fa744f51b2c1522e90285567713dae64b62f59
SHA512 19c0532741ebc9751390e6c5ca593a81493652f25c74c8cab29a8b5b1f1efef8d511254a04f50b0c4a20724bae10d96d52af7a76b0c85ddc5f020d4cac41100c

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 1a11402783a8686e08f8fa987dd07bca
SHA1 580df3865059f4e2d8be10644590317336d146ce
SHA256 9b1d1b468932a2d88548dc18504ac3066f8248079ecb083e919460bdb88398c0
SHA512 5f7f9f76d9d12a25fdc5b8d193391fb42c37515c657250fe01a9bfd9fe4cc4eab9d5ec254b2596ac1b9005f12511905f19fdae41f057062261d75bd83254b510

memory/1840-633-0x0000022B6CAB0000-0x0000022B6CAC0000-memory.dmp

memory/1840-636-0x00007FFECC000000-0x00007FFECCAC2000-memory.dmp

memory/1840-631-0x0000022B6CAB0000-0x0000022B6CAC0000-memory.dmp

memory/1840-630-0x00007FFECC000000-0x00007FFECCAC2000-memory.dmp

memory/1940-614-0x00000165B8940000-0x00000165B8950000-memory.dmp

memory/1940-613-0x00000165B8940000-0x00000165B8950000-memory.dmp

memory/1940-612-0x00007FFECC000000-0x00007FFECCAC2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RpmhdTVKKFP6BsaUHoz2\Logs\Error.nova

MD5 8d326cc25f1d555a6e5167155335fb71
SHA1 fe7950ebdcd0f09a004e22aef88bf0a0ea297b73
SHA256 3137164ef5fe420c69224ebff91e7f8aaeb428a22d5a4e7353445ff3427a6a91
SHA512 4c5dcd69a1d16ca07f76bec75b9b696c8fb98e3a804b1447bc97294839de9b54ef2e4d413e2ee44b7a9242dbe9f139451ccd4beacea1f4579cc4975eed3c26ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\places.sqlite_tmp

MD5 28a99d8d548a85a5041abd52f47a1dac
SHA1 8e8848a6519ce79329a4cfaef00b83f88bce205b
SHA256 e8c2bad68db79b25649df0372f6bd1421758e203403709510f19468b24b2342c
SHA512 1de1e25fb5712ca7d2996be0410ac7528568f3760ce94d5b77cb8c64ca6a728c98002372c1cf82413869743b28a7e38589943c40d4400a62c5d6138ff0381ba4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 ebb5d614ec1c17358977c670ee2611ae
SHA1 a55f6f65b5fd7ab45e808b67aa5b3c8c39636ebf
SHA256 b38f5a47da8994b9cc2a9c783746a6dcde818e71fa4cb50a02775dbec93a4ba8
SHA512 570d737bbfba75f642f3044ab56529a305d86e1e42579270235682926048b99404d621d1ab7acd33fad522d060fac5dccac22409843a4f3d5cf4f4291c5aeb0a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 d82baad8cdde9fc549c8799318c2ee4e
SHA1 2521f7216345d4cbaac52d7d6647133082608024
SHA256 29d42089abce39b995e662212d2c58f6c6bf8ec90a35764fd75ef2d52fd20d9c
SHA512 bbeac34f987085d465d8ddacba2d0bafe8fb2700851a7aadfa9a5491bb4fcf478a9ad39e27654a374ff8649f87890b0709d3bd5af354a5d73a88edd3b8a3914d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 d5bdd8ca3257406db1e107a6006b3641
SHA1 8512a9b87e117ac9ce0c70379d5634c9dd982b5b
SHA256 4519064799d72bd4b05d593559991ce6d8eee8e5891e170d3cd53590724c0e63
SHA512 416faed627b169c67a17b4e14319cb2a653ec2cb0058a3b1d486cefb2f1b4234d7e3018513e0ffb10de4cb40d5ba6c840cb90ce0a9048dfaeb51cd2b53d133af

memory/7864-859-0x00007FFECC0B0000-0x00007FFECCB72000-memory.dmp

memory/7864-860-0x0000010FF3DB0000-0x0000010FF3DC0000-memory.dmp

memory/7864-861-0x0000010FF3DB0000-0x0000010FF3DC0000-memory.dmp

memory/5236-870-0x000002BC22BC0000-0x000002BC22BD0000-memory.dmp

memory/5296-894-0x00007FFECC0B0000-0x00007FFECCB72000-memory.dmp

memory/5892-902-0x00007FFECC0B0000-0x00007FFECCB72000-memory.dmp

memory/7864-905-0x0000010FF3DB0000-0x0000010FF3DC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vsK8O0HEY2zr_temp.ps1

MD5 8271667a03398fc5e1ddaff789b83383
SHA1 f030ee3becf53b8c6d0defa15e39c5acbd752de2
SHA256 1a85868e030520bb1a92a93b32877015cf4011a23e4f3aefe5f20c474fc4eea0
SHA512 34fb5987aca12461ee96a346364212b235cbde76fd4c5e56f07719c195dec71c3438f396a8e11c62b7db50f3466c6dff6f0ff18fd8cfaff00af7cf059ad3d988

memory/8592-909-0x0000020B35540000-0x0000020B35550000-memory.dmp

memory/8592-918-0x0000020B35540000-0x0000020B35550000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

memory/5236-920-0x00007FFECC0B0000-0x00007FFECCB72000-memory.dmp

memory/8592-924-0x00007FFECC0B0000-0x00007FFECCB72000-memory.dmp

memory/7864-932-0x00007FFECC0B0000-0x00007FFECCB72000-memory.dmp

memory/5892-931-0x00007FFECC0B0000-0x00007FFECCB72000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 6e5843696d70df783161968b9f9e1759
SHA1 6e7ab4a749b553ff66e8914563ca9f98cabe3ecd
SHA256 51f80b81fae4ad9aa2b195b561274799f4bab0b9c12b0b86748044f12bbab719
SHA512 5b44b40619c0467fc41009a5ca7638ae3ab948757c4707b8439c7485635d9cfb120406d76e330b0993f17f63739a7d8d40e3ae71574a89428501ab63a44e9093

memory/5296-937-0x00007FFECC0B0000-0x00007FFECCB72000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 09d71f2fce20797dcb8a3db8efa726e9
SHA1 ded99dcf0d954295b47f7e75bcac0046f11a90da
SHA256 079c157bad049216d2f04264ecdd924059e78637f5aec39693e533cf4e725664
SHA512 449fcf215657b90ba7c40411b09e73f358dbf3c08dca5dc6941575a2d2f70d2dd956401c135430280cefaef519fc61587d91f319a9b54f8e9e0752797d8bf5db

memory/8592-908-0x0000020B35540000-0x0000020B35550000-memory.dmp

memory/8592-907-0x00007FFECC0B0000-0x00007FFECCB72000-memory.dmp

memory/5236-904-0x000002BC22BC0000-0x000002BC22BD0000-memory.dmp

memory/5236-903-0x00007FFECC0B0000-0x00007FFECCB72000-memory.dmp

memory/5296-900-0x000002C546800000-0x000002C546810000-memory.dmp

memory/5296-898-0x000002C546800000-0x000002C546810000-memory.dmp

memory/5236-871-0x000002BC22BC0000-0x000002BC22BD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RpmhdTVKKFP6BsaUHoz2\System\ADFTSOGA - 2023-12-22_213747.png

MD5 5011c58030948733fbcd54355c40abed
SHA1 64172c7b04cbba396f4867a3147b2821b0d43be6
SHA256 79c5fa7f5bf1c077024870becf6630809d8af6afa73417e899e72ea8efa0458a
SHA512 c2ac11676b2dc2f37236945950d8da14f69b780dc6b9eaaee80616e38eab6dfcecbc6635792d45da9802e92bd1cbe8ad531d00fdb3e2222ce5d686b5010047aa

C:\Users\Admin\AppData\Local\Temp\RpmhdTVKKFP6BsaUHoz2\Logs\Error.nova

MD5 ee0e88c160af321e7c53da559be14e05
SHA1 af7268e0bd610ce4dc272c5f517335858a5ae088
SHA256 48cda5785bd38d76255e1c90b1671649dd9876566f1cb3f3cf4407a6e78c5a28
SHA512 8457e69ab2b2d025d46721cff28fa60cdd27ca14b470a107ecba03aa019e95d13a6342090d59376e0acb1f18ffa29d81bbc7f5a8e31900fde7dd527494821118

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\libEGL.dll

MD5 8352fd22f09b873193cabc2932be92f0
SHA1 5bd2b58854b279f1733c5f54ea2669ee8a888d9e
SHA256 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
SHA512 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\libGLESv2.dll

MD5 0e98c8b9fa0f2e97590f2b51330506f2
SHA1 e0af55438b0f903b73d1c2be0422c899554dbe75
SHA256 64b7e69b333608ec2b927307a8e88bb48229d269622a284fe8b29b54334f5ccc
SHA512 61c8d16922f95549b4143ea5c02c80c1331c9ae34f123666c2ba2cbee86ef4423627dd5012eb82b6f47fa300346ae38737ffad4e7dac181a29614c7d9ebb0037

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\libglesv2.dll

MD5 b6d8ccf870731b287691b290968d8500
SHA1 1d7a05aa4434893b480c3bb1a48f9509e43fcfb9
SHA256 56e424ba9a5cc0f0528ec5e02cb039bf18a175ca91caa10fb4464100692681bb
SHA512 bf274024c63bdc9e7cf1b82c036b9f869b0b0fe5cf4c0e768a24e5ce356a544ea19d3ba2292e46ebd6c7fefeb7da5525b3376710f7a76db2961171f7b03c5a30

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\d3dcompiler_47.dll

MD5 abe28faf7910508cdd23b16ead94a9ab
SHA1 35e27339f05dbe3a5229b1c042afd908ff681656
SHA256 c3af014fdddacd224b2a0a7559331448da0d0d0306a8abd734baa0565581fa1a
SHA512 98b33242d69a3a2ae9cb08066681bac2f555baa9d17803d4643efbce83826d7f342e4771bdf20372ba21d6d4a008331a0c14fb7569d4cccec2cb46e98755508e

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\D3DCompiler_47.dll

MD5 f341a35c390fca0e40b1d78e92f180d7
SHA1 d931680d78faeb793ca60f1bc0cdf5d554250d37
SHA256 d52091bbd83ac2f306e68891ac2688ee524403ab89a4d3c6f3a487df03809a33
SHA512 ca8c07d9c88d7145601f8492ac14273fb190e0b7e79d9eb01316ec00edf885f6e18f0066ffb82e0399c5d8844c020c3f73afdfc9289e499cf37c235607acf77e

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 6493e34fd8acca88711ecec9386dcd0b
SHA1 a0b41c7aba30ffb3362bbaa14578032c396fd3b2
SHA256 04cd8bbf54d6237893921af5a169ba9d7aa257c15b31a2120b55703d862a0f6f
SHA512 ef2101b83709a0efb99ada8c0a7a0ce9bd6544dcb76d2c1f97c96b3ada9cfd7ccfac3688ca2bc8c39232419f969217773483ba682546cf8333f58dc242b2240a

memory/4324-580-0x00007FFEEEFB0000-0x00007FFEEEFB1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 7a3e0e87e277d7f414fc137880d4afe2
SHA1 05287a2f064ad0c881e601aeb6016364ae71cc0a
SHA256 26d517b7e25e437acd390a18f681e5923e6d98db502866f555e661c62db76b44
SHA512 9f7e21d784e6a49bdcea9ad780dc86a993ad36c7c7fa6570974eeb4596e2e244330ef61dcae9e2be7d8fc416292ee66a3b1cf6e45ab99fae3785e6958e5c2c95

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\resources.pak

MD5 4e40dffa32bbd780127f9d145e138554
SHA1 b619628e4fff3f453ddf54c36751df6dd9f0ae70
SHA256 a551b38f428fd3322854aa910e3df546b4b91e5c2afc6aac8083feb3922d9abf
SHA512 8b940d47ed4d38105dedc1d90cae2ab3e4ca513d47bdec60ada1d9bd82a03664057422460235c11152f04c950ada932c3bbb0c78838014a8c44f3c00689ec6ce

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\locales\en-US.pak

MD5 0bb857860d8c9ab6d617cea5a5bd4d00
SHA1 351b744d95846bff2ce5f542fec2e87439aa0f8b
SHA256 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816
SHA512 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\ko.pak

MD5 d6e2c18c9eabba59b50d147d942125ea
SHA1 0918879203c2050b4f9f449f5616e430897ba0b9
SHA256 f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76
SHA512 f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\kn.pak

MD5 5115cde84b4c674db412619b65433004
SHA1 164f33e7e2e9f685a579da492a6fc8806beb6cbf
SHA256 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7
SHA512 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\it.pak

MD5 5aa225aad4f9fe6d05ec24905a827d88
SHA1 f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22
SHA256 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab
SHA512 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\id.pak

MD5 e40cb2f3b4db379e4d187aeef0dfd300
SHA1 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6
SHA256 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5
SHA512 b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\hu.pak

MD5 71d42cb22d2d7a8b26c4514ab12df3aa
SHA1 cd0307503a7906f1742d1e98fc816959319c2171
SHA256 b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6
SHA512 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\hr.pak

MD5 6f92235e6ba003af925a2d6584afd27d
SHA1 3ceba61e9c2975466b6244188f5ea72aaf042fc7
SHA256 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840
SHA512 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\hi.pak

MD5 590e9e73df9cbd83cd87b9c03848fec9
SHA1 da125e60a5a2c51a2d6219d3f81688bd22237b59
SHA256 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9
SHA512 fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\he.pak

MD5 6a02a37e1ca3215fa9ee0e1b0fbcf5e7
SHA1 89a8a126c0bbf536ac58e29fc50e045fb1b88220
SHA256 f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986
SHA512 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\gu.pak

MD5 63a7fdc4eadf8ef1c35c72468a0ce33f
SHA1 e8d064f0e9c8a6a8c6ccb036711e292d011d9466
SHA256 e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c
SHA512 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\fr.pak

MD5 c3095ce1e88b0976ba7bef183d047347
SHA1 b14cfbf6e46ac1f189595fc09660178525301138
SHA256 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272
SHA512 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\fi.pak

MD5 cc592d91ce8eabaa75249cb78b889376
SHA1 f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac
SHA256 b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20
SHA512 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\fa.pak

MD5 6458a239e994d8d18315deccd35389ed
SHA1 75c985f43503a6c44645786d46639a6b555ae163
SHA256 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34
SHA512 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\et.pak

MD5 c76db3385190c6840315c4497e40258a
SHA1 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46
SHA256 e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f
SHA512 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\es.pak

MD5 f83d8f7f6108786c02c2edbf3d85f147
SHA1 57781d9d9eb7c90cdc71f78e25d0763045b6d29a
SHA256 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d
SHA512 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\es-419.pak

MD5 b261b1efe945365588befdf68879040f
SHA1 616f44a5f73f0449b483f36ccf831db6474a10d2
SHA256 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4
SHA512 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\en-GB.pak

MD5 52e2826fb5814776d47a7fcaf55cb675
SHA1 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b
SHA256 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454
SHA512 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\el.pak

MD5 38440b98bfdf5ed496da0f49d59534c0
SHA1 1498d9207ecaf4923a47271e24c68a817041c82e
SHA256 b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f
SHA512 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\de.pak

MD5 b73344e5a72fca6f956dbab984c123ba
SHA1 0561073aa40a63a9ce9930dd18b18e12ff139b2b
SHA256 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b
SHA512 e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\da.pak

MD5 55a8f5883805a65c854d25edb3959209
SHA1 d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268
SHA256 e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb
SHA512 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\cs.pak

MD5 3cfd9dc564cfcc33cc5524711365c376
SHA1 2e5016d2643017f37658262122974429f18625a2
SHA256 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee
SHA512 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\bn.pak

MD5 47c95e191e760dee3ef43345577e2379
SHA1 609634315270a91d4ec631642b18bd0036367aad
SHA256 ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7
SHA512 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\bg.pak

MD5 5ba0c7200362c9ed55610cc8b66ef53c
SHA1 d45239c2f1b00885407771a41a7776fc1fe8fa3b
SHA256 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7
SHA512 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\ar.pak

MD5 6f3e791b4d35ee7d9515614d128752cf
SHA1 181ec3a84fb3e89336d77f24f562a2cbe07619d8
SHA256 e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60
SHA512 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\locales\am.pak

MD5 e18a450ef034b42599341c3d09f280f1
SHA1 2001c8a85904962ac3a96938eccc69ad2c110fdf
SHA256 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da
SHA512 ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\vulkan-1.dll

MD5 b91586bd80e057a7f62bdc4422744812
SHA1 a1df644421ece2e740e5bf0ed98b4f269fd85c39
SHA256 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02
SHA512 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\v8_context_snapshot.bin

MD5 47014c0f81bad6d216c617c9c63bf040
SHA1 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf
SHA256 e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178
SHA512 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\snapshot_blob.bin

MD5 c9ab741bbef53fa0e84952b8891a5f5a
SHA1 e2dcb8d034e07243537c86371de0c52bce62cee1
SHA256 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4
SHA512 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\resources.pak

MD5 03b703796b1c9652fea6c835b6dfa6de
SHA1 97f86050ccca8bf25b7f97a597eba087edaa8aae
SHA256 c1adfaadc8538cc54c67a7476705e3bd4623ddc9cacd7c7733249fdd55542f01
SHA512 f5bc83fc3a15f92184cf177c1f52e214ea2cfdc4643d29ef366b090a7728c30cdea5267265a5880a00d322858a77ceb54b530581a6b817ff0006aff4217a4675

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\LICENSES.chromium.html

MD5 41d0cf83d73204da1b23f7b02fa4e968
SHA1 fad3ab5d4c65566b046d29b247a1812bd4eb843b
SHA256 2c8dd8f67ef20ebb90ce51f47d0e59fa4f06db8fbe4df082e4ef3c0a66d41847
SHA512 2e7e2ea471ede02386da466ae34d5395c5a77fcf9782984503c4cf5fe871910365b08b5488217df380f3e350360075bfe798130cf06fdb08019350a9c95b95e7

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\icudtl.dat

MD5 5f620544e4dfb2366bf5d9da5dc230b8
SHA1 93513b666764988fe21ba1f80f3244dc34025d30
SHA256 06b3d223db195c14407296acf1fcedf45c725d5862cbc19cb3956d1f88cb7338
SHA512 9c0f5297da85fbfcced670c5062eeec87384794492de3440c954572b387eec747e9644c71751a07ae164d27febe55252ba49180c1da989f738aba0c45d89f32c

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\ffmpeg.dll

MD5 2cf9fca9661c10e8b5374b412b1f881f
SHA1 3189e31a88119bf6584dcd847d49745f3b49c18e
SHA256 468368f630f318d76a7f30aa215a4bc5814d9ab97ec961a2f2fd8b7e4d32e6d5
SHA512 559058ef82f68b06fb5e3df001d55776f469fde80f892fab7b57b74c1ce03456bc48ed41ead84d06c4703de5a6bdd6a751288d7493fecdcf62a8452fa6d40352

C:\Users\Admin\AppData\Local\Temp\nsj83A8.tmp\7z-out\d3dcompiler_47.dll

MD5 12c081c9c513f7b5e57e4ee1f3a8bbfe
SHA1 24e6ec5e32e3527c5691f4857d9151c69a4f2997
SHA256 b15e4d4b3578b739192e41cb54a5fb911ffc678182a37f52ebc01a02bcd6a0ae
SHA512 07c45b52b2cde0ea5e265c4f363a47687c7e39213d1e16a5a803d67beaaa314bed6271724159b424d31834110a6af36d441e3ed1af6964dc5b9f6ee9c3f78a46

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\ffmpeg.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1692-967-0x00000249726B0000-0x00000249726B1000-memory.dmp

memory/1692-966-0x00000249726B0000-0x00000249726B1000-memory.dmp

memory/1692-965-0x00000249726B0000-0x00000249726B1000-memory.dmp

memory/1692-964-0x00000249726B0000-0x00000249726B1000-memory.dmp

memory/1692-963-0x00000249726B0000-0x00000249726B1000-memory.dmp

memory/1692-962-0x00000249726B0000-0x00000249726B1000-memory.dmp

memory/1692-961-0x00000249726B0000-0x00000249726B1000-memory.dmp

memory/1692-957-0x00000249726B0000-0x00000249726B1000-memory.dmp

memory/1692-956-0x00000249726B0000-0x00000249726B1000-memory.dmp

memory/1692-955-0x00000249726B0000-0x00000249726B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZujbFynicZdO7kGHFVqtEKbJ1F\AORadar.exe

MD5 cb2cfb2f56d7ca1306797a792c8df761
SHA1 2dce1128c52325d590684d4f142b3554d129d888
SHA256 a3ab8a3280c92f5009219d8ec64571d61ca1fe8824dfe21e930efe4dfd7a6635
SHA512 7090fb767cfb2d28fff258152d9b213ac464be1d64da6e7a32cc11669c746f004dddd1f62259f13f8aef4a57a77f512653166b60205949024dc7be7bf655db71