0d3c3a7459799a9670b7b97c2e871a7364f0a742d825a8cc7ca6d34c4b3c0a51

Analysis

max time kernel
10s
max time network
176s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
31/12/2023, 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AORadar.exe
Size

70.8MB
MD5

66e499e66e2a896cc03546d776366747
SHA1

ed7d7ffb4dfe350d2e46d7d58ec99e2f6ca7d637
SHA256

0d3c3a7459799a9670b7b97c2e871a7364f0a742d825a8cc7ca6d34c4b3c0a51
SHA512

c05ea551fc359c1272d72bc5f4ade50b823b9bc054c57ab33c073472df3d49f8d80a2979570641098115b2bee5864df18760798f38d241e71035e932a38ec3c5
SSDEEP

1572864:o4/4rzOchPwHjwPORgkQVkh8w61pdvQNU4wYA2Yb7:LkqcdwDZ2PkGwazxpD2Yb7

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1036	AORadar.exe
1036	AORadar.exe

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	ipinfo.io
5	ipinfo.io
6	ipinfo.io
8	ipinfo.io

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Collects information from the system 1 TTPs 1 IoCs

Uses WMIC.exe to find detailed system information.

Data from Local System

T1005

pid	Process
2632	WMIC.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
4596	WMIC.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

Process Discovery

T1057

pid	Process
2820	tasklist.exe
6872	tasklist.exe
7524	tasklist.exe
8128	tasklist.exe
7576	tasklist.exe
7496	tasklist.exe
7308	tasklist.exe
7180	tasklist.exe
6572	tasklist.exe
7548	tasklist.exe
7504	tasklist.exe
7252	tasklist.exe
7188	tasklist.exe
5880	tasklist.exe
7816	tasklist.exe
7804	tasklist.exe
7736	tasklist.exe
7276	tasklist.exe
8160	tasklist.exe
7868	tasklist.exe
7832	tasklist.exe
7824	tasklist.exe
7764	tasklist.exe
7744	tasklist.exe
7584	tasklist.exe
7388	tasklist.exe
7344	tasklist.exe
7336	tasklist.exe
7364	tasklist.exe
8168	tasklist.exe
8044	tasklist.exe
8008	tasklist.exe
7840	tasklist.exe
7728	tasklist.exe
7628	tasklist.exe
7436	tasklist.exe
7216	tasklist.exe
8248	tasklist.exe
8144	tasklist.exe
8060	tasklist.exe
7948	tasklist.exe
7592	tasklist.exe
7568	tasklist.exe
7488	tasklist.exe
7376	tasklist.exe
8052	tasklist.exe
8136	tasklist.exe
7752	tasklist.exe
7268	tasklist.exe
5564	tasklist.exe
7028	tasklist.exe
6556	tasklist.exe
7080	tasklist.exe
8024	tasklist.exe
7860	tasklist.exe
7476	tasklist.exe
7444	tasklist.exe
7396	tasklist.exe
8016	tasklist.exe
7536	tasklist.exe
7324	tasklist.exe
7292	tasklist.exe
1632	tasklist.exe
8184	tasklist.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1036	AORadar.exe

C:\Users\Admin\AppData\Local\Temp\AORadar.exe
"C:\Users\Admin\AppData\Local\Temp\AORadar.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1036
- C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
  C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
  2⤵
  PID:2748
- - C:\Windows\System32\Wbem\wmic.exe
    wmic os get locale
    3⤵
    PID:4480
- - C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
    "C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1688,11451990694412947619,1135168292217976740,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1744
- - C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe
    "C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1916 --field-trial-handle=1688,11451990694412947619,1135168292217976740,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4968
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:7276
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=1036 get ExecutablePath"
    3⤵
    PID:2016
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      PID:5972
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources\app.asar.unpacked\bind\main.exe"
    3⤵
    PID:3680
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:7180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "echo wlan"
    3⤵
    PID:1556
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:8160
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
    3⤵
    PID:896
  - - C:\Windows\system32\more.com
      more +1
      4⤵
      PID:1808
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic PATH Win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:4596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
    3⤵
    PID:720
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
    3⤵
    PID:4784
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:7868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
    3⤵
    PID:4744
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:7476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=1036 get ExecutablePath"
    3⤵
    PID:2488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
    3⤵
    PID:1824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
    3⤵
    PID:4488
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:7728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
    3⤵
    PID:1100
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      PID:5716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1684
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      PID:7228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
    3⤵
    PID:10168
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
      4⤵
      PID:10244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""
    3⤵
    PID:10268
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"
      4⤵
      PID:10320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""
    3⤵
    PID:10340
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"
      4⤵
      PID:10424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""
    3⤵
    PID:10468
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
      4⤵
      PID:10508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""
    3⤵
    PID:10572
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"
      4⤵
      PID:10612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
    3⤵
    PID:5188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""
    3⤵
    PID:10632
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"
      4⤵
      PID:10672
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "cscript C:\Users\Admin\AppData\Roaming\ZI3vSNGXzPes.vbs"
    3⤵
    PID:5168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""
    3⤵
    PID:10688
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"
      4⤵
      PID:10732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5136
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""
    3⤵
    PID:10864
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"
      4⤵
      PID:10904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""
    3⤵
    PID:10924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""
    3⤵
    PID:10980
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"
      4⤵
      PID:11020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""
    3⤵
    PID:11040
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"
      4⤵
      PID:11080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""
    3⤵
    PID:11096
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"
      4⤵
      PID:11136
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""
    3⤵
    PID:11156
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"
      4⤵
      PID:11196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""
    3⤵
    PID:11216
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
      4⤵
      PID:11256
    - - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"
        5⤵
        
        PID:10264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""
    3⤵
    PID:10808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""
    3⤵
    PID:10752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""
    3⤵
    PID:1628
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"
      4⤵
      PID:10244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""
    3⤵
    PID:7724
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
      4⤵
      PID:10328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1556
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4792
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2340
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
    3⤵
    PID:4932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
    3⤵
    PID:2472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}""
    3⤵
    PID:11052
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}"
      4⤵
      PID:11056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}""
    3⤵
    PID:5944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
    3⤵
    PID:7684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\RrLn20B6bFdMkpN4lX2U\System\cam.2748_Admin"
    3⤵
    PID:6160
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
    3⤵
    PID:9140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
    3⤵
    PID:6216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\RrLn20B6bFdMkpN4lX2U\System\cam.2748_Admin.jpg"
    3⤵
    PID:6320
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -Command "& {netsh wlan show profile}"
    3⤵
    PID:7704
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"
    3⤵
    PID:8832
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"
    3⤵
    PID:3256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\y05mn8sxKsxl_temp.ps1""
    3⤵
    PID:5464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}""
    3⤵
    PID:6928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}""
    3⤵
    PID:7488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""
    3⤵
    PID:3988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""
    3⤵
    PID:9304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}""
    3⤵
    PID:9520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""
    3⤵
    PID:8640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""
    3⤵
    PID:4344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""
    3⤵
    PID:3164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""
    3⤵
    PID:9280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}""
    3⤵
    PID:10248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""
    3⤵
    PID:10172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""
    3⤵
    PID:11256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""
    3⤵
    PID:1412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""
    3⤵
    PID:4084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""
    3⤵
    PID:11148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""
    3⤵
    PID:10976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}""
    3⤵
    PID:10888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""
    3⤵
    PID:10824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}""
    3⤵
    PID:10756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""
    3⤵
    PID:10728

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:2820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1332
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:7268

C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=1036 get ExecutablePath
1⤵
PID:1528

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:4628

C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
1⤵
- Collects information from the system
PID:2632

C:\Windows\system32\more.com
more +1
1⤵
PID:2036

C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
1⤵
PID:1888

C:\Windows\system32\more.com
more +1
1⤵
PID:2104

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
1⤵
PID:4288

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
1⤵
PID:3540

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
1⤵
PID:3288

C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
1⤵
PID:3512
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:7600

C:\Windows\system32\more.com
more +1
1⤵
PID:2384
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:7608

C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
1⤵
PID:4228
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:7548

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:1856
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:8060

C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=1036 get ExecutablePath
1⤵
PID:240
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:8008

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:6720

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6872

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7080

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7364

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7524

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7616

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7880

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:8024

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:8052

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:8248

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:8184

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:8176

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:8168

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:8152

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:8144

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:8136

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:8128

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:8120

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:8044

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:8016

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
1⤵
PID:7972

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7948

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7860

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7840

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7832

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7824

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7816

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7804

C:\Windows\system32\cscript.exe
cscript C:\Users\Admin\AppData\Roaming\ZI3vSNGXzPes.vbs
1⤵
PID:7776

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7764

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7752

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7744

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7736

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7628

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7592

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7584

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7576

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7568

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7536

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7516

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7504

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7496

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7488
- C:\Windows\system32\reg.exe
  C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}"
  2⤵
  PID:9580

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7468

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7460

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7452

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7444

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7436

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7428

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7420

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7396

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7388

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7376

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7352

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7344

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7336

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7324

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7308

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7300

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7292

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7284

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7252

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7244

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7216

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7204

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7196

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7188

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:1632

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:5916

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:5880

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:5564

C:\Windows\system32\tasklist.exe
tasklist
1⤵
PID:7160

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7028

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6572

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6556

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"
1⤵
PID:10788

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"
1⤵
PID:10844

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"
1⤵
PID:10964

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"
1⤵
PID:10748

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}"
1⤵
PID:10812

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}"
1⤵
PID:10948

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"
1⤵
PID:9772

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}"
1⤵
PID:9892

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"
1⤵
PID:10292

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"
1⤵
PID:2900

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}"
1⤵
PID:6916

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}"
1⤵
PID:8668

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"
1⤵
PID:4288

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"
1⤵
PID:7492

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}"
1⤵
PID:7412

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\y05mn8sxKsxl_temp.ps1"
1⤵
PID:9352

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
1⤵
PID:2016

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
1⤵
PID:9048

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
1⤵
PID:8360

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard
1⤵
PID:9552

C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" wlan show profile
1⤵
PID:8240

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"
1⤵
PID:6644

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"
1⤵
PID:3852

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"
1⤵
PID:11260

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
1⤵
PID:8340

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"
1⤵
PID:11152

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"
1⤵
PID:11036

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"
1⤵
PID:10904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
70b5c12959dea82e64a05dec518878ac

SHA1
844ef1b5046ddb6dbdd2d2e661c0816f76379a49

SHA256
48e18b18f8ae0e0a0129f36bb801af13e9e429254348fc8203e357564f378283

SHA512
5e710a93a1ed5828359675712aba9db288a66ed1aa469cedbabcfecbe8a7c78c2a4c86ce199519acb713892e5875e69098b31eeb340d6f06452111d5481648b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
94cc8aa302136c58a17742da02e54c48

SHA1
06c269d1a0b648467cc627162d8c2a0727d94123

SHA256
8ff32c0be04cd2af2b9cd5ddb61d74c94af99a9ebad6a57b0e4f3f7896ef7225

SHA512
7d06f705121fcfc8e5d84ab3c7b5a23343e0f5731931a279c2794eefdbb32222f2f3c812767bd05c20dcc2251bb24713351f47865bd9c70e9cdbd600d79292de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
446dd1cf97eaba21cf14d03aebc79f27

SHA1
36e4cc7367e0c7b40f4a8ace272941ea46373799

SHA256
a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf

SHA512
a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9b5655b797c26ffc04f79597d8d56eba

SHA1
8b6d6e58ab350bf1c526ed324e523f4f0cf808f0

SHA256
5893e9041f26e97ce9864f245da1211ae2570503facf24a5bb21ee7b858c9548

SHA512
89549717ce4b618fc68df01066d0cc1d3198a94e616fa84e563e5cbcd2f9aae4dff4599d5b8e013ab5e8da798c669dd41751d25f988f729bf8bc8ed0fd9645ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\065ed0e8-5a6a-4f63-8d5c-b489ffb3369c.tmp.node

Filesize
169KB

MD5
a2d6293036f701df392aeb6109794a55

SHA1
c124cc7d4cf754ed39a7ae4ecc3ffd2044bb172b

SHA256
3dddd91da4914290dc5123420ea456bc0e7dc9114c5203fb1ed43e840b94b868

SHA512
ac2fa3f2bce2f7e82eb013e679bea85f21a58bc438159513656f290ad83d40ecec24063152b14f7f84c7ff7d1b3676f827e660e096ad7bf9405f8c56dfffb514

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe

Filesize
386KB

MD5
110ef3546bc72dc718e052f405de71d2

SHA1
87d4277d3cf49aa40c9a0ca3bc92096cc3ddcb2b

SHA256
4d1d51f2d2d84d9f3e8cf9893da0a3963a2bd58a28a180e8d8dc05d064315485

SHA512
1f497cfeb137e08807c4850e8ddbab39bba7a700f66a4f053f3821556704df96e8f736974e934f701f44b9c1940bb54cf5b925feba63eabee96cc7ed29aafd84

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe

Filesize
50KB

MD5
e1d21b741044507cd1f9eefa478c4ab9

SHA1
52026a1e0707d51a5dbea27d8d41e4582ef73625

SHA256
bf9688b765b462e3788446489704f60aaa37911e7fdf7a249fa317198ebbf6cc

SHA512
1dcdf53c0e2e135f02426cd9acf67c3f6191dabba97544d76581b78107244d13d1c92d542a39b31591fcf0b9157bd2a78263564722de02f41bb686221c1e0440

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe

Filesize
78KB

MD5
2ef83ddc44eb8791ed8e64c4ace834fb

SHA1
6689c3a5fd64b0d239cf661f76507085dde66103

SHA256
08fc4ea867c3e7c44d15ff67e47834f49fa67cb1b744c69c2cad81b31efb2a55

SHA512
b744a22f52eaa8f3465f40bd4b65a0cb18297f1e0bbce35e167700ee4336b4a461595b0717b08130f750419d9837d324dccfc8d9c099cc9f9abdfe045f0fc1eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe

Filesize
169KB

MD5
bfe2b780b9f85e42d3eb9afd8c8a8ef3

SHA1
c0a8804c8a200163fbb33aff2a68863c09350ac6

SHA256
69fb9f5eeb2fa650947257d5d6a5f4a6d02bd1c19070a0d8757e54d535fbe6ac

SHA512
71f0839a15224eb7eb98d0b6cfe620983cde6547ce2884b95adc238d8fa17eea02e71ef4b18cffaf80c06fc904438397da15337531b70cd57f0a9cd33b2d950d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\AORadar.exe

Filesize
48KB

MD5
74a8ff969782a42e266729c8863567fa

SHA1
0bf77dbaa30b7b8e7d2da0c916d3f69790aa71f6

SHA256
005dbf513599dc2ca37b3880291861609b8cff7da753c9ca53f31aaae1686e38

SHA512
9145797a119dd1c73b74be1554e9af4fe2c449cc973d3be06c67c2d88efc7e9f6d56a15b9ca2b2c562d36ee5d2e68e55958f147afa9ef8c689e9726ff446b8ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\D3DCompiler_47.dll

Filesize
126KB

MD5
a6197ec65bda28f5185cfb2723075063

SHA1
fdefa23b261f08a579bdb10dc337df7af8fd3380

SHA256
e06b1f270c24b399a3d7b190b3d2ac942991a460c69059310d5e152177cffe4b

SHA512
462522d04a2d59ec3907efc50d2f21372da250d6190923ba57bef8c76f34e85603de11fe7d6040574f975ffab6df1385787b87ef63f65ee088cfc9081b1429fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\LICENSES.chromium.html

Filesize
281KB

MD5
45e8f78054bddff22771a906b471ffe5

SHA1
6b629448d31c9daee3789c47f0c7b8ad08fe4970

SHA256
caa1357acabf9bd578141613e66a57a42d3b9edf1d73e1646026036ad72190e4

SHA512
8af19e86febccf4450a85ca917dc3421dcf3ed01610701180b1ced6ea170e7ebd2752101393d5fa42b2df4cce7d66c4d21a147b589e7edf68ba290f81a1b6589

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\chrome_100_percent.pak

Filesize
106KB

MD5
db9bdf45db526cb25fa46734e28f218f

SHA1
e76b891385ef7e52910f0a66bafd3c589997ac26

SHA256
1b5597146bdf134d7c045625905e57f1e6463f23f4b4ebeae177e3a732fba3cc

SHA512
d273b673904beb14c52174eac13dfffb124f2fd54eb37fed8c5fda45c8791d31a8369a5fa1f23cb30260c7e195a34ddfe10bc5fd62c5335bcced1d878fe8d202

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\chrome_200_percent.pak

Filesize
134KB

MD5
6ec009a1e7c6c230673eb477465f56c3

SHA1
1068b941151888d2d0f3638fb89933de14014973

SHA256
034107a69e645d701074241eb52cfd4907bf092ec11533d1109b937f6b8ddd66

SHA512
dd6385a9083e6d4322d78d68ea7b780420117e41def0ddc84aaf89e3b318c3f37b1610b0656fba5418eeedee83fa7a62febe46ea0e47c11fb883b3586ecb6872

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\d3dcompiler_47.dll

Filesize
225KB

MD5
370e5615b8bddc14e174cfaff3cf6b45

SHA1
9493de1e8b53be6e92fcf2f6bd7f12895cc4ca8c

SHA256
fdd10c69cebfd4f789701a3ee73e917ba0f4dd374b443c0f9d98580c6f02006b

SHA512
e6a583a434998e45174b1b3a2811a65489fcbacf98cd51a6f26c5a9c32b9d655b61247646d7eb72edc301a4d2521cc437541a20ad66b091574ff90e3f6e3df31

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll

Filesize
33KB

MD5
d5f85a161f51fa125cf0ad8973cdc2ce

SHA1
ffbabb83fdfc3efb707f9607bd19355606840f2b

SHA256
d7c08ed88f8039eff102a4e66540341dd64255b9e8c927fecb555de291d6775c

SHA512
3238584138e535f536faeda006734093c04956880e8b5421873440551486ad80cb01ef5efc1ad5ec9d4f3ab46015ba041034aed3290f6075f8b2987d689c89c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll

Filesize
85KB

MD5
eb4ed2688a26d69277891a59c36dc1ab

SHA1
8055b7aa921069a94f08a416f2982f867fe90fed

SHA256
e0de5ccbf0250afade0bbbfca955fc9ee90a98b090fd9d82ef1b0beab21cefa4

SHA512
4fbf7917fe575d6aa7cf435c4e5e6935487c47c3fdd14d869921217027b34bf105b2b5e9658110a585256748e55038b8468bb96807f835d0f321bf688afd71a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll

Filesize
66KB

MD5
20a67fd10cf60ba801ca9251e2a7c617

SHA1
ad606348e702ccec3d59f3fc1e13ac6d1d3942d0

SHA256
5ae6ec771bee825b0a0759fd78f8edec5c77c9cb76d6e36ccf754911054725bd

SHA512
fceb648bbcf2ffb167b49e929caeb37786a92fec0c66909d73217c8a1e7eaf470e3128b56be4de9de239f44afd640957ec96f044bafaa718260c20ef6ec8ad99

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\ffmpeg.dll

Filesize
36KB

MD5
301184f6654d923d5d442bb1aaefba30

SHA1
e49e158173b103dbf9b96016e479186e330b7347

SHA256
5d162a8e5145804ebb1d70e8714636bffd19d4bca9a219365518110630d61b0f

SHA512
966fab7552cb948cfc29c3fa482b2f1462daab7537ce743b40d45765f16e618752a6bcded3f2587d091c0f0754dc3dbf3802feca2be137ca8e6ae713552d446b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\icudtl.dat

Filesize
11KB

MD5
cf1ebaaffa5057ede65d5957b5b31a09

SHA1
4375830e8419f037e56507e13d4e9d18a78056bc

SHA256
758d7c87964b4d3ec9596f2d7779a528cf058a8a9a76027cbe45f9d4a6a87346

SHA512
658da86d19ce6bdff6f90ee8a530890a34d89d3d93d23418f8221f069a88b4ee3ded40e48a6ddf313e19da5271a69352fa8a93030218826b00bf33b6f3ff4fc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libEGL.dll

Filesize
98KB

MD5
7727090bfdee3134c638aabb86025995

SHA1
f82d9f41a28964ea767aa0f8f0e03c5689c2ec2c

SHA256
145745ddc6893bf1dda71dec133eb88b0ccf7587f5b1612ba670ec4603596a7d

SHA512
5ff4684491564aef65857d2cc462c6150b867c448949c1765aced1e835957a81d30d308e396790adf7692c9a3d7e63f1f87b901f80826ef0a7868713b8fc468a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libGLESv2.dll

Filesize
85KB

MD5
a844a54670b39fe8599759262fbe63dd

SHA1
5d7ed3264aca73390511b6c1f2edfe3b2e1e50d7

SHA256
b6aa584b1e55fc0debe1dc42daa4cdb3eb834e2ad7fe7facd41c095a502843c2

SHA512
caf50dda8981f8a865f02a7cd59557787bfd7a81551376e87ade413f7c90c36210d88d61de9436f25f9ef521e4b928fb43bb617babe1b60bdc02f1ed834d2895

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libegl.dll

Filesize
64KB

MD5
a76412d24d4e30afec8b3036245f6617

SHA1
c8c08e84a86991ca4589615d861d977a34f1dd2b

SHA256
8a09a1012a5fe973463f64758f2999575e6159396eff0a0d703e0ea680277029

SHA512
4afcca6afb0418b250d8abbe29b1b58a70f07fc52eefcde1c3b6d4e69799ac88aa6099babb0f95075f71f0aa1d9913996e233e6ae0ae56f33e4c544894da1a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\libglesv2.dll

Filesize
19KB

MD5
c8b51c8f774847132de9ca13369b6c05

SHA1
0647c87d0093507a3412a01f658e91b84f899cd1

SHA256
173ae18d1c4c4a33909979eca776f2c9f5a15e0ddbfde31355faa4849d763fdb

SHA512
bdae4754f47ef6354cc912e6c931ae3dcd8bfb0d3ea5be04f03da09b8c78e11c4c6673c6bd17c6a1a3fee66dbece8d6deda873c8fc30a60c42ec6db2e652b351

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\locales\en-US.pak

Filesize
99KB

MD5
cbe0aa8afc111db3d1e336a77f6bd7fa

SHA1
37197d93948efaf00981e8bdcc0e97c6d3bbda50

SHA256
e495cc0f59b892d09bdc60291b16c0b0efc4ad2d6887bdbe2f4189fb2a01bdf1

SHA512
f4867d4c750b6faa561b6ce5468059e6f98714281896c3b580c79e9b3fc3b7ba784e6e0c531c0506485f05057002ee8a3a72c53b7718109f57de9a2a5ea3e61d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources.pak

Filesize
64KB

MD5
141bc756e5d12b845598ea1d88df11bc

SHA1
25cd040d102f9944bafceae397eb583be0dff406

SHA256
492b4738b865746edee4ee41cadc71c5e830fd5c1aa67ae467c9e5399cc42b6d

SHA512
56ef550b1d3e78b26c20ed5e953a994c9191c030078b9e362edaa7dff8d13d90f5b52e7d5106b62bb7a321a5a52d46bf2847be8c32e03f63bc36ea05bcc21c9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\resources\app.asar

Filesize
26KB

MD5
fad398ccf5497f7094cb935e6eb497c0

SHA1
7002b963edb6071a9c9f334a7b0cde0e1f7c4c06

SHA256
afd2ab452e2058863bd0be60c952861bc959bac4a43f669b860893790c4d4780

SHA512
acf41c6281d03c4fd9e010770e7383ee8dc44feaa784d07c650649bdbc344ab83172de6c5327a5d95575ac742e6e9ce5ccbf7e212ff578319e7fbc1b963bec94

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Zxa9gID57DbBgNksL0cPwrhh7c\v8_context_snapshot.bin

Filesize
23KB

MD5
0394787a0b102b5a0cfaf35c372ce5b3

SHA1
ee97c538f4de7f5e9d9022e135158bccc6258d76

SHA256
fb2c5fe25b86c34c248b418f2f581f2087c09d9ed09e8e67cc589868e669ba86

SHA512
7afa1c46164ab62bee3649f45b2e794d723da670b6973a085ae4777669f47b0f671d7f5063d20f90fd1a5613ebc3f0afea9a3096b8c918f6792e056efec3a69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\696b69d7-f6cf-4971-9d94-1db448a7b006.tmp.node

Filesize
115KB

MD5
0872a78c0180e77b94799b160d72ce66

SHA1
fe0ff4b754f640db158c142e77e62fafabf32a12

SHA256
8563c04c1bcc0851b28c3cc65033a9f04b11dc59216f36a3a1214e1d0684b3b8

SHA512
ec28f82ef4195afc4a02b42b5ca20e7e4a25ef06e688085b9edc25ead73191bbdac91159ab99416da3882b6ee659102b2d8302eac0e3e679ba8877d26f4200d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RrLn20B6bFdMkpN4lX2U\Logs\Error.nova

Filesize
744B

MD5
a2be9b0a71e9e8aaebf5485b4b9ab4a8

SHA1
1f055bd36a51764261c58bd57606f33860632e91

SHA256
a9df1de2c8cf84409f4e36dfe4bc6f31f2e51f7885f156c3e4a800aeb901a7e2

SHA512
9f0d6c02fc2eae2728d1d2c37125e18c5f7d625f9b47e5b699fd719c9d5f589833ddd6b318c23f194b3dfcf66dfe109984f7c04fafb21c38ca932629558b7b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\RrLn20B6bFdMkpN4lX2U\System\BXPNOQAJ - 2023-12-31_223632.png

Filesize
1KB

MD5
8befb2014ea5a7d39fcf2f78a32dba63

SHA1
2f23a284ae71023becf8c83fd04ef07cd49adc35

SHA256
a6ff21637633592e79f5999c4ba61002f740a3970ca0b7b14ff00743c66a419c

SHA512
a7a32ddb1abf15d3b3dac523606a26b668ada68fccfec615ba0189ed217e6f627404aa0e41a63808d54e9985cb7d63c761182796d7641b555153f0d0348d6869

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ijpn45sp.1qg.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\chrome_100_percent.pak

Filesize
138KB

MD5
9c1b859b611600201ccf898f1eff2476

SHA1
87d5d9a5fcc2496b48bb084fdf04331823dd1699

SHA256
53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b

SHA512
1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\chrome_200_percent.pak

Filesize
165KB

MD5
e2c15f0d3a8a863e1917c64e85228a9c

SHA1
624b95461e59b6de84ac2e80890fc115310d5899

SHA256
807c1937cbe1ba7c14395c6bd884ff58fe1327663f5a4d126966c9bd5a52ed4a

SHA512
76c6c25de0fe25a53238ebf41dec2a6a56bf3db3658a47f4fbd3e1602c8219e64c99cf3663a1b09029b7c13da7e8725352d7cb20501dd3b886e07525c833403f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\d3dcompiler_47.dll

Filesize
254KB

MD5
175f08ed01ac30851b083b25032b8785

SHA1
1542456b62ad6c02bc82c8f6377115202998f171

SHA256
e8a48e43351afee943e1f525f03d0d4dea7d46556f5cff877ad7ad8bb3c17a34

SHA512
da6f7a7dc497aa2c066d1093c7c418354ff8ecdc169d4703ccac7a31db92a4dac773d26280279ea2baa04d3870b0c12bd7ebfba1a95152928188246a70cc08c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\ffmpeg.dll

Filesize
322KB

MD5
134fbcd0f9bd211a1842db57be10d2cd

SHA1
ff25f8d2aed1eb0c27dfb2f9ede565ed993c2389

SHA256
5832c707419a3cea4d75504f0c3639ac5ef5078c7c4dd82ab74ed08552cb9f4d

SHA512
ca4b66bd2e5c66d0dbf2c6a10904966847f4f18a0d7b5244f9d69cdb1a332621fe9587bdd817872c352dd12046113548523a3e32c00156e8735d976545c4546d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\icudtl.dat

Filesize
161KB

MD5
f0a06c20517f879214dd5fcee0d0a30e

SHA1
2708c009997b9641ce82396d69082275beb93140

SHA256
1558316032c4b1acf766883657ae460e0e3f88fd88a9c7e01fd11ac129994a41

SHA512
b5594a66dc1f1f0497888a6115bcb3c35d812052a2f499f57e75f9207d01b87916218a6f9ee85ec250b57b380711fb32df3c7c5eb2690646c218e24efc14ecbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\libEGL.dll

Filesize
170KB

MD5
ca150c5456baf9a551dad0241dcaf22b

SHA1
783ccfcf6ecb74e8c300fd2fd8d65e23a4b16427

SHA256
ea3e07dea848516dd497b1d4f9b88a61b9b1a638908992fc54898e9ec195e005

SHA512
5c8e32f8c1025bdfcd11a28ed373a5d665f21bf3805b659d934223922cc5f07cfc360a7acace9f9aace9e0e6af5035774c3333d93ab9a957ad015f6bc5027090

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\libGLESv2.dll

Filesize
245KB

MD5
26f496efa541ec46d42b94e5f428f129

SHA1
df8d812a5502e272e44dd73ef8017dbc3fbf7bb8

SHA256
65d9529534189129eb9c58572f55902e36e9ed06d9a0f76a319e19528fdcb4e5

SHA512
743f010054df5246780430cee1bb15a4cc75e15027ecdcba656be05e47fd1c9991bc6b5b5adc177d46b2a2909e6f97b094d68772457f5bc520595e9c35e68add

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\am.pak

Filesize
175KB

MD5
e18a450ef034b42599341c3d09f280f1

SHA1
2001c8a85904962ac3a96938eccc69ad2c110fdf

SHA256
7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da

SHA512
ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\ar.pak

Filesize
181KB

MD5
6f3e791b4d35ee7d9515614d128752cf

SHA1
181ec3a84fb3e89336d77f24f562a2cbe07619d8

SHA256
e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60

SHA512
3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\bg.pak

Filesize
196KB

MD5
5ba0c7200362c9ed55610cc8b66ef53c

SHA1
d45239c2f1b00885407771a41a7776fc1fe8fa3b

SHA256
2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7

SHA512
6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\bn.pak

Filesize
253KB

MD5
47c95e191e760dee3ef43345577e2379

SHA1
609634315270a91d4ec631642b18bd0036367aad

SHA256
ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7

SHA512
46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\ca.pak

Filesize
122KB

MD5
423651c45566cd90ea5edd8631e823b8

SHA1
13bed4173a08bcbfefba034aada3d838eece6d16

SHA256
7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414

SHA512
e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\cs.pak

Filesize
125KB

MD5
3cfd9dc564cfcc33cc5524711365c376

SHA1
2e5016d2643017f37658262122974429f18625a2

SHA256
8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee

SHA512
6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\da.pak

Filesize
114KB

MD5
55a8f5883805a65c854d25edb3959209

SHA1
d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268

SHA256
e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb

SHA512
4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\de.pak

Filesize
123KB

MD5
b73344e5a72fca6f956dbab984c123ba

SHA1
0561073aa40a63a9ce9930dd18b18e12ff139b2b

SHA256
6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b

SHA512
e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\el.pak

Filesize
149KB

MD5
26d5a45b2a0f34f9fd5c6340d7a5352e

SHA1
4a013a76fe1e8b4c498ded10d1beb8ee61f00100

SHA256
c3f60835851228e17cef1b3dfd8961607876e8fc7e3bb2b3ad8726a0160e6ad0

SHA512
5965d3a3425ae9efd938deea681d01748a06c3529df2e1aed24f5cf1994d2cc6fff2c7010da30e48504644e606f0a8f0b570e65d7fe299e648a498819f8acc4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\en-GB.pak

Filesize
99KB

MD5
52e2826fb5814776d47a7fcaf55cb675

SHA1
51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b

SHA256
83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454

SHA512
69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\en-US.pak

Filesize
100KB

MD5
0bb857860d8c9ab6d617cea5a5bd4d00

SHA1
351b744d95846bff2ce5f542fec2e87439aa0f8b

SHA256
5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816

SHA512
33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\es-419.pak

Filesize
120KB

MD5
b261b1efe945365588befdf68879040f

SHA1
616f44a5f73f0449b483f36ccf831db6474a10d2

SHA256
1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4

SHA512
9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\es.pak

Filesize
122KB

MD5
f83d8f7f6108786c02c2edbf3d85f147

SHA1
57781d9d9eb7c90cdc71f78e25d0763045b6d29a

SHA256
5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d

SHA512
12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\et.pak

Filesize
110KB

MD5
c76db3385190c6840315c4497e40258a

SHA1
34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46

SHA256
e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f

SHA512
90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\fa.pak

Filesize
117KB

MD5
c4af5cd5d03cf8d3f34c4cca38f8442e

SHA1
3d4e63a0329a9286f21c56bb96370bf4e16bf122

SHA256
73293f067a3a513c9b9f6d3da943ceb49a6d27d60f3c274c2d08a50a99ace250

SHA512
9a45d09ed9ab800b5b6e4b03be1dd7f52cac8ab47c4119e7b5129964cfb1fd0a3a9474952dc2e45e2393941047a04000943383ca7c81ebc27bd4d066be66aef2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\fi.pak

Filesize
112KB

MD5
cc592d91ce8eabaa75249cb78b889376

SHA1
f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac

SHA256
b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20

SHA512
58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\fil.pak

Filesize
106KB

MD5
e7c1f2cc4fcb3908028270d57e446219

SHA1
a317c4801d60befaf7c0a98dd0845ed00dc1aa02

SHA256
d11166075c54bd70d166db62286b1d9e55ec285fb7d6f970ba98670c425b0c30

SHA512
84ad2e0536832dbc0a40cfea1f3a9a2c2043af3de8aa2212b68e3861e241fea07bb374b89f74af2a92823efc716bf8164221902cdcd6c66218d3135cab83ee9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\fr.pak

Filesize
131KB

MD5
c3095ce1e88b0976ba7bef183d047347

SHA1
b14cfbf6e46ac1f189595fc09660178525301138

SHA256
66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272

SHA512
29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\gu.pak

Filesize
129KB

MD5
187652fcf18288479f3401cc2b01801d

SHA1
b1dbdef22fbb845d997b504d8044f5ff518c60fd

SHA256
d974313e119e1943645589bfdfe54ebc8bce9adba0d1eddee44fddcdccecbcf4

SHA512
98ce02db2d343c86ddd9ccb22119505e50e86e56330ada2d609bfb66039bde1f41334328a27adf72ecf9fa5e7ab647bca29e7c9985e904b521ad16ef32563d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\he.pak

Filesize
151KB

MD5
6a02a37e1ca3215fa9ee0e1b0fbcf5e7

SHA1
89a8a126c0bbf536ac58e29fc50e045fb1b88220

SHA256
f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986

SHA512
6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\hi.pak

Filesize
191KB

MD5
1eeecc3468465e4a96c1b7533aafa1bc

SHA1
0c26080c2b4b4023d203f0c0fbe256e710c080b2

SHA256
fca115078a66f2be97ef0e3b31625c0dccff32e5a6da397248196fd960efb5b2

SHA512
19dbe26711d1d64cc30cf3c67b0d951342b01773203e850d73d09c5e3facc4b4b649988932ca56ace5bd667033be9bcbc4b094799062aabfa6f51ae8b698f2b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\hr.pak

Filesize
119KB

MD5
6f92235e6ba003af925a2d6584afd27d

SHA1
3ceba61e9c2975466b6244188f5ea72aaf042fc7

SHA256
479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840

SHA512
82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\hu.pak

Filesize
129KB

MD5
71d42cb22d2d7a8b26c4514ab12df3aa

SHA1
cd0307503a7906f1742d1e98fc816959319c2171

SHA256
b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6

SHA512
29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\id.pak

Filesize
108KB

MD5
e40cb2f3b4db379e4d187aeef0dfd300

SHA1
537b1ebc615c980c89bbe2b9e91a11199fa7d6a6

SHA256
3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5

SHA512
b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\it.pak

Filesize
123KB

MD5
5aa225aad4f9fe6d05ec24905a827d88

SHA1
f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22

SHA256
96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab

SHA512
3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\ja.pak

Filesize
143KB

MD5
833e8c4aa70351b6be7bd403e4e9a0a7

SHA1
46ccdbdea35deec8ef13a5fc833776875fad187b

SHA256
74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0

SHA512
e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\kn.pak

Filesize
231KB

MD5
815806603c73d28a8ac9de466f23cce3

SHA1
19586a690c322849f032868fbd3fdeb23ecde5dd

SHA256
ddcb70df86b0055e5d9a2a9b8012c45ec4c8cc5d86fcfc3b2fc33fc2aa74eefc

SHA512
5bca73855e23f1651e55934feecdcb090502938afc38a2210390cb36fae4d19111e1155b19cc5894d215354c7854f610a762b9d46d78477b002bf11daa99ac60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\ko.pak

Filesize
120KB

MD5
d6e2c18c9eabba59b50d147d942125ea

SHA1
0918879203c2050b4f9f449f5616e430897ba0b9

SHA256
f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76

SHA512
f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\lt.pak

Filesize
131KB

MD5
2d4fca437a7548893dc4b51fa5b33c33

SHA1
c1493013d7d981ea9223716e415380992de65c2f

SHA256
776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769

SHA512
b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\lv.pak

Filesize
130KB

MD5
264c6e20b3088ceb4dae5773cef0cb55

SHA1
fb6ff83ff14df008092bc3ee73bda7491e8e090e

SHA256
a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda

SHA512
01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\ml.pak

Filesize
215KB

MD5
c40be153f5d54c45c7a2781d83c4f4fa

SHA1
751cf4813f634323a6289493aa66ecfa18374dfa

SHA256
ee9aa25eaf36358c4ddeaf15d55836daa606dbd27ed37642a5970e86bde0445f

SHA512
df32de30b79ad9f257316e4408bf21601cb8f5c206a1b52652097cd8dedec425d0f810babdd76de1732d4d1707f3751dc43efa4e3746f6d86442ab477922fbed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\mr.pak

Filesize
219KB

MD5
4c89d67f0f865d6481f9b210046e34a0

SHA1
0d24b71c09d4efc1caa575024493d5dcf62f863b

SHA256
af34afa7829828a7f9886c974a39c80f2b2802a46b30ed20fbd7880343e538f7

SHA512
1de5204a75e841e8d0df7b16fffa02644db52ee9949f1578cdc2fe4e0edc005f358efa4f6f715a327c47392a989129dd5655564d94ffd1934d4905e3e9a6bf19

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\ms.pak

Filesize
111KB

MD5
6cfadaa784e687e6dadbcd80e631bc9b

SHA1
481acb75f525055bf4e45ecabe0eadcb9c492106

SHA256
fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71

SHA512
0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\nb.pak

Filesize
110KB

MD5
b61e42f66d581b6a8929cdf5fb10662e

SHA1
6f06fa9ee092fbcb61bbd668734fb3b92cfb549a

SHA256
1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e

SHA512
79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\nl.pak

Filesize
114KB

MD5
cf6b1cbfd669e9461553974ba37a475e

SHA1
b33867e9bc7fd88ca98a76dc4bd756bcf18887aa

SHA256
9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864

SHA512
e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\pl.pak

Filesize
125KB

MD5
644c0ace25d6e532b56510a736c6bc2c

SHA1
1bd0fec952107b493da04c46423da634ff3e1504

SHA256
2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7

SHA512
9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\pt-BR.pak

Filesize
119KB

MD5
88ad860c73676ffb4025b5c691f29942

SHA1
3c5e5b999ea7153ccdd1b4cc7b6162de3456b558

SHA256
25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e

SHA512
41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\pt-PT.pak

Filesize
123KB

MD5
ecd84b296d3bb312ee18e21017311986

SHA1
f5625523f85c10723750834a54ff59a2dd886fb3

SHA256
fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94

SHA512
e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\ro.pak

Filesize
122KB

MD5
24b01a438a3ab9699d4ca97c081b5e82

SHA1
0d0b082544d23425a74199fb0a6c11192f0bdf7d

SHA256
38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca

SHA512
43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\ru.pak

Filesize
195KB

MD5
75457b95d2bb03891232dae7db886387

SHA1
e5a7569df7f91533703626d167ecc8cddbd27205

SHA256
e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6

SHA512
9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\sk.pak

Filesize
127KB

MD5
b35daa0bd9627ca88b413a5af7c6b4a4

SHA1
d5efdcbc7ca17de29f3075f6434f31ab2e895826

SHA256
f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177

SHA512
48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\sl.pak

Filesize
121KB

MD5
e015b6f5042be2dc96a4e23dcf035502

SHA1
7946509eed8db1e4c1f3da99ffe7155c86fdb4d6

SHA256
99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4

SHA512
b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\sr.pak

Filesize
185KB

MD5
af7083f2a4bd95dcbe792efade352662

SHA1
dc69aa831836016f6e66c6079931503d534a7862

SHA256
e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd

SHA512
342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\sv.pak

Filesize
111KB

MD5
41e76f7775fc9a2d6e3c02c46e9b32f6

SHA1
088c15c74a68bee69682bf89c31055332b68c84a

SHA256
2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13

SHA512
6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\sw.pak

Filesize
114KB

MD5
99e385ebc1ef8d3daddb3a171fa79edf

SHA1
3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1

SHA256
8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01

SHA512
797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\ta.pak

Filesize
290KB

MD5
31dada843d0b4f9a66b184cb6d7b8b92

SHA1
0320b31981043c6e4c17470bf2ff4c7488553511

SHA256
457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b

SHA512
c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\te.pak

Filesize
270KB

MD5
793a87d41cde6e6d1bb086284f69733b

SHA1
d887e3842b664f55b7308427aa6f5bf0b352d879

SHA256
5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255

SHA512
7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\th.pak

Filesize
227KB

MD5
43edd25f67ce6e6cea5373009ff0a1f8

SHA1
ed72ca6620cf23837e1334be50ccf616806bc5a2

SHA256
287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0

SHA512
7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\tr.pak

Filesize
117KB

MD5
40491896ad21543f339467186c5efb40

SHA1
695dde7cc35056dcbf0a533aff8299d4c6b61bd8

SHA256
43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa

SHA512
18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\uk.pak

Filesize
198KB

MD5
d791b1ecf2931b2fb0c31aac170c7cdc

SHA1
02be115a9ff94fe5250651b6de4323eafc44fce1

SHA256
ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22

SHA512
3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\vi.pak

Filesize
140KB

MD5
69c8796439192577f48bd249175aaf37

SHA1
97c52088ca69dada593db0e42b2135d264646454

SHA256
d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2

SHA512
65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\zh-CN.pak

Filesize
101KB

MD5
098d656a4f4bd8240bed10e7678186c7

SHA1
0c19ab62b4262f1b51558e8aaa79e7741f73393a

SHA256
a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7

SHA512
084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\locales\zh-TW.pak

Filesize
101KB

MD5
c2c35fcedc3708b5bcadf36587393002

SHA1
31d72402cbd44ceb921cedd806259c2cd14e411f

SHA256
cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac

SHA512
9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\resources.pak

Filesize
368KB

MD5
74b501de3a57033190cc5811ebc674bc

SHA1
80528958f25738ddde6cf737a0c6009fde1a3bbb

SHA256
f14b6d72450ef91a204c142cc28412b6fe88ec3c703efa1c1f7eeca088449c00

SHA512
fe3f5c65f5699860196a8a0638ea665e766c159678cd37bdefdb782b815d1d58cae4306db5345ad0c04b23d1d92e08bd997ea6b17317348d5bf2bf17434f3693

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\resources\app.asar

Filesize
1KB

MD5
2f41b8d7192b091b8bf03fad2084efac

SHA1
04262affd56b830dbec6978d0775e8d0d794021a

SHA256
3364fad15e5fc8e0fe308df631560f7c980b8894bbd2aa1a67c5367e37364a80

SHA512
bce7ac548681278c956dd6db1c647b9dd6ee26fe11a09b20084c7292b16ee57adf3f7fe16bd87b2e1afbe3e8f8a95b4976610097081187430e7e03199f15265d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

Filesize
28KB

MD5
41b0905f390881464d8232d647af2954

SHA1
213fc3280b5f40719b07ce24a45ecc66bd5c52bb

SHA256
6b28b52d38c6a1a390e109c7e75f8c62b5ff7677f6b6997bc48417d584cd99e1

SHA512
2bedd65c586afeb4134f9a9c43e56f17fbc553345e01c5b5669f06f78ca2cc2439c92d308cf492cdee31638045d8c315bae50d7ac2957116e4ae42c2e0fe603f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

Filesize
394B

MD5
067e233b0609d56ff4756bedd8c0efe0

SHA1
96419d05adc4b6674948b4ac14f8ab5bb3ce4380

SHA256
6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74

SHA512
94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

Filesize
24KB

MD5
471b15abc9f2e98fb7ed7361d3f045eb

SHA1
95b5798d80a9410872f6ed485ae2b43ca3745540

SHA256
7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004

SHA512
5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

Filesize
41KB

MD5
02264bec08449195a3adceeb5e7ec8e5

SHA1
d7ccda77fe62bfedb60a6e4844d20f7ab015838f

SHA256
c659daab5db0707a7062c2ae8213e5a9899b3531574f56d489aa0d008fb22aa9

SHA512
1b6f74242fb271eb912fcc7866f58d834d9c0df9a8a2a5cc21a04c96e6a4d31e8e0c18640faffa4dd813fcd7d3ece0f8fe7cb059f1a7daf182f1c40a4279e8eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\resources\elevate.exe

Filesize
4KB

MD5
24270c6347a539b4a9a9481b760e6992

SHA1
4fd7ec33cceab454b163f34a3fd2c6842f688153

SHA256
66de66a1d5a6bfdce0009de2be22ee766d177d7895c08d341de1a9b92d512d52

SHA512
8bf292ae94bdf1dfbfde8597cbdc570fb839471437d5d89786e9ba1d088c64723f863bc7c839c3d6635b604baf522472c8d9a874f79d40b0209bc6344aa250c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\snapshot_blob.bin

Filesize
262KB

MD5
32c50514557b2aeb39084b171a527bb8

SHA1
fd53f1922694fe4a830b9f7fa157d63da9907208

SHA256
6395fe26f1dc9258188106353818fdc6fce1f81bcc607b32d3149d0b0a0c207e

SHA512
8b745c55181d6c47d65a3d3b4c70acfa405d8ecd0d33bdc95dad519f1fbc74e30327bf04584539eba4f43624edd5cc049539ada9c646855d719e32235b0f6db1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\swiftshader\libEGL.dll

Filesize
30KB

MD5
d93f499379d0acda44f41b0ca712b63a

SHA1
f242f92092267af94c884ff8c9a39b982553fd3a

SHA256
6f870af1bd464189ea14b5268536e34587201e835c3dad4e665464e7c443f473

SHA512
e10aba2f3ce04e7031f3c8172b13a5cd813d0d7247777e388c8f68993944bd1f5432c22ec8fcfa628d312644c497ff45b11966b750522d312f72c62a339cb2e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\swiftshader\libGLESv2.dll

Filesize
1KB

MD5
ede6d8957faf87bf0f3447f175d7768d

SHA1
d85ac0b410fe14eca3d55f8d1b59d5d962f2fdc4

SHA256
2fd313a4ce26d2ca5a0ba96dd8708bc6933f97b4139fa92650d0b7f6cbacb27f

SHA512
40459aaa994a71b6e165ec9d47efa45f7b227593e6766a013cfa07926a781333219477c23ae5f306a68c957b923f63dee9f08606fa53de8614a8b38119909c17

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\v8_context_snapshot.bin

Filesize
193KB

MD5
45693aedf2d66a3554593f6e15035ba1

SHA1
f0bfeac9dae83688cd5abc770ad933c1b12e69d6

SHA256
ab8818d7b456818c3611c4758136fa918c1433b64c27ed1a972cdceb99fbf66a

SHA512
95fcfdffcd79af864b5017ae82af197dfe59e0d2439ff9141dbf6a213dd82d31627352fb0bb46e74d31b1fc42b2284ee48edd3d6aeb1e2759c87bd702a3fd53f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\vk_swiftshader.dll

Filesize
372KB

MD5
137bf2162840f38551f43561ded25760

SHA1
c8e320decfdf2ef90a20da06f5dc7007f30b5b13

SHA256
52b4c28306dece2ed25b47e98fc24d0229aaa525071e1146e2bbb26f422c5d03

SHA512
19f6e676c0eddf290c0faac82d66697f085dfab347642fa9aa2244728c01a93a016869e10ad733288f5bbef9eeaa8689f73fd4650f245a4d1d8707f72486d638

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\7z-out\vulkan-1.dll

Filesize
205KB

MD5
74cd65d1b3ff4126e6b79ccd3d7c17cc

SHA1
fd3c8f3341d8aa3ec7460eb930320ccc40d1da06

SHA256
9ddbc0ca649320698779a9351fb9ea7054506c16521bfd6b1e23ca8c907e1295

SHA512
da7b1c34216d13428605c203b95bdf4f3da87a485e31cfd6c3bd81ab2e09d268447b363c89e7f0bf56f20db2420adfd0fe30ffa402eb3ca40425af85dab62cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\StdUtils.dll

Filesize
1KB

MD5
4af88a7fe61bb36635ece1209db7f79e

SHA1
9ae3267f88e6509449d8cdbfda63b8d661641090

SHA256
3f1bc7aefd01690f7da8927c81531d7434e9a834259673a825b6b8ba1152a090

SHA512
7a68f6164ab254a51bd56a0f37563c707451d8801c21e2efc83ae833ef39bdeb9de22b0e2d58751527f6aa24b9a1a173fcf272f8bcfcf00fcd03186336f963b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD022.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\y05mn8sxKsxl_temp.ps1

Filesize
727B

MD5
a3721e981e81572ed2df3d4442431f32

SHA1
3cc3ed1dd9df028a04775ea031d1b663178fa8b2

SHA256
7de3782278028d7090328534b121ca8d530fbde19db273ab5bb87788b3784e6c

SHA512
17ec89f9a59406ab4fbbb0f4913f0a7bc59b12768a565ff8eb2ba0b153028dd19fa82c2376b6cc5db90db33e9d58d96e0f46ec358cd550c8b3ae92b543143a05

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
e2feb578d5f2810cc72f68188aba248f

SHA1
4876c8214c9806ef8be3de0109ed75526c254fc3

SHA256
045c85ed6ad77314ac3bfe77b6761c2acd170b39333344d7564f225f3fbac9be

SHA512
2a86175a63c82e2d6a42ba41f7cadcfb216bf8f8f0a0dcda51ba8339f39fbcd16a21dfdb9e610612e5e51fe666cae176975addf0bc935421a41923cebbee0dcb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
148be3a956703978cef6b056aa22f8ff

SHA1
eb9d4d37fe464ff2aff7e636cca46fc4967778ec

SHA256
e544720922dd45c60184c5573d035a5594c7ca3b41015941df79edb3f0663a19

SHA512
a9dff8d5b88c75d0a7747912125cb251d747d80e4618d0b03a38df5fcf7893b56e3db10f2704795832d325f032e8b6497d7fa7244aa2f878bb491bfa34c13759

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
87620cfceeda94af0759a761554d1cca

SHA1
cb49f1930fd248129cf9dce66f7a0a178f18cc86

SHA256
cda543078b82a4967a44ce9f5b95be33957410ea0cc8e8f208758d502e789409

SHA512
c41a624cd49402631b1c5f15559665fe0ecfd3ba05a553b93476012502309d5001c270c6f218fe58580b4da57d511b0430186fff03639a7f49fea590f3e5285e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fqbfx32.default-release\places.sqlite_tmp

Filesize
2KB

MD5
2e0d404e4275721933dd2bc77d5b9963

SHA1
c71bcd1dc6c3374ca8fd9714dc775916396097e7

SHA256
73a36311ddadefaf5753fb3788d5585195bf1603053dce5b5f5561211c839c28

SHA512
4b13bcf25d3b475d7cfa939c1673d5542aa5a2d292bba8bb8a01f28bcdbe4307a2228451f112a182d6fe032c93a8e684a6d30afb7fb06fe39b41bf621f739ada

Download Submit
C:\Users\Admin\AppData\Roaming\ZI3vSNGXzPes.vbs

Filesize
141B

MD5
bee4b835076d15b9486e145637c2a63b

SHA1
a419c29bbb768b6c75c9dbc6e4696dd369b22f4b

SHA256
aa18473a2407198dfcf922f7128694b1f45a83e5b5d3b8ae16857f863664fcd9

SHA512
f245a75722049dd609112562291cf3e2e5627b96d0678383142b8756526ebe0f178068760511b116985a983a3c63201c7c4cbce5dc567911fd446fbf0ab3a6ff

Download Submit
memory/1744-581-0x00007FFCE5A70000-0x00007FFCE5A71000-memory.dmp

Filesize
4KB

Download
memory/1744-644-0x00000288BE470000-0x00000288BE4DF000-memory.dmp

Filesize
444KB

Download
memory/2748-559-0x00007FFCE5C03000-0x00007FFCE5C05000-memory.dmp

Filesize
8KB

Download
memory/3256-833-0x000001CC2E510000-0x000001CC2E520000-memory.dmp

Filesize
64KB

Download
memory/3256-824-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/3256-872-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/3288-629-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/3288-636-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/3288-631-0x000002A6493E0000-0x000002A6493F0000-memory.dmp

Filesize
64KB

Download
memory/3288-630-0x000002A6493E0000-0x000002A6493F0000-memory.dmp

Filesize
64KB

Download
memory/3288-633-0x000002A6493E0000-0x000002A6493F0000-memory.dmp

Filesize
64KB

Download
memory/3540-613-0x0000017BEADD0000-0x0000017BEADE0000-memory.dmp

Filesize
64KB

Download
memory/3540-612-0x0000017BEAD10000-0x0000017BEAD32000-memory.dmp

Filesize
136KB

Download
memory/3540-608-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/3540-614-0x0000017BEADD0000-0x0000017BEADE0000-memory.dmp

Filesize
64KB

Download
memory/3540-618-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/7704-843-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/7704-844-0x0000022E41100000-0x0000022E41110000-memory.dmp

Filesize
64KB

Download
memory/7704-846-0x0000022E41100000-0x0000022E41110000-memory.dmp

Filesize
64KB

Download
memory/7704-885-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/8360-893-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/8360-870-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/8360-871-0x0000014D02C50000-0x0000014D02C60000-memory.dmp

Filesize
64KB

Download
memory/8360-873-0x0000014D02C50000-0x0000014D02C60000-memory.dmp

Filesize
64KB

Download
memory/8832-847-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/8832-892-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/9048-845-0x0000023CA4E00000-0x0000023CA4E10000-memory.dmp

Filesize
64KB

Download
memory/9048-854-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/9048-802-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/9048-814-0x0000023CA4E00000-0x0000023CA4E10000-memory.dmp

Filesize
64KB

Download
memory/9048-813-0x0000023CA4E00000-0x0000023CA4E10000-memory.dmp

Filesize
64KB

Download
memory/9352-853-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/9352-781-0x0000023BB4F90000-0x0000023BB4FA0000-memory.dmp

Filesize
64KB

Download
memory/9352-780-0x0000023BB4F90000-0x0000023BB4FA0000-memory.dmp

Filesize
64KB

Download
memory/9352-779-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/9552-857-0x000001960E820000-0x000001960E830000-memory.dmp

Filesize
64KB

Download
memory/9552-858-0x000001960E820000-0x000001960E830000-memory.dmp

Filesize
64KB

Download
memory/9552-887-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download
memory/9552-856-0x00007FFCC2FD0000-0x00007FFCC3A92000-memory.dmp

Filesize
10.8MB

Download