Analysis Overview
SHA256
0d3c3a7459799a9670b7b97c2e871a7364f0a742d825a8cc7ca6d34c4b3c0a51
Threat Level: Known bad
The file AORadar (3).exe was found to be: Known bad.
Malicious Activity Summary
Irata
Irata payload
Loads dropped DLL
Looks up external IP address via web service
Unsigned PE
Enumerates physical storage devices
Collects information from the system
Suspicious use of AdjustPrivilegeToken
Enumerates processes with tasklist
Detects videocard installed
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-23 22:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 22:22
Reported
2023-12-23 22:31
Platform
win10v2004-20231215-en
Max time kernel
23s
Max time network
151s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe
"C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe"
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
C:\Windows\System32\Wbem\wmic.exe
wmic os get locale
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo wlan"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
"C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1732,7579082688048380104,5175452027030310435,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
"C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1960 --field-trial-handle=1732,7579082688048380104,5175452027030310435,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cscript.exe
cscript C:\Users\Admin\AppData\Roaming\cF4JA46JNUvi.vbs
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cscript C:\Users\Admin\AppData\Roaming\cF4JA46JNUvi.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\1DWY0k5sSV5E_temp.ps1"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" wlan show profile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\mjJ3cwxcYOnV4syo2Yk3\System\cam.3556_Admin.jpg"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& {netsh wlan show profile}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\1DWY0k5sSV5E_temp.ps1""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\mjJ3cwxcYOnV4syo2Yk3\System\cam.3556_Admin"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
"C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 --field-trial-handle=1732,7579082688048380104,5175452027030310435,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 82.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store13.gofile.io | udp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 38.75.137.9:443 | store13.gofile.io | tcp |
| US | 8.8.8.8:53 | 9.137.75.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hawkish.eu | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store7.gofile.io | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 136.175.9.9:443 | store7.gofile.io | tcp |
| US | 8.8.8.8:53 | 96.121.5.163.in-addr.arpa | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 8.8.8.8:53 | 9.9.175.136.in-addr.arpa | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | 328b3279ffc8c47151236d3c1236ad0f |
| SHA1 | e6c12f85e0b2f1250af8f6e60220bddd684e0ac7 |
| SHA256 | 83b6fbdb951b833d7f588a66f891f9886c93df7cc53a2c37f0986c20037b7f9c |
| SHA512 | 538ab5a89a04daf3767f837e05f066510433c438088da7aeacac2f3a56ab5f0308f415b2228420f16008a2c79aebbc42ba75015b49230d522cd41b3d07be0c7a |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\ffmpeg.dll
| MD5 | c3842fb3087cdcdb04020ac38683c289 |
| SHA1 | 329dbcd4a1c79b891b200f11eb50194b85c493bc |
| SHA256 | e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133 |
| SHA512 | 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\d3dcompiler_47.dll
| MD5 | c4d4e47539adaf097d4e4592b83318f0 |
| SHA1 | 6af948e3a015fe1933d307b719b56aeab629209b |
| SHA256 | 57aba3912aa52de2942353fc18938e3b135aa34df4c9b900c5142189b1815c71 |
| SHA512 | d4528a3ac5087d52de7ee99552c00ddf28c7c802ad51cbdf34dc548cff2e66adf023efad61c4c75b53d1afffb8f91a686bd0fb490f8ae3ec1be9fc7273af0db1 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\icudtl.dat
| MD5 | 5a724b6a4c5561d55e3a4dd0e017af3e |
| SHA1 | 6438e4966b01b80c9c3659ba77f58340cf8a996b |
| SHA256 | 796e8520ac9f8d367f72606b4e038cff2a16533631bcd9e194c328afa55a0908 |
| SHA512 | 2b346eb55179df509e10131d7c72ccb1bf384c9b8f6d81f2f08bdf12f4497835caf115b71bcebcd62b2bcbed769745b63d596204efe6427ca6a2411615f39d64 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\vk_swiftshader.dll
| MD5 | de2d91476e625278c30a5f69a1892e05 |
| SHA1 | 4d707f6a801611fb437f5c1cba31b0909bf41506 |
| SHA256 | 02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba |
| SHA512 | d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\resources.pak
| MD5 | bdfa339e708ea0f23ed3620adc4a2d64 |
| SHA1 | 82a95b7b022836b6e888f53e69386570c05a1af2 |
| SHA256 | b66ae9eda4543685974d35d051d967538bc57d55c2577629007c534ff330e1e4 |
| SHA512 | ba87c70e1b6446e0a7b62da33d72a36ff92ee54fda64343262bc26afa8166174e76d058ec6d707cdebf2611858b3b4b7e21798febec53da02febd81ade4ce8f8 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\LICENSES.chromium.html
| MD5 | df37c89638c65db9a4518b88e79350be |
| SHA1 | 6b9ba9fba54fb3aa1b938de218f549078924ac50 |
| SHA256 | dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463 |
| SHA512 | 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\libGLESv2.dll
| MD5 | b7e898c2b57a959c785084ad7bca07ac |
| SHA1 | eccc74483f0b3c26b82496463bf1443ba1ecfe16 |
| SHA256 | a7d1845c2a396997f5e1dc9d13788fb42d3e210c6e0b808796ba25c0cb39f680 |
| SHA512 | 4b43e6dd2377052ae7fb70993f5123134fdbcc204c82130bb91ba35d9d20d96e7ac3ebcb751661873e7580f6401b6dfbcd3c5ff6b5e163319a7213ee5d70016a |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | c0b36d56d83e601bf246f7709a8c5f9d |
| SHA1 | b025a6070f7d61c7d1827856d2d4043834fd23f2 |
| SHA256 | 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53 |
| SHA512 | e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 19dc9ee70e7765bb63a66b6826e8ecb7 |
| SHA1 | 1a12f983f8b35cc2955d30657971f113c47dc164 |
| SHA256 | 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f |
| SHA512 | 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\resources\app.asar
| MD5 | 82726ee89bf94ade76d66310b6f71707 |
| SHA1 | 80d2ac2f7f9cddc0eec7ef77cf31c3e661ba4eee |
| SHA256 | 2d31fa0701431c0f939322cbb121fddb5d35dc68ea77987024242b486131f1f3 |
| SHA512 | e485ad6ad1be2cc18d3364d7d878278177a67ea141a60aa975f8e579ac5d374a32a9a4975dbc47a0d142717d5d4dd5ae55a5225047a6e9d190cf308694556b21 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nsd829E.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | 504ec996c8145a6baa338be3cc9f1b85 |
| SHA1 | 4b00e7fec5f6cb179100c8c87e85774b2075d7c0 |
| SHA256 | 01e40812e970eabbff9e4f3c84adc0d3b29ea2b7fa3857fd5fdc1d6dc0daf7ee |
| SHA512 | f7b0fa2770ca152f26c5b2ca1bf44db52a013bf57ed3dc36c42f06731bf6416571a711c6e99718a54d7c76191a8f2fae029d0cdecf1abbdaa2ee739ae07131f0 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\icudtl.dat
| MD5 | 1ba062b1ad975ecac528b8fc8d05a7fe |
| SHA1 | 3ca994339d5cb094eb28e07b088bac524d2fd8c5 |
| SHA256 | f0917c847b2506691c75d5197f4efb0279a5055e023633fbaeb1888f053071dd |
| SHA512 | 125b137a1e78b21c01678d90815ba823cff4f54c6b97ac3a371af159240a228e9bc6c862d641fa0300d0267d96298925902a6584b7a24368e5e519b7c4875994 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources\app.asar
| MD5 | 04456c3442629494591d90a4bb99ab26 |
| SHA1 | 93212077751dff166b1861c807894fb04476ce22 |
| SHA256 | fb101338c5202eec7c20a761aad7a022b7bd922679fe4e8cb34799e89cbff03f |
| SHA512 | daea27f49795fedb806125bbfb175b885a3890707c13e4205da9005bdfd3786bd4fdaa2784b50d66225482f9c3a596c6b2e42109001d281506cdc502487d71fd |
C:\Users\Admin\AppData\Local\Temp\c2c5ac6f-c478-47d9-91d0-228720af01ca.tmp.node
| MD5 | 3072b68e3c226aff39e6782d025f25a8 |
| SHA1 | cf559196d74fa490ac8ce192db222c9f5c5a006a |
| SHA256 | 7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01 |
| SHA512 | 61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61 |
C:\Users\Admin\AppData\Local\Temp\c0647462-4e6b-4ff3-a00f-e1861ee13426.tmp.node
| MD5 | bbe1467873bda1d5b55533510d87859d |
| SHA1 | 0e6ccdb101b96a59287ab537b0b567fa4eb7f19f |
| SHA256 | 7a44566d9cbc8061b14d421a65b583fcd26eef54033b21cb52cd4e78d45d749e |
| SHA512 | fc04b60a80f5d46c70a01c01b00baeabaa8da7278cdd367f57d5df83bbd89716954ecf80237bd20ba2b22092654cb6775aa26d5cb3bbbf23472630af9f3c6907 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources.pak
| MD5 | aac8b2f64efa8f0eb208bae698356177 |
| SHA1 | 3fbe30789d67cde835eecac5ced47176a26ad803 |
| SHA256 | 8a49c32c15902adebb551543a76d62d250a08bc0bf6c7d5f7f3e0ba4fbd5920d |
| SHA512 | 6f13500f30954c18238b660c2a0446f8700efa810049af5c20a709a742715db3960a3d01df5908913a8a250c494330c37e5cd6b28cae46fe84531625f593fe92 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | d93348932a06871c5fe759d2e5baad3f |
| SHA1 | c815fd4b352c8f394f42efd6c08240a7339fc3d1 |
| SHA256 | 236078b01b78d3ac31c723f2089f8f5f8c9aa7307d374e8305e9379d743c8466 |
| SHA512 | da6399a0ec78ec307b455c98cd37c346548651e92782dadb5dcc27d72bc9d092b26d0cc9dd2c3b772ce03625131325d6e5ae523da2a69f5f27c25d3929507c22 |
memory/4428-580-0x00007FF9C3C50000-0x00007FF9C3C51000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll
| MD5 | 8e52c2317ff1ecb29ec671531f5cd7cc |
| SHA1 | af035e211060cfd3a3445596facaa1ed9b0f3221 |
| SHA256 | 4ae616423d64ef91541d5fe9a588c68749b0d423430c35482dc30dbe8f3cb57b |
| SHA512 | 19a2004556952cdd931b52edeb2943c5977c34f7389a6110d594ccbe8fea0c6019250e4747f4547db8ac896c51ba13df153e57c16417e3ed2f8c659a227ae0ca |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | 9566c69f2bdca64f196268563fdaf21b |
| SHA1 | 7d19e44cfc2124442328e67aadb4390fae2389fa |
| SHA256 | fdb7e33918f6b1fe40784f854a2ef6bd688e9b9d21dc099414147e1d1f1cb73e |
| SHA512 | 6dce0f6eca6567ed57c9a630c6944f27198bda5ea8b8dc37ad6b6b7ff41a55639a36738c32defe2a8e71e9ca72fbe5c2d283bf4ed9861387d2ffe60fdf08793b |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libGLESv2.dll
| MD5 | 400b8a0c5d40559ab7391e9594d10f06 |
| SHA1 | 2f8e1969d439e5f86857096bf45a4effc4aaa753 |
| SHA256 | e3f7fb2021bfa14a12f119f1c491699bd54dfb59e22c91a8ef4f4b48099078cc |
| SHA512 | 6c0ef2bf7c8dd044dd5a27e4738ec6f484fb9f41905b94aee6a94371dc8f4689206a9f586c8a0402f26be7487ca5303318dcc8712fc0414e31a7c85a43f1c741 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libglesv2.dll
| MD5 | 31a40e37cdd6bcd9246ba7b96a384f47 |
| SHA1 | 05f808f1f191071954ff332c8c0d65c900f38290 |
| SHA256 | df010d58f315e5c9a0d9ec4c0fc066991c8272c9c077c25f8b56a7cc6630382f |
| SHA512 | 8e0a96d27223ccc51ca5ef8ab6d4e1bc97f89f6010f65af36bdceeff3e4f7fc61aeeaac82c4a9253c162ddbb606d594008578741700cdd6a812e4a15c500bd66 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\d3dcompiler_47.dll
| MD5 | 8783e98956ed6a2442d28e0cf1e1e646 |
| SHA1 | 69b3d938c9fedc9a1954a8be46e6875765dbb9af |
| SHA256 | c26b328854d220b395b1930258612b0e5b91afdee102a99ce0b4625b179244fe |
| SHA512 | 0931ac9456cc15f59d1ce0fab29eb5436fc1707a7063488ceeaedc6e82cb76a4619a983240ff244b4fa2221db1ae7b630418a7c48cd85a73ad7778f52891f2c5 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\D3DCompiler_47.dll
| MD5 | df245fdb581f5ed12da769a20d468215 |
| SHA1 | 2a76dcb3a47c1347d620c71ed22aa732f806feed |
| SHA256 | 0b8466300c79975804b422cb8e2e41c8fc82a6265c92af70831fc238ddb8e62d |
| SHA512 | af69627edeeb11f8ad69d69ab25aa34ab22299fc9bdf103a008fa640ef2d09ba191ff1baa596426e50797bd62bc145317ae093d754aa3f33fef8cd076e9fb90e |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | 68d868ec2729aa571b8833d3bdca140d |
| SHA1 | 06e809a3de6ba1a4b4a7d8c745c7ac267adc9cad |
| SHA256 | 2d9afade7b8c216baef44a103655f5d3e2a41df7671b33daac03cb5846c4a030 |
| SHA512 | 811ad86b11a4714a12b89452c67896664a4e5c615bb7b14e3a7a7b16b602f8a97fcf6f97e127aa286eb827cf72e42ba6562ef0eed82d2de88f8724e44ec864d3 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ffzmalxb.uxk.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/8-608-0x000002B52E970000-0x000002B52E992000-memory.dmp
memory/8-613-0x00007FF9A3A60000-0x00007FF9A4521000-memory.dmp
memory/8-614-0x000002B52EA30000-0x000002B52EA40000-memory.dmp
memory/8-615-0x000002B52EA30000-0x000002B52EA40000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 6cf293cb4d80be23433eecf74ddb5503 |
| SHA1 | 24fe4752df102c2ef492954d6b046cb5512ad408 |
| SHA256 | b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8 |
| SHA512 | 0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00 |
memory/8-619-0x00007FF9A3A60000-0x00007FF9A4521000-memory.dmp
memory/3428-632-0x000001F37F960000-0x000001F37F970000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 50a8221b93fbd2628ac460dd408a9fc1 |
| SHA1 | 7e99fe16a9b14079b6f0316c37cc473e1f83a7e6 |
| SHA256 | 46e488628e5348c9c4dfcdeed5a91747eae3b3aa49ae1b94d37173b6609efa0e |
| SHA512 | 27dda53e7edcc1a12c61234e850fe73bf3923f5c3c19826b67f2faf9e0a14ba6658001a9d6a56a7036409feb9238dd452406e88e318919127b4a06c64dba86f0 |
memory/3428-634-0x000001F37F960000-0x000001F37F970000-memory.dmp
memory/3428-631-0x00007FF9A3A60000-0x00007FF9A4521000-memory.dmp
memory/3428-637-0x00007FF9A3A60000-0x00007FF9A4521000-memory.dmp
C:\Users\Admin\AppData\Roaming\cF4JA46JNUvi.vbs
| MD5 | bee4b835076d15b9486e145637c2a63b |
| SHA1 | a419c29bbb768b6c75c9dbc6e4696dd369b22f4b |
| SHA256 | aa18473a2407198dfcf922f7128694b1f45a83e5b5d3b8ae16857f863664fcd9 |
| SHA512 | f245a75722049dd609112562291cf3e2e5627b96d0678383142b8756526ebe0f178068760511b116985a983a3c63201c7c4cbce5dc567911fd446fbf0ab3a6ff |
memory/7336-784-0x00000260D1A30000-0x00000260D1A40000-memory.dmp
memory/5864-781-0x000001A88FFE0000-0x000001A88FFF0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 94daa07b298f82ea02e1d303f9fdd3be |
| SHA1 | 1b56942cbfded96338c8c1f6170c3d0b2d188071 |
| SHA256 | db9a73dc05d3468eedfc66624512253778827a21f4cfdb27a91967dbd81ce415 |
| SHA512 | 7cb080e63396fcb240547e402ccf80373baa2889428696585313efecb931c7f4077dd21d14ff26699b608c2d37679c8a5218135ce1a6deb0e5a025c62c8ea1ba |
memory/5864-780-0x000001A88FFE0000-0x000001A88FFF0000-memory.dmp
memory/5864-805-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
memory/2296-807-0x0000021FF30C0000-0x0000021FF30D0000-memory.dmp
memory/2296-818-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | a2818ec48468e469f8cf63e824c3cd5b |
| SHA1 | 4fed55b8d94f957c67f19282a00f00baaa32096a |
| SHA256 | 3ace16b3a4cb436ebf2f61e08fd43aa7275ec2e4461630bd834fb8a27ab41acc |
| SHA512 | 640e449f67330e0d70fcd414c383a25ce0e2477b8ce2df4551355aa6427f2a9922581daec5d39a278a6f45a9dc56dab3c1ee5e99d7b4f1260b7ab20da010ad95 |
memory/5224-834-0x000001CEEA290000-0x000001CEEA2A0000-memory.dmp
memory/7336-836-0x00000260D1A30000-0x00000260D1A40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1DWY0k5sSV5E_temp.ps1
| MD5 | 2461a7488374f33d5f2a089eae5a420a |
| SHA1 | 73bb87df333e375f86e744d698db8655d9388713 |
| SHA256 | 740a55638dc22a9b8c2e5890dc5f9a9ea8ec0cc8829139a903f2614dc6ddf3ce |
| SHA512 | 1e762b2d165122057cdc09b77f0e9fb2664e314545e9f85c23d4657ad8846eb5b38bfb0a5274c3ae0dccecb13407e96a01a0cb63187106f646341b8f4b069ecb |
memory/6912-847-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
memory/5224-835-0x000001CEEA290000-0x000001CEEA2A0000-memory.dmp
memory/2296-848-0x0000021FF30C0000-0x0000021FF30D0000-memory.dmp
memory/5224-849-0x000001CEEA290000-0x000001CEEA2A0000-memory.dmp
memory/5224-819-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
memory/7336-779-0x00000260D1A30000-0x00000260D1A40000-memory.dmp
memory/6912-850-0x0000023C76570000-0x0000023C76580000-memory.dmp
memory/7336-778-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
memory/7336-854-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
memory/9344-852-0x0000020E24510000-0x0000020E24520000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 8d460ce715a00afd56cda62e926b8b17 |
| SHA1 | 3aa1ed2a3cd5e6e1a3240f222492c9e49c4eaf22 |
| SHA256 | 195c9d4857b9486e312f80264b31ef7e9ba014ececd7731397ee75ce8d8f38cb |
| SHA512 | 1b9efe45bea12e59e552dcce73d597ad431aa274621d96e5a3d146e28cfb11d9f5af256f0bc986e8d4d043f6352b9410d01ddb048bd57445f544502eaf28d969 |
memory/9344-855-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
memory/5864-869-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
memory/9344-872-0x0000020E24510000-0x0000020E24520000-memory.dmp
memory/7100-873-0x0000019725330000-0x0000019725340000-memory.dmp
memory/2296-884-0x0000021FF30C0000-0x0000021FF30D0000-memory.dmp
memory/7100-874-0x0000019725330000-0x0000019725340000-memory.dmp
memory/6912-887-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
memory/7100-871-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
memory/2296-888-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
memory/5224-896-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
memory/2296-897-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
memory/9344-890-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e5ea61f668ad9fe64ff27dec34fe6d2f |
| SHA1 | 5d42aa122b1fa920028b9e9514bd3aeac8f7ff4b |
| SHA256 | 8f161e4c74eb4ca15c0601ce7a291f3ee1dc0aa46b788181bfe1d33f2b099466 |
| SHA512 | cb308188323699eaa2903424527bcb40585792f5152aa7ab02e32f94a0fcfe73cfca2c7b3cae73a9df3e307812dbd18d2d50acbbfeb75d87edf1eb83dd109f34 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\places.sqlite_tmp
| MD5 | e24e31fac2248b0dfe529ad9a3c2c01a |
| SHA1 | daf636120adf10120880bae92a763511552c79e5 |
| SHA256 | 71f8a78ea6610ebb461cac3507fdc2da2df6f9eaf6372fb460f79de7b30819ce |
| SHA512 | 26d574ee2b2c473dfc78e15082a52f0664cccbd5237b87f9bcade91988538c5cbd34b34d4aaedf8c5b5d5781d0d8a36fb131390eadc7bc7dde7702f17cdfd760 |
memory/7100-900-0x00007FF9A3540000-0x00007FF9A4001000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mjJ3cwxcYOnV4syo2Yk3\System\FMAEQIOU - 2023-12-23_222932.png
| MD5 | 3ed1bb108ffef83ffdd9521bc3b14578 |
| SHA1 | 7d871db223112e1cb8e0c87404b318778e7f54a3 |
| SHA256 | ac5243d55fc4da92e58f57e06ee5b68f2ac9234661978cb001a3f8f8a124531f |
| SHA512 | 50f29a2a597a8aa6514139ac598448c4674443ddcf0928e17a7e257f423a6af1d3b2636eed2752a129d4a8c2c6a10568aaf10910725f995cc1d3888e6ff08f4b |
C:\Users\Admin\AppData\Local\Temp\mjJ3cwxcYOnV4syo2Yk3\Logs\Error.nova
| MD5 | fa1592dcf2622a26741509fc52a00b57 |
| SHA1 | 1a1aefb71b71340bbb61ede95db97fe2c2312c9d |
| SHA256 | eaa84453b20dc90453e8f0d0ac0328b13c31cd1f006dc51cb223c4856d9ab25e |
| SHA512 | 1f528e5c034a5964402b5b4ccb0b5add949b4a656da88b3c7cfda29528c37b972dac1f09a23d52ab9463c723cab7ec20ed94aaf73d630d3bd4cffb5593c76337 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | 0a9fc8be0050693f615b75730ddc6f2a |
| SHA1 | f825dc8b229da203ccd097936ec48e74629b5ce4 |
| SHA256 | c9140a55cf68ef4aeab497fe2f078d582450fe9108aaf2e44ad3f708a34fe8d6 |
| SHA512 | 5d10e4e3724b78d091ebcdc36e549a1393a275c488ace7853eaa1a847e912f8b40f4a9dd97be7e3f24724e6b100638e05fa8d28a175572b882427f6d06e231b4 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll
| MD5 | 34da16553906280d2ce6137a3c27a8c0 |
| SHA1 | f91d8a2680ddc61da831e8e4f358d5db118cb52f |
| SHA256 | 6632533a11e312c0248c34ee2f10e8299d58c81492901aca6e643342e5769503 |
| SHA512 | 5bd4961c4b976cf73a950f7f775bd52aab9c30b952e6c4e268feba3f30839b40d1410d35746b5540675ec7d1b8d7e5833e672592ebd5da066a6c5f1bd1c8e7a2 |
memory/5640-998-0x00000254615E0000-0x00000254615E1000-memory.dmp
memory/5640-997-0x00000254615E0000-0x00000254615E1000-memory.dmp
memory/5640-996-0x00000254615E0000-0x00000254615E1000-memory.dmp
memory/5640-1008-0x00000254615E0000-0x00000254615E1000-memory.dmp
memory/5640-1007-0x00000254615E0000-0x00000254615E1000-memory.dmp
memory/5640-1006-0x00000254615E0000-0x00000254615E1000-memory.dmp
memory/5640-1005-0x00000254615E0000-0x00000254615E1000-memory.dmp
memory/5640-1004-0x00000254615E0000-0x00000254615E1000-memory.dmp
memory/5640-1002-0x00000254615E0000-0x00000254615E1000-memory.dmp
memory/5640-1003-0x00000254615E0000-0x00000254615E1000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 22:22
Reported
2023-12-23 22:31
Platform
win11-20231215-en
Max time kernel
54s
Max time network
179s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe
"C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe"
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
C:\Windows\System32\Wbem\wmic.exe
wmic os get locale
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo wlan"
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
"C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1312,11082272954894753320,1222752196394026108,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
"C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1568 --field-trial-handle=1312,11082272954894753320,1222752196394026108,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cscript.exe
cscript C:\Users\Admin\AppData\Roaming\TSibtSOypsc4.vbs
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cscript C:\Users\Admin\AppData\Roaming\TSibtSOypsc4.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\vxTmsAWIdu5x_temp.ps1"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" wlan show profile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\8NAt5xoV0hMgSwg9dFXp\System\cam.3732_Admin"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\8NAt5xoV0hMgSwg9dFXp\System\cam.3732_Admin.jpg"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& {netsh wlan show profile}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\vxTmsAWIdu5x_temp.ps1""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}""
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 82.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 136.175.9.9:443 | store7.gofile.io | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 136.175.9.9:443 | store7.gofile.io | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | 31f856bb8bbf2eed8b53fa0739787f28 |
| SHA1 | 130a2876037067aff4f0e6ae5c4b2f1c90d1c146 |
| SHA256 | d6307c1b4e70c221dc32e93987e8abc36afc008de95a6778f71c3992a8dc151d |
| SHA512 | 4754d5a05139f73a1cabf6fdcea52d5b94e4dbb963a9d6294f2f0b46399d442ae70c350686999610d41301cb023fb198bc832a3a84cd31b648d1fb6faa13e1cc |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\LICENSES.chromium.html
| MD5 | b8338f72043a4c0efbc4e89b34af21a9 |
| SHA1 | 626400a260de0d0adafc0d4fd1d8b9e807a74253 |
| SHA256 | 0d28b148ea26e9ba46c6c31f10c6687bf2f4b1b472eef8af046d6911bfc9367b |
| SHA512 | 8941e8059be8c4bf392fa692d388babe6eda45b274767ee5d9099cb9873bb37d8e1be953abc2253cddd43b8c04af476c642e7458bf0f7a46ea389072af6a7b6b |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\libGLESv2.dll
| MD5 | cade93eaa0f020b59a68b3db98cea191 |
| SHA1 | 80c898070bb201dc8c49da4bd4b3bb4181ccb2ea |
| SHA256 | c441367725681f6c9eafe4d3864b0ca5bf86ee7bbcdd705b644a38ec54ef8a5a |
| SHA512 | ba1499055ad589e52eeee826a54138b0b261b4329c4769984865491f960f91ea6b739f787a57e342325aac34c8e01d6bc9b0887f090447abbc8089b9db70f88c |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\icudtl.dat
| MD5 | b204a6bbf4349ee86b80aef23426495e |
| SHA1 | 02f5c22c381deb2e9306c11c91d2659e5e9945fd |
| SHA256 | 1ebe7ef4d5b8ce3e86105140d41db5c614dbfe992b7beb7c3169b496d6e2d659 |
| SHA512 | 670d12a48002bb3c53ccb1af711fac089b4ed0196784fb9486ea70d4f57339348ba7203b6a241ac95b4ecd1e2f10fddc435b95590085294a16b546a1f8c98105 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\ffmpeg.dll
| MD5 | 3a0a020e0069b4bd2937cdcfaae5f789 |
| SHA1 | 5551957e4e3a7b2492cdc09f641b1e73f7306955 |
| SHA256 | af144a358f484cf9c712d90f2926e4564264485668728e12bf12fa5e707abd7d |
| SHA512 | 5203d0d66676b33e1eb392a71387b5b365c750c68115ebce9f47c90b2c80ead28330776139f398ac7591994d25a39bbf05b95d9e69f33ab298da93876f09139d |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\d3dcompiler_47.dll
| MD5 | ad67c12f8a11cc2e867e2d247689e4d3 |
| SHA1 | 6445f8ca9f4b98f774f86f5392d9e280322f7b33 |
| SHA256 | f14bd1caadce7816f9489cfafc3a357330363880618e322e9c8233d01e9310fd |
| SHA512 | 68a6ad6dd3678fea2e6afee1774da5100312aa79968feeadb7f50a943a23648bfaddd0469c960e1a795ab1726ee121a52ba9caa6f3b07de9831a6b5f3960e0bf |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\vk_swiftshader.dll
| MD5 | 8bc3227e965a3a45e72e4217c473bd0b |
| SHA1 | d18e3f856e6b19dfe5985e3c59736e007fb2d16a |
| SHA256 | c417216ebe2873e5b708af221bc1a3744d010272716e264f8d199c5a37a89e51 |
| SHA512 | a976a6a0e2ac456394815e4ca0d1575ccf012b7e65d87701d18216dd6645a6960f447ffdad8767b584487d8c71cb19e78f04c1b017364d3b73a47d9631a933f6 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\resources.pak
| MD5 | cbcb369df8b0c5741e0d702320096ff9 |
| SHA1 | 02886be239381fd8b0e03f3d93db77abd9653297 |
| SHA256 | 0e9330fa749920dd1efac7a93877aa4e3c1db26c41f13e97bbb60b716dd5ac11 |
| SHA512 | 9650af8fcbf0beec78e7f085433703979a1bf13ba897018075cf9ae7165b88722c205cd652ac96a9463b9358f9df565a0c893ccb5a6c120cb3d34ca7cef272b1 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\resources\app.asar
| MD5 | fc80c7cbdbed624b3026589e4dea99ec |
| SHA1 | 48f99ba9ecbe95a8a52c43e83973235837ec8298 |
| SHA256 | 8dc6ec284a2b0daabd711cb1af705a01812459781d30e7be53bbec80838287fb |
| SHA512 | 70b293c1c58983236240acbb950394d2156e3973a2e3559721889b3e0258d82b2ebf6a3f3a3e9e691cbb3e61b869b454c86f74eca7e3c8311640e7cd7f3efd89 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | c0b36d56d83e601bf246f7709a8c5f9d |
| SHA1 | b025a6070f7d61c7d1827856d2d4043834fd23f2 |
| SHA256 | 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53 |
| SHA512 | e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 19dc9ee70e7765bb63a66b6826e8ecb7 |
| SHA1 | 1a12f983f8b35cc2955d30657971f113c47dc164 |
| SHA256 | 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f |
| SHA512 | 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\nso1C1F.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | f2f2bb775a22539d87ea22e787d0fd01 |
| SHA1 | ff5e294c9e76abf31f1ea79dd9466c1c5986a6f2 |
| SHA256 | 0bf191810cf4c04468d74a4d5aa0fb5e81ca6aadca755c083b47f6ee4a4579b3 |
| SHA512 | fc6b6ec54a58f2494df788b2d064074a49af868cf5478f4294435e6cc406d41ab22bf3a5866c152399056b1560c0452b8785c39b95f77f700c5411510d14d18b |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll
| MD5 | c3842fb3087cdcdb04020ac38683c289 |
| SHA1 | 329dbcd4a1c79b891b200f11eb50194b85c493bc |
| SHA256 | e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133 |
| SHA512 | 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\icudtl.dat
| MD5 | 06a53ca61defdf5480ff17bd572e5a27 |
| SHA1 | 4190ef698d4125cb8a333e03d6019f525b79d298 |
| SHA256 | 2787618e58fcc8146c202cf050a655e809f99b024c0a0c2e1326c265a698556a |
| SHA512 | a469f5636c65365b0ed3be09e793220112c76c5754333d35b99f88a525d3d56c4bbf7a98521bb46d30053e0174800f2c5ffce7875d4475ccd086f4b478071193 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources\app.asar
| MD5 | be318e12f67ac853ced752513ca888a5 |
| SHA1 | 17697c429a9c59b51f59cd7dec0c246f88fca581 |
| SHA256 | e8fab2b1d4657fc88fe7285b7508c88643cee0690d9124497becd6674f9785e2 |
| SHA512 | 2578b8cdcca0d0836b7ecfccef870c6895eae7984369d887a5fb7342b78901e8ff98170b6174ed81031f869fbf05d8fd0cd108ad3d2ae33de9c08ea893d91bbe |
C:\Users\Admin\AppData\Local\Temp\0f642cd5-bdc5-45a4-a9e7-824d5cb97f89.tmp.node
| MD5 | be307e88623c294c5ee3ad51d5a13dbd |
| SHA1 | a6af4f31d57106617d2f1faad3e7690b95343ed9 |
| SHA256 | 4b19f3b074fa79149d18559306080c2a4b06f06bacc8f85087669f4ed6c70436 |
| SHA512 | b60f2905c3df84147c48afa80f124f4f77adb22cdc65125fcafe4f00fc3b95d4be90d74171256eaed873ab857e12a760d85f9374662404df0d5e7e0550c28b15 |
C:\Users\Admin\AppData\Local\Temp\7ac56170-e1fe-4d0c-a34a-12bf99bac16d.tmp.node
| MD5 | bbe1467873bda1d5b55533510d87859d |
| SHA1 | 0e6ccdb101b96a59287ab537b0b567fa4eb7f19f |
| SHA256 | 7a44566d9cbc8061b14d421a65b583fcd26eef54033b21cb52cd4e78d45d749e |
| SHA512 | fc04b60a80f5d46c70a01c01b00baeabaa8da7278cdd367f57d5df83bbd89716954ecf80237bd20ba2b22092654cb6775aa26d5cb3bbbf23472630af9f3c6907 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources.pak
| MD5 | 74ecbc37ef78656b8406a02223d77af3 |
| SHA1 | f79ed18e3c5cc28db77af71e2b03ab4ad009e843 |
| SHA256 | 504cf2d0442dd6d3677e5772f55d7bba0eb734c587c1cbdc7e10d7572ebef85b |
| SHA512 | 7e55f058f4aba017cabf2b74081698bd1138bad9e2798b5bd0c7d8410f21aac8029a568a45eb9fbc7ef12322bb024bb83e7f7622c8396a76dde15e30ef0af72a |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll
| MD5 | 751b07944b31600009378aa9daf0931a |
| SHA1 | 3dc736afba4f5b412245cf9724af3bd366ff276f |
| SHA256 | bcee086388a6ebe769d9942072984cb576af837f15cf6f9518993f91ed953b4e |
| SHA512 | e9afbacb833491d454477b3884d6ab9e0e0cfd81927068ff41559515dc07b71b3ffcbd3ca5444719b8fca7b805ceb3c4c27d8632581b24a6a341a2d6b3deecb3 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libEGL.dll
| MD5 | 74a895798f8834b35f5d0d54c37a3cd8 |
| SHA1 | 20648bad03495b6214eadbf456923959e428b124 |
| SHA256 | e57444f4c3134fb31888ab5cdc44b19d5ec2562be92868a7e6e3c31580e388df |
| SHA512 | 84a566d625dc1332b0b66fcdd5e707fe7a83e5234d11b410db6af4c840430f1c9e7f2c22863a61d0fe89a8b71ded1d508b29e0b95448d14bbb8fe948721078c5 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/5744-602-0x000001F37EFD0000-0x000001F37EFF2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pieq52yj.ycq.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5744-613-0x000001F37F030000-0x000001F37F040000-memory.dmp
memory/5744-614-0x000001F37F030000-0x000001F37F040000-memory.dmp
memory/5744-612-0x000001F37F030000-0x000001F37F040000-memory.dmp
memory/5744-611-0x00007FF915EC0000-0x00007FF916982000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 88dc70c361a22feac57b031dd9c1f02f |
| SHA1 | a9b4732260c2a323750022a73480f229ce25d46d |
| SHA256 | 43244c0820ec5074e654ecd149fa744f51b2c1522e90285567713dae64b62f59 |
| SHA512 | 19c0532741ebc9751390e6c5ca593a81493652f25c74c8cab29a8b5b1f1efef8d511254a04f50b0c4a20724bae10d96d52af7a76b0c85ddc5f020d4cac41100c |
memory/1492-626-0x00007FF915EC0000-0x00007FF916982000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d8b9a260789a22d72263ef3bb119108c |
| SHA1 | 376a9bd48726f422679f2cd65003442c0b6f6dd5 |
| SHA256 | d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc |
| SHA512 | 550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b |
memory/1492-633-0x0000012E3ECE0000-0x0000012E3ECF0000-memory.dmp
memory/1492-631-0x0000012E3ECE0000-0x0000012E3ECF0000-memory.dmp
memory/1492-627-0x0000012E3ECE0000-0x0000012E3ECF0000-memory.dmp
memory/5744-618-0x00007FF915EC0000-0x00007FF916982000-memory.dmp
memory/1492-636-0x00007FF915EC0000-0x00007FF916982000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libGLESv2.dll
| MD5 | 67997fd5b3f9b321e08f6c9d53fb6c8c |
| SHA1 | 468f76fcfe1c707d257553fa029c6bd9e7ac9c16 |
| SHA256 | ff3dd3c3a7c57a03edb040b593cac6268c67efa263208ad60512358b2f9e27f4 |
| SHA512 | 774658249d84b1cb348e117ef3174526eeb836eeba156cbe9a7ceb04af2f9fca87367ffc1067b08708ac1c847c77b8970c624480f2cc7390ab2457fe875535f8 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libglesv2.dll
| MD5 | 095e3f1f2454e8f300c5b4dbbe723183 |
| SHA1 | 8e78ff2fada33f9d316e0da2627760f469881419 |
| SHA256 | 58a07d1973f865ccea161118ea4e1acf8be57164473927b5ad2a37875d755fe5 |
| SHA512 | 6aecd5bc4ca5b2bbe804845a4ab7c2175eddfb84d8070f2b4a52d9a36514d6761018acf7a46d72e9e8e5f5a50d914d6ec559c9c53f9112a1f542028684910095 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\d3dcompiler_47.dll
| MD5 | 6f68e05d47911d4b2dcdbfe827480446 |
| SHA1 | 859bbf0d458a5800b2b371f452211ced0653c7da |
| SHA256 | 8bae2c25212c2302a61ee36a50356fb4bf800b62662b182e40521e60fadc06fe |
| SHA512 | 669bebe99cbcab5676b2735068b5b41ed18317c4708abf2dbffe2fba1a309ec95f76cd3fe14dc6aef497a8ee276487473ad72ba45433ea0c109eeea17f92e105 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\D3DCompiler_47.dll
| MD5 | 0836429c6d9942bd74a47b354785b947 |
| SHA1 | fb4c53d63f8040d84e9e3bad24ef10bd447f53c9 |
| SHA256 | dddf8e450c8d811825cf732e099d512ca7b1ec457e1c9934d7170be78c917185 |
| SHA512 | 1c07ebeb3956dbd6644c35825fb6f9ab902cc8982c0639e94a7acc41d18aaa70a4e89f525c20e29e2693da7d7acd2fb758a5fc141011ff9e182711904420f5ed |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | 2b26001df299c58e1504831af8ee2ab2 |
| SHA1 | 9a63f1971df12fb0f0b46405f1005f2b6687f77c |
| SHA256 | 4096c8cb02dff57bfafb4e8ba776b7d5f75ed10a602f63e2a1a3551fb8d41035 |
| SHA512 | b287455acc4547ebff6f08ac304cb0e28a8b5f86f5788ec2e1c5da700d2cfdca437324ee9f8e18f082d863860ff2c23343f978080346298836fc2225510236c0 |
memory/6128-580-0x00007FF938AE0000-0x00007FF938AE1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | b5ada09952ba60cdc8ce63658f86dffb |
| SHA1 | ef5136d0bb9241ae819ec5dd7902f9bf4fc1f45c |
| SHA256 | f8fc0c1f1aba35dc99a8fad14b619c25f8ec494d57617643f687731bb3b4c83e |
| SHA512 | 1d10382cf3aea7829b9bda9eb2b788ea83a1ad709201756071a760d036c82ec2f46c45da2aad366af142ca59c5d2f6252f4b0cf8609b0462802320b4611b285b |
C:\Users\Admin\AppData\Roaming\TSibtSOypsc4.vbs
| MD5 | bee4b835076d15b9486e145637c2a63b |
| SHA1 | a419c29bbb768b6c75c9dbc6e4696dd369b22f4b |
| SHA256 | aa18473a2407198dfcf922f7128694b1f45a83e5b5d3b8ae16857f863664fcd9 |
| SHA512 | f245a75722049dd609112562291cf3e2e5627b96d0678383142b8756526ebe0f178068760511b116985a983a3c63201c7c4cbce5dc567911fd446fbf0ab3a6ff |
memory/6128-650-0x000001BD8EFA0000-0x000001BD8F14C000-memory.dmp
memory/6724-731-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
memory/6724-733-0x0000024D60E30000-0x0000024D60E40000-memory.dmp
memory/7648-751-0x0000029B69DF0000-0x0000029B69E00000-memory.dmp
memory/7648-755-0x0000029B69DF0000-0x0000029B69E00000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 0fdceba6f84c35e49337b0c6867a8941 |
| SHA1 | 4318ded19bcf26c934fd7140382658de8002d179 |
| SHA256 | 5e9d07831dbf9a62a8b58e71928b6901150efe85713a63dd0c4055022f85d719 |
| SHA512 | 8cb49ca16f7db87f118110b50d1599fcf2e71c50b884c6bcb746d3d15e10dd166296cad89fe487a935f2118c7126c00f845f4d421933488deed44c013453f98e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | e3dc3150f47d19bdfce52cb7fbd0b1b3 |
| SHA1 | a7a6896fc858b46d981d3de69cfe4fe0a06db6bc |
| SHA256 | 400d1d03f9c2e277ff931e61127be4476379ebe2bd6c62dedcc0d719b550ef2b |
| SHA512 | e1fe125231daebeee4dcf0797e3012f48218489f2aba26a1e2ad6157154a794e9e99cb00b1a048309b2b409734568023c1ba20c52aebf97e58d6e171b0f69440 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | dc77a9321ceb5777a28be027a518c2fb |
| SHA1 | 4822cf66ef32389edf14926cb09c36e2421da58d |
| SHA256 | 85c632d7915537d6a15f5d2d34879537bbe071eef23aaefe58179466d0ec9654 |
| SHA512 | f3b0b4911e88ce766b44a897300f6c948e3411ffdb5749b7e78f0016cd76f0c0a73b335c9e716fe994b9f965d90b8c2351f5c67e737847fa320efea524ffbc5d |
memory/7424-769-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vxTmsAWIdu5x_temp.ps1
| MD5 | d619557e5f5c8ff466ae1be0508ddaa4 |
| SHA1 | 872ab269c938bc7c158e07c89db0c9d528c4c67d |
| SHA256 | 007f4f7a6651f6d080fe25023a703bffdd1baeaddd545f24bb82fa20690ec6d7 |
| SHA512 | b0a7b62e48d810973483ba7f5c8108121eb3aeccaafc06bb3cb45df3fb38079fde26f2a0b9aa0877b3e7db1d2e48f76f590f3e78cd21fc29c0d7d76094edc815 |
memory/9068-770-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
memory/7424-779-0x000001D777C20000-0x000001D777C30000-memory.dmp
memory/9068-780-0x0000022D2EF60000-0x0000022D2EF70000-memory.dmp
memory/9068-790-0x0000022D2EF60000-0x0000022D2EF70000-memory.dmp
memory/7424-786-0x000001D777C20000-0x000001D777C30000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
memory/7648-750-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
memory/7852-800-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
memory/6724-803-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6e5843696d70df783161968b9f9e1759 |
| SHA1 | 6e7ab4a749b553ff66e8914563ca9f98cabe3ecd |
| SHA256 | 51f80b81fae4ad9aa2b195b561274799f4bab0b9c12b0b86748044f12bbab719 |
| SHA512 | 5b44b40619c0467fc41009a5ca7638ae3ab948757c4707b8439c7485635d9cfb120406d76e330b0993f17f63739a7d8d40e3ae71574a89428501ab63a44e9093 |
memory/7852-805-0x000001BCC4EF0000-0x000001BCC4F00000-memory.dmp
memory/8140-806-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
memory/8140-807-0x0000028327850000-0x0000028327860000-memory.dmp
memory/6724-732-0x0000024D60E30000-0x0000024D60E40000-memory.dmp
memory/8140-820-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
memory/9068-819-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 9b5655b797c26ffc04f79597d8d56eba |
| SHA1 | 8b6d6e58ab350bf1c526ed324e523f4f0cf808f0 |
| SHA256 | 5893e9041f26e97ce9864f245da1211ae2570503facf24a5bb21ee7b858c9548 |
| SHA512 | 89549717ce4b618fc68df01066d0cc1d3198a94e616fa84e563e5cbcd2f9aae4dff4599d5b8e013ab5e8da798c669dd41751d25f988f729bf8bc8ed0fd9645ae |
memory/7648-826-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 50a8221b93fbd2628ac460dd408a9fc1 |
| SHA1 | 7e99fe16a9b14079b6f0316c37cc473e1f83a7e6 |
| SHA256 | 46e488628e5348c9c4dfcdeed5a91747eae3b3aa49ae1b94d37173b6609efa0e |
| SHA512 | 27dda53e7edcc1a12c61234e850fe73bf3923f5c3c19826b67f2faf9e0a14ba6658001a9d6a56a7036409feb9238dd452406e88e318919127b4a06c64dba86f0 |
memory/7852-831-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
memory/2636-833-0x00000149A4020000-0x00000149A4030000-memory.dmp
memory/2636-832-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\8NAt5xoV0hMgSwg9dFXp\Logs\Error.nova
| MD5 | 85d4e98fd09208c138316855b75a4435 |
| SHA1 | 3d7138ea43edc59b0b6fa93314db2235a8a72313 |
| SHA256 | 2d1e77f4cffb088033e4c9ece628196fb2792c4f2c1f9391a87207d1ef1936f5 |
| SHA512 | b30c23c73570b2bff59f3e0ec5d1e000943c12a9aa43fa1a2e813945f83ca5175c6b1613441ca0643f8dd86432c25c02b4182bdad7831c787c9327f78b738036 |
C:\Users\Admin\AppData\Local\Temp\8NAt5xoV0hMgSwg9dFXp\System\IHICWRNF - 2023-12-23_223033.png
| MD5 | db45e0a5003615a76622c6b5d06c056a |
| SHA1 | b5b3ea1dd66220800d81078b019647bc3f7f53d6 |
| SHA256 | cfb84b570aa48fc6afffc9eddd3f4ed9b5194412b4cc7a9de2463824ff7026d2 |
| SHA512 | 5e2dadd84f75d472582f1a216f4fcf3479e1f477e9f6ec0294ff28412078214906abd2b8d01b75b64d25d105d11611057c2484f7d197b3ae3de6b0cd079929f2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xyon95kp.default-release\places.sqlite_tmp
| MD5 | d8756e37f468492be9e228f641a7bc2b |
| SHA1 | afb8f3709640743f9eee930fe10da8dedaec2035 |
| SHA256 | 5e36d71f60104093a94e79a483ff9591f2a77c35ca2e9c032ccee710f5302304 |
| SHA512 | 95672a258598423a3c6665b8a165ae8d1dde71b11373296832de6aef792430fa0e7bf8ce10165d0086b66a23fd851199e3b4d44ee5beeeeb856bde1e7ef3f766 |
C:\Users\Admin\AppData\Local\Temp\8NAt5xoV0hMgSwg9dFXp\Logs\Error.nova
| MD5 | d5c96c2729ef1ee44e11332cf1204dd7 |
| SHA1 | 1c843cf4015f81222ecf71bb4cd324e6613d260f |
| SHA256 | 8048a61809ed16fc0585d041ccca1193227c060bb70002aa968d72586213c25d |
| SHA512 | f843c76a9af0e8fde2094f396ac872199aa092cd80b0cb91823733ebf34c739bb36fb3272c1c9c0f9b65cfbbe9d9b7895bd1c6e0c61c9c83e7f89ebd89f78dfa |
C:\Users\Admin\AppData\Local\Temp\8NAt5xoV0hMgSwg9dFXp\Logs\Error.nova
| MD5 | de8e6fac05552c1b073be5e8c2d7d432 |
| SHA1 | 3e840b3d04d3b4e8c6005ab31427cc5ac239dbe2 |
| SHA256 | 294380df6c74c4fbb62ce512d351beb3d9bf6e7cb85366d06d5e88eb07520b36 |
| SHA512 | 453c9cc6e21ea6e98a6930fd6de725dae243e7f03a3a4d274ddeb1de16fd8a792e3737e473a39d3f01d2b09c3c0951bccdaf630247bbed96f47ac610aa29d29a |
memory/2636-844-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
memory/7424-823-0x00007FF915BD0000-0x00007FF916692000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\8NAt5xoV0hMgSwg9dFXp\Logs\Error.nova
| MD5 | 9b833ea74f2cf5232dee135a546972ac |
| SHA1 | 018ea3ba69cb3ce0040702f44a0dcc4f9e6deabf |
| SHA256 | ec924e0efdbf1272c97811d2153ebabe86b577700f4aab5944ebbe3f888e861a |
| SHA512 | 69b95f908cc826fc74e41e8da621211db7578e05ea55e51a54e2d52945d67c20eb2e6d69e7a3a6ba46192365300167928f19f93c4c0d24f79a1cfd7d64741e60 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 22:22
Reported
2023-12-23 22:30
Platform
win10-20231215-en
Max time kernel
5s
Max time network
152s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe
"C:\Users\Admin\AppData\Local\Temp\AORadar (3).exe"
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
C:\Windows\System32\Wbem\wmic.exe
wmic os get locale
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo wlan"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
"C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1812 --field-trial-handle=1636,15814129056743576237,11126082038305164739,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
"C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=1636,15814129056743576237,11126082038305164739,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cscript.exe
cscript C:\Users\Admin\AppData\Roaming\HdCcrW0zGlOP.vbs
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cscript C:\Users\Admin\AppData\Roaming\HdCcrW0zGlOP.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\GlqXKtJo591V_temp.ps1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\KHxVlcsnlyjoUXDHe2sE\System\cam.4880_Admin.jpg"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& {netsh wlan show profile}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\GlqXKtJo591V_temp.ps1""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" wlan show profile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\KHxVlcsnlyjoUXDHe2sE\System\cam.4880_Admin"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
"C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1636,15814129056743576237,11126082038305164739,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 151.80.29.83:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store13.gofile.io | udp |
| US | 38.75.137.9:443 | store13.gofile.io | tcp |
| US | 8.8.8.8:53 | 83.29.80.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.137.75.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hawkish.eu | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 151.80.29.83:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store7.gofile.io | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 136.175.9.9:443 | store7.gofile.io | tcp |
| US | 8.8.8.8:53 | 96.121.5.163.in-addr.arpa | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 8.8.8.8:53 | 9.9.175.136.in-addr.arpa | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
\Users\Admin\AppData\Local\Temp\nsb7158.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsb7158.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | 79105cc95126e0caa8c7a358e6632ebd |
| SHA1 | 89f646eba5a8e0088666847c7629c29e201d24d3 |
| SHA256 | 881bcfe0c4b9fc4c8c417f23b35c12c05f1bb17e4a8ae78490fac0fb42ecd485 |
| SHA512 | c0dd9ed8b294576f1b6dfc3a1365c18a5578165994ecc89a1bdbc3c8b8d962455a9ebaaec7cf98343dd293872dd0e208bffeffa8dde4bb6a07922c9c5cea8e11 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\ffmpeg.dll
| MD5 | 889f2b8b0944911e8f469832532df1a7 |
| SHA1 | ebfbf4b08c2a628b00a94355788f2dbbdf2fa1f9 |
| SHA256 | 47fb35c68aa4fd2fa70c81b6543584daf59c066f1ddbae484f91f4862fe0f5e0 |
| SHA512 | 6850607f9266c571fe1693c735c80f9b9d1da83aec3298ee6d4fdf53f381494543876e7414d72dca6224fd663fa8b0d37dc369c0a11862cbdc73f641a2085377 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 23204a4ba6cd5289ab33875acbbf997e |
| SHA1 | 83ca93875fc2fe3e5838383ee986a890293f6eb6 |
| SHA256 | d2a30a7e60c4ca3b988268facd981c2a6acf9dd97d888d39143fad38a7bc37e8 |
| SHA512 | 2ad2c86b38b485a75a0b0679c0d12480ceca120e46825e7c1dad1aa7fcd0c96625852fa055c7a05c8ee3b9139c551858268d9f427e5b9cd48d6b827c120f1023 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\libGLESv2.dll
| MD5 | 1e2b3beb0edc11168ce1df71c42def18 |
| SHA1 | 0b0ad4fa919c288da39b87a0ca331c706730cdf7 |
| SHA256 | e54062c74b34185592c1bed6e2e8f12f9e3cf1e8f626acb957921d54328bb1cf |
| SHA512 | afb4160dd1a99e6fe9fdb898e79cedfa68b3bc2bef820010e1a6945ce0d771c090b01dccbce93eb0e3fdd3903fa5c7aae377140a501b7eded03f1b538ca0c60d |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\icudtl.dat
| MD5 | 0ad118ee6900b0c6f6793f7d1b79c2de |
| SHA1 | 43572ddc8f18e921d184dbfe1c146439b3d7efbe |
| SHA256 | 87c3fa5e4c1ed76a4b4d79873d0c62bbb551c28925a9c5a74ea99d26efeaeacc |
| SHA512 | 0b54fcba54633aca6f031f11b198632f1bd20f0a32a0c4d6407df4db4de0ab7bb42f622c0ebf753badc31794420412225cd21d6bd05b71e25739101835113c70 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\resources.pak
| MD5 | d10d8890af65126a072465b51ed5958b |
| SHA1 | c8ad1f8a0fce152e471adaea5858db87a8aa86fc |
| SHA256 | 626cd7832a568c616bf87e1c4c3dcf32b84511e1fa9dcea8f11a7c3fedaa7101 |
| SHA512 | a8f897b0c3ae62e6ca446c04e1774677776bdc6f19ce8a835064893911ab364fe8807ccbe52fd2d9275a525f84e75a26a716cc55c7d33c72f126a2c897bf5a7d |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\vk_swiftshader.dll
| MD5 | f3aa03de08d53e1a9e3da34adc403a53 |
| SHA1 | 738c7b2130f686cfdb7c4c864e411b3d011caeb7 |
| SHA256 | ce343ebc8f06654a750a54c3fc215142b2f1d7c8c961aec5d7b3b9ce73c9696a |
| SHA512 | b0182b814433fded9e5a5f430cf8aeffedb2f8f114a69e60ff5911f65488133cf752a10b31b1e1964e23b5291aed99a4c058d6f9af474eae6bd5113268976377 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\LICENSES.chromium.html
| MD5 | c89023aeff6c8b6c1f489022fde227a3 |
| SHA1 | ffcd7a47f86fec187df11bf075c10b9ceb880ddc |
| SHA256 | 392a6218cb871624e232b7ab096e178fcc957a3a91925c55c74035dacf8cd733 |
| SHA512 | 0730dcf42103b8f7171a98efedefe1f6669b5900dcdb63e828151d4ea06ba29660157756a1b568c602b59d5254d07ea63cb204a33a7ecdd11d6eda40c411b001 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | 4e60703e8af2ff0d82187b9c648d41c7 |
| SHA1 | c2266c8f6e2c830f04b60a7b58062bf26cbbe66b |
| SHA256 | 6e211d470bb6529f6ec743fe50b15416d10be611ad5c68885d4559e81ee22501 |
| SHA512 | 3e24fdb7e2c09d0583a5f17dcfd6788b876b47da87c813a78c0542016b08e47062841d5b8529796c4f4fd7631f4b5354e2135dc3b0995f0284a734499a97d792 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 19dc9ee70e7765bb63a66b6826e8ecb7 |
| SHA1 | 1a12f983f8b35cc2955d30657971f113c47dc164 |
| SHA256 | 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f |
| SHA512 | 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsb7158.tmp\7z-out\resources\app.asar
| MD5 | 29009a3d31c003ed52bff1185c601469 |
| SHA1 | e698342d30e4f3668e10339ad730656f47c3e310 |
| SHA256 | e2c3af6d1d8e2c36d4059d5958c106de643a7d1c79f9d61ecb8c764ab6f55953 |
| SHA512 | 1af915c946a7f3f078fb70d33c550171c08b2451090e876754014f70f4adfbf090144f21c7cb70cb12a920d13cb35e454407da682c1a779f1c5f5e4b0655e553 |
\Users\Admin\AppData\Local\Temp\nsb7158.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\icudtl.dat
| MD5 | 966fcd0d82252d347d0402b0c753fc7a |
| SHA1 | 4ae9c1fd1c7635f66fe996844fcca1031c7d1ee6 |
| SHA256 | fb6049c9df79e44202b08080f7ce2a23cd881554f9fdc49e9ae6e1ecceca8bca |
| SHA512 | ee2c7569a98806af5e113bd9685078bd95bf4fbe0f421081f60dd240bcdb15f71677e8b62fc2256bc6a288bd4921ce46267741c646de765504a9dbd372bfaab5 |
\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll
| MD5 | 31a3e0d24a58b664777740757fa45452 |
| SHA1 | 3ca081a4c927d83805ce62389240347e38c78ac9 |
| SHA256 | 1d252ac71c742165a705baab7011fea487ffec5fc537036c0b35dc090ec32878 |
| SHA512 | 6011f6f4627f53b309579a1d0f6a70e4a086049ce4583633712d177fc3f08b739b685debe2cafce26134c82347d130c557792a12923059d4446dc1c9eb52893c |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll
| MD5 | c52b188630a29f3510a8d6b104feffc4 |
| SHA1 | 14b02b4394056b3eba27e812a3d7b1bc663ec4cf |
| SHA256 | d02b595add9407ad84f77a9e3aabde3ecb8e9ce6435f4644db32bd4f9b6c6350 |
| SHA512 | 38c9a74d85f0b770e9f64dad201ba00c4cf63ce4c7ecbfb50d29baa424b099c5b558130701a1e13c17fbbeb0657a15d37a217b868debb4d89f5b5920b4e74faf |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | 12de59dc31e78521ff3854f091e0774d |
| SHA1 | 09273819bc2c484d6fde6688c937cfed00c24c88 |
| SHA256 | 3a8db4a0f059b748231d7bbb56f905396fde833ea62f046b30ed40b1c000a0a8 |
| SHA512 | 1e9f7c06556692c07f7bd9adf449a28ad601fa410b1b6585f9432be590ccab7f6a9f8522c733b024a71bd9d3d066da6f2d576085ba2cc6558e4d788fb6ce4eaa |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources\app.asar
| MD5 | 659f2cb02c4c91e542eb55432f5dc31c |
| SHA1 | 7c58665848773cc361e12627a8bc35912784fbfe |
| SHA256 | 06341dee22d01fb784feafde5aed4d20341b2f7f5a0f6852d35b71b521a8fc5c |
| SHA512 | f8c8c2dbd91296ba779d88d26d722f65a52feb179551fd0ae95fdbbec09dbca306facc2ed7312fe8f5000d2dcac0d97108db3cc1e1c299341394d6ed62055319 |
\Users\Admin\AppData\Local\Temp\12419093-7ad9-4f44-a197-51433c661d8f.tmp.node
| MD5 | bbe1467873bda1d5b55533510d87859d |
| SHA1 | 0e6ccdb101b96a59287ab537b0b567fa4eb7f19f |
| SHA256 | 7a44566d9cbc8061b14d421a65b583fcd26eef54033b21cb52cd4e78d45d749e |
| SHA512 | fc04b60a80f5d46c70a01c01b00baeabaa8da7278cdd367f57d5df83bbd89716954ecf80237bd20ba2b22092654cb6775aa26d5cb3bbbf23472630af9f3c6907 |
\Users\Admin\AppData\Local\Temp\b0c5e9de-0d8e-4094-a4ba-0fb040e1e92f.tmp.node
| MD5 | e477eee21547e2fb629cdfb3df595f03 |
| SHA1 | c728480e36da6bb36df9947d761918db5f06b41c |
| SHA256 | f5191b27ada60b6c113d2f2a1a0b4dfc39be14fe948ddaf58d02198b38550f45 |
| SHA512 | e7d5404dfba0de7dcd3a2bbcd6109a4184fe7fd3e273ebf3f5f219ce02538cbc3c766bdea536dc52959a534bb3750228ca83501ac87d8235e48ac7e2a06a2233 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources.pak
| MD5 | 548f7d0766718cb496ce16139f7865fd |
| SHA1 | ffab94c43e9074f960e338dfc61f4eee743770c1 |
| SHA256 | c2a2ee27a7301c74b24d1da4c4763b28183a16928be85f8fd2d09ec40e1d8358 |
| SHA512 | f6d0d6cc2bc5d4759add61e068ebaa2a15a7da39f9653368d4a3f9226f65e8f990b745c60392d695076d41bedda757ece90699836bee59d57aaade0d63cc181a |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | 5586c95e6a3f2314c277bfb7e6881781 |
| SHA1 | 660452818c9a469414aeda38beb377d3e253bed5 |
| SHA256 | 1383d539184c0d62d36988e165f57501768991efe0b868e2ecda0291e3729f88 |
| SHA512 | c2af636d659b447a6e331be448911460898b0bbafb9cca3ab316ffac04db147874dfa5dbf5d34909b244631a4a6f18fba947b8f3cab058b8f138d244e36eb224 |
\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libGLESv2.dll
| MD5 | 05f71928ebd8b45ce3273a09cdcfd2ab |
| SHA1 | 19c6454e4a3ca1ba26677b9367bb6821cb44a341 |
| SHA256 | 3f086c1cc32a30f098f468459be62737d68b29072de2d6a96977250c78143760 |
| SHA512 | bd40b1e514a3c6bcfacb77872eaa82ddaf6c387986a7c36c22b7d9b84683fc64c673e60aa2ccc9fe627bc90baaea55a79c466345190f364f20629e6fecab007a |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libglesv2.dll
| MD5 | 28263f778e26f8146df0908d29d7513d |
| SHA1 | 455ff292ce12f4065b67bcbc9ccf2d8e9a6f1ae4 |
| SHA256 | 3d4c8035305004a89c77751a8c1c0acd0a5c0508e4e1999aab60758f2c92142c |
| SHA512 | a6247ba84a9e033a426d1b71d65983b320b4d641b55be070e406b8a8f3ee8685c226b0e92cbdf10eedca854daf1797aa0f0b1e69474205fc2b3205793238e013 |
\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\d3dcompiler_47.dll
| MD5 | 57b8eea7afa2db4d2e356c0d7a1566fe |
| SHA1 | 5acb7bbb0fd670d6d1d9e78e178362b69535556f |
| SHA256 | 6a127c2d0a14e7411e14037ff01571c69336a2167aa0a3d1f8abf107213f18a7 |
| SHA512 | 0ecbd3b9d05e05e871e290c0b4f0f118d70a74ff875f089186c94e5b6a831b086fcaedd78f9e94ba34fac3a926cda2e9c36643b36f545d23de6c6f0195cd33a0 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\D3DCompiler_47.dll
| MD5 | a704be3736c52891c385f2bfb4035836 |
| SHA1 | 564b2da8a300ddeb7fa1ac812b88dd1a67d5e243 |
| SHA256 | 0dd96e9d52dc48e918b5689f2ed50b740fdb0ccfb27e346259eb0e1e85c0ee2d |
| SHA512 | 924698af9861ad6514edfe05c62bd928cccaef574c5f5bb6c5eeb712990cdf6ecfb7b206aec2718965f3c249a2c459648fa029d473ac11b0920c34b84bad39d2 |
\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll
| MD5 | 7d3bd99c011d8c132ccce72761d452cd |
| SHA1 | a193de9d837f8eb3d2f2c7a2ffd9558d4986d1ed |
| SHA256 | aff1460f48262bff2ce10321aef8b853d6da5c8f189730a7c72397d914b324e4 |
| SHA512 | 1c4046dcf40f9198a807567c9c472f53ec0bd18faa32896e653f3e674e3d48e426198755aa962a44f0aca490799feb9401d79be6cb0000228f043e6cc93d4fec |
memory/2380-585-0x00007FFC4E670000-0x00007FFC4E671000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | d57dccc6acd81a9b7b4bf538aabf3f93 |
| SHA1 | 63f2bcf7996447638c662259285b9d0eaa194d15 |
| SHA256 | ed62624d068e28211bb7c574447737179d5113d2b5fd6162de3a6cd40a8eb501 |
| SHA512 | 7c07814b98dfcc1653cff61d3e21da4951d2ceacabb8ab6f9408de2981de9bd0d907f30d770ea8b15ceca81553dcc0fbcb71407a940e2ff1210d75dd1a7ac120 |
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | 975ec3161f8e30d318baebdcf2f9cdc6 |
| SHA1 | e8ee5b1c7e39e9642f4f0bd22a0ea9d1ab75a026 |
| SHA256 | 72be68ab8237cb0b59ae593ef76e32beea0e93cc69c3ebd5ade304cda2a75ff1 |
| SHA512 | 44d892a10c4ffc7cfc005e312212639335cbf544aa0ab277fded405c7859a853b577a1d341dd72a5ffefa40136308b2740764b129bf77ee21891450133cb581d |
\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll
| MD5 | 660cbe0d456229801f95e30dfdc3a574 |
| SHA1 | 73c3c4a88e40a6ac697a370c793706c31bbf49ed |
| SHA256 | 26ca0de0e7f9a3b309116ca87730f1d05b4fdef8eff61552cd6a36f9570c0a5b |
| SHA512 | ac6dbb12659820ba8b3f95757564af69c9088da3d1271ede9e056f335e0a9b2776ffc16d9431aa12f520da54b9e78fbb687c13157152f6784464a3b72de6858f |
memory/4652-622-0x000002074F3E0000-0x000002074F402000-memory.dmp
memory/4652-624-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/4652-625-0x000002074F430000-0x000002074F440000-memory.dmp
memory/4652-628-0x000002074F5C0000-0x000002074F636000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_aohknh03.2jg.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/4652-627-0x000002074F430000-0x000002074F440000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 17286868c0a043ae5d2ff5798b6a3163 |
| SHA1 | b83b23cd57c7fb2c937f5bc18aeb7ddc955b5401 |
| SHA256 | 40321e18ed0b9eb7e3bc937d3e207ea2039ff45267483ddb4a51f7974475dac6 |
| SHA512 | e15c11982c0569a389a7dbd0889edd1ef9a8ffb21c0e8ffadebc10e1353f4485524b18ca8e041c66c98d05fb984544da122755e6c2a25728453aeaf4175bdee1 |
memory/648-656-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 139768189251cb0753095bd0b16e5b8c |
| SHA1 | 2a84f7c94b30b25f6f28a64486cea4273ca52dca |
| SHA256 | c188fd79a4b68abefcec7a7f1566868a8f7d6fd797e67d490297954203f04884 |
| SHA512 | 87b52f2dfd08034b870d132abc5c00c561eb8ccf842437594dfa46f2681127ee4fdc9cbe1c801de2ce7695cfd4e32409cf955315dbf450acdb9c9afa0712a571 |
memory/648-659-0x000001EDB1580000-0x000001EDB1590000-memory.dmp
memory/648-658-0x000001EDB1580000-0x000001EDB1590000-memory.dmp
memory/4652-648-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/648-677-0x000001EDB1580000-0x000001EDB1590000-memory.dmp
memory/648-681-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/4652-647-0x000002074F430000-0x000002074F440000-memory.dmp
C:\Users\Admin\AppData\Roaming\HdCcrW0zGlOP.vbs
| MD5 | bee4b835076d15b9486e145637c2a63b |
| SHA1 | a419c29bbb768b6c75c9dbc6e4696dd369b22f4b |
| SHA256 | aa18473a2407198dfcf922f7128694b1f45a83e5b5d3b8ae16857f863664fcd9 |
| SHA512 | f245a75722049dd609112562291cf3e2e5627b96d0678383142b8756526ebe0f178068760511b116985a983a3c63201c7c4cbce5dc567911fd446fbf0ab3a6ff |
memory/2380-752-0x0000022594730000-0x0000022594789000-memory.dmp
memory/5824-895-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/5824-902-0x000001AFFF560000-0x000001AFFF570000-memory.dmp
memory/5824-900-0x000001AFFF560000-0x000001AFFF570000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 9abe23a75dfc5c58821cd72460e28202 |
| SHA1 | 14b5afc8c3c6da440c987c1a9536703f42b7b6eb |
| SHA256 | e70f7a1beb8cf50fe4caf25a48590a16782ca36ae3cabc5479ce108155ccf697 |
| SHA512 | da7849fa7187f801a192e27aee16e2f3cfa0d722c06747e79b42a3bd75493189853fe7afbe87d64697c3a7fd757680c4566719030bcb98d3a95cbc70229e8f87 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | bded6dea6b1d1644e43f6c65bd007a50 |
| SHA1 | 23694e4afaa940549f02e60ad72464b34efdd7f9 |
| SHA256 | 74b276d2849336c96f8e7491fbeaaac6fcde43154be66ab7990d7bd106c3387e |
| SHA512 | d12a28da3663e3ffc613f3b86952a25f13cc0ef280722d45b1c14741087ff02b8d5b62c4aedccb53e2f4b82064a158221e0723c9522ba40b7e2df52f58b02300 |
memory/4988-912-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/4988-925-0x000002825F310000-0x000002825F320000-memory.dmp
memory/10224-923-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/8344-929-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/7376-933-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/10224-930-0x0000023BF8E00000-0x0000023BF8E10000-memory.dmp
memory/8344-937-0x00000272F79A0000-0x00000272F79B0000-memory.dmp
memory/7376-938-0x0000021FB88D0000-0x0000021FB88E0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 8a9d0636b1aa44ae20bb37c09f8578fe |
| SHA1 | 24e5af41e04bcbde66ad81ac2f62dfa8497ab3bf |
| SHA256 | 65d9601722fa93653dea8ac84ca565e5e1ec74d1c4d728ae602a5637286086d9 |
| SHA512 | a5a59dd94603ee2ab43a8ce115d38e4cf2dcbd03ff183c72bdd21348a55e151e676b28d405e5b6e7e515f440a76542137319c9f131a3b6850aefc542d391ad6f |
memory/10224-936-0x0000023BF8E00000-0x0000023BF8E10000-memory.dmp
memory/4988-934-0x000002825F310000-0x000002825F320000-memory.dmp
memory/3980-990-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/3980-996-0x0000026806060000-0x0000026806070000-memory.dmp
memory/3980-999-0x0000026806060000-0x0000026806070000-memory.dmp
memory/5824-1007-0x000001AFFF560000-0x000001AFFF570000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GlqXKtJo591V_temp.ps1
| MD5 | ee7ae51f1d8e71ab152f92be511b116f |
| SHA1 | d3532795bf8c1afae83ac9fc0780d6b0452006c2 |
| SHA256 | aeeed7b3b287dd39faae283ca0d0be4ae96bdce5c0ee881bf4482a00c471273a |
| SHA512 | 9eb3aedf8f0e670c3d38ec480699748010702177abb07082bb2e5cacf8481c6340d850e1716f12106d110a3257e88920632a168c703d90edd4aaa2d68fc35e9c |
memory/5824-1009-0x000001AFFF560000-0x000001AFFF570000-memory.dmp
memory/5824-1008-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/4988-1039-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/10224-1040-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/10224-1041-0x0000023BF8E00000-0x0000023BF8E10000-memory.dmp
memory/8344-1062-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/3980-1069-0x0000026806060000-0x0000026806070000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | c0df747967b9b500a9ddbd870ea35694 |
| SHA1 | 60fa347f8992932939fa21a94b74536a2a85aaaa |
| SHA256 | 9c2d2c05ee378e5ee0ec057b10606d71d2fd38c07d5ac8a1bc462a1eee3faea0 |
| SHA512 | 3e1022eed977f2551ac33e46c7e1c69c3c376ff8c419e0bacb718644f4b3ff61d790dfec6f06c61e1dd7e3a9cab3ed63aa79814b885087d88c0e61f24708107a |
memory/4988-1072-0x000002825F310000-0x000002825F320000-memory.dmp
memory/7376-1085-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/3980-1071-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/4988-1090-0x000002825F310000-0x000002825F320000-memory.dmp
memory/4988-1088-0x000002825F310000-0x000002825F320000-memory.dmp
memory/4988-1091-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/9108-1101-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/7376-1102-0x0000021FB88D0000-0x0000021FB88E0000-memory.dmp
memory/5824-1097-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/7376-1109-0x0000021FB88D0000-0x0000021FB88E0000-memory.dmp
memory/7376-1111-0x0000021FB88D0000-0x0000021FB88E0000-memory.dmp
memory/9108-1113-0x0000024610AB0000-0x0000024610AC0000-memory.dmp
memory/9108-1114-0x0000024610AB0000-0x0000024610AC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 9b025dec57bf4650d11ece1ea561bbad |
| SHA1 | a894be151ac4bbd68858a25fba8d8072051cbf64 |
| SHA256 | 214919ec8c29d465fbd820019b2393263a526013518843733f50c22ed5e8b000 |
| SHA512 | 4efab2840e0ce18e96c1a0e417dd3f8275c64abdcb1d3230bd2ab66e933b370075aae29acba96aa7fc228f9dfa9eab871edfad0bac7eac2e0cb4f7caa0ea5e1d |
memory/7376-1112-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | f4e8df1d0dcb41e67f76758226c9c398 |
| SHA1 | 915d61f6bfa0e29c2d176479519aa0f17bdb426b |
| SHA256 | 07ac9e06c6d3d9a009c184449ba5cabd999ca0c930661989c55fb5d8d6550e04 |
| SHA512 | 02d79cc79d0a854e5bcc54de28277efc17f3b4e347bfaabbc744d50453f8513d9df497e394f2dfa07526840b377110b30267506592c3d0cef8a1ab4c86f9145e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 27770e1f657b8ffd806177bb9d94746b |
| SHA1 | d01893d700e47bd7ef582cb3164f9afd70316885 |
| SHA256 | 376e34d794e6d80b509592e5c929eec64e295936dffba26c3885ddf230229502 |
| SHA512 | e50741c5c8bc33ff199117c862add4725091914df99e522a08925bf0f20e9e9061bd96b0b0be54993b0b9e9be6e97dda2d3b8cccebb3265fffce088bddbaddc2 |
memory/5824-1063-0x000001AFFF560000-0x000001AFFF570000-memory.dmp
memory/5824-1061-0x000001AFFF560000-0x000001AFFF570000-memory.dmp
memory/9108-1134-0x0000024610AB0000-0x0000024610AC0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\places.sqlite_tmp
| MD5 | 2a165e3b087b15dc4264a25c2c95dfb9 |
| SHA1 | 2cca69e3cc1cf93237d7fbd4189459e0f8c3f2a3 |
| SHA256 | f4fd61f6c2e672bca1a9c3741f7cba98c94e68ca6538e4873b301e5323d6e0a7 |
| SHA512 | 7d1b41aa10ac88d033feabc46cae1f81fcd2dffc43812738bd404fd124d2eff6980dfd7d172085017e8a67684e783901d7cdcbd47d8296a55a035ceebce04d04 |
memory/9108-1138-0x00007FFC30A30000-0x00007FFC3141C000-memory.dmp
memory/9108-1135-0x0000024610AB0000-0x0000024610AC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 12b03b987cc314094e69d302b1fe18d0 |
| SHA1 | 30fa47585df5c873125d3b3424a86efd31e23e6e |
| SHA256 | a8bcdfc3361616256eadd216efc09feadbd1611bd42b795117226574a2fdfd08 |
| SHA512 | a973c896a79744de0430016ce56b3cee3753ad4dfdb372d95189384250e470045ae5e16f9e57d60f547f79ee0dd343d8c4fd88c71b1941aa71a9254a58e55073 |
C:\Users\Admin\AppData\Local\Temp\KHxVlcsnlyjoUXDHe2sE\System\SPZORVYF - 2023-12-23_222849.png
| MD5 | bc4a881d7ff1dec17b8fb0de679571a5 |
| SHA1 | 7860d8e93914ed965d6138e331ee90b128df62a7 |
| SHA256 | 8e1733b45b6b2067ea7a3c05712701445760394e0783ebc75f80851d22ce38c2 |
| SHA512 | e372de42f75b2e7dc7f71d6533785d1b7a63841ef938c9fa0e92a88fcde1e3ec7bc6f5f4d0cea70ff645a9ca0ac4f1c2f6f8bbce7ad38e8011bce6ae8faacca3 |
C:\Users\Admin\AppData\Local\Temp\KHxVlcsnlyjoUXDHe2sE\Logs\Error.nova
| MD5 | 80a667a9294bff92161632ee6e17444f |
| SHA1 | ec07c6fb5a75b7a04e409c6585dc867539f95f9e |
| SHA256 | b0d6733f01ce44d04b2946b91a30c6204721ea4af4c00a8311943b685078e589 |
| SHA512 | 57e2b48217d9c846244b2a08c5a9a674b88eb59e9ecfcbef8d792c2ddd250a61c0e71ad2d59cde39a424449a248231b29378d90c0a5d7d868e367c202a062942 |
memory/10224-1223-0x0000023BF8E00000-0x0000023BF8E10000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
| MD5 | 1d2afec062eef2162e11cc977ed798c5 |
| SHA1 | e82d037622edb3568c45c56a534a47fa11d935c2 |
| SHA256 | 8e92a27793251f791645f8bd0c0fe86e555ba9f0ad5f6c3954f05c097a3df206 |
| SHA512 | 28b4c3a10f0fc3a27067d42f2f860974b9c116189b7749992288264191ebb79e928162c4bd8720132d5e56fbdc319e442fab2e0c4198dfe4b30d63b62738698f |
\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll
| MD5 | 31fb5e2861178d839b627b9fcbdfdff2 |
| SHA1 | 8063425d027843e9d60200145186dc960e3b62a5 |
| SHA256 | d19bbab1bdfb85c5ef0761c766ca5dc95d0fb634b3dbc5db0d3839212cca7fbc |
| SHA512 | db7e38a878bcf6563b18bbef7594356c4978a513f5a864024c1b6b26ad16d6574442a578fd127367ecbb8b00a926a49341e5e6f5cf541cf0a9b0a5030b921e01 |