Malware Analysis Report

2025-01-19 05:52

Sample ID 231229-p4m6kahbd5
Target Moyetu_GAME.rar
SHA256 fa49df23639c6ccba70f00990807be6ebe58d6d0e5ca1723e5a213eaf84c316a
Tags
irata infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fa49df23639c6ccba70f00990807be6ebe58d6d0e5ca1723e5a213eaf84c316a

Threat Level: Known bad

The file Moyetu_GAME.rar was found to be: Known bad.

Malicious Activity Summary

irata infostealer rat trojan

Irata

Irata payload

Loads dropped DLL

Executes dropped EXE

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Detects videocard installed

Suspicious use of AdjustPrivilegeToken

Enumerates processes with tasklist

Collects information from the system

Runs net.exe

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-29 12:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-29 12:53

Reported

2023-12-29 12:58

Platform

win7-20231215-en

Max time kernel

155s

Max time network

162s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe"

Signatures

Irata

trojan infostealer rat irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2032 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 2032 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 2032 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 2032 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Windows\System32\Wbem\wmic.exe
PID 1508 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Windows\System32\Wbem\wmic.exe
PID 1508 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Windows\System32\Wbem\wmic.exe
PID 1508 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Windows\system32\cmd.exe
PID 1508 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Windows\system32\cmd.exe
PID 1508 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Windows\system32\cmd.exe
PID 1508 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Windows\system32\cmd.exe
PID 1508 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Windows\system32\cmd.exe
PID 1508 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Windows\system32\cmd.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 340 wrote to memory of 2372 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 340 wrote to memory of 2372 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 340 wrote to memory of 2372 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe
PID 1508 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe

"C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe"

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

C:\Windows\System32\Wbem\wmic.exe

wmic os get locale

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo wlan"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

"C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=976 --field-trial-handle=1012,17942631704914376724,16472920149424069283,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

"C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1424 --field-trial-handle=1012,17942631704914376724,16472920149424069283,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

"C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1012,17942631704914376724,16472920149424069283,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=1508 get ExecutablePath"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=1508 get ExecutablePath

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Windows\system32\net.exe

net session

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "net session"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic PATH Win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

Network

Country Destination Domain Proto
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp

Files

\Users\Admin\AppData\Local\Temp\nstB636.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nstB636.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\ffmpeg.dll

MD5 c3842fb3087cdcdb04020ac38683c289
SHA1 329dbcd4a1c79b891b200f11eb50194b85c493bc
SHA256 e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133
SHA512 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\libEGL.dll

MD5 8352fd22f09b873193cabc2932be92f0
SHA1 5bd2b58854b279f1733c5f54ea2669ee8a888d9e
SHA256 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
SHA512 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\icudtl.dat

MD5 2c3692c45c49a0e1011f89cabd299c43
SHA1 b612eb1d4fd4cf3cee017139041bac227faa5b5b
SHA256 6cdb3367c7ce1ef19b803ad79d00bb953fd421a940c8371ad657b0da26d58770
SHA512 a099e2d56e2ca55d8baebee263a0f13d6c0f2f47519af235a607ab039e875af70d8d598b96df8ecfc4b455e4a9620b10e21fe141ae3a83ff2960b9b3a2e5f884

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\LICENSES.chromium.html

MD5 df37c89638c65db9a4518b88e79350be
SHA1 6b9ba9fba54fb3aa1b938de218f549078924ac50
SHA256 dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
SHA512 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\libGLESv2.dll

MD5 b6a433dc7b4030fb17bd1683a9606b6e
SHA1 0602c50532e3f13facc67bd95a048c470e88afcc
SHA256 f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9
SHA512 b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\vk_swiftshader.dll

MD5 de2d91476e625278c30a5f69a1892e05
SHA1 4d707f6a801611fb437f5c1cba31b0909bf41506
SHA256 02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba
SHA512 d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\vulkan-1.dll

MD5 b91586bd80e057a7f62bdc4422744812
SHA1 a1df644421ece2e740e5bf0ed98b4f269fd85c39
SHA256 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02
SHA512 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\Panpayasetup.exe

MD5 ac53957af8214c16d5fec8846a3fc4aa
SHA1 fb1f44abcf40d2b085bf3b1cf1719e5446b3e174
SHA256 66410fb48ab1954c02c65520e2818c73a3759aee41d9e7e20e0d355ce78aad81
SHA512 3c563118c8bb11d1c5a7a4a677542dc25468007113ce1de2e6a1d6bb961afa0c8af7d46421c995227566b7e85b4aecba752f4c50cd3b64a5de81c6d8ad9100bc

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\v8_context_snapshot.bin

MD5 47014c0f81bad6d216c617c9c63bf040
SHA1 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf
SHA256 e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178
SHA512 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\snapshot_blob.bin

MD5 c9ab741bbef53fa0e84952b8891a5f5a
SHA1 e2dcb8d034e07243537c86371de0c52bce62cee1
SHA256 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4
SHA512 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\resources.pak

MD5 bdfa339e708ea0f23ed3620adc4a2d64
SHA1 82a95b7b022836b6e888f53e69386570c05a1af2
SHA256 b66ae9eda4543685974d35d051d967538bc57d55c2577629007c534ff330e1e4
SHA512 ba87c70e1b6446e0a7b62da33d72a36ff92ee54fda64343262bc26afa8166174e76d058ec6d707cdebf2611858b3b4b7e21798febec53da02febd81ade4ce8f8

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\ar.pak

MD5 6f3e791b4d35ee7d9515614d128752cf
SHA1 181ec3a84fb3e89336d77f24f562a2cbe07619d8
SHA256 e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60
SHA512 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\am.pak

MD5 e18a450ef034b42599341c3d09f280f1
SHA1 2001c8a85904962ac3a96938eccc69ad2c110fdf
SHA256 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da
SHA512 ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\bn.pak

MD5 47c95e191e760dee3ef43345577e2379
SHA1 609634315270a91d4ec631642b18bd0036367aad
SHA256 ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7
SHA512 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\en-GB.pak

MD5 52e2826fb5814776d47a7fcaf55cb675
SHA1 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b
SHA256 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454
SHA512 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\et.pak

MD5 c76db3385190c6840315c4497e40258a
SHA1 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46
SHA256 e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f
SHA512 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\fr.pak

MD5 c3095ce1e88b0976ba7bef183d047347
SHA1 b14cfbf6e46ac1f189595fc09660178525301138
SHA256 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272
SHA512 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\ko.pak

MD5 d6e2c18c9eabba59b50d147d942125ea
SHA1 0918879203c2050b4f9f449f5616e430897ba0b9
SHA256 f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76
SHA512 f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\ru.pak

MD5 75457b95d2bb03891232dae7db886387
SHA1 e5a7569df7f91533703626d167ecc8cddbd27205
SHA256 e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6
SHA512 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\th.pak

MD5 43edd25f67ce6e6cea5373009ff0a1f8
SHA1 ed72ca6620cf23837e1334be50ccf616806bc5a2
SHA256 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0
SHA512 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\zh-TW.pak

MD5 c2c35fcedc3708b5bcadf36587393002
SHA1 31d72402cbd44ceb921cedd806259c2cd14e411f
SHA256 cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac
SHA512 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\zh-CN.pak

MD5 098d656a4f4bd8240bed10e7678186c7
SHA1 0c19ab62b4262f1b51558e8aaa79e7741f73393a
SHA256 a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7
SHA512 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\vi.pak

MD5 69c8796439192577f48bd249175aaf37
SHA1 97c52088ca69dada593db0e42b2135d264646454
SHA256 d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2
SHA512 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\uk.pak

MD5 d791b1ecf2931b2fb0c31aac170c7cdc
SHA1 02be115a9ff94fe5250651b6de4323eafc44fce1
SHA256 ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22
SHA512 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\tr.pak

MD5 40491896ad21543f339467186c5efb40
SHA1 695dde7cc35056dcbf0a533aff8299d4c6b61bd8
SHA256 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa
SHA512 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\te.pak

MD5 793a87d41cde6e6d1bb086284f69733b
SHA1 d887e3842b664f55b7308427aa6f5bf0b352d879
SHA256 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255
SHA512 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\ta.pak

MD5 31dada843d0b4f9a66b184cb6d7b8b92
SHA1 0320b31981043c6e4c17470bf2ff4c7488553511
SHA256 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b
SHA512 c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\sw.pak

MD5 99e385ebc1ef8d3daddb3a171fa79edf
SHA1 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1
SHA256 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01
SHA512 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\sv.pak

MD5 41e76f7775fc9a2d6e3c02c46e9b32f6
SHA1 088c15c74a68bee69682bf89c31055332b68c84a
SHA256 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13
SHA512 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\sr.pak

MD5 af7083f2a4bd95dcbe792efade352662
SHA1 dc69aa831836016f6e66c6079931503d534a7862
SHA256 e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd
SHA512 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\sl.pak

MD5 e015b6f5042be2dc96a4e23dcf035502
SHA1 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6
SHA256 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4
SHA512 b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\sk.pak

MD5 b35daa0bd9627ca88b413a5af7c6b4a4
SHA1 d5efdcbc7ca17de29f3075f6434f31ab2e895826
SHA256 f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177
SHA512 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\ro.pak

MD5 24b01a438a3ab9699d4ca97c081b5e82
SHA1 0d0b082544d23425a74199fb0a6c11192f0bdf7d
SHA256 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca
SHA512 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\pt-PT.pak

MD5 ecd84b296d3bb312ee18e21017311986
SHA1 f5625523f85c10723750834a54ff59a2dd886fb3
SHA256 fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94
SHA512 e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\pt-BR.pak

MD5 88ad860c73676ffb4025b5c691f29942
SHA1 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558
SHA256 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e
SHA512 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\pl.pak

MD5 644c0ace25d6e532b56510a736c6bc2c
SHA1 1bd0fec952107b493da04c46423da634ff3e1504
SHA256 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7
SHA512 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\nl.pak

MD5 cf6b1cbfd669e9461553974ba37a475e
SHA1 b33867e9bc7fd88ca98a76dc4bd756bcf18887aa
SHA256 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864
SHA512 e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\nb.pak

MD5 b61e42f66d581b6a8929cdf5fb10662e
SHA1 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a
SHA256 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e
SHA512 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\ms.pak

MD5 6cfadaa784e687e6dadbcd80e631bc9b
SHA1 481acb75f525055bf4e45ecabe0eadcb9c492106
SHA256 fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71
SHA512 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\mr.pak

MD5 f22c99fe6a838e333e8ee06a4d01296b
SHA1 c3542ea8dd45a2b387dd02fa5687948f135e10f2
SHA256 b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911
SHA512 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\ml.pak

MD5 04b2540c25990a5e0a9b227dcce6ae0d
SHA1 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e
SHA256 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661
SHA512 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\lv.pak

MD5 264c6e20b3088ceb4dae5773cef0cb55
SHA1 fb6ff83ff14df008092bc3ee73bda7491e8e090e
SHA256 a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda
SHA512 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\lt.pak

MD5 2d4fca437a7548893dc4b51fa5b33c33
SHA1 c1493013d7d981ea9223716e415380992de65c2f
SHA256 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769
SHA512 b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\kn.pak

MD5 5115cde84b4c674db412619b65433004
SHA1 164f33e7e2e9f685a579da492a6fc8806beb6cbf
SHA256 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7
SHA512 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\ja.pak

MD5 833e8c4aa70351b6be7bd403e4e9a0a7
SHA1 46ccdbdea35deec8ef13a5fc833776875fad187b
SHA256 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0
SHA512 e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\it.pak

MD5 5aa225aad4f9fe6d05ec24905a827d88
SHA1 f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22
SHA256 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab
SHA512 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\id.pak

MD5 e40cb2f3b4db379e4d187aeef0dfd300
SHA1 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6
SHA256 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5
SHA512 b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\hu.pak

MD5 71d42cb22d2d7a8b26c4514ab12df3aa
SHA1 cd0307503a7906f1742d1e98fc816959319c2171
SHA256 b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6
SHA512 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\hr.pak

MD5 6f92235e6ba003af925a2d6584afd27d
SHA1 3ceba61e9c2975466b6244188f5ea72aaf042fc7
SHA256 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840
SHA512 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\hi.pak

MD5 590e9e73df9cbd83cd87b9c03848fec9
SHA1 da125e60a5a2c51a2d6219d3f81688bd22237b59
SHA256 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9
SHA512 fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\he.pak

MD5 6a02a37e1ca3215fa9ee0e1b0fbcf5e7
SHA1 89a8a126c0bbf536ac58e29fc50e045fb1b88220
SHA256 f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986
SHA512 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\gu.pak

MD5 63a7fdc4eadf8ef1c35c72468a0ce33f
SHA1 e8d064f0e9c8a6a8c6ccb036711e292d011d9466
SHA256 e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c
SHA512 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\fil.pak

MD5 40bddaf97f64dfea9ebafc7f82166f80
SHA1 90d1fde3c0b27d2184f0353991259c2a92c7820c
SHA256 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2
SHA512 d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\fi.pak

MD5 cc592d91ce8eabaa75249cb78b889376
SHA1 f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac
SHA256 b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20
SHA512 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\fa.pak

MD5 6458a239e994d8d18315deccd35389ed
SHA1 75c985f43503a6c44645786d46639a6b555ae163
SHA256 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34
SHA512 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\es.pak

MD5 f83d8f7f6108786c02c2edbf3d85f147
SHA1 57781d9d9eb7c90cdc71f78e25d0763045b6d29a
SHA256 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d
SHA512 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\es-419.pak

MD5 b261b1efe945365588befdf68879040f
SHA1 616f44a5f73f0449b483f36ccf831db6474a10d2
SHA256 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4
SHA512 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\en-US.pak

MD5 0bb857860d8c9ab6d617cea5a5bd4d00
SHA1 351b744d95846bff2ce5f542fec2e87439aa0f8b
SHA256 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816
SHA512 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\el.pak

MD5 38440b98bfdf5ed496da0f49d59534c0
SHA1 1498d9207ecaf4923a47271e24c68a817041c82e
SHA256 b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f
SHA512 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\de.pak

MD5 b73344e5a72fca6f956dbab984c123ba
SHA1 0561073aa40a63a9ce9930dd18b18e12ff139b2b
SHA256 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b
SHA512 e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\da.pak

MD5 55a8f5883805a65c854d25edb3959209
SHA1 d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268
SHA256 e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb
SHA512 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\cs.pak

MD5 3cfd9dc564cfcc33cc5524711365c376
SHA1 2e5016d2643017f37658262122974429f18625a2
SHA256 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee
SHA512 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\ca.pak

MD5 423651c45566cd90ea5edd8631e823b8
SHA1 13bed4173a08bcbfefba034aada3d838eece6d16
SHA256 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414
SHA512 e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\locales\bg.pak

MD5 5ba0c7200362c9ed55610cc8b66ef53c
SHA1 d45239c2f1b00885407771a41a7776fc1fe8fa3b
SHA256 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7
SHA512 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 16a12bdc986207390dd79d658a6b2263
SHA1 b4b41f62cbc1e1ede786c6e30e11df8e61750bad
SHA256 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac
SHA512 d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 471b15abc9f2e98fb7ed7361d3f045eb
SHA1 95b5798d80a9410872f6ed485ae2b43ca3745540
SHA256 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004
SHA512 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 c20c205c6f8d70a5e1351a4041a3ec9f
SHA1 e1b2a763dd6c42439656e4e55aba0f3610ff3784
SHA256 bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc
SHA512 dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\resources\app.asar

MD5 fafb288e13632c7fd7a4138cce515bdf
SHA1 6e5d7a248a5d745f4e9a4e7d2070ac64350a8584
SHA256 4874afaa9a4448df939f306d5f190ed60e368dc5b4933d2c4aff6c1b060a6bdb
SHA512 abcc6967c7fa721f12effcc3bd97c31a13de428933ce254c74cec365f23b38391652338026d7bdd48a93484e8a40ac96f3a6473503e4e45a8bc58e695d054955

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 c0b36d56d83e601bf246f7709a8c5f9d
SHA1 b025a6070f7d61c7d1827856d2d4043834fd23f2
SHA256 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53
SHA512 e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1

C:\Users\Admin\AppData\Local\Temp\nstB636.tmp\7z-out\swiftshader\libEGL.dll

MD5 19dc9ee70e7765bb63a66b6826e8ecb7
SHA1 1a12f983f8b35cc2955d30657971f113c47dc164
SHA256 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f
SHA512 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68

\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

MD5 ceb002009064e9364b2ca0bcb8fbb434
SHA1 fd44150a556ab47f0d46d594ed56ff04bddda2b0
SHA256 9f2cbc82f39929fad2630fd5cba78cc703236e48bf289dae6988c29066128d65
SHA512 27320188619b20ed098b997594363db76b744698d234bfe0ef0c259bd6cc2ebe877fdf3a49d658f27b6d28b9b5657980995c5134e542e93069d35de4f5c17926

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

MD5 8e383cd6c55beea88fe77381c8e030ce
SHA1 b58d49b2d85bb41932bba86e6b1e1432364933fe
SHA256 63b142b25c4373ac43e94f4807b684d7ca5db5aa1890dd8d220b09848b530fe5
SHA512 e74306dac867226d565945ab5a948a4d1837b303edc3d29d4020996c304d0726601a2a31da1661c749adfd9c8b2c21bd12e0c4a7173ae9f994cfc898af80df17

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\icudtl.dat

MD5 599c39d9adb88686c4585b15fb745c0e
SHA1 2215eb6299aa18e87db21f686b08695a5199f4e2
SHA256 c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859
SHA512 16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\resources\app.asar

MD5 ec06dfa183fd455661cd40433a8d725b
SHA1 edaa4d2a608539e4672a315689c4fc44c621ff95
SHA256 1ff6a266f6f63219bd8e533a134047dc006285e0109b4a006da554139ba7d485
SHA512 db9fd846084169391a724f2e6c02dad8e3aadf69ad10796a4fbe305c7e8d0d529eff8ef82f197e4a646b82b6b4b8f9310f1f7f9bf204d5a1df99a610e1490899

\Users\Admin\AppData\Local\Temp\84cbc728-7882-4223-88cf-340f9581098f.tmp.node

MD5 3072b68e3c226aff39e6782d025f25a8
SHA1 cf559196d74fa490ac8ce192db222c9f5c5a006a
SHA256 7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01
SHA512 61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

\Users\Admin\AppData\Local\Temp\971686b2-a577-4dde-b172-537091738aff.tmp.node

MD5 8178a2c1b14780e1cc59dff62097ba4a
SHA1 8516df394277bf4aba3db3a6b3ee0ccd9dc4e3cd
SHA256 1be8fcc4dbc2ca179732537d1b65a1f72ad20c71879ed0cb304e1e3812457224
SHA512 ef44ce2265443fc8fbec4598aee13414311ae4f088f9a7f9ab933b4f2acd16bd6b7cb9eac4147bd76a17cf8affc4cb62db33a7f64872d90439dfe0d3e0296c50

memory/1520-584-0x0000000000060000-0x0000000000061000-memory.dmp

\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

MD5 6ec0591e238b139087b0f50c160b97dd
SHA1 78bb39d5ac564c9f674c453ba60c80e6f2a832a0
SHA256 2e697b6130b7a1302aa421ce80d1677b12e836ddfa60ead107ff6b78988b6743
SHA512 cd8d85bef1fc6c3b1d688dada724bc7b7fe17a658b069c39e79307f8815ec0acb3c7b1e24d88940cab762d8395c0eaf36d2b942c52da7b8718bd26e337211678

memory/1520-618-0x00000000770A0000-0x00000000770A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

MD5 ec5f693d2c0db37a3a54a3be307c0314
SHA1 78a8db11e6fcdb882fc255d6b66fab0fa6e163ea
SHA256 65a75b3452d55127817741754fdea504260807e0a8538772c967d4e41e560031
SHA512 88734e696603c26939bdca1a82efa32defa187a04785649bc11a8f2de0614ca074eae3ece4892a0760896ffc0433b89faaa737252b93b47e4e1a0a086a2d6695

memory/2936-714-0x000000001B370000-0x000000001B652000-memory.dmp

memory/2936-715-0x0000000002390000-0x0000000002398000-memory.dmp

memory/2936-716-0x000007FEF3000000-0x000007FEF399D000-memory.dmp

memory/2936-717-0x0000000002760000-0x00000000027E0000-memory.dmp

memory/2936-718-0x000007FEF3000000-0x000007FEF399D000-memory.dmp

memory/2936-719-0x0000000002760000-0x00000000027E0000-memory.dmp

memory/2936-720-0x0000000002760000-0x00000000027E0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-29 12:53

Reported

2023-12-29 12:58

Platform

win10v2004-20231222-en

Max time kernel

6s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe

"C:\Users\Admin\AppData\Local\Temp\Moyetu_GAME.exe"

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

C:\Windows\System32\Wbem\wmic.exe

wmic os get locale

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

"C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1960 --field-trial-handle=1740,5857654822218037784,10515114971795435166,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=4984 get ExecutablePath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Windows\system32\net.exe

net session

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "net session"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4984 get ExecutablePath"

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

"C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1740,5857654822218037784,10515114971795435166,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"

C:\Windows\System32\Wbem\WMIC.exe

wmic PATH Win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo wlan"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=4984 get ExecutablePath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\mxrZl3BjZES4Z9P9kJ3H\System\cam.4984_Admin.jpg"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& {netsh wlan show profile}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\viWDb8nkUq2H_temp.ps1""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\viWDb8nkUq2H_temp.ps1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\mxrZl3BjZES4Z9P9kJ3H\System\cam.4984_Admin"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard

C:\Windows\system32\netsh.exe

"C:\Windows\system32\netsh.exe" wlan show profile

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4984 get ExecutablePath"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salut3SORn.ps1" -RunAsAdministrator

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salut3SORn.ps1" -RunAsAdministrator"

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

"C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 --field-trial-handle=1740,5857654822218037784,10515114971795435166,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 20.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 51.178.66.33:443 api.gofile.io tcp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 store7.gofile.io udp
US 136.175.9.9:443 store7.gofile.io tcp
US 8.8.8.8:53 hawkish.eu udp
US 8.8.8.8:53 github.com udp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FR 163.5.121.96:443 hawkish.eu tcp
US 8.8.8.8:53 9.9.175.136.in-addr.arpa udp
US 8.8.8.8:53 96.121.5.163.in-addr.arpa udp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
FR 163.5.121.96:443 hawkish.eu tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\nsis7z.dll

MD5 7667c6111737806253a2a230f7b09a9e
SHA1 1310d96254622be1dda79e591d58cd2f25a9cbd3
SHA256 e7f6530f636327cf7992ae36306b5c4c5cda47e2258788fea27fd01fada7fc73
SHA512 c60292e63d8116ab4ac9e52815654369120610a264c50764a1b8b4d6d3ee702f24ad69937c35ac4e5276c2b6431e328a2dabd77c2678eb4bc003b51f5e799f11

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\d3dcompiler_47.dll

MD5 b49773b1653b7f2487099225455c78f9
SHA1 5b964d13f5b9cf0e48c84030a513cf8be1c5046c
SHA256 dc7b4e8bd65dccf2957950c8949a1129dd99cd162b9bd501869fe81fa729905e
SHA512 634b0ce0def29d32ba0d26c28e6c11836b95c6964ee17217253a7abda1ffb3fd154f73533a1885f67785ea6695c1352cbc7c1b39d85ffe5932db6c918162e233

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\chrome_200_percent.pak

MD5 658fce73e95c5f5161408c91d98d0bba
SHA1 ce17d5b4975c70c2c26d503faa4b2039e6dc467d
SHA256 e0f117b53d02c5c949556d29ac15842e24611adf18e880d8b956bd97d3f3d681
SHA512 c447ef7e74bfe181b9ef6f48ef5492cc6d2f9ed0fe3a4258bbdc9d4553f9d9bb80d8cb5239e1bd453bbd2908290edd48f10d6c4707b81cc9dcc7c67b183d8b9e

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\chrome_100_percent.pak

MD5 62b5c98ba94c793ae82c55901bf738c1
SHA1 e18430c161fe5698280b42a97f7d379d2b4ab01d
SHA256 df5adaaa64282c8f496d8493105336ea8fee2e6abd08596773be9a4572699d3c
SHA512 dc1c9611977e0996800cfc7333b51fd257b7ab4e422ef5236b11e3a989c6d3d2d9de27050ebb9c3a3bfadd0987b3bcceeec3a45af4cea16424fcbc9db4008cd2

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\LICENSES.chromium.html

MD5 00ccec72bd280a6caa57557f3c5becc1
SHA1 5ffdcbf6d26ecb898200fb0a6cba78c4e7efb512
SHA256 aa1998425b88ce63eec933117b8f8fb32b266a820329528a91940aa86d032615
SHA512 0d91c6ddfd4cf8b385745203b90064436ffe9c25435faaac3a0be4121ed87d76c4154653b912815c6a10ee0437e3436dfeff9d71b012e63c89a3bd8c37c76712

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\libGLESv2.dll

MD5 7ad3d232905b25f6f227f6c5a9a60e9b
SHA1 ee79ae6beea4d7fd64a8b11cc96c1ae9ceb24a34
SHA256 9e25fb378e9c307407ab442c3a75ee8d2dd2ab608e218dbcdb2174f45847621c
SHA512 498cfabc1c849c2e9fc59976f7cb8394f0265b276b399d95e04f4808dbb443720f8932242375e9d3abf881814f510ce13e86f694319bd1480b8c6065714c7532

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\libEGL.dll

MD5 55df2e16673e1d9b0166cb905151f0fe
SHA1 79f32585bb3aa93c2b4f9496f3a69374a1b91d55
SHA256 87da987a4c5e3a489d8a1d80f6aaa1031f30ff73e5dfdd3993e4994273c29865
SHA512 04a21168e09d23fcf85b87cc2321743e73604f40a968a5af799cc1ae95e24d586803c69a348ede5638b8d8d5b7f2a8c0bdb4a12ab77c142151f617c63be280d8

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\icudtl.dat

MD5 b1c78cd8f0b16bf039ad34f34ba12de6
SHA1 3aad75b5452b46865ffd9c2265076857566a0c1a
SHA256 14cd4550bbd21c326590d728beab4daaa9a7f12a7ebb25e20fb79fa5806c8af2
SHA512 de861dc83c4a7cc30a1f7b5fbedc1e8f2bba886ce619d00b59c89d9176728caf1e9227247f8c05314fd9a6800ecd40ba5f5c6e481c61c69fdb94cd02149cf46e

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\ffmpeg.dll

MD5 af4b428970ee89af6c6cc315b58d2f49
SHA1 0ddf1872190cc15aec399fa00d6e123bf736c8eb
SHA256 af97361c8b56a97132ab2baf57464d068f034ced48ffe2818696f72dcf9e81ca
SHA512 237a27937d67ae780213a939e93635c7abf6c2719a85a816c603cd76ab25bfaf1106744440100dc5bb6a86e6176c1713b396148fd8443e286cfdb61ae9cb47ed

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\resources.pak

MD5 6285caf6ccd9ea4b1f2e75031ff0f28e
SHA1 a814c49401316f5dc4a87d8bf14d0a5423cca4ed
SHA256 d0a0e1240889f4ce5db3aea56a2e20f4c489707134d6c768a29c1a44f848b5c6
SHA512 d2d2791d4e385d98ba89a5abaef8092e6ee1de1833301852585c0924f3fc2763c929169ce6d64e38112accc8185fa6afd92d7bdc927314854d1459d794661748

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\Panpayasetup.exe

MD5 f008876e6de332448b848970f7c5a19b
SHA1 51ff73ae7e75c0d6b62f679cf8080b8ee24821b3
SHA256 0926457910559e51ac6f3df530e0c15f1855293170521dcc35cd6b654dabc444
SHA512 7bfad1e550b8798ea87b0cba68619053d55c50f3e85cc6cad06faaf787dccb515a8483046388cae2bcd6233fe03a30d55038bce6c4181960ad50ff6e76688763

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\vulkan-1.dll

MD5 84b3554210de9754590d0238e7f5d510
SHA1 0e55a6f0ac01b46bd872805c7a5241b943eb12ed
SHA256 961a4b119a04e6c41ef88fc0a188c141c35c40bb5fd62c8ecd9a64532a553c8a
SHA512 05967606a6d64eb38050991cd1c9fef529c3b448a4992f920f00c0cbe27057488abceafe9290e6a40b34466d5a81b8e26493674034a8e22fd180619090e2d7d9

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\vk_swiftshader.dll

MD5 7dc2a7df98da98003098f4bc29ea21cf
SHA1 eea79952c822933406a695d267fd6454dc9b9afa
SHA256 e0abb97085136c118e320619bbe6a8336a4a6106034da1711553c648e1a0e1b7
SHA512 a4dfe7672731982ef9ea35d6c37f45a0e43a91174a1751d99d63114f6319782bfda64460ef9ee11c706ad5e5011810fbba78ff23477fbd90c3c6c3805c770a44

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\v8_context_snapshot.bin

MD5 5c9375b01e13e43906073741e29af761
SHA1 375e5aaf1957c401bb01aa5b4f6601a989187178
SHA256 56b2f4f571fb11e38e953a6ec666f2ab23c13914912cb38a04ddfec4fc4699db
SHA512 a304957a4d6acdacd2b3daef44a7be51296ceedb2fa7a3028bd8f0fc2c363bf08155f31c90492a9a0a40b4a20142bf58d54d1473988b636c9442029f85e03e4c

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\snapshot_blob.bin

MD5 27bd30eb42ff1cd8118fa15b8c432dc2
SHA1 472b5abe92ff2d2d541e408269f3cf0a2a42d071
SHA256 941fe86dce97188a93828cfe8806789800cd8ee3e8386f578ab1add5a65cb22a
SHA512 826c75c9c1f8834f35abeca405f3666c1707237a5a021c846a43248df6b180ae30f18a9f2393206916f646761da97adf38cccb12b4af492a00ba25758c3289a2

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\am.pak

MD5 b47b925940e1727632a8cf3724f78530
SHA1 8337c8da88b942f4195eff6526057f782ce176b1
SHA256 861288a46ff9c4abc375fb23c3b9e6513207b8377de97ffe2796c2179c4edb85
SHA512 5d1f7714c7d847d189d05afc9a21cf648ef33c5624629ae94ca0226e7615e5d31cb6180d1f9b66ca51fa50701022deea4215a82d7c3aa0abeceeacf621cb5bea

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ar.pak

MD5 175f2e75d6f32891450b4000995647b4
SHA1 208fa63106166ccbb4542cd4ae372e71ee714da3
SHA256 1f0242f2df29bcccdb5e7bcc6fec3b305e7aa8935447dd54280e47039318e8ab
SHA512 02612db0f9a25e5768ede2bc2d9968ebfc77b59a501964462b408af7f1f7bb48d11d0d25e96d6cd2c1b1c9dc916fb70a5674b3bb14a4e66c276c70016adeb6fc

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\bg.pak

MD5 d9e5ab8299405add0278384a67080212
SHA1 593e2c9e6a9d99f9b6ff5c8f48fc29cef5d6c2a7
SHA256 b38b82dad11f767db3816df67bf3c2ad6f4765c4dee0aeca0c114b1622981480
SHA512 6b681440e740d74e05b759a9ef2319ee8953731a74d2c67ad32668d7dfab191c6d889e007824a4eb7017b3507c3707e164ba9ffa408ad4e1262b738b53a12f41

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\bn.pak

MD5 8ad8783e9b482b22ce21d9dd2765685e
SHA1 ad2a3e98f25708603475474897a3d721bdde2121
SHA256 509d1166a78c150e5087ffd9ddff22f2561a5c3e4080244b1c9c07d60da0adbc
SHA512 f7a32f115a5ab0210acc94a69ee589ce6f3773681afda9327c0680f1a56b7f375d1d78deac5424a067569b4ce8337c72abb2b355b77582ec6b0acb3af551a14f

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\et.pak

MD5 96d9150b87234635f3a40e02e24bdae2
SHA1 833c5326e9d3d5cea47467d9a55b64af465f5c31
SHA256 34a3d82bcec384cd2576ea41ab2a4d2f971cac9aae6a986a37ef18f140c2ebb5
SHA512 680ef26b356259e1bd1bff5bb5a6a48774b0bfd02c9680bf57b1a47446c829e250e5b267785add8205a0493fcacaa79dab132bc69fa89f602e1f9622271db297

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\es.pak

MD5 065fd462e12912750b98580c115b519c
SHA1 f48e7a8a66b20f4a6cf39965655f2ba873d6e5df
SHA256 98d346c8ec8dfe9eedd9ba7cfd4d944515ddb9b601a241ff7a0be0a2cf6c2a9b
SHA512 f5c493be836c658d5d06346d71347e1d33a4477249ee9406368b7fcff58b4d325c5bbff9f2762db24e444780b31f3f69b814a3ea85f608b1d3ab6dbca2ca69a4

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\es-419.pak

MD5 96f30af982bedbf6de303fd2b715fd76
SHA1 8e08d24058fdba7aaebe5edc916deed40da85bf1
SHA256 2e2532c097b97f1c62d7e9a6824cc6406285a60ee77dabe387249074e58c0380
SHA512 4b0fbb1f141e669ca84fa1438cd6142d5a38927fd0045c78e21927e9a4be73d447eca58aa918dd1d0a6585e97b0025ec868663052d4ded9afd5d3e7d66c1cd88

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\en-US.pak

MD5 4dc7b6e169c62cf27eff65c97cd50a7c
SHA1 d49eb453031bc02021029b5abdf5e5c1608fd476
SHA256 f55b5337be65e2bf95faf44196dc30756b4b5b3b1301116192eb9e8b2df69ce1
SHA512 4728a5374d14668ca9d5123fbe58fdaf41b596d82fd21b5f1129e52d31996d6428e0e828af5ebd5d1a6eb6998103926e09253f4d78695d6f72c7dd459274471f

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\en-GB.pak

MD5 c740b508681ac251d05ce3973ba0cef1
SHA1 6cbfd9420237f73f71c405e985cd6e356fabe6c9
SHA256 1fcb15267ef239d7872d0664fd98313a2ad9239e96c530a079412e2b1b4ca31b
SHA512 da6a00bc1a4bd48c7fb451a19ca946173942e74ec035e920f8e8adfaf3384f87d1a1c191f89ce2f8737dd11ecd879cdbc69ad718fb4ac7d085ae9a9f4d11f2d1

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\el.pak

MD5 50ceb89804623201b79c418c87ed784a
SHA1 babead51fe8db8f1b6320cc0e865ef43449b3ff7
SHA256 a1e7778af4977a459b19a1b5f8cbc5b42b9f294b6e5d777af00bf51e983d1154
SHA512 c8784cfc9a1df34959782d6aafc90ef58db2d81c52ec50f597d57ce81f61d7220330289ae1f9680fc0b875c2a26e207d4d53aee170c9a32795ace7d256c86c14

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\de.pak

MD5 4c8c35960cf35ee9502f242944d9f384
SHA1 29800ae9eaf7f0369fa730755aaf2ad802eb276e
SHA256 888fa62c8274ba9f4c2e5c084730d484b2aee0c7c2e5c7204f7969f0a9ea1fb6
SHA512 0604a1f3381fe1856c9712307711dc85dfba0ad632802ecfb8176000b53d65a8be6e43782566a26255ecfce923c5439b4ff083af7b722bdfbdd7395776cb6fd5

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ca.pak

MD5 eedae144f7dbdc3df30b52d1c1813eed
SHA1 9d4453fa544158525c53f99fd134dc8583ecae85
SHA256 c5e3aa16e481be577c474e8a48151c603c5806122558775514d7aa672c1ba1cb
SHA512 b956acce48a2574805507638c278d526e143b942fc1c37209e2fb75cfca7499b4ef49f5e6d8a0586e47426204fcf096154c07eb3e0ef64b45ebbb5deecfd428c

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\da.pak

MD5 3eecf689fb1adddf5800e8e1a85d9dd2
SHA1 7ce4413ffef715195df3f8be48bfae06021f14cd
SHA256 b543b92f6cadba70fc72512d5312c4a02896926f62a03e43b78ebffe8c36cad6
SHA512 6422639868914cc9c06c785f6581e3231a1311cf28a85493977f6f49da762ef84c22009cebb768460671f3c678a0a8a50a50d80a609f27961e4c7b12744267a4

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\cs.pak

MD5 a72cf2ec434c33cec2dd630e865598aa
SHA1 0149a019f336c9ef2a6e75be6622c99aefe92aaa
SHA256 21c83589e3b63b23e235fae5f3800ffd1ce86bd90c679ab119015571112c2193
SHA512 bad3f4819a9a89caf2ef97c077007b26d834e3a027e56107a8dc96202733c2838fe2cd3ef243ee8f6a7360201ea32852b3bd4bee03695afdc6198a959dc9868e

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\he.pak

MD5 8634f9ddd2f579cb42bef2da61325123
SHA1 fba7d9b0fd262e95103bc56639f6093330d57e4f
SHA256 fffa5f20998df8057ea9c9256f2806dfb7f0d76b94768955ba4966da18aa614d
SHA512 51c2b81cea93fdb44b09cc725bd9022deb6892105a8cf299edd16e179e6e4ac43beb0a8a2ecc944f08c7384084995630d148ea6e03bbb09b5a197cfa4908ca4c

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\gu.pak

MD5 dbd7e68eec7df62e643c60f34446ca01
SHA1 0ee2d9f9aadf8a803f58e379c04f5b4bb6bb017d
SHA256 c6f090e05fa4ec0a019709c6c569a2a188f9b46dae5c0bff5c5b0d54e453748f
SHA512 eb57558ce7e03f4f9d4474658980d0a0dbb0bdf0ce21bf0c13f191a12f09ad71ab3e311bd7f73cf3a006b0996e9708a5fe3ed221b30911b851732179b501479b

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\fr.pak

MD5 02970ad372c7c7b7160017b766e94bd7
SHA1 ecd47f5393dffaf6861e92b9d9b34aafea67656f
SHA256 f55bde2823220537a4d59e89cf6e26e0bbbac35a28287647fe6004307faf6d76
SHA512 b4a561fb1c799a16f287877b74b9c72fadb1e0ce6767eb3a02406a7d9b39640206c954fc90cc1d6be3c6acdf56ecd39ccd40027fb8e86de286c24e454de038e0

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\fil.pak

MD5 56729699f18853881430aaf086a95864
SHA1 7b2f33d5e540dcdec5454a22c5b62c29a528dd4c
SHA256 764d95ddf148bb7bf72722ebd091d8533958b56528f8babb06322bbf7f2a39a8
SHA512 cd6241d301f95edf9c132abbb8d7db3b6f68a0b5ca36a68a3cfa6a356b3a879b5845b4bcd7f800e25e105eea09c1c5a65786eeb6d3595e69e13bf5e3ef4f74fd

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\fi.pak

MD5 aaf5ac31ea212df862dde3de60ee1510
SHA1 5cea198b0043c72352fce3967c302392719a2b1a
SHA256 abb1ab9bc60878df53e626ab59dcb857c20b02d5b3f0c9ebd024cf77f9f8bdf2
SHA512 a776bd71e04e311067069dcef64c92449210d3d908314ffbceca3e4c35a5106ddf6ee50b95b6f8814a820d346dde2b52ac08efcfecf67813e73752cd702ba381

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\fa.pak

MD5 4ea12b50cfe1926a28b74b3c965944a8
SHA1 fa81eeb510792984b16fa038ce22824b15767221
SHA256 98177bf0e5429db5cdd0f5a2215a3bb5d2338335e14cfae6d2370c59132b7da9
SHA512 ffb1d21c97f7e91498fe2d72124023da742bcc2c8216094290eb19b69e2fb8bc3308e4c0d2613b17da7fda6a6605bc321df581ede0e171334ae9f685bb9717b2

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ko.pak

MD5 4c5594ca05775c906bb9d5a5ce0a5932
SHA1 24cd5376ca2d35cd833264a8c9ad7438bdf23288
SHA256 a2533675213b1fbffa8220539605bf31b530ef1cd3ce609f5d5cd0ac5fe5e2fa
SHA512 f9355c90a27229f37584c3dea9c76d3aabf71380af35e3c73207d1d76e0a21d3bb68983474156b3b28b3aa7d191aec90ec19dcf20076955ab03ba9952f069a7e

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\kn.pak

MD5 7f7be3cf7f11aacf1f1023952bfcdc64
SHA1 16bb8cf1e91ad37a4f22a095edddff1725996b91
SHA256 0f4852e9044fd1e1e1a9f97bb38b1fa3dfcb1f81d1677d78ad3d089ebcb99532
SHA512 92251f25775a40ab6e91cd91cc9aa6a2cb98d0a0849fd01d4d028372a3fb06b95b291f36cfa746b9afe40bd14517bfe1b3c56e978487e6b4a0ac7ee1133f29c9

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ja.pak

MD5 5861ad7610754803eef917b5ae0684f6
SHA1 785bb016e7030c873d2e63dc3b4066e0f5aaa9a8
SHA256 2c6b0c8814eee98587529f3ff361ab0c7e009273ab4a89cdea7e7980881f0e95
SHA512 21658f09914134306cd33940e04afe9c0fcc84e31a0c4910728a71f34338b093089eca50ed61778ad8ae7311b9a3caa88feca061b1da260a81aaf5d61171ecb1

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\it.pak

MD5 86be8f7a6d4bee78480097069e0f3c8e
SHA1 32aacdb8506e846dbfa4b9ea507796733dfba1e0
SHA256 72ef82ad18f3f5bc7fe910ec9c0c38b53e502cfe98493db53aac441c4e7539d4
SHA512 c449b671b31ad8efdc090b923f1e1b1ac82163ab304a644de219439a672e46745c5c69ee394fa66963d00d10ca850af7401c46d079035df25c84030f5b439d6c

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\id.pak

MD5 29de9fa70e05d1f3c37149fa6982cd63
SHA1 736c50b282f9fb6186d74b315ce95128b9cf3c1d
SHA256 e1d8bd9f48558b5bb8393aad9f93375ad33d7e699e886a41425be752f62cdf60
SHA512 4d737c19e80849356e5751209475b63c2929e28d2a0c900260224e153f10b46edbf3c3c7138e0072e335e6d93310900ca07e3938fb2ebf0f412e7e8b21c31dc5

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\hu.pak

MD5 e6153551ff5d0a76d0bd74132cdd39bc
SHA1 b07a75aaa37346d39069a3829f6e1022c21777da
SHA256 720ac0e531f960e049d9563359583ab47317b475a27db0e356896bfbd7d1cfdb
SHA512 4cb960e1e1dfded34d618f1ccf68e330c4696f02c22dc564ba7519155a4254a7c84304fc96ba4e073e5af43ad9d4e9dc67856dcbfa948565a67c27440c6d6cc1

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\hr.pak

MD5 4d4d4c5efa2fb2eb303ff90a12ca7f71
SHA1 e1cefaa679a367cf279a9cd906b397586277aec0
SHA256 86c04a6b376e1cc488a0956d1dd2209853eb050043ac5f917e709096c70eae9f
SHA512 e1bbcd4d5e1628b969295a87746e8064687e51edab8d6bfbbe2bf86d10810ff6e4c01c2911fe7bf2e3a5207f007cda2f53abdf94791ce444921149943c5f8b76

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\hi.pak

MD5 cf4066c892797192709c05edb8c8e20f
SHA1 8d12df1279328532b60e637f549c7e5005f28cca
SHA256 aaf2f38b4eafcfe14590879f935371db9327e661f0c0e42f55ae8ba0e0b6ef53
SHA512 9b236d6f9e661f7bbec436d4c2ef8a1c7d048e7120b5a6cf292748ad19059a6ff5c7f2d394389f9b66a4ba9c8108144f0f2c1314bb9cd22bb2fbb058f69e1f29

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\pl.pak

MD5 3bcb4e4fc8dc338fb434b5a5ec2593b3
SHA1 9d66a52af09119c058d81b73f81be4f1a0979358
SHA256 db171bc4b16d2a2257b86ef68c428d6b7631806db5f807645f8beb1e9044debe
SHA512 03a8521c2d353326d8b2a3b9829abf6fc2a1d3cf759937a48048963dbc0c9efb3f8cf889e09873dcda488c63975cd2e37e513572d74e801658b5c98772585d4f

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ms.pak

MD5 ad31b6616d7b46289f8e819cbcdc3552
SHA1 e6c269e9a7d64f53b5252e56129f70097ddd2bc4
SHA256 2cd982f8399f5b3c776360a91f9c58f7204d2c4a7f0e1b174773127bf9028838
SHA512 117999838637999c34b0e98c300c39d6f8534bf0d7cb821953f4e9c22302938159f5313c41a70911a6105d3f84673bba3d3ac0e8a63d9e2294b444192fd03e24

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\nl.pak

MD5 39c6b57e98faec63011ab68a9f59b088
SHA1 146093c0adb11d7ed904c29122588dec376f3c0f
SHA256 b2d873f4257c338229f2ddef2a64537ac3fde7aebbf5001acb094d011404be8d
SHA512 2715c88ff27b626c42445614f8bd3cf0937138414febbd6e57affcdd113448df1542983be7b4984444e2ea7902d8b7640873ac0a5350616903e4d8d6e0be0b20

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\nb.pak

MD5 644b1e903aa3d2b62048f2baf85d94b8
SHA1 50478f8e8b2d7cfe69e3bba67d9fc9d87d2754bc
SHA256 faa27eb02a36687d6fe7f263d552cddb4e72dd4ef2e726dce6a424a8bdbdc940
SHA512 63167e87d80107a086953b5dda61cf115333e46327957634ed9c44de2c64dec865139a315049a7c8873e3ed6e0c50bd5ccb5b9bd4b518a3c01a9bd491b91684a

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\mr.pak

MD5 dd8172360e1f7fc7dcd3409232279092
SHA1 f4479f449c3e4824e5d971ea9003c83129b6d654
SHA256 7d74af6defbcd583003cbb2b9670f2424a2155c2696c617d389ae56508fe9c72
SHA512 98e8e605ff0fc36375f100e5d0bdd7069d87ae7b87ee1f7594e3d2344e0bb7e15f0255b20ebdc03d79c150998c7fc66a40b65db90939a093033181201a1e8fa4

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ml.pak

MD5 d128b4f8abfee785cd18ec6ede38078b
SHA1 8abd7c052848dabc27c4df141397d34d4019c1cd
SHA256 53e338fd9e338a28cba8bef6856bf58f9741b2f88175a752dc21f95c6b95d16c
SHA512 4a66183bbae740e4acbe03600afed4e23e0d7af6e48786315c7a32f5e8a8e790b60aea65d981750d95966761d715a3996280cc0a57db7c1ce42e8e25a57c53eb

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\lv.pak

MD5 056a16aa52dfa0a2a44eff5d82dd85a9
SHA1 796be624b5f6e494946f01c6285272823d29eccf
SHA256 b1163fdee3130cc1d828ade5ebfe27d03c6b02a7a9a28e0e848334567f05c5f3
SHA512 45fd7a1fc39a10db92b3d6c07c7a27fcefefc58587f1dd8381188ccbd009a17621ad7693e133499893c00ad4bfae426317ef1b37a3b4f88808a9c6faf5da3983

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\lt.pak

MD5 0280df0ec6c5c09e8fee8d5ec2a2634d
SHA1 97e32e1cca2d16f24738fa0885f5652cb0e38b1b
SHA256 7199f8c2a84eeebb6f50d61a5d846aab99cecff61518c61b0f2ccee07a89ad67
SHA512 e9886df4da84182b5cc98be6ca5d4c4399661f01e597a7f5abd6c849ebb1deea3f363fcd1c7e4b7585eb02cd80b8ec20e5075df0748cb619e0afd9614b24059d

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ta.pak

MD5 9a70b18d8e763204c3a04c79541404d3
SHA1 c9681382749d8ad8419cb8ca2b46ed258bd0d5c0
SHA256 3a44e3dfc3cab00881ea140d8884c8004eba57dc08f73b4043f3eb9379dbf5d7
SHA512 6c9d98d9841f35045f46c9174c91fe3864530f27e93582a90a560560933042b5a27f0a23fbfd9d04da951f056f5fe96d143a79bef784d071c29d1ea930dd089d

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\sw.pak

MD5 9f34b56817c8a31388cdc8ea8460159f
SHA1 b17f45ac15be5ab5c7f51a59a7c740504ddb546e
SHA256 9782fdca5ef83f4368c697fe15c46a4becafa373e4f9a4481991afa0b7233620
SHA512 69367fdd9023d3ff49cf6dd07b92b215f6fb5359368ec1493867e759f5b4d05a1716ec587d6593168941c18c664ad6a2807e2643d6c1d0d78ae5f2802fd49626

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\sv.pak

MD5 d9fbb7b8706af06e3dab5dfe2a431ccb
SHA1 e516d21b40fbbbeb69c0452cca0fff44067f8c3e
SHA256 9836e1ed47a55b109911a327c23845f6aabd6731d1ceff27383c9e2f95edaf1b
SHA512 428b9bc38f26ac24d1efab3fe61c4bd7f77d8b664741944cbf118be5470e1926ab5a954c2db79ccc1cd9400d1eab192bbf75350947c294d29c4bcc86f678d8fc

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\sr.pak

MD5 2a9a24d6e56e47afdb87f3b47cdf4ff6
SHA1 e2e0547f5642f1b40487ea6e026fd7579b762cab
SHA256 d68eba8c4395ed7a8061af34ebdb15022487724677a185694b48263ca0908435
SHA512 4994bfc8d6f77b7b8e19e505444653ac92bac7a6ff60a5b2f70c69ece782883a054689f4574cbf7e364b4c74254c1ecf82fee77412bdd879ff8eb9659aff275e

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\sl.pak

MD5 5af374441df2c979583252a93eb89c99
SHA1 388328ffa6fbc91cffe7c7fa879072e138875761
SHA256 2c69593575c91db51d9bb01c7fadc01a7d9a29f840dee3c9eca6121e6f521ad3
SHA512 0e93b2de008dc1ae6ef2dd5439c6617ccabc4d9712c27cc42d580eda60f252836c98cbb3472d0243be718b69301aab246d856594418df19c6fe2a3d2ae067102

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\sk.pak

MD5 26c428ae327e8b1938963f92f4ec2967
SHA1 cf0252e07a6832da5d95c8e4a7e91f244e7ecf80
SHA256 0e24f2087554e67c9829bebc7c65dba5b0f91fa28f0226d18f8f61a3f7fac30e
SHA512 bf4a83f9af9f4d047525387a9b20652790e0bbb3e2c8b099fef79771fc0013210d1afe394c87aa17fcf0de537a77ef0a04c6b8e56dbb2afd374d5d3688666ca8

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ru.pak

MD5 124f55edf7934c6c1c8d06a2a211e479
SHA1 0c8038a0e5dcb9311d3eeabb9adb1293446d5ddd
SHA256 9cbf6ef67c1f2cbea7c476b152402807ee1947a0712fb297ee40174feb2b7112
SHA512 da25376d2632092d9aaf4320e8143b4ea6a4dbfcbc2f132cf00f3d76cf3708d6482b6b4a2f6831913f0d692063bf5930cb4cac9e0cbabf69188b7ae39c9419c9

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\locales\ro.pak

MD5 24f357098fcc224fb6f66609cccc31b5
SHA1 df7360c55134e4de5d2ce429663a9f78ebee3fd0
SHA256 99ced9f56a4cf90a888141747cfdc03ceff8ff12d58fd45cbde9e98a2b67fdce
SHA512 c854063cada7cb5aaa45bb1e3c364c0bb9b77bd0db883bf7843da2d0bea0c8aa9898b0f00ec70ee9c192e4290cc1ec524aa9079463de2eaf0641088459a2eb7f

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\pt-PT.pak

MD5 f78209939b5e55c1a26b5e341aa6d252
SHA1 279c6792eaba364814124486744b4f431fc742ed
SHA256 89d6ed43d8a7dc10a796829be968ff4d15743ac5f4f9fe3fb65efc488038d69f
SHA512 e802636227de5a2a2dcce4a61434dff3e54b1581c1fa71799f9fac6fccf95c2e03b9e100f0579fafbb251e4f28947019130bfc6c9a80c8bf208f85d97028940b

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\pt-BR.pak

MD5 fcd4b47fca73a140d5c22396adffedee
SHA1 9121dd81a454782fd08d91ac62a074bd77c015e8
SHA256 7ffe9a138eb73af450ddcfe7685ce93e496ed8583f1667e2fd5fc86ce0e666b7
SHA512 4452bfb45b44b87ba7c251db46615556e05a9e6958077f45274f90f1c33b2250f129de6e30a4b90b6eb6ac51b14aa819d569a2b94ae68173950d87ff57032ef5

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\zh-TW.pak

MD5 659ff5329f6194e5d8507518cf3a1c85
SHA1 b90b92b25acd5531ef25d629373de74a53d3f839
SHA256 197b1fcf1af140eb2523b9661b7b8d4bff01845d224dc2a843d47e67291e1df2
SHA512 73accb7d0bdd3413e3bacb4267723176d2e89b7ba953efd0106bcdf006335a4e4ef7b7ae3e0ef5456460f07d6843f79b9cd9116bb493abfc6c823e7ed26030d9

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\zh-CN.pak

MD5 5a73e09f15903037a95ad99eaa1bed63
SHA1 31585f028990a8c5412eb338e215a1b7b5fec6fe
SHA256 cc14aa532dca552cbab55507a9fed771dec0f01e69622f7d2f8cd8b6521109c8
SHA512 3b1d315e8d34fd8c15703539281336eebe87a053c9f75090ecf2d0e32b1aa6cfe234e13a2175257107646853e3da3b4fd75a8536683321ad4c28d782d274e24b

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\vi.pak

MD5 c950d1e99c3c3f7e2cb1e55ba1993970
SHA1 ac615491520e952ea7c39c5c971d23d4afe279a0
SHA256 47f23fe459a2c7d37c4b36225ba7eaac5190fa45085470d29be370654c5c3b09
SHA512 7500c3f1abe3adf8c5bda9100aca3573877dabb5469c969ff6b27362b184dae3ca568a79fc4b903adce3ded9a11ff7d3885bbf4c2b1f7d5eb8a8070f52b32a0a

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\uk.pak

MD5 840beffc5d21c560656b636fe1cb056e
SHA1 2b2639bc3db0e0e145ddec0e2bf1cdf41f8baae8
SHA256 4d08bb1a1440d283818cfe953efb386575fbfa29b3133e1e3c23c9bd64f8f57b
SHA512 b7f3e0b72d75d2b2687e5c334d5dc7176044cb898ab87d68e03272a3fea49278585c004b9d26f9fdecb4464d29f0be48eebb804f90a6071871255a8d03756024

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\tr.pak

MD5 ab158f8b1c2eb12fb0bfea679805b8c6
SHA1 8ba393250cd7a4be19d8aad5002dadb2984a3965
SHA256 6c0e66f22969ffd7b17c90293ef8e6e57c9f5bd81accf80cfffcf1ae1d749d2f
SHA512 629d0cf0dde32c1c45eeb3cac668971c844b09e857fcd7b80944e8ebd9a9ffcaadde5834fae322137a8395ddd20750e4c33813db874135064cc299077381b31e

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\th.pak

MD5 9ef548fbf2b2d5befdda5e650518555e
SHA1 d3a13dd40f0a84913ec8a9ceaab06fd426ffb6f1
SHA256 42e2ad43474ae897dc92e57cdc528a5d62468c252afbb316764ba68187b19df1
SHA512 77a895ef7d1169ad1a5f2383f52766157c31da78e24659bae3ad8563e77d33e119c93e9138ad37e7c9fe4d5af5f2ee119e8c8a0396cfa44135a385d80bb659c0

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\te.pak

MD5 301551138261dab00d483622cb250a9c
SHA1 851a497eea3d874a471ad8a5ddf27c65b5201718
SHA256 5d8ebd4b415deb14c705bc7fcde0b563c7f3e1fe327a2a087c24532b79668009
SHA512 77bfea607d0357bb82d8783b7f6872cfc8fdec03e74799398c5ba6c3800e9a2e7ca505e6701cc67992ea14dcca2d48f46abc73ea4d5b956e701ea91b2a7397ba

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 4334e3d686b32b02f7b6c7bc171e8119
SHA1 7b5ab4eaa66de29d1be285f94f8d37567c7cf8ef
SHA256 b05c4078196f522c56ee126369dcbbeab2f0f89f13aa430bb025f6b9281de413
SHA512 6e5e39037d595aa56080a0aa0ac4f04e3d3ae96eb18de5154f09762691db87ce65c90f5af7423d3e23e95b3f32fa4229ecc37ca13770ec84fdb9827438df0e91

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\resources\elevate.exe

MD5 7dccb77376abfb0c6d23ba340b06f500
SHA1 87432fb34085877a6b17b30b128dde1f8da3ae0d
SHA256 0b96d984748811a5e506dfb3e6d77b42f744715a2216b25d748d4ac69c6296fc
SHA512 b9721fd72916b807cfebce973361d6ea4307ef3f243282f28d57086ce8cc0a1151e026d26a8e7c9f6ab3ac166698c4ea9a9b993ec45818bc57ca6d750600fbfc

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\resources\app.asar

MD5 4e5586aac7f64754478ebc494da987dc
SHA1 d2d2a2c258ee2a06bb710af6dcd34a12f24cd577
SHA256 5cad188d01becb9fe08afe100989b7362dcc19fe91e3823d96153fab3ee42a2c
SHA512 7d9895a788bcd55bab8de30a3f89b378ad208262d264bd44004ea0a21282d38db128db74d3ea779cf8f7dce6b2630eb8afc5216633fb7cd91d9975330105257d

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\StdUtils.dll

MD5 69fa2fe89694bd4530038b8df764e627
SHA1 7fb3d2a805339b52ef03a05d5273bc7ef7f6d04f
SHA256 ad2d2b5fda318bdee94d4b061ef191718e04ee58d300ab673dbfce9c8fc6631a
SHA512 3d7ea0ce00694872bfa8f4f60dfd377990dc4f43a55e7dc594c3c898d307553ee1ffa42092b0ee80a281d166f136799382d7230206f1374425da22cca9497b55

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 a0bae83f2fb2ac7720f2800fe1f89e53
SHA1 d6e79a4c47c7582355431c0e71c01e2e0f3db31d
SHA256 8df1cda4f99c3b483d787121fd957fd340be1f59540067f5238a90579e0ff48e
SHA512 ebc151f0a27d36e91952846b0007d6608dd3893524079cca99b5b8c5544980eab86bb770b180e6c9500d015b2dfcac7955e4a93e7734cabbbc18bd7b169549b1

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\swiftshader\libEGL.dll

MD5 eca63cae9eb30cf2ea1505db4d0597e4
SHA1 be29e9f6eca8a58243a614478b088e04c27d133d
SHA256 d1b417a8888d4da38078a221ce99982d6a737181644219807e175794f93f74c3
SHA512 be050e6822a7577a3cdb91e8ed2f6ef5f30f554c619097c94a82c2ee691ba7e6341f7d232c28cd2b2d4673c905075cc45bf50b160136c52b01bd701852bae3ec

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 5745374aff01be34e5c6edb3be1f5369
SHA1 e3c4db8f3099c0448b34c0368648164639b145d1
SHA256 9586aa02f1be7c36b597e0d7871f2804ad06ec3c04fc2961cfc5c0a4fbf0f00e
SHA512 0c459dd4a855db80bd9350c226b29c57410726f26f2846b23c8ba7e50beb52417a585907f97819c7e2ce34615fa8c662150f37692be32c53fd8b327a35d5f040

C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 1547507807e95e2bf63feea4d5b2d7a1
SHA1 60035dee8d19aa9de7392dab8581eacf5827a14b
SHA256 c95b7d0038721230c4f011dc76bd83201429d115320ca14675b0cb5cdf8f1ca3
SHA512 6b070e78024ee4acd5639ec39f5b35b1d34348be67a580e6584dc0723188324fc24c59b8543784e1b093b387186332f7d00802a12c2b406664737c8aba7f32c5

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\v8_context_snapshot.bin

MD5 ad1e9964cfbd6275a00b30ba0b1a2ab6
SHA1 eb77a346e0126f34415102ca8660e44336e22230
SHA256 e4f56ad4bf9ee4bb33fb1f8a106b83f5c55b6a08cec486dbdfa0be10d4cb3c2b
SHA512 209337b3d8fd64c1dd1375443069b99cc87c0579973d9cf495a812c7806b53b81b1aafdc2a503c81698600ecf4f3f3cbb089415a43cfb1d055e936280b05db2c

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\icudtl.dat

MD5 f5f2ac65c64fcca7f82d21a834d3d2e0
SHA1 647a9680590ba98de57cacf0e006cd91156c4447
SHA256 dc839a624f265a3cb76cead0611cc7c089053d63ec0857bc387459202d888f77
SHA512 a1a6c3b826280872d92b74535d25e2cdeec9be294260d181aa528f3b6c57ddb4f7dc5afab502d614c127e72758ac5aef2d8c0f869077482600be48fc3b222864

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\ffmpeg.dll

MD5 3adfa25635c13f2990940a1d91710a54
SHA1 68aad6bed63a969c238d0c92b35bbc5191810d44
SHA256 720b97ed62bba235b5365574685a09c44148ea1bcf19ed476d5f2f2f9eeb987b
SHA512 89cbf2179b16765aab6a4375d38c4c645482a28ba66ac49cbcadab3466ba2253889e91b1ad84f65fc32a4bd28f241cfe49c6dc264251195aff40f70d3e3cacf3

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\ffmpeg.dll

MD5 29db54e70e2b9d4d6315c41f1be02e6f
SHA1 49909b9a285b21e6a5af6dc82892c13aeef6c464
SHA256 216f01a3f093988283a5442b10cd46e47e35c978e6a603f079e87a6516ef9d37
SHA512 0c256959ef82f39967594d5827f57e32d4e1b7f402dbc848d43847df9698f8a4e1fec1b02c4853cbda96f71dfe9cfaa350dbf79dead9a100f5d61605873c3b77

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

MD5 866a2a148c8fb070e5571a2dc35f2e43
SHA1 11c8b66bb47709c3e8cbda0399d015c9231f852a
SHA256 b8f4fa0fbb84a99812d9d9ab46a89a25edc8fe2a8434d6ae234e81a092439807
SHA512 742bdfb6ce90aef004eeb15ea728c714dd3638f25e8c8cbb1ac23a05b3ee2facaa417a8683ead8c754c9ad14b855c063688c314ff2cbddb78b79e2f2ae289850

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\resources\app.asar

MD5 9de95241bccb80a71522e586420854c7
SHA1 c75408dfcd26236f1662e3404af67fc874f0abb3
SHA256 2aa6b12c9712c03cb8c080e36bd119fb7ed3dce68df5f960ddb91446ec0b2957
SHA512 0422a27196270bfae8eb4cc2eec5844b94e33aa45b76e956c1c9d11c89bdf8dce27b6306950bceaffcf3490abae15a7618696f2b9aa9801dd4969b9db384cc2c

C:\Users\Admin\AppData\Local\Temp\0d01d7ad-f08d-430e-b133-219273e9d366.tmp.node

MD5 093f64b20d2c17e2a51b0305287ce364
SHA1 314a7f19546630543f776ba37102b763ccb53dc0
SHA256 89d9bc5f248dc70fa59f4c04fb2c67f993058a9b097ccb2f8b3f6fed472af9bd
SHA512 44927b83892b53f32fc58a288941e9323f4e880ad118f8244ba2141e6a0d4e8be3ca17e40806305700051390bb0c6efc07da670424c9351f1f9e102be8cb7031

C:\Users\Admin\AppData\Local\Temp\2114c1b4-2745-4f98-83a8-925772b2f83b.tmp.node

MD5 4e0464da67a83e419147f8748f72e113
SHA1 88d11337aca72e07b5ca168eeedd9ebd0f109c04
SHA256 f567dd1983c0c78a4a28b0695f74ca2562f16105f1c44eb98e6519c31678901a
SHA512 2ec32a853c95c42827375731874a45aeb088f1ad9b90702586c6a948f6fa301425c78ea8434c9b1473ef5ae0ff5cd0287afc2839ed530699bf8e0837e4dd6f6d

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\D3DCompiler_47.dll

MD5 7c675b8ec121e3106ae1ed2b2216b877
SHA1 42e7fd2d89942d7726c95fb4d1e4a5da09c970cb
SHA256 56882d312c2fce61a48d325027ba1bd868931d2a1be6fc95ab87b67079832550
SHA512 3a1948e8d6d3b1074a447795f63487ef2ce5071c30b477dd8fb576dfada3778dbe584c70b27c37c6408d29c3515d2cc8660f45e24b120a2f6ff96dd336b41d09

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\d3dcompiler_47.dll

MD5 dc55ced4c53755dfd73cb9bdff6ba076
SHA1 dba62ebc562f6d817efc614d53b46286358c391d
SHA256 e5e97a281021c15458a5bc54d086a09c8025d37ab0f861eb83233a629cd506d2
SHA512 d2952e5ea7ecce12d321f1f0a54de440e16807e200e076b27c18530d0a8313935068e380aa726bc6c7a4f51769d7c5610d9dc495d58452ea5c878d21cca3168d

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\libEGL.dll

MD5 76389cc52c6ffb6763598c1f7af96cf2
SHA1 1c0110e48e98b6ee0f89248c4be3a122f58fd6bf
SHA256 620083369443b44db47ec6e40963ce0ab58cccf1be3455a32500262e6e8fcae3
SHA512 e73972dbb24704107f8103e668e4140e7da699aec4b79d481582c5ae175a9c34a066cdaefdcd8ef23b5c28d831f00e94acc27f9dd6c1b77553bc22c5eaeef09b

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\libegl.dll

MD5 bc6364ae9cf2cc6965abf7b8e19a7ee4
SHA1 63f0cad3fa4374ca6564d4c114d531551377b30c
SHA256 28023e78ed4d6e6eeb2a9a09a8eb40f4ed4f52dae1d1917a1a2aae521a834596
SHA512 f5f8322d562b73915fda937c09dd89a290ea4de018758f6401a973fadc18692418bd9a72b3f2991c1f41b95069d335b36cfd26bac6d26afcd0ea7c50308fbe7b

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\ffmpeg.dll

MD5 be31f89e125021dda7897af05ba2a334
SHA1 c329c20ff7fc49686cfbcebd3af4f491062a9ad2
SHA256 56e73371f77282a17efd7bfde1b3a02e3c06ac0041cf3efae9f2faa24d62e8ef
SHA512 c0be395dcf58c75c48723fbfd220a8dac1b16ec4a78a8b59b85119c4033c56912ef79a28f1092ca321ca43654cbd072bd6cf2d5b6bde4b762dc4277341fded17

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

MD5 e37c36f8f8dd3ee1d3ff04c2edb73066
SHA1 c30db9cb58a5fc79e47258e1cbcbcc04fb264430
SHA256 7ad43642604d8999cf44470eff3e72fae70e5f67e572364079b1b06849e00a54
SHA512 1932702212a36770607d73dadf2dded8bba9ccbd26d69da611948f2bb21a708b03add45f995475d363884442cf60dc7a4d3a5dd0a6b5b069df4ea88650a3b64f

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\libGLESv2.dll

MD5 7b943964e1bc663ca0121052d25f4bdb
SHA1 ceadfe072ceb62874d7286d8b0b38e4b33eb2047
SHA256 dbe4fc3b0f7248d0932808f20dc18fb7d4b9c05fbda7687725563deb557afa0e
SHA512 a98abf695d26a2706a2ddd004eefb6620791d6920b471e91102bdb35805777d5510e9fd7ad9e28dea3bb0f2316b5a08a22a572d31b87e3aee7aa6ba89d58387a

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\libglesv2.dll

MD5 d5dcfe0296af04bc6750487c38fd4ab5
SHA1 8e5777b67c890a60543646adcfd2bd94ad83576c
SHA256 36c7fcb195045fb3beb1d84dbd93abcff39e463869dea9150ff99a7a299f11d3
SHA512 99044a285cbbd9e5ba9dad28c769ce6953b8b8665ca532f1e9efc9978a0812b76514b710019c18476874b097c1f9cfedb97db3a61aa4ff6a79bc00f0fea05677

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

MD5 9316f13d5bd0876ca61ccc40a561067c
SHA1 a029dca95799c2042f4c63810e46907c4ac6033c
SHA256 e3cda7246842ebb52f55be3e36c2517d3b1eee86d67dc657195f048949e02c99
SHA512 fef53168db68729cf4500f6060b1b67fe61342fd1c114fe468516c09cd56b01afbf4f0631cbe700844f8cdc7f2dc652f6d7561fba7a16d9ad29f29038880a47f

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\ffmpeg.dll

MD5 ea6f2328ad9d8aecb5be4cdb6a2ef7ae
SHA1 3c1a7509b7a97ef5b539c0e7ee73b8eef30d7ea4
SHA256 48bf8f52c080fe2061f7bca8c30657e2ac3b6e9a365010cf2b29794958de1b13
SHA512 b1a9628c39f00c157b1ae1786c8b3389bf3a888eafdcd0557b5c47d88cd1ca7a2530cdd805d2aabf9e95ddd40dbc90b28eb92f1dfce66f14c3406600ecb2019f

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

MD5 85557cc0d8fb9c623096a999f171fd3c
SHA1 df7e87065f33faba847a948226a0fd350340ad1d
SHA256 270aadf52aba9f659cf215054f572fd04b90d18528afd57e0ce318ac2dda4cf1
SHA512 58b4840541c1c990e820a2b3769994bb9cd7a19e7a7ff989a2b3045c7853c119e85ba36ecd4aacde81829aee5a385a0186a3aba2185c2820b7f70b2c05d397d9

memory/3168-580-0x00007FFB01C50000-0x00007FFB01C51000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\resources.pak

MD5 38cb3a37e86add8361871edf8c234958
SHA1 1f2b6187fecbc81d71757d78c10ec8673aa286f7
SHA256 e1af68fc17165ecdad982be1ff03ccccf86772b455139c4f80dcf09be201d2d2
SHA512 10752850d7dcb132c5cf89548dc7d289aca10a871669de8b997d6918bb62a541a23b2860a8b967cdf431e44052cb18ddf88d4895bd8fc0756b956ec5123e76ef

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\locales\en-US.pak

MD5 93915afa51c8a06132c3263b851cf7f5
SHA1 3b4bd2ac51cd8dcd42b339e579cbfe9570d50f6a
SHA256 80b85e6ccfabd5355cb42cf64c68067c03f146445fdce0c2c0a95e4535678a39
SHA512 51a843f558aa03b9d3d808f3ebf151a51a3744f949adac37a18adfdac6a039d0668e83dc440c6959dca0b2c1abc2cb7d1c7fcd7fe980d9b0d153a5cec73ca336

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\chrome_200_percent.pak

MD5 c75ef04296df8c6e3845f99584b08eba
SHA1 179389246ebd7ee19e39c8fa9bf8206ea18e9ce9
SHA256 6131c748a50ccf2a214862aa1276be80b3606fb006e8c373ca3811c8b432ed33
SHA512 c0519ac04cb9b8336685c8dafbf38f9a640e0feff61a8dd3ebe2c6926618ed1b8a955c6e6041eceec2920a1a43fed65a6a25531eb47260bedf7f2be10d8402a0

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\chrome_100_percent.pak

MD5 843f06330071b948b2d1be244c67efa6
SHA1 a8a088e347bfa51b2556af8a69a8a3fa9f0833b6
SHA256 65093028e45fcf8a14dc9127e41a76cf7c0ebd96a7939402cf2240777f6408bb
SHA512 b7f5e5d0c27a70b2206ed3e611734b05365365ec07f15b8b07a03bd0736e0f4c942f28b48e573453d213c51fb86648bfe7bb8775ef035cf249c3cba7d4313a6b

memory/5052-608-0x0000014D2B650000-0x0000014D2B672000-memory.dmp

memory/5052-614-0x0000014D2B5D0000-0x0000014D2B5E0000-memory.dmp

memory/5052-615-0x0000014D2B5D0000-0x0000014D2B5E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 6cf293cb4d80be23433eecf74ddb5503
SHA1 24fe4752df102c2ef492954d6b046cb5512ad408
SHA256 b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8
SHA512 0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

memory/4432-634-0x00000243F82A0000-0x00000243F82B0000-memory.dmp

memory/4432-633-0x00000243F82A0000-0x00000243F82B0000-memory.dmp

memory/4432-637-0x00007FFAE2990000-0x00007FFAE3451000-memory.dmp

memory/4432-632-0x00007FFAE2990000-0x00007FFAE3451000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 50a8221b93fbd2628ac460dd408a9fc1
SHA1 7e99fe16a9b14079b6f0316c37cc473e1f83a7e6
SHA256 46e488628e5348c9c4dfcdeed5a91747eae3b3aa49ae1b94d37173b6609efa0e
SHA512 27dda53e7edcc1a12c61234e850fe73bf3923f5c3c19826b67f2faf9e0a14ba6658001a9d6a56a7036409feb9238dd452406e88e318919127b4a06c64dba86f0

memory/5052-619-0x00007FFAE2990000-0x00007FFAE3451000-memory.dmp

memory/5052-613-0x00007FFAE2990000-0x00007FFAE3451000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ojanb3vr.uds.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3168-645-0x000001CE73E00000-0x000001CE73FA1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mxrZl3BjZES4Z9P9kJ3H\Logs\Error.nova

MD5 0a06e3113f3d68858dd2c458d93ccd0b
SHA1 d2b5df9bec627dc08972b7224285525321e5fe8e
SHA256 15ba37dbd0bb0b464abaa6edf3060a204fc42880d5e8054c5a742402bd3c9a60
SHA512 2d20f73396bf74e2281699acb0245e18458bdd5b88abbe48bb27fa00528b9eaa602ed925cb899dd9906d9c15eb99b4620697bb34fa777878920438bdac16e926

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 83d80af098d39a7c44f0e4ff58ce22df
SHA1 83da29180a387d60e07fc6562c88fd7d80131894
SHA256 e9d40190023d9aceae99fd9e0575b6f7c6c337eb1a264542120cbf332dbf013d
SHA512 c19406a63249aaa0790c0c39239426b20d6f20c99f66b89dd572e7ab3cbbf5207d24469ffb449d9230ee7f1b4797dfa8279d601937296bfd8cb4377a808dc44c

memory/2564-849-0x00007FFAE2590000-0x00007FFAE3051000-memory.dmp

memory/2564-850-0x0000023F323A0000-0x0000023F323B0000-memory.dmp

memory/5780-881-0x0000022E5A220000-0x0000022E5A230000-memory.dmp

memory/4672-893-0x000001CFBBEA0000-0x000001CFBBEB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\viWDb8nkUq2H_temp.ps1

MD5 9adc5432a7630fc4e65cfdae87355258
SHA1 23295ddaf6167c3449aa41697eba3bee2887a1be
SHA256 f1d3674df1c99c28d3f43e0dc2b8c2cbbd748d0c9c1c4f50cd0948d9304f5a28
SHA512 90113f2a034c67f80104d17330c6b32f3f84b90d5c21b2ac88991b4b2daf7324d0d21161a48f7622ff93a1b82224f3e2b88916393bdef06b5f97132445ca8b47

memory/4672-903-0x00007FFAE2590000-0x00007FFAE3051000-memory.dmp

memory/8372-891-0x00007FFAE2590000-0x00007FFAE3051000-memory.dmp

memory/7116-907-0x000001EBE0E70000-0x000001EBE0E80000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8d460ce715a00afd56cda62e926b8b17
SHA1 3aa1ed2a3cd5e6e1a3240f222492c9e49c4eaf22
SHA256 195c9d4857b9486e312f80264b31ef7e9ba014ececd7731397ee75ce8d8f38cb
SHA512 1b9efe45bea12e59e552dcce73d597ad431aa274621d96e5a3d146e28cfb11d9f5af256f0bc986e8d4d043f6352b9410d01ddb048bd57445f544502eaf28d969

memory/2564-920-0x00007FFAE2590000-0x00007FFAE3051000-memory.dmp

memory/5780-935-0x00007FFAE2590000-0x00007FFAE3051000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

memory/7116-931-0x00007FFAE2590000-0x00007FFAE3051000-memory.dmp

memory/4672-930-0x00007FFAE2590000-0x00007FFAE3051000-memory.dmp

memory/8372-926-0x00007FFAE2590000-0x00007FFAE3051000-memory.dmp

memory/7116-905-0x000001EBE0E70000-0x000001EBE0E80000-memory.dmp

memory/7116-904-0x00007FFAE2590000-0x00007FFAE3051000-memory.dmp

memory/2564-889-0x0000023F323A0000-0x0000023F323B0000-memory.dmp

memory/8372-883-0x0000020E37920000-0x0000020E37930000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 ceb713854746a5ad4f4c1f2bc72bc087
SHA1 fe5210151290a7fb4093d5a9f0976bcab893cee4
SHA256 8b341929f3e19d39fc42e0742637de39d4f54dd2e7124f7fbd01c5c82243d39b
SHA512 d7e190e4df4bcf62924777abb0a2bd185d5f18cfcc4c5834dba36e74f219e6c4f43e0e6eccbd3cee2f757cdc8ec3c005537db41a96b5219ca32a68dcf0827a13

memory/5780-882-0x0000022E5A220000-0x0000022E5A230000-memory.dmp

memory/5780-866-0x00007FFAE2590000-0x00007FFAE3051000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 07fa401e2161b91d3ad197637a65f2c4
SHA1 6028cf56c34be641e5d5dd451af782e8378188d4
SHA256 321218bb937de39560f9597229655ecc196c4b5ef54015198c638568c8d6f1df
SHA512 5a6f35439665aa2a4e499f1d83dd1f8f0efc85b5969050b8ab9c5aae3109cac22cb694c8eac15736243fb0aa654937c25e01d63295ebedc2344953bd64be3c10

memory/5468-994-0x000002C9E3BC0000-0x000002C9E3BD0000-memory.dmp

C:\Users\Admin\AppData\Roaming\salut3SORn.ps1

MD5 28e4eda7451c625bbe806b745753f729
SHA1 d29e9b2c2ac5b10188cbae92cffba6827728543d
SHA256 da79e10cdff90aa7f5ab3d3f226570107ecd20d48eb14067c7900367111df5ba
SHA512 932f53b6cd2aa55ab1475d85528069357fa7d9eea26051d1a4edb11872ca30d02c31c44bed3a48f0ccdbebe556e9d8ec2f4a0815bf177d93ab4272b3fe2fb0b5

memory/5468-993-0x000002C9E3BC0000-0x000002C9E3BD0000-memory.dmp

C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo48.png

MD5 2f0a6a34d9b95bba0e3358ddd41ff2ac
SHA1 f39a9e7aeab9fe86fd9034284516de40186e6e93
SHA256 6f575f1cac9f29b8f1f8a83a580811bdedeec88f9d4cb78ccecb553cba251ca5
SHA512 a3c2094377b355a56d7d69f2a53baac58ebf3b40c5c031ba60fbc6f53e72e67e537e7bddee1489bbae4b41ea23311ad6b6f5c841e7b070dcdeca4bb8a6043084

C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo16.png

MD5 f0f11cd478cc44d518c16820ede9d253
SHA1 cfaf8d2e071f2ade0894578e5b44e02032d27be4
SHA256 321695dbcac7b2ceb14ef2651705ead5c0c42815358082b758ee803a37e945bb
SHA512 ac736abf8a776918df4094929efc29f7ae643aeef8d9b464653e3b7272a0799e58dc961dacadfbf9f42f575dfba14df7e6f4b1256c2c83dfe333ffb2ed3a1de8

C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo128.png

MD5 e9644ca5ae7636724dc9a4184e58a2b6
SHA1 5565852be351f3783ec337df2927c2ec3a7928b1
SHA256 64911978b85941ab0fdbb4d5fc17b79c80635b67788da38446f3052157c977f0
SHA512 8316ad1bc6d58e66a762c0fd912ded6df40051eb20eec95f0557ff5111fb9158922ef1e3fcbe477a862a95b4a791c598bb614b2aa9fa29291ac37c12e8d4cc30

C:\ProgramData\ChromeExtensionsNova\extension-cookies\images\logo.png

MD5 2cfd3dd20571cce21f09407b28b565fb
SHA1 07a7704986e963e9ba69f7109b7450deccd23eb2
SHA256 c9eb076f465aac3c93c61f34fb7cfef6677bacbab7e0611c1c41b80b7f057792
SHA512 bec2ec4d1562c45aaa276e1687786ccd494afefe93dfa330c600e2ad8ac6783ea7988c284df42c5c811afc5d73686484012584faf553e9777f4cb0b7ad436e7d

C:\ProgramData\ChromeExtensionsNova\extension-tokens\manifest.json

MD5 42ac88deb5c3cfc02fdc1c27319ee067
SHA1 97b1addf35159800b90743fcfbb5505e80f6eb82
SHA256 28486361faff1827fb9f1871529c48efaaf86027592d189afa6f99b14eb3f4bb
SHA512 77c4054a3cf061eb6f4f6e9803b74833a8fb0fe352239b5b47cf39ea5eea8104b9da6deab75018557476fbda856f3be8d57e6fe2eb777c45a7a1bdb1e72d02d5

C:\ProgramData\ChromeExtensionsNova\extension-tokens\js\jquery-3.5.1.min.js

MD5 0026407b23f2f4ef74a698dfa256fea9
SHA1 ee5634848178199cf62272dc38be5ecda79bf158
SHA256 60104556647927c807b353ec3241ec427dd191609aed3dcad91866b8352219c4
SHA512 1de29dc8c69d9e7684d024b49d34799784d57c62721d620e9dfd33ce2eb536a34695699c9c9c59a700c0c8afc01f80a589f0381a647c2692b4e54849fcbe33c5

C:\ProgramData\ChromeExtensionsNova\extension-cookies\manifest.json

MD5 04c23766134b234e85cc537b2162efb1
SHA1 45c48d9ca30a4580a682f025cc66331e49f6f158
SHA256 f50f62683347bbca52d7f7de0c877014ae77043753905628644e2d485dfb4900
SHA512 d246f59ad6d6e9fc8d8d88129302d55cb3d2ba7d52496915ee6791fa0576153070af76ea689cc74ccefc36456df749ac5c8f45cb12702961470f202078bfcb3c

memory/5468-998-0x00007FFAE2590000-0x00007FFAE3051000-memory.dmp

memory/5468-992-0x00007FFAE2590000-0x00007FFAE3051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mxrZl3BjZES4Z9P9kJ3H\System\AVCIKYMG - 2023-12-29_125625.png

MD5 11c84b1645beec7cc280198fe53d5d5a
SHA1 77b118ec63e6c1631a1262e1cfd9282e10317fde
SHA256 8cf3a362e154c91b60dc144681135d7dea13e38242bb3d17443a886c8debadeb
SHA512 2990492a4ee1f0c527d1b8dbc3ce9172b620cf4116910819380f6e66e339400feb3e83faa113fde28d1f2b0e999f91b6516b7046fae49279c6beaca5a6abe619

C:\Users\Admin\AppData\Local\Temp\mxrZl3BjZES4Z9P9kJ3H\Logs\Error.nova

MD5 8433e1fbe75f1c04bfe6305046a07c68
SHA1 c94f197743cc9f383718c1e94ff46e556647d012
SHA256 643ef28258f63793a08d22c5e8f86ce78e83bda10a063ccb17e2c5372f173e5a
SHA512 2e7a8c7442d0c50fac8ecee8010657778819f90057375d3c7bc512cb3bb5e828ffebb50a8054d09c735e03c0553ffe90f7acc96dd620ad0a6ce7ace41f76fc7b

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\Panpayasetup.exe

MD5 54ae71f7d7f586b0cb2a50b2460e3cc6
SHA1 eb9568c82f1c67007158f2961ef595b4e9b4a673
SHA256 d6fdf915dfbe10671b0f4e567f33b52817f8b222651fdd5c1cc16ab277e607e7
SHA512 bda69dbcdc966094c74494eb9910009949e7964a4daef08d7aa98ee1299ef9403aa35a04add453e635be256c304dd57f579ad0b5236f72ad9ad3dcc6862fe03c

memory/5008-1063-0x0000029AFF8B0000-0x0000029AFF8B1000-memory.dmp

memory/5008-1062-0x0000029AFF8B0000-0x0000029AFF8B1000-memory.dmp

memory/5008-1073-0x0000029AFF8B0000-0x0000029AFF8B1000-memory.dmp

memory/5008-1072-0x0000029AFF8B0000-0x0000029AFF8B1000-memory.dmp

memory/5008-1071-0x0000029AFF8B0000-0x0000029AFF8B1000-memory.dmp

memory/5008-1070-0x0000029AFF8B0000-0x0000029AFF8B1000-memory.dmp

memory/5008-1069-0x0000029AFF8B0000-0x0000029AFF8B1000-memory.dmp

memory/5008-1068-0x0000029AFF8B0000-0x0000029AFF8B1000-memory.dmp

memory/5008-1067-0x0000029AFF8B0000-0x0000029AFF8B1000-memory.dmp

memory/5008-1061-0x0000029AFF8B0000-0x0000029AFF8B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2a2GHa1WdHfa10u2WvpiSmMmex5\ffmpeg.dll

MD5 0da9345cf133c24527b7dba745e586ba
SHA1 06e1bdfdaf16e03ee4c86170b955b89ee5ecc0dc
SHA256 178cd9b5024806f2a9d214adc2898c3e258a6ad1f77da09e885bf4ed81a4af52
SHA512 9848d1ddea845a48712000e1acac66a596ea191b1d47f555c268f98aebd175cdb9843f7db60f7314d48326c5f5cd09c20161eb032109d303fb3fbac0130fbf66