0d3c3a7459799a9670b7b97c2e871a7364f0a742d825a8cc7ca6d34c4b3c0a51

Analysis

max time kernel
13s
max time network
168s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
31-12-2023 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AORadar.exe
Size

70.8MB
MD5

66e499e66e2a896cc03546d776366747
SHA1

ed7d7ffb4dfe350d2e46d7d58ec99e2f6ca7d637
SHA256

0d3c3a7459799a9670b7b97c2e871a7364f0a742d825a8cc7ca6d34c4b3c0a51
SHA512

c05ea551fc359c1272d72bc5f4ade50b823b9bc054c57ab33c073472df3d49f8d80a2979570641098115b2bee5864df18760798f38d241e71035e932a38ec3c5
SSDEEP

1572864:o4/4rzOchPwHjwPORgkQVkh8w61pdvQNU4wYA2Yb7:LkqcdwDZ2PkGwazxpD2Yb7

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3592	AORadar.exe
3592	AORadar.exe

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	ipinfo.io
5	ipinfo.io
6	ipinfo.io
12	ipinfo.io

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Collects information from the system 1 TTPs 1 IoCs

Uses WMIC.exe to find detailed system information.

Data from Local System

T1005

pid	Process
2860	WMIC.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
1972	WMIC.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

Process Discovery

T1057

pid	Process
6604	tasklist.exe
2380	tasklist.exe
7188	tasklist.exe
7072	tasklist.exe
7008	tasklist.exe
6848	tasklist.exe
6700	tasklist.exe
708	tasklist.exe
6560	tasklist.exe
7152	tasklist.exe
6880	tasklist.exe
7088	tasklist.exe
6944	tasklist.exe
6904	tasklist.exe
6840	tasklist.exe
6796	tasklist.exe
6508	tasklist.exe
7212	tasklist.exe
5888	tasklist.exe
6724	tasklist.exe
6612	tasklist.exe
6756	tasklist.exe
6716	tasklist.exe
6804	tasklist.exe
7236	tasklist.exe
7228	tasklist.exe
7160	tasklist.exe
7096	tasklist.exe
6952	tasklist.exe
6500	tasklist.exe
6596	tasklist.exe
6520	tasklist.exe
6628	tasklist.exe
7120	tasklist.exe
7040	tasklist.exe
6976	tasklist.exe
6920	tasklist.exe
6872	tasklist.exe
216	tasklist.exe
7204	tasklist.exe
5524	tasklist.exe
7060	tasklist.exe
7000	tasklist.exe
6992	tasklist.exe
7016	tasklist.exe
6748	tasklist.exe
6832	tasklist.exe
6824	tasklist.exe
6764	tasklist.exe
6708	tasklist.exe
6536	tasklist.exe
6492	tasklist.exe
2812	tasklist.exe
7136	tasklist.exe
7104	tasklist.exe
6856	tasklist.exe
6780	tasklist.exe
6676	tasklist.exe
6588	tasklist.exe
7220	tasklist.exe
7128	tasklist.exe
7032	tasklist.exe
6984	tasklist.exe
6888	tasklist.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3592	AORadar.exe

C:\Users\Admin\AppData\Local\Temp\AORadar.exe
"C:\Users\Admin\AppData\Local\Temp\AORadar.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3592
- C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
  C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
  2⤵
  PID:3912
- - C:\Windows\System32\Wbem\wmic.exe
    wmic os get locale
    3⤵
    PID:4372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1656
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:2380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=3592 get ExecutablePath"
    3⤵
    PID:3048
- - C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
    "C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1408 --field-trial-handle=1652,238710529952820700,11332091123583235614,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "echo wlan"
    3⤵
    PID:4812
- - C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
    "C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1856 --field-trial-handle=1652,238710529952820700,11332091123583235614,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources\app.asar.unpacked\bind\main.exe"
    3⤵
    PID:308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
    3⤵
    PID:1632
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic logicaldisk get size
      4⤵
      Collects information from the system
      PID:2860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
    3⤵
    PID:4600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
    3⤵
    PID:1760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
    3⤵
    PID:1860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
    3⤵
    PID:1328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4468
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:6840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=3592 get ExecutablePath"
    3⤵
    PID:708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""
    3⤵
    PID:8136
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"
      4⤵
      PID:8176
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""
    3⤵
    PID:7308
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
      4⤵
      PID:8060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""
    3⤵
    PID:8072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""
    3⤵
    PID:8148
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"
      4⤵
      PID:8336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""
    3⤵
    PID:8528
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"
      4⤵
      PID:8880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""
    3⤵
    PID:9076
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"
      4⤵
      PID:9108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""
    3⤵
    PID:9096
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"
      4⤵
      PID:9324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""
    3⤵
    PID:9436
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"
      4⤵
      PID:9844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""
    3⤵
    PID:9196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""
    3⤵
    PID:9140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""
    3⤵
    PID:9972
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"
      4⤵
      PID:10032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""
    3⤵
    PID:8064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
    3⤵
    PID:7980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""
    3⤵
    PID:9440
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
      4⤵
      PID:9984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""
    3⤵
    PID:7372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""
    3⤵
    PID:10184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""
    3⤵
    PID:10124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""
    3⤵
    PID:10060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
    3⤵
    PID:5368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "cscript C:\Users\Admin\AppData\Roaming\m68cIusBuDwF.vbs"
    3⤵
    PID:5352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""
    3⤵
    PID:10032
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"
      4⤵
      PID:10104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""
    3⤵
    PID:10096
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"
      4⤵
      PID:10172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""
    3⤵
    PID:10148
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"
      4⤵
      PID:10232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""
    3⤵
    PID:9328
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"
      4⤵
      PID:9848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2284
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\sBlFPmNl6yIQ_temp.ps1"
      4⤵
      PID:4596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2340
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""
    3⤵
    PID:9552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""
    3⤵
    PID:9800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""
    3⤵
    PID:10152
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"
      4⤵
      PID:10132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""
    3⤵
    PID:9452
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"
      4⤵
      PID:6656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""
    3⤵
    PID:5520
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"
      4⤵
      PID:5232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
    3⤵
    PID:6456
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      4⤵
      PID:7080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
    3⤵
    PID:7928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\31kOpO6hFl9D9yWXQVzc\System\cam.3912_Admin.jpg"
    3⤵
    PID:5784
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -Command "& {netsh wlan show profile}"
    3⤵
    PID:5800
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"
    3⤵
    PID:5380
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard
      4⤵
      PID:2916
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"
    3⤵
    PID:8424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\sBlFPmNl6yIQ_temp.ps1""
    3⤵
    PID:2284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
    3⤵
    PID:9116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\31kOpO6hFl9D9yWXQVzc\System\cam.3912_Admin"
    3⤵
    PID:5808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""
    3⤵
    PID:6588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""
    3⤵
    PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""
    3⤵
    PID:8988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""
    3⤵
    PID:7688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""
    3⤵
    PID:10188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
    3⤵
    PID:344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
    3⤵
    PID:4164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
    3⤵
    PID:4212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
    3⤵
    PID:4016

C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=3592 get ExecutablePath
1⤵
PID:832
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:5888

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:708
- C:\Windows\System32\Wbem\WMIC.exe
  wmic process where processid=3592 get ExecutablePath
  2⤵
  PID:4484

C:\Windows\system32\more.com
more +1
1⤵
PID:4648

C:\Windows\system32\more.com
more +1
1⤵
PID:2132
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:6788

C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
1⤵
PID:2760

C:\Windows\system32\more.com
more +1
1⤵
PID:3700

C:\Windows\system32\more.com
more +1
1⤵
PID:1684
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:6580

C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
1⤵
- Detects videocard installed
PID:1972

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
1⤵
PID:3084

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
1⤵
PID:980
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:7196

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
1⤵
PID:3292

C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
1⤵
PID:2920
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:6740

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:216
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:5524

C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
1⤵
PID:364

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6560

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6620

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6628

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6804

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7088

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7236

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7228

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7220

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7212

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7204

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7188

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7180

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7172

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:2812

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"
1⤵
PID:8180

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"
1⤵
PID:6684

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"
1⤵
PID:9172

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"
1⤵
PID:8104

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
1⤵
PID:8040

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:5472

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7160

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7136

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7152

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7144

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7128

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7120

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7112

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7104

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7096

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7080

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7072

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7060

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7040

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7032

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7024

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7000

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7016

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7008

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6992

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6984

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6976

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6968

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6960

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6952

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6944

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6936

C:\Windows\system32\cscript.exe
cscript C:\Users\Admin\AppData\Roaming\m68cIusBuDwF.vbs
1⤵
PID:6928

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6920

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6912

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6904

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6896

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6888

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6880

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6872

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6856

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6864

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6848

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6832

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6824

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6636

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6812

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6796

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6780

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6772

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6764

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6756

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6748

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6732

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6724

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6716

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6708

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6700

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6692

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
1⤵
PID:6684

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6668

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6676

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6612

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6604

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6596

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6588
- C:\Windows\system32\reg.exe
  C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"
  2⤵
  PID:7852

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6552

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6544

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6536

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6528

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6520

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6508

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6500

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6492

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"
1⤵
PID:10100

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"
1⤵
PID:10164

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"
1⤵
PID:9456

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
1⤵
PID:10224

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
1⤵
PID:9840

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"
1⤵
PID:1916

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"
1⤵
PID:6856

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
1⤵
PID:9456

C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" wlan show profile
1⤵
PID:7144

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
1⤵
PID:5700

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"
1⤵
PID:8780

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"
1⤵
PID:6436

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"
1⤵
PID:10228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
17286868c0a043ae5d2ff5798b6a3163

SHA1
b83b23cd57c7fb2c937f5bc18aeb7ddc955b5401

SHA256
40321e18ed0b9eb7e3bc937d3e207ea2039ff45267483ddb4a51f7974475dac6

SHA512
e15c11982c0569a389a7dbd0889edd1ef9a8ffb21c0e8ffadebc10e1353f4485524b18ca8e041c66c98d05fb984544da122755e6c2a25728453aeaf4175bdee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d005088b9a64e5eae475828aa0512822

SHA1
b7261f5b5ea802b2e5eced3d4547b979fa976222

SHA256
3b4fac01c4df55bf210a7c9878106726ed07d36cb37d18bca702b5a0cd364842

SHA512
8b0fe0b2bbd529e1634e016c8aaca5a904849b49c5ba03997d3506dc4f4db520e1f611894fbacc802f9a623b16d0822b417ed04b6eab95a087f213446118346a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
03f153a58942e1d844479d0279c2e9f0

SHA1
caf05beb395cd5cf906325d79adee3772d06ccf5

SHA256
b42f1e98afede98f545c9953a9901b1df99289c9416b5c28f7f84bee6a7e947f

SHA512
1ff5ac5c5fa3006f740d667fca9404d2d84d9ec25e446eb310c2b99b4424026aba60c5b3966d974973b6e8d5671be03ab409d1fc48eb7447efa067c38a8b4401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
e45ba8795ba0e9cc1f7fbbb72edcae5b

SHA1
b06d475aa6209f982e821f24409dbd565b9a1a81

SHA256
fbf967eb60f07689c35c58c5d5efcb86749846e60aa64ae86cdc3f5ef1a29725

SHA512
624f6e90785bfb1dca6b5e01e1261da38d80379ff8b8452cbadaefa09df9b0b2bb632bb4ea431d801de07ec8015211f244246bd8bdb9f9d6520fdb53e68ad5ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
fcb68f92b9fbf127015f0edd7264d63c

SHA1
2711f93cbf4ace9026d96046b1986c3a21dbf5b1

SHA256
2464f73433229fd0325a9f0c140ae60550e4099778e6506128c8d816b06a64f0

SHA512
ab332707842c78ffd9e4adc52b0986ac14879736037791cdef33c16b2967417d47f9625cf5d99bf01b9b69c15a1957b2fd37b834e9fd50432cafb216d33c633c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0328ebc80cf7f81f3386d661ee3c0c00

SHA1
30ee9d202eb94a9d5d098eb4eaca3d078f6236ce

SHA256
ec84c0408d9bcc344006448cde039192161ec78045174cfc0f88e1be5f56d4da

SHA512
e4ecba71669222eb7ff79e341ab36aa470bca4675677ae6dd95cb87a96c06f43ce4fb95e7a19d8200cad4f875b8cf758c10a2ecc3e6c7c23cf678740b629bf29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1233eb6c0a51ea264c1155f9983ccdc6

SHA1
269f43dbcdee9f6fd56e535574fc5b8c71b092b3

SHA256
e202b72a1cda5e628a4ad006320b5aa1afafb52d90eb9d3c2a8371cf2168db44

SHA512
ee13f65a1cdb29db2f8a2a088835d13cbf384070e714f15da90b516d76f19adb14cefeb5a0edffb0e42cea3c1e5186d03148f018cb830139b5f0a69f443b057f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe

Filesize
712KB

MD5
fea3c0afa1ff5aa744e4aa57fe7fe584

SHA1
2e1b16c02a81f5dc3aa52a2016762649154a3b5e

SHA256
e8f0f70096033026b07c2f318d0fd6a3484b5b897336794a6ebd32693d9ef667

SHA512
9183932b8bfd73c11a32fbaa560ecf0ce25dccfd4a823a146b93d246acfc48721536bfb385b549e5c5e72c41d5f40a056c0973fb7064385e345a1114a1149acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe

Filesize
35KB

MD5
8a19677002aa61167cbba38551d20c28

SHA1
f14dbecc6ae8899a1559f7b552cb92d22f881bb6

SHA256
bbe8f15e87cc5b17df52f3aadd1dbe9d6a8af6b82662c7ba6851a9ad5223eb3a

SHA512
0a99ccbcd02877d04ba6cb5a4bc38c24e01de928d90fa13a794769329a3aad29ca875be68f8a8bc926e3996a4203d26ae8ca6c3de1324e8e796272af3cc2e2ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe

Filesize
22KB

MD5
49d859339c4ab3a60906c0b9cff7cc0f

SHA1
fe6ce0f666209bd1f0917c453cceccbcacfa5c92

SHA256
ec8b8c639a328c9036d9e61b11a6a1bb32560684e5bacca721774725d71eec07

SHA512
3141b31b9be9de92e7c731c8ab2850f028349535b47d0a054d8fb3fba55f3356aa477b78ba91cfc36b40a402d1957b9b2efab62a8828159de8279c8abd4bfad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe

Filesize
43KB

MD5
0c96495df215b3967496d488020a9a00

SHA1
cbe503d244b0d55807ea00bc01f490e1f54a2df8

SHA256
22b35b0a35f774efc3f824c87e6546460991c49cc06b1c566ec38bf1219ea76c

SHA512
2baf6fc599ac37c30e1ea542c1ecc7beae0bc25c27f9740f72c70c7e76561f47bae835ca3ecc04cc1ea7636da9a33f13da06ade9004086c0052504fe1976aafc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe

Filesize
1KB

MD5
cec5f7c7306757484d15e05964991641

SHA1
2ea7578934413b941b9ce4fe3a1d93e14bd7a193

SHA256
9649ebad46288a3b31d4741d2c2bdb7710b0b69e6d4d3efe84900ae93eeca1d8

SHA512
91fa21d228f420571c0fb962870f265f29973a05afcbd15ad4b48364e308ff2a12d0fbf24ed446b21dad83174cff0b94184a33648df95e95620521a954958bf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\D3DCompiler_47.dll

Filesize
127KB

MD5
4e8b8eff44d29b1817ef053906ce5454

SHA1
185543d3459c1c542d47a91a6bc2a82dd51320c9

SHA256
cc10e2c3de6a3da70725e0b767862858c4bd57cc79749166f2529b49d9c9ff6e

SHA512
65f1d5798d41afa29746c71c7687eda04a882bd33fc6d3d22dd3d5b9153c34666c3f59ddc36a4fb5da13ddb0503526fe478ac7e94378ab296596d3f97e0ce2ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\chrome_100_percent.pak

Filesize
72KB

MD5
da8134c839bf0d5f15059558e9e7e146

SHA1
c62afcc617cc6f08dd101a5b22f3bfba99aae295

SHA256
4705d14bb377314c7a4d089f9166101f49533b62feb1f02e9bfe862e1ba8c30b

SHA512
77f4d8e03ccefb263ad2697d88ba98fcffe21819136cfceb49907c503d93ea8ef944449a1f148ed31f3bc0992e6f7c45b4c884932ebff79f72d0e3dfc9ace366

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\chrome_200_percent.pak

Filesize
116KB

MD5
8570eeebecc57ce643ef7b3e2d3230c9

SHA1
d4e287d6250c8f76a7bc3e10ec98321a42279235

SHA256
a3fc67876a8c9d38662570220b6f9df550749b90d8d54237afd5cdb2b4060ec2

SHA512
eca562d883d0edd61d10edd45865fec259016beedc922c893b885abf1c27862d3eefea2a66818a89d6016d1aa5addcd72d79e0a92878415316b1ead50c4ca236

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll

Filesize
80KB

MD5
2de3d263c102464ac2bde5585de2d044

SHA1
cce68a1020ee66d955e53800d32d243f79eadfda

SHA256
613eee35d70fcce9a842bb9230759e0ebf432668dc7f03972dd06d013a0fb846

SHA512
8667ee1241000560bf187ce4a5a959f35f0a8d75ac8f774e3c544811f26a697c86a78fadd112a3d06dd505fbfdfaed4aa136ab4c4fe8417f3f809c1893dbe821

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\icudtl.dat

Filesize
308KB

MD5
619ef40d0d529363ec2eb192244158e1

SHA1
8d1d22cbbfd7f5a18e9b1aa55e39faa17aa341ec

SHA256
29f9680139d0047fecf40b345d53fb4caa15b8770b0daf2aca5ec96490c278d4

SHA512
838bd39d127bf6105b4f00b5093e5e144f197ae57c90aabd060fa7c7f713ba59da484932e2259adf97017ab2c0f9b8f3d4d5fb7bedad64775c05cc1014dbf826

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libegl.dll

Filesize
71KB

MD5
be16ff768e8b9a9a162efcbfb0573bbc

SHA1
02932e09fb91eee9b56ae4ceec195c6db0d4ac52

SHA256
4db4c6c3fe56f1fe08e632051a8c984d729bf02c1c01975de9773959522add51

SHA512
481f4c3cc8ed317bf1a46f55cb57bf289eb7e2cc8d21ace66a69019090e3ff47cdc55ee5ad1d3843ee9106cde29dc8fb096ccb9871decf5362a47e00a4f79040

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libglesv2.dll

Filesize
41KB

MD5
4521fea12904fa25a797e5e26de6f800

SHA1
6b5dbd043e910965624b1d143f6f33171efdfea3

SHA256
f150f72f9c15bfc65a30c6873191481d9adff7fd3858cff9bcea5ce525ecfdad

SHA512
943a9144d76cc29f7b9e895de3f35abc0cd10e651204b95dd57e59bd07180bdc0d35cf73cf3f6609f8fb9c8798015990295fd8aa80c6ba997125f6d78eb04add

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\locales\en-US.pak

Filesize
69KB

MD5
e93f2fb50bf6bcce2c8e20b577f40307

SHA1
b20f0a989e3c6a0376f076334083926bd805e0ea

SHA256
2a797fc0e9df408046e09853bacba92d9a8940fa719e211bd7b95d6098496844

SHA512
fd5a8fea44df56b932fa158903fd4f08828c556abf78cda9a7408ec678bbf9337150577c7e54a459043709aafb15dd9056d4918e3c56bc6382df55908ffa8d6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources.pak

Filesize
64KB

MD5
141bc756e5d12b845598ea1d88df11bc

SHA1
25cd040d102f9944bafceae397eb583be0dff406

SHA256
492b4738b865746edee4ee41cadc71c5e830fd5c1aa67ae467c9e5399cc42b6d

SHA512
56ef550b1d3e78b26c20ed5e953a994c9191c030078b9e362edaa7dff8d13d90f5b52e7d5106b62bb7a321a5a52d46bf2847be8c32e03f63bc36ea05bcc21c9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources\app.asar

Filesize
236KB

MD5
11ea1cb2cfb93d1920dc1764be0f4872

SHA1
a4308f3243f4628c684086cc651aebdf1ef1a29e

SHA256
08303fe6fa14152fc26a2c7d04066c972f1c8af16f6f3f5abba983ea7976d732

SHA512
619487987baec8ba6cfe5201976cb963ee50e2a4cf8f63d044b8776a2f9c210b172e18687c1f642a2663e3f53e2a3b31ea1e01fbc21143630d54cf730fe7f688

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\v8_context_snapshot.bin

Filesize
608KB

MD5
bbe5e5bbd7ff90f1caea82f9f98fee74

SHA1
5f9e07f24d5bf078459fca610a25396909b0931e

SHA256
e10c21505c802bc1d296edaac801e02586acbf757398b6ae4976f2f8ee678507

SHA512
ce4d36f8c58d8ca57e282268cf191b16bb28916769c0513cf45b82db86a1861330469e2abf4673c5d41ff3657942fe05a08eff584e457c15c062410cda8bc5a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\31kOpO6hFl9D9yWXQVzc\Logs\Error.nova

Filesize
618B

MD5
4c622ac3d453821cdb7e132bab807c10

SHA1
9cbac8a96e36568b7ff883b3e8f5cda14f92a6ad

SHA256
fdc85bb7034ca61e9fd80d003369d1559972cf86157f2de332793c4d2048d70e

SHA512
e8ed07bb99c2bb5a14ecf8df0aa12ee46de91c5dfa8748b699ccab1beb3a41c1709c6d15ccedbb42ee5610758c42c6ed0d421dba47db107b2819cc6fa0dc90b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\31kOpO6hFl9D9yWXQVzc\Logs\Error.nova

Filesize
1KB

MD5
9356987442d638e56ad7f916942d1d2e

SHA1
6bbe68283bd1b56ade20cea028cc7a08be62684b

SHA256
4c8a048e840446923052c758ab07af518635dd1580386d6cf7d4f374a7a94fb4

SHA512
e411ae515440de11ba33b3c73f70c8c63fe21dfaa57dd36e63f7bb0aa5790de33ba42173c0fbc58b66bc96b63d2c8316a42811f134ec2747bed5395f66330857

Download Submit
C:\Users\Admin\AppData\Local\Temp\31kOpO6hFl9D9yWXQVzc\System\JJIOKJZN - 2023-12-31_223624.png

Filesize
15KB

MD5
27787df7418222c5e64d3f3871bb49d5

SHA1
6ffeef14ee953b4182b4b5735b16554817ba72d7

SHA256
9a4d58059d3fbf3f4a032cd992c40ad58043a9844d1cd72a135702cf06a56a62

SHA512
4c5bae7129e832a8f6ae98270efc4918a1741669783e2a1cae12be60bb4f373e758749af7d0fa18225103870012a34bfa45e96dab2b91f54fe3ea718464e4381

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3ntigira.t43.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\LICENSES.chromium.html

Filesize
1.6MB

MD5
a67868f6b0598d105d48d389d8b89a0e

SHA1
34da64f73a066ea1757241e5874fc6e0e0893594

SHA256
2c9a362d0c9aae965d475f6370db5cb99d94eb38a7d1f6048126d0c7562e7b03

SHA512
624477a0ba3afd6b92c68664d1d97d1fd675bd839418ac06739321dd3b71951b2bc96c3b9b4f7952325fff4bff02f9d79558245f706405df0a33c70aebb7cd42

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\chrome_100_percent.pak

Filesize
138KB

MD5
9c1b859b611600201ccf898f1eff2476

SHA1
87d5d9a5fcc2496b48bb084fdf04331823dd1699

SHA256
53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b

SHA512
1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\chrome_200_percent.pak

Filesize
202KB

MD5
b51a78961b1dbb156343e6e024093d41

SHA1
51298bfe945a9645311169fc5bb64a2a1f20bc38

SHA256
4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9

SHA512
23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\d3dcompiler_47.dll

Filesize
935KB

MD5
ee1403ca9fc3930092ee599e559f1fe8

SHA1
fa536d759ed088918c7ae096453913cc84c97d7f

SHA256
b9f49d17d908f5367db22c3db5330499a0c3da9bf2a943069b33184816b9efde

SHA512
3a8c6007ceb9d7d8d9a949173b5f4cdeeacd857c23401de57d4a6b0c570f2f92f195c564d6c4f0e56328a057f6f145c2b86043df3f091b5a2efb8799c4ed855b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\ffmpeg.dll

Filesize
960KB

MD5
80bf62a4f8d5e56373fa5f9527c45a00

SHA1
a80fe107c2b99739dc87100ca859510ee8840e65

SHA256
5e936c629f05f68779942a674f0f6211f7dc8fd0713fbac893f3aa723750657d

SHA512
eeda6e96ef53f69649bc89fb4e63fb911c2d6d12f380de6ac4be573d816e5e7e2069b24f86dedecd867d9e32e85270476062797ca544659bf67f49acaf76d5bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\icudtl.dat

Filesize
921KB

MD5
67f38397aa03afb42dd9c8f778b08f17

SHA1
bbc223bd403d081c4b0e4d5b80b2c59716799436

SHA256
e3991aa80a2354f1d79274cf3448c0650b16cc6061bc4d6f40866e532a803165

SHA512
76c60193d2c6aa0abbc27b755d1a608d3c07204bfd8fd625abd37f93e0795df71a08c639e99565fde4e1737f51f5abece0f32edbdbbf843a93b080b35a8cb441

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\libEGL.dll

Filesize
437KB

MD5
8352fd22f09b873193cabc2932be92f0

SHA1
5bd2b58854b279f1733c5f54ea2669ee8a888d9e

SHA256
14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c

SHA512
7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\libGLESv2.dll

Filesize
1.4MB

MD5
5487b1026238067f60d1842b077b0e61

SHA1
ef7798dc089acb36e137c442b719fd7b6204041a

SHA256
b777070d4d9a0ce95a6e2170b72c082b8cb87046a1677f5b743d9e785bfd9d1e

SHA512
e54b94899a5d6d1cafcc235dadb52f823abcfb4856b737064bc600a23255d61ec19f47cd4ec6499acf4e631348d291a9d15b60a6c0272f958466394575adf250

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\am.pak

Filesize
175KB

MD5
e18a450ef034b42599341c3d09f280f1

SHA1
2001c8a85904962ac3a96938eccc69ad2c110fdf

SHA256
7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da

SHA512
ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\ar.pak

Filesize
181KB

MD5
6f3e791b4d35ee7d9515614d128752cf

SHA1
181ec3a84fb3e89336d77f24f562a2cbe07619d8

SHA256
e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60

SHA512
3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\bg.pak

Filesize
196KB

MD5
5ba0c7200362c9ed55610cc8b66ef53c

SHA1
d45239c2f1b00885407771a41a7776fc1fe8fa3b

SHA256
2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7

SHA512
6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\bn.pak

Filesize
253KB

MD5
47c95e191e760dee3ef43345577e2379

SHA1
609634315270a91d4ec631642b18bd0036367aad

SHA256
ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7

SHA512
46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\ca.pak

Filesize
122KB

MD5
423651c45566cd90ea5edd8631e823b8

SHA1
13bed4173a08bcbfefba034aada3d838eece6d16

SHA256
7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414

SHA512
e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\cs.pak

Filesize
125KB

MD5
3cfd9dc564cfcc33cc5524711365c376

SHA1
2e5016d2643017f37658262122974429f18625a2

SHA256
8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee

SHA512
6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\da.pak

Filesize
114KB

MD5
55a8f5883805a65c854d25edb3959209

SHA1
d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268

SHA256
e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb

SHA512
4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\de.pak

Filesize
123KB

MD5
b73344e5a72fca6f956dbab984c123ba

SHA1
0561073aa40a63a9ce9930dd18b18e12ff139b2b

SHA256
6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b

SHA512
e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\el.pak

Filesize
216KB

MD5
38440b98bfdf5ed496da0f49d59534c0

SHA1
1498d9207ecaf4923a47271e24c68a817041c82e

SHA256
b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f

SHA512
95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\en-GB.pak

Filesize
99KB

MD5
52e2826fb5814776d47a7fcaf55cb675

SHA1
51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b

SHA256
83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454

SHA512
69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\en-US.pak

Filesize
100KB

MD5
0bb857860d8c9ab6d617cea5a5bd4d00

SHA1
351b744d95846bff2ce5f542fec2e87439aa0f8b

SHA256
5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816

SHA512
33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\es-419.pak

Filesize
120KB

MD5
b261b1efe945365588befdf68879040f

SHA1
616f44a5f73f0449b483f36ccf831db6474a10d2

SHA256
1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4

SHA512
9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\es.pak

Filesize
122KB

MD5
f83d8f7f6108786c02c2edbf3d85f147

SHA1
57781d9d9eb7c90cdc71f78e25d0763045b6d29a

SHA256
5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d

SHA512
12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\et.pak

Filesize
110KB

MD5
c76db3385190c6840315c4497e40258a

SHA1
34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46

SHA256
e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f

SHA512
90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\fa.pak

Filesize
173KB

MD5
6458a239e994d8d18315deccd35389ed

SHA1
75c985f43503a6c44645786d46639a6b555ae163

SHA256
300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34

SHA512
3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\fi.pak

Filesize
112KB

MD5
cc592d91ce8eabaa75249cb78b889376

SHA1
f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac

SHA256
b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20

SHA512
58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\fil.pak

Filesize
126KB

MD5
40bddaf97f64dfea9ebafc7f82166f80

SHA1
90d1fde3c0b27d2184f0353991259c2a92c7820c

SHA256
39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2

SHA512
d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\fr.pak

Filesize
131KB

MD5
c3095ce1e88b0976ba7bef183d047347

SHA1
b14cfbf6e46ac1f189595fc09660178525301138

SHA256
66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272

SHA512
29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\gu.pak

Filesize
245KB

MD5
63a7fdc4eadf8ef1c35c72468a0ce33f

SHA1
e8d064f0e9c8a6a8c6ccb036711e292d011d9466

SHA256
e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c

SHA512
0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\he.pak

Filesize
151KB

MD5
6a02a37e1ca3215fa9ee0e1b0fbcf5e7

SHA1
89a8a126c0bbf536ac58e29fc50e045fb1b88220

SHA256
f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986

SHA512
6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\hi.pak

Filesize
253KB

MD5
590e9e73df9cbd83cd87b9c03848fec9

SHA1
da125e60a5a2c51a2d6219d3f81688bd22237b59

SHA256
089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9

SHA512
fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\hr.pak

Filesize
119KB

MD5
6f92235e6ba003af925a2d6584afd27d

SHA1
3ceba61e9c2975466b6244188f5ea72aaf042fc7

SHA256
479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840

SHA512
82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\hu.pak

Filesize
129KB

MD5
71d42cb22d2d7a8b26c4514ab12df3aa

SHA1
cd0307503a7906f1742d1e98fc816959319c2171

SHA256
b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6

SHA512
29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\id.pak

Filesize
108KB

MD5
e40cb2f3b4db379e4d187aeef0dfd300

SHA1
537b1ebc615c980c89bbe2b9e91a11199fa7d6a6

SHA256
3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5

SHA512
b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\it.pak

Filesize
123KB

MD5
5aa225aad4f9fe6d05ec24905a827d88

SHA1
f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22

SHA256
96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab

SHA512
3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\ja.pak

Filesize
143KB

MD5
833e8c4aa70351b6be7bd403e4e9a0a7

SHA1
46ccdbdea35deec8ef13a5fc833776875fad187b

SHA256
74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0

SHA512
e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\kn.pak

Filesize
277KB

MD5
5115cde84b4c674db412619b65433004

SHA1
164f33e7e2e9f685a579da492a6fc8806beb6cbf

SHA256
891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7

SHA512
090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\ko.pak

Filesize
120KB

MD5
d6e2c18c9eabba59b50d147d942125ea

SHA1
0918879203c2050b4f9f449f5616e430897ba0b9

SHA256
f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76

SHA512
f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\lt.pak

Filesize
131KB

MD5
2d4fca437a7548893dc4b51fa5b33c33

SHA1
c1493013d7d981ea9223716e415380992de65c2f

SHA256
776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769

SHA512
b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\lv.pak

Filesize
130KB

MD5
264c6e20b3088ceb4dae5773cef0cb55

SHA1
fb6ff83ff14df008092bc3ee73bda7491e8e090e

SHA256
a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda

SHA512
01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\ml.pak

Filesize
292KB

MD5
04b2540c25990a5e0a9b227dcce6ae0d

SHA1
4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e

SHA256
556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661

SHA512
4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\mr.pak

Filesize
240KB

MD5
f22c99fe6a838e333e8ee06a4d01296b

SHA1
c3542ea8dd45a2b387dd02fa5687948f135e10f2

SHA256
b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911

SHA512
882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\ms.pak

Filesize
111KB

MD5
6cfadaa784e687e6dadbcd80e631bc9b

SHA1
481acb75f525055bf4e45ecabe0eadcb9c492106

SHA256
fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71

SHA512
0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\nb.pak

Filesize
110KB

MD5
b61e42f66d581b6a8929cdf5fb10662e

SHA1
6f06fa9ee092fbcb61bbd668734fb3b92cfb549a

SHA256
1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e

SHA512
79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\nl.pak

Filesize
114KB

MD5
cf6b1cbfd669e9461553974ba37a475e

SHA1
b33867e9bc7fd88ca98a76dc4bd756bcf18887aa

SHA256
9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864

SHA512
e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\pl.pak

Filesize
125KB

MD5
644c0ace25d6e532b56510a736c6bc2c

SHA1
1bd0fec952107b493da04c46423da634ff3e1504

SHA256
2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7

SHA512
9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\pt-BR.pak

Filesize
119KB

MD5
88ad860c73676ffb4025b5c691f29942

SHA1
3c5e5b999ea7153ccdd1b4cc7b6162de3456b558

SHA256
25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e

SHA512
41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\pt-PT.pak

Filesize
123KB

MD5
ecd84b296d3bb312ee18e21017311986

SHA1
f5625523f85c10723750834a54ff59a2dd886fb3

SHA256
fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94

SHA512
e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\ro.pak

Filesize
122KB

MD5
24b01a438a3ab9699d4ca97c081b5e82

SHA1
0d0b082544d23425a74199fb0a6c11192f0bdf7d

SHA256
38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca

SHA512
43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\ru.pak

Filesize
195KB

MD5
75457b95d2bb03891232dae7db886387

SHA1
e5a7569df7f91533703626d167ecc8cddbd27205

SHA256
e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6

SHA512
9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\sk.pak

Filesize
127KB

MD5
b35daa0bd9627ca88b413a5af7c6b4a4

SHA1
d5efdcbc7ca17de29f3075f6434f31ab2e895826

SHA256
f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177

SHA512
48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\sl.pak

Filesize
121KB

MD5
e015b6f5042be2dc96a4e23dcf035502

SHA1
7946509eed8db1e4c1f3da99ffe7155c86fdb4d6

SHA256
99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4

SHA512
b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\sr.pak

Filesize
185KB

MD5
af7083f2a4bd95dcbe792efade352662

SHA1
dc69aa831836016f6e66c6079931503d534a7862

SHA256
e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd

SHA512
342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\sv.pak

Filesize
111KB

MD5
41e76f7775fc9a2d6e3c02c46e9b32f6

SHA1
088c15c74a68bee69682bf89c31055332b68c84a

SHA256
2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13

SHA512
6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\sw.pak

Filesize
114KB

MD5
99e385ebc1ef8d3daddb3a171fa79edf

SHA1
3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1

SHA256
8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01

SHA512
797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\ta.pak

Filesize
290KB

MD5
31dada843d0b4f9a66b184cb6d7b8b92

SHA1
0320b31981043c6e4c17470bf2ff4c7488553511

SHA256
457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b

SHA512
c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\te.pak

Filesize
270KB

MD5
793a87d41cde6e6d1bb086284f69733b

SHA1
d887e3842b664f55b7308427aa6f5bf0b352d879

SHA256
5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255

SHA512
7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\th.pak

Filesize
227KB

MD5
43edd25f67ce6e6cea5373009ff0a1f8

SHA1
ed72ca6620cf23837e1334be50ccf616806bc5a2

SHA256
287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0

SHA512
7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\tr.pak

Filesize
117KB

MD5
40491896ad21543f339467186c5efb40

SHA1
695dde7cc35056dcbf0a533aff8299d4c6b61bd8

SHA256
43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa

SHA512
18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\uk.pak

Filesize
198KB

MD5
d791b1ecf2931b2fb0c31aac170c7cdc

SHA1
02be115a9ff94fe5250651b6de4323eafc44fce1

SHA256
ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22

SHA512
3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\vi.pak

Filesize
140KB

MD5
69c8796439192577f48bd249175aaf37

SHA1
97c52088ca69dada593db0e42b2135d264646454

SHA256
d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2

SHA512
65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\zh-CN.pak

Filesize
101KB

MD5
098d656a4f4bd8240bed10e7678186c7

SHA1
0c19ab62b4262f1b51558e8aaa79e7741f73393a

SHA256
a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7

SHA512
084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\locales\zh-TW.pak

Filesize
101KB

MD5
c2c35fcedc3708b5bcadf36587393002

SHA1
31d72402cbd44ceb921cedd806259c2cd14e411f

SHA256
cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac

SHA512
9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\resources.pak

Filesize
1.6MB

MD5
010532d775b6601b8dee5f07ec9318b8

SHA1
e215b1f65da19874413d006afe137b2ca73f4fff

SHA256
7eda636e2489c1458d5a896e91c00dba1c757723f93be49180782a74eb6619bc

SHA512
056135cac04b3d3b915c3cbbb595915a9faa853d31f7a0901d6dd71b12e9a2a7f2b771d5a556771d177f7d56e20ccfb2bac763eab773deac5e6fce9c107824fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\resources\app.asar

Filesize
2.5MB

MD5
13c5c0ccfa1978911894f587ee5fc703

SHA1
41578b0abef9e11a4c4ec0ed3e9d5651ec331635

SHA256
c198c8239f91081c6b4514e64549dfb0c6b4b6668dae1d877b8728512a78d2cb

SHA512
2b9885b93ff378452604e707c535bf535974dff94ebd754998666fd97fc1f0bddcb6583c126a0cf4c127340c0f1208ba4c452af2b89d335991e816f1a550babd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

Filesize
296KB

MD5
c20c205c6f8d70a5e1351a4041a3ec9f

SHA1
e1b2a763dd6c42439656e4e55aba0f3610ff3784

SHA256
bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc

SHA512
dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

Filesize
394B

MD5
067e233b0609d56ff4756bedd8c0efe0

SHA1
96419d05adc4b6674948b4ac14f8ab5bb3ce4380

SHA256
6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74

SHA512
94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

Filesize
24KB

MD5
471b15abc9f2e98fb7ed7361d3f045eb

SHA1
95b5798d80a9410872f6ed485ae2b43ca3745540

SHA256
7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004

SHA512
5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

Filesize
161KB

MD5
16a12bdc986207390dd79d658a6b2263

SHA1
b4b41f62cbc1e1ede786c6e30e11df8e61750bad

SHA256
50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac

SHA512
d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\snapshot_blob.bin

Filesize
342KB

MD5
c9ab741bbef53fa0e84952b8891a5f5a

SHA1
e2dcb8d034e07243537c86371de0c52bce62cee1

SHA256
4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4

SHA512
177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\swiftshader\libEGL.dll

Filesize
250KB

MD5
a6935639067d1cd91453e3bb0cabe579

SHA1
9ba1b77b6164e9ff2169b835d674d22299ec9794

SHA256
b7cb4df70e0f0e3d3221b9e9b1ed1396f3913d5810330f41d5e0297c6f6446b0

SHA512
b91626e8d452298c63fb48ae8f73932167d8e340ab08dec10da9ad65b9f674d3a0365acdfad2c92aa0d0f3ba89eb3e27a736f306fdd93e5907cb90fed8065706

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\swiftshader\libGLESv2.dll

Filesize
401KB

MD5
f1466f935bf4dfa445ded13ede5b44d0

SHA1
9ce63e5218ea4e2e9696f944701584b1c117b8b2

SHA256
d62dbdb529f2f2cc3f7384953ac7b525409e7364b771345c3338f257f5bbd53c

SHA512
961037919092bbca8b40fc5d3358d241793bb898cdabf94a6f89cd60435edf61c53e8301bc286972845124ba73bd28cd4ae4f0a3d9cf2744c3f86d8e9d01e159

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\v8_context_snapshot.bin

Filesize
656KB

MD5
47014c0f81bad6d216c617c9c63bf040

SHA1
7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf

SHA256
e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178

SHA512
052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\vk_swiftshader.dll

Filesize
1.4MB

MD5
3074defd4e4f965b80a3f0b53ccb13fa

SHA1
b4b4ccfc93184a7655b18a4c5aa9e102daa27d37

SHA256
ea48ccb15f279fd743c94a73794ca337c9d8bb9ec9cfa16d362cb905e5f3cdd9

SHA512
ce2cf1d5bf1e8dceb17bb3f4dd66348995aaa42ba802a311ba13d0ceb4995363509e10efa9e55d381e7404f46641a92661bc4cf73e8de69bbb02e1e3f766bad0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswCA17.tmp\7z-out\vulkan-1.dll

Filesize
819KB

MD5
b91586bd80e057a7f62bdc4422744812

SHA1
a1df644421ece2e740e5bf0ed98b4f269fd85c39

SHA256
8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02

SHA512
94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053

Download Submit
C:\Users\Admin\AppData\Local\Temp\sBlFPmNl6yIQ_temp.ps1

Filesize
727B

MD5
111735383157838143e15991faadbf03

SHA1
b6428f1416f0d1e9f3983826afd4eaefe8ab994f

SHA256
73caf7199b22adf43dc249814cb30ded41ff4b60e1fccf18ef603e9748878be3

SHA512
d05f0222cba5450f44376a9271bd939840438e60d7fd44f588ef93dd3876ea37234585d449ada84485b0ff563d9ec9fd142cb4c7cf3ca00e3eded1f40aac696b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2HUCPMPN4QGU2Z588CL6.temp

Filesize
6KB

MD5
86656508e6148f7e04d4c0042520b6b8

SHA1
fc2588cb40b37c2c5a6d4d4fdae5d3155f79d9d2

SHA256
187e1c56b89d523007256ec0436813e75e836f7d6b8cdb10a6beb57982fe3898

SHA512
11aa6cc6293edbcafbb909bed93878193142436cf55bd3741a83bc2a0c8f642a82b20af2de7cf3a35f5d473535fa8a32d5fd49c417e91386858718bc2ed59715

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
df98641d5ac0c70b4fb0a91fcdce8d70

SHA1
fa7d6712fd5251ba8686d6d0f9fad995dae82b8b

SHA256
b31f608c37623db2e8d29e6ce1da47468927643f3bdc1807ee4686c7cdab1132

SHA512
c8b1e8060517d4d71230ea59b19ad3c5313c94cef6d0788b5b4bd6f82c6048064d61f8733e85d2db0f564b847f630dce9b753b159f3355b6f7e238d7700ac650

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwofkrub.default-release\places.sqlite_tmp

Filesize
12KB

MD5
bfbd1b29c68acb46eb362cc17258a26e

SHA1
6bf64aa96aab23dc81487cfc861a6797ea6c8b19

SHA256
c8654e79aaed461a9fc946cea1c62ea3ff6b6532de9ff38f9ce8594e2d7f302c

SHA512
cadf3f8256714d17713207464778f73ae7e1140637fd195b126d649b0ff15168e74050f6da573b51c22923d87714190e92e88a94ef33dcf3df182c6298d93d56

Download Submit
C:\Users\Admin\AppData\Roaming\m68cIusBuDwF.vbs

Filesize
141B

MD5
bee4b835076d15b9486e145637c2a63b

SHA1
a419c29bbb768b6c75c9dbc6e4696dd369b22f4b

SHA256
aa18473a2407198dfcf922f7128694b1f45a83e5b5d3b8ae16857f863664fcd9

SHA512
f245a75722049dd609112562291cf3e2e5627b96d0678383142b8756526ebe0f178068760511b116985a983a3c63201c7c4cbce5dc567911fd446fbf0ab3a6ff

Download Submit
\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\d3dcompiler_47.dll

Filesize
44KB

MD5
deb7fb8c968361fcc23748e28ed5e3f5

SHA1
e3c18ce0bd275abec4e13e6e4ed2f0f760eadd42

SHA256
bbc89fe14e321052769e5e738f8ae0f3e3007404381e44cba0f6a5d8601a29f7

SHA512
416581df74f75ea85592b5358c19ce463b89b8f1735c150b6ff30acf3c8c53e003470a01e92b2aac6adfccd34ddf71ee97f01714bdea6b8ef28c56012fe6c0e4

Download Submit
\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll

Filesize
5KB

MD5
052f1f567c83a7d987f56895228a3ecc

SHA1
48620646c19db384c160f6ae212deea2a477e896

SHA256
434301f83bce3d1a1fe25bf1c71b71b58e394bf4bbb750590e4b1d46257efd41

SHA512
838cecf7e014b236120637562513f7721e1cac82dbba608d71d16b63036d68ff27edcfa788b8a25a08baa5fdb66bc951889cf018b520000a6f3d2155241ac6e3

Download Submit
\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll

Filesize
43KB

MD5
e0bdc2f30d6641f43fbf8b4271bdb89f

SHA1
beb1a07ec9e6adaa5ad9a0b9b7ee35b406417964

SHA256
67a2a4adab39da5506adc1fccaa8f70b4b2d5dd84c5eff179ff77cd30f9d1e13

SHA512
b8904a92bf2456844b2b9b47414f3da53904e23192268418683494782ecedf08a37f88194d0a442c8692017c4af17b4a627b555c5c17c7d3776c1535b0a3a942

Download Submit
\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll

Filesize
39KB

MD5
53b6677727e5a46326ed093774c603a2

SHA1
c04918ac3a88b6c3c304fa65d648f607cc5cca7e

SHA256
d273018595a0d63d47dbaf102eaf5889976179cdf87e05638b16a479b8fd5268

SHA512
c542b3f11001a1cfbe9379b49be7f574d9cc4c9fc67ea97ef9b8befc8a043e6bcb3a364cf2603baec86ccbc5fbfd9673716414021a93aecfd52bf4e30b68d955

Download Submit
\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libEGL.dll

Filesize
89KB

MD5
727ee8359d5ba0ae9ac711e6075fe80e

SHA1
f71d78fd6e3ccee4afa6897daae53441cd5c7b7e

SHA256
90e7aa0ef0c14e1d14106b39cdecca2f3f3555a2ef4338cf7c51b059290a6183

SHA512
cac29ebba2296a7ac74639e5c3dfe1a2721c9e4a853816c18a22d7b329e4f29429025cdde2938d69990de3885a2abd9d0db87a26c2bf6bd4ad2f59165446302f

Download Submit
\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libGLESv2.dll

Filesize
73KB

MD5
d19fddd80d9b9d478ac4333a80a8c065

SHA1
1f9d430d60730622bd8ad5fb74e7ed09048428a4

SHA256
f0b0515cd41881257fe28165708bded84712459da90585dc029c657641a95006

SHA512
20e58cd142d55455d5b9c22a77ae621af51b9d86196972ed0ae393acc9413eda72b57403fa3a2500a64a45b4bfa8e99c477b39027af2286a071497b96a273639

Download Submit
\Users\Admin\AppData\Local\Temp\ab20e9f3-4c89-4048-bf10-ae78f40ceed9.tmp.node

Filesize
68KB

MD5
e58760f0a46e47b88efc401d9494ce5f

SHA1
86ddd08647330f71ccb3171c003058ca7497f19d

SHA256
e0af2a05c045b9851869b4b3fb2519e21817591ce3817df0c4b1c7a9e2ec8d56

SHA512
74afb59d120101c631b5b9effd0d13a5c047fe09b30f4d2ad8b8f76cbb8b7a28193e155308e2adce9218a083d35a1364fe535c7247de0c366695b7550df58863

Download Submit
\Users\Admin\AppData\Local\Temp\e6f922d6-ebc6-4809-a87e-16b9c0f9648f.tmp.node

Filesize
151KB

MD5
dc3d98b0278faaa2892e7d8bd5a800a3

SHA1
ac5d54aafefb19fd45ab5a9c803b322fdc285db9

SHA256
de8a584aacf1578c84fa4a2856d130af0b27585f1248435b6cc2f1cdade362e5

SHA512
4b7577486ab470245e5d5b5016495f33e9e839ec8f3853302ebad429f41280301be214f8ae46c16d23c56bbdb484169c2948933672786e0660b3ec80714ad5d3

Download Submit
\Users\Admin\AppData\Local\Temp\nswCA17.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nswCA17.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nswCA17.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/980-675-0x00000209A0610000-0x00000209A0620000-memory.dmp

Filesize
64KB

Download
memory/980-698-0x00000209A0610000-0x00000209A0620000-memory.dmp

Filesize
64KB

Download
memory/980-699-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/980-674-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/980-676-0x00000209A0610000-0x00000209A0620000-memory.dmp

Filesize
64KB

Download
memory/1800-740-0x0000025B801A0000-0x0000025B801F9000-memory.dmp

Filesize
356KB

Download
memory/1800-587-0x00007FFCD6020000-0x00007FFCD6021000-memory.dmp

Filesize
4KB

Download
memory/2916-1121-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/2916-1052-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/2916-1057-0x0000012AEA5C0000-0x0000012AEA5D0000-memory.dmp

Filesize
64KB

Download
memory/2916-1060-0x0000012AEA5C0000-0x0000012AEA5D0000-memory.dmp

Filesize
64KB

Download
memory/2916-1120-0x0000012AEA5C0000-0x0000012AEA5D0000-memory.dmp

Filesize
64KB

Download
memory/3084-635-0x0000029370D40000-0x0000029370D62000-memory.dmp

Filesize
136KB

Download
memory/3084-638-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/3084-663-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/3084-639-0x0000029370BC0000-0x0000029370BD0000-memory.dmp

Filesize
64KB

Download
memory/3084-640-0x0000029370BC0000-0x0000029370BD0000-memory.dmp

Filesize
64KB

Download
memory/3084-641-0x0000029370EF0000-0x0000029370F66000-memory.dmp

Filesize
472KB

Download
memory/3084-658-0x0000029370BC0000-0x0000029370BD0000-memory.dmp

Filesize
64KB

Download
memory/4596-912-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/4596-1065-0x0000015998810000-0x0000015998820000-memory.dmp

Filesize
64KB

Download
memory/4596-1072-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/4596-915-0x0000015998810000-0x0000015998820000-memory.dmp

Filesize
64KB

Download
memory/4596-914-0x0000015998810000-0x0000015998820000-memory.dmp

Filesize
64KB

Download
memory/5380-1130-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/5380-956-0x000002322C470000-0x000002322C480000-memory.dmp

Filesize
64KB

Download
memory/5380-960-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/5380-1122-0x000002322C470000-0x000002322C480000-memory.dmp

Filesize
64KB

Download
memory/5380-1126-0x000002322C470000-0x000002322C480000-memory.dmp

Filesize
64KB

Download
memory/5380-957-0x000002322C470000-0x000002322C480000-memory.dmp

Filesize
64KB

Download
memory/5380-1127-0x000002322C470000-0x000002322C480000-memory.dmp

Filesize
64KB

Download
memory/5700-1148-0x0000023528640000-0x0000023528650000-memory.dmp

Filesize
64KB

Download
memory/5700-1149-0x0000023528640000-0x0000023528650000-memory.dmp

Filesize
64KB

Download
memory/5700-1113-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/5700-1119-0x0000023528640000-0x0000023528650000-memory.dmp

Filesize
64KB

Download
memory/5700-1115-0x0000023528640000-0x0000023528650000-memory.dmp

Filesize
64KB

Download
memory/5700-1152-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/5800-1078-0x000001F29A6D0000-0x000001F29A6E0000-memory.dmp

Filesize
64KB

Download
memory/5800-1079-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/5800-953-0x000001F29A6D0000-0x000001F29A6E0000-memory.dmp

Filesize
64KB

Download
memory/5800-944-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/5800-955-0x000001F29A6D0000-0x000001F29A6E0000-memory.dmp

Filesize
64KB

Download
memory/7080-929-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/7080-1077-0x0000025F71290000-0x0000025F712A0000-memory.dmp

Filesize
64KB

Download
memory/7080-951-0x0000025F71290000-0x0000025F712A0000-memory.dmp

Filesize
64KB

Download
memory/7080-1103-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/7080-961-0x0000025F71290000-0x0000025F712A0000-memory.dmp

Filesize
64KB

Download
memory/7080-1080-0x0000025F71290000-0x0000025F712A0000-memory.dmp

Filesize
64KB

Download
memory/8424-958-0x00000220F7010000-0x00000220F7020000-memory.dmp

Filesize
64KB

Download
memory/8424-959-0x00000220F7010000-0x00000220F7020000-memory.dmp

Filesize
64KB

Download
memory/8424-1086-0x00000220F7010000-0x00000220F7020000-memory.dmp

Filesize
64KB

Download
memory/8424-950-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download
memory/8424-1088-0x00007FFCB8DD0000-0x00007FFCB97BC000-memory.dmp

Filesize
9.9MB

Download