Analysis Overview
SHA256
f3be685607271c36836e02aa2596cd98bbc611c62298f7d1721bfd119404d453
Threat Level: Shows suspicious behavior
The file Era Setup 1.0.71.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Checks CPU configuration
Reads CPU attributes
Checks installed software on the system
Drops file in Program Files directory
Unsigned PE
Reads runtime system information
Program crash
Enumerates physical storage devices
Enumerates kernel/hardware configuration
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-16 21:57
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win7-20240221-en
Max time kernel
148s
Max time network
146s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Era\vulkan-1.dll | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\cs.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\lt.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\nl.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\am.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\ar.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\bn.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\fil.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\tr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\elevate.exe | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\d3dcompiler_47.dll | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\it.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\pt-PT.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\te.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\ro.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\ur.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\chrome_100_percent.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\en-GB.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\et.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\fa.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\zh-CN.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\wheels | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\libGLESv2.dll | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\vk_swiftshader_icd.json | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\hr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\mr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\build-in-docker.sh | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\he.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\id.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\ml.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\sv.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\fi.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\sl.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\uk.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app-update.yml | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\libEGL.dll | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\LICENSES.chromium.html | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\bg.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\de.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\gu.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\pt-BR.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\vi.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\Era.exe | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\v8_context_snapshot.bin | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\binaries\FortniteLauncher.exe | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\binaries\go_build_gemd_src.exe | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\sr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\vk_swiftshader.dll | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\af.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\es-419.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\ko.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\sw.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\da.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\hu.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\lv.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\ru.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe
"C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe"
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef59c9758,0x7fef59c9768,0x7fef59c9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1376 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1488 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2272 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:2
C:\Program Files\Era\binaries\FortniteLauncher.exe
"C:\Program Files\Era\binaries\FortniteLauncher.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2956 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3412 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3856 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:8
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1036 --field-trial-handle=1204,i,13085744919783063866,19822180553394596,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --mojo-platform-channel-handle=1276 --field-trial-handle=1204,i,13085744919783063866,19822180553394596,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --app-user-model-id="Project Era" --app-path="C:\Program Files\Era\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1616 --field-trial-handle=1204,i,13085744919783063866,19822180553394596,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2456 --field-trial-handle=1204,i,13085744919783063866,19822180553394596,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:8
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1904 --field-trial-handle=1204,i,13085744919783063866,19822180553394596,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | sentry.erafn.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 172.67.36.183:443 | sentry.erafn.org | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
Files
\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\chrome_200_percent.pak
| MD5 | 5604b67e3f03ab2741f910a250c91137 |
| SHA1 | a4bb15ac7914c22575f1051a29c448f215fe027f |
| SHA256 | 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c |
| SHA512 | 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\chrome_100_percent.pak
| MD5 | d31f3439e2a3f7bee4ddd26f46a2b83f |
| SHA1 | c5a26f86eb119ae364c5bf707bebed7e871fc214 |
| SHA256 | 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e |
| SHA512 | aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\Era.exe
| MD5 | 2f88617165e05e48e90f6969e5884227 |
| SHA1 | d796c61b1870a69cbcbdcf1687d23949a3c88b6c |
| SHA256 | a06cba453802d87bec65b60b02a5f30c359e6d3d9cb0565243b4bcb8e51dd38a |
| SHA512 | d4bee2d2ee7aa8b429f6f8b30a6d9104a49fadf73b649d28d04f2fe723abd4b79a373f8d1c4da884bbbd23bdcd77b168e768f13ab45d76258644d9e3d0d57965 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\ffmpeg.dll
| MD5 | c184ad77ac8ce299475c0c85621aa782 |
| SHA1 | 308c55c03dbb1888fc0d214f5f5315707ec5af49 |
| SHA256 | ec8652d431dd41424cbad04957841538fce811898edd158488672df1da2450b9 |
| SHA512 | 90ab519179e82b158f6a6b44247421e00db4477b4a3ed1135b6bc3af8e16d939aa6286b2781dc02424903f817d5a61b30251b26c9f2335e1ca570d4252c915eb |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\icudtl.dat
| MD5 | 76bef9b8bb32e1e54fe1054c97b84a10 |
| SHA1 | 05dfea2a3afeda799ab01bb7fbce628cacd596f4 |
| SHA256 | 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3 |
| SHA512 | 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\libEGL.dll
| MD5 | 773bbe681c1fab3d4d9ac505678f49e2 |
| SHA1 | 6eb8dd50d3674d60ce805f59ed98a5bde42cafd5 |
| SHA256 | 98a07bfe813d4e0917c82437b9489ab72694a76f71766c9b0cb61daab81ebf74 |
| SHA512 | 2034ec31a8b71865ba7edf3bbcf5425756c46ffa896909e2c4b423171b205194ddec2933043ee906d8bd01bbfc3a34c2f09ed847aad3c8d5be09a886f19835f2 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\LICENSES.chromium.html
| MD5 | d18c09a075cb6531d7ffd7c3da77bd4e |
| SHA1 | 571f29b6004007111782bf5727c4bc9510cca286 |
| SHA256 | 86f5222580a4ab03dad8ea62e6cea22b23454dccf1c77e74ae0e0410a13b16fc |
| SHA512 | 091cd68e12633919fc6100b606f3002b16f4b9c7c6d7c820ff20e31a3b9ea690c8a1fc90529ff3e5c21e8d778e254743a8708049830c3bb046eda8f2653000b7 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\snapshot_blob.bin
| MD5 | b82ff216a0babf602940759b9a3af870 |
| SHA1 | 07e8a22dcf8d7be04a6ddbcab3098e040494bb0e |
| SHA256 | 943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5 |
| SHA512 | da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\vulkan-1.dll
| MD5 | f8e139bd2e17aa89ba7974490d9eff16 |
| SHA1 | c47ed79376fef9205f9678cb314158cd85874104 |
| SHA256 | 757393d275a3ba855e44973b6e31730492ce72598f3e1a5c15c577334cc5d8b1 |
| SHA512 | 36610001fd4fcd6d3be7712ee6229e8fc85dc7ae155ebab005318db8f3ec7b1a1952c0c0f353e2b55c993f86ce03a5ffd93b5d3c76a3ea6f2970cba58e6b22ab |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\vk_swiftshader.dll
| MD5 | 804f1e0bacb8621541c8b18d098e4a51 |
| SHA1 | 19432252cd892be774f6a0d5bba90ab2e18b51b6 |
| SHA256 | b8ac7a8b0d32ca5ad133dcc25a4128f8f379403e4700d2a2e988441bd50a2949 |
| SHA512 | 51375fe442120fe6747a395c5bf26ff6ab82628823fff5f80a5e4cac0cc44676427722736ad82d2b13be57f47dcf9af3684dcbbf4be0bd2428691c3ac3ab6700 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 031ea03da08fe1247280cfe781658791 |
| SHA1 | e91db50ad16b5a5fbbaf4118672d60b347ea6161 |
| SHA256 | c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c |
| SHA512 | b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources.pak
| MD5 | fb620332959ee6e46ac1c2a2f0e1b2d1 |
| SHA1 | eb18c735d187647c3c529932b8b80d9c9af09286 |
| SHA256 | 66153f7b388503a9bab9df1fa157d3af88548bee264525694bca9a61ce3495e7 |
| SHA512 | 1e5bfcac24a76ca8fae7b7fa5407f4eafeecfcda54726d66586f1171a7ba30cf76544d75aa44f1eb64b202e686ccd2c00c8cc0b24b249fc5c6c28c156cd03775 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\libGLESv2.dll
| MD5 | 977a79d2155e9dac5eb1a6741abfdb11 |
| SHA1 | 8706344e4544a3381cbfa2ef83a223bc942464be |
| SHA256 | 364dbfa38fe501f73b3935f84398e9cb261a1b63f4e55934cb323255cfa0dd8a |
| SHA512 | 9c2b072592f313d7083bd762cd100e05ae2c50596aaddc083bb7f9b75d20077bd6c2328049de9c854b2653ee4b4834eb6728aa09edd146f18cb25d6655e8e558 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\binaries\FortniteLauncher.exe
| MD5 | aeaa6f47b71614437c0d47828da005ca |
| SHA1 | f9d016d3817ebbc28556967b8b8c05d120acbc58 |
| SHA256 | 31eb3c804c7a248fe505d948ad9b3891b6b6f9210bd84aaf0eb716478c490b66 |
| SHA512 | 6785eb5ae5d6d78a9c2f004ba5c91dd6603fd8efb39cb50f4bc3ac16d7377fb1317ba12658b63d575c17de04696b88c09c8a812340c4c40394196dab99d41a60 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ca.pak
| MD5 | 2f8d050c228583559cda181291b76e5a |
| SHA1 | b047f1cfb30b1162b1dd79f7e424a83fd807eec7 |
| SHA256 | e1d6b5fd0bc411f2895eaaa1409916f5ffe39a5c6bd1bafe8af7ce33da5be17d |
| SHA512 | e4f150cd9942ef5105e72376835da6edc31ef91783e41cd2fc04600c04f342bbc96e08e23c8af1c0c1e563bb8a7d3840a2289767525c30d08c2f23d0e837801f |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\es-419.pak
| MD5 | 774ced79da2fd32bd1ba52a0f16e0a19 |
| SHA1 | ff36dcf8b62046871f441f301dd7af51cb9ce7ee |
| SHA256 | 5aff3762747a6e8c6df9f2a3b470bf231b44163006b17ce87e2a03694be27b81 |
| SHA512 | 7763c15fa97efa9a5af73dcdedd4fe260139bd8ff782ca3aa0937d9355b2d14c3e482e570844ac33d22d7b016c7b9097d727c1dd585f421dccd59ca7bbc24269 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\hr.pak
| MD5 | 7095ef4caf6bd39174487002a4e09300 |
| SHA1 | 1efe686bd0b7f035aee7ab4c52be6133121cd0f3 |
| SHA256 | 3d7685163c5eb6a11e745ff934312b8681c5f85dfa8d9ea701e9dcaee1e7a285 |
| SHA512 | 45488d46dfe7a31a007932917f7baf4c195da899de5dc56d98e555336668af3edb77996487649b86f56beac688374ce77f8feadc01e3f84d30d83bd67631f9c1 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ms.pak
| MD5 | d5da199f347452c5904bff9332a08f84 |
| SHA1 | b5fb8c22708a7e3130684f1a9923b6dab10c3ae5 |
| SHA256 | fe58cc4f62fc31e32c1fb9a0893a5483391ab6a91b1c92ed4a5e3103a962da7a |
| SHA512 | 9fddeb376bececc51dec997b3ed1e22821340fa172636f641af774dae8bc9b5c0780757380bf3fa8df0f9682a555ede81c449ae9468f63215c17123d13ee9f35 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ru.pak
| MD5 | 5cc0f54e022a9996773dbd64906d5580 |
| SHA1 | 87c103bd69724579b478f904235e03caf61d5d79 |
| SHA256 | b4223b56ec88235819a427d60bb937eb3984076523f02a018f57819e0429bea9 |
| SHA512 | b3365fedcba50643cecf1a70297e1e67990d63ae05caa87de01a70ef6f28e0f73a9a0edb0ff80b4138c624e51aa2dac065a2d40877fc92137714ae07734c2f4a |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\zh-CN.pak
| MD5 | 2febe4ef32e1a3884089908f402ad62f |
| SHA1 | e65c54adc127b78494dd6189cca71f1c7bd2a5b0 |
| SHA256 | a7ac9fda6f4cd189b75fdadc4b70cd0d369a09b66eaeb5d032678cb97ffc98f6 |
| SHA512 | 8e8b030af4c952c32ec277850d5573414630ff5196eaed52820f44e9c5bd03ab6f71a8add19215b0456eed859be0d5a6f28d48e12f1677d39842f35feffd5e57 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app-update.yml
| MD5 | d729a1d49bd7106abafb63e5c670c9aa |
| SHA1 | 1c92cffc2f1fb30f2c8281a135a6ad2b68f09b81 |
| SHA256 | ca4f2f0ef3f3a4d3ffdd5389d16f8562bcc1290d69a6e2245d0de621854b8244 |
| SHA512 | 5ec24113065db1b14341b53079fff79f149bceeb9d850b42b8a2c28c54529430249e406da77650e83bbf20f9289dd4c7541aa434a538d5cb12d0821df77e8794 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE
| MD5 | c2710cd00242ca7d7bef0fc98dbbc7f8 |
| SHA1 | ba49c34590b171487fd5e383ca28632f551865e5 |
| SHA256 | 9503def7b54ceb6e3cd182fd59bc05d3a30d7eae481e65aaba4b495133c83c14 |
| SHA512 | 1b8fed37b379cfaac4e67e4ae0d0ae1c7e8fdd5178f1e9a289b646c5adb016c68cdcd743266fca87bd37bffc0951e0b9ecba8a57f0600a7dcd5cb52cd783637f |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\wheels
| MD5 | 6fec563925ecab8b6a98c3f38655236d |
| SHA1 | 9ad08eb80167574de6373d871cfff5511d2554cf |
| SHA256 | 6fa0613c1edb0c6b26baac0b759bf756f389a11e0ec0e64904cffb26ef8dc016 |
| SHA512 | 850a5285519965fe26ab0da2ae62d380648acb723d879e2ab770124e4146ce0a6d03f089e28af20604dd3e00913169f82ac568a1741014e0bc5ee7b2c583888d |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js
| MD5 | c63a1659a645a5095524923081813d51 |
| SHA1 | 1d97d7ccb0804b7a15f0593c87990ab0da4b6887 |
| SHA256 | 644476fd66a507adc49582e7371c87e4cacc3c7840c23fe920da2a09f05db08a |
| SHA512 | ae452613a1dc728428ed2e596d7fbb041e00a8aa300aaada289fd454f71267569fa548fa7c7217134572decab12e56f4aadd4853c96ef705ccba2dcb377018cb |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js
| MD5 | 1ffedd383c8097dd628411836505787e |
| SHA1 | 969306e8127b354f35f4c870f2da7b4034d4197b |
| SHA256 | df3b6ca3fff442454ffee98e8e4db5e3fe0d82ff19a49216cd238fa9282cb30a |
| SHA512 | 1392958e5a9c2e0c6df617c48547f5fdae32960bfb55953528ee345e06e1ae191ca4001a618233adeab27e16de5ecd203c405e8b4fa7f3a739cd3d2c4a1e9ed2 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh
| MD5 | 2ff8e17ece2c70eff9efdb2b1a524555 |
| SHA1 | d61c93df38f70f2244817c688a140224c9a99af9 |
| SHA256 | f07b481f34e732e74abe6402023f8b84f61281626ad6e25062a20fa8fd80ece4 |
| SHA512 | 0f847fd2b05bd4627a56b452f065e878005b6307bc101663297afb5f45c24d965ddc48ea4818c34ab35bde06f5a7711cf29fb9182c8ed9cf34e17d6434c487ee |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\build-in-docker.sh
| MD5 | 94b0fc212af523b8bfcd6c2aa5a5ab2a |
| SHA1 | cc0cb35f7ce729f7affe6b2c463e57966515e476 |
| SHA256 | abaa92d196f6752f184b83b19aedd9b1e28d328e6817de213f61fbd108351e16 |
| SHA512 | af0a2174e0304fdaa56ddae249049c142450ad4a0a9c8975548f61aa2bc356837b1d7ed441108156af32c979da5647bd0233a49db700ff0bbf528f9fa2c862e6 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js
| MD5 | d060ac623857ad5ca08e3a944768925a |
| SHA1 | 26fe78c92f55f9529ffa2b71da403873da29313f |
| SHA256 | 8d4bd4c779e177724aa7bf98e768e50ce8b2950ef5bf39fa08033057b400888b |
| SHA512 | ae1b42d7e5c5d60f935bcd08417d4d9055d71bfb80653281e990a687353592731a7c4423655fbb988728152846aa56a5f180335d254885338bf6c96ef2a8357a |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js
| MD5 | f42c24cde0162b93624df51f4e2abfab |
| SHA1 | f819638944878ac4cb49438d8599d3fbd9081949 |
| SHA256 | 3f2316e7fb20e82df9a8b08d6169a622a89808742806adee2e4d89885962357d |
| SHA512 | 67258cbaf9f46f1609cec9b87b7a577f855cde9c8efafa3d835a0d18fb3903fcc4733489bf81447cdf2c0a55701d569a75f11a81865dab8f624b722e76b7c674 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js
| MD5 | e8282413c1895eaff49de6dd9b71ab13 |
| SHA1 | 4e058f522a46e20bbd26f15a6922390ec2c1da36 |
| SHA256 | d6a28994173c1c36476121f8b0e3633e01ecd0589289901fba34fe218293443d |
| SHA512 | 301d2a6ae958e1ba936cae6f555a587ad87567055f4709d4676a3ef5b1a3112cb338b8a9e744c24cbfa784f00f13a1118ad48fd4f6bb060c5608e4ddc8779389 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js
| MD5 | 1d26f69361e75ca5cd2eac5f99249c72 |
| SHA1 | 787d51c708ce15b2c533a180a2bf639648bc40eb |
| SHA256 | d7d63601d3347efc93425f4f93049cfb9ed2b9ead1dce662c9c1bed3cba302e0 |
| SHA512 | 7350774074462d33ac9f2e130829306af08a6693fd597f40c39bfb194684f66d965cd23c10de5fc4389e4a2ffe84db727aad23dd683a805ae4825f10026cb040 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js
| MD5 | 50c3a734036b84685a15d56217207d67 |
| SHA1 | 1893de2684072a3a2961337fa9a9b45a52c52c0a |
| SHA256 | 171990f108cd5582f83432c1569f2c3e1aebfbfb159599f4ff2ab693c20a8f78 |
| SHA512 | 3aa037d12cee7cbf51826fb3e2aa87b4543dd62f5ff5f2f8915128061c07472304601766bddf949647c5ca92e8ee768a77139bbe91bdfaaae99dea4405168ea9 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js
| MD5 | c29ad60a23d5406728a51afa4352b4c7 |
| SHA1 | 2be817215890f5868717765570ce9f7422735c4e |
| SHA256 | faa867204c92db252271c9d850962ae1ff5c9448444ca907af483a6c874a6eb0 |
| SHA512 | e1784b8bf7119bf3380b192f1597cb3179425ff7ab347b144011fd17b62794760e6e092a0a1dae99302eb6c333f1638440df4e4e0eaf64f26d4f3cc46a74d04a |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli
| MD5 | b7c89ec5dfb8b15555f32a3bef6c3103 |
| SHA1 | a92048052f5fc0af532cd97ebf82c1a9fbf12342 |
| SHA256 | 7c5c97aaee075241bdc4fbc610b356445747e962ac3d986c5016acefd66a6ea0 |
| SHA512 | c47baa0e0896684403760a13cfa6dd5826152ec7ae83f783040d186eaca8af70bc97530bbb22b720d7482a4ad18c3959ab1af8ccfe3689b19a51955e777884e8 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli.exe
| MD5 | 4c1bbccaec3f88e00c176e49b3ea9742 |
| SHA1 | eea00e776e5979ae8e650ee9ddf3d4d4e93ff2ef |
| SHA256 | 299e9f3632bd8278384e60f7384279ccb394ca532515448f44e089a3fb119f1c |
| SHA512 | 3c82f9f06be9bdbdb6fc94709d6c582641b2bd1ba1987c0b42a8d5c653fc32c006873c8f236b45c62970b3abe6a8b5f9faa1a57c0c85d52fdc94ecf1bd21abd6 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json
| MD5 | 49f7deab5d526f6f79d8fd80be29c97e |
| SHA1 | e6ef40032a68a979454d30e9a483a1043367a90e |
| SHA256 | 3fe1b2bd4e7ed12e73c5717dc162f9086a4b349528042c4313610573530c6992 |
| SHA512 | 053d4996c3376aa0fbee16be84d0a7f86b043ee1928dfe81e5b8db1686ac5e42db26b13ecd168a86f7315e8c208549b68f1ee3b64df3c12426eeda73c4efcdbe |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt
| MD5 | 1dcfcfdd8cce3e3b0fa697af106e4075 |
| SHA1 | f9261519f777790f7cd50c91e389d0e6589bd92a |
| SHA256 | 1357dc0a2f6ae355ab59b409c94cf635b7ed849a3bcb60e95b7132cbfd297324 |
| SHA512 | 751ac3545299650e783daf0a45823660ce0b3f6dd7d722d303b9a801b02db61f7bb3a5129f4481294f2201fb5ad4e7bb1b2ab9a2d993ebde8a0d985f08ce34a2 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar
| MD5 | 774ff4d0ac7a0ded5523f80e718164ec |
| SHA1 | 5e9cf197b03584a2f1e22dcf97b5c4a33571b60e |
| SHA256 | 4135eb4ca7ebea03688ee0946b3e4958a1cec234a9bc296e561fd1701e7a6830 |
| SHA512 | 4cda95b52402660d21c028a91aaa3b708d8648222710187f690d5a601f20b5ef6491be4da455110fdc2531451f4e4a12b07f8cbd386cdf291db7dfe6ec38b8e7 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\zh-TW.pak
| MD5 | 02e9e0bc5c30ca60a869ea761fb662eb |
| SHA1 | c5200f692544b681af8757627da430aeea4283ee |
| SHA256 | c5061ec00bd969f76f3c0c6ff15ddacafed7491260bd8ced78118691ba57bdff |
| SHA512 | 07b5f401f89dfc36499a3e74318b471d9b2e795dc363dfd5a9394089d4783a4b51fd78e2092701b6974f1c51020f3b5f81171ce21690f8547ff3c8f3d54ce781 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\vi.pak
| MD5 | 065179c466c5b7457e249f11d152b99f |
| SHA1 | cfc05e9dfb91b2af2944aed4718fa05b43844914 |
| SHA256 | b75694e390bd2e20780b3bc72f6e1473ba45d7537c27642a7d888dfd3bb6c3bb |
| SHA512 | fb598391a028b7d3c7e25cae21ccfde655e6f871e498767a54f7cf0d5d4e48207213cd2598ca88e4f46c303cd2d8175238a5a5b720ab37beec1873d681165a8d |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ur.pak
| MD5 | ba86f1f13fdc37a2c48c1da34c84f4c4 |
| SHA1 | 2f1578d0eee76e60effb63967712b15c0d56829e |
| SHA256 | 4c7affdcc324cd791d10e235da809ce7501e8005be64340b6e8bf5595647a707 |
| SHA512 | fb2fe1548574da860bf27408a4f29d781fcefc300f744f4214843f343e343ad8bae29cb7047f87f5c3277641f561c6a30e5bc9d6490afbefc7af36974305a688 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\uk.pak
| MD5 | 3b2a976a25dca963e91df3695c502d8c |
| SHA1 | ce7ae51211f512c3723bb43ea0de9e6debb70597 |
| SHA256 | 28ea88f19b2c34699d535ca0c691449b7e4001c12e8aed8d04b2078916e88a37 |
| SHA512 | ba41ee074239afdf8f194b4ccb33060fa9655e3ccdac6a16090959d3214f8db15396b3e038d7de26c478fdd003472f680d2b6ac9a92acaf6ebf8aa258747ecc6 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\tr.pak
| MD5 | 46f9b2a35efdf1120a8a946e4f1d0115 |
| SHA1 | af7bec1fba32d912b50288a7d988440627e4ee85 |
| SHA256 | b22fc7b75c52cc142f201d5cf107d17c1b173a494a6add022127f559fb46bcb0 |
| SHA512 | cd67f9c328408a8295f224aec190c7c411a868755fc5c9e90b4985b3c41a05d6d34dd30d4a3866f6c24e1d640f4c324bfba8c7ab806a6b216151cf0a504a03d7 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\th.pak
| MD5 | a970b7e9d3aec2cd1b8ab798b3179f07 |
| SHA1 | bf17a7e80e01ac1704a1efdf27baf271b4c21e36 |
| SHA256 | cd80bf232f2f128a3d411f52c8039987559dbc1055f746eed6e0e8478b116dc1 |
| SHA512 | 880555a2ac2f278aecb8794d8cc51f0833052e9f4ca187ed91fa35bb475e68ae3255cfe1dc074eac960c73c203e62c6b38077b266f5fab66ccc3ca73e94d4d60 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\te.pak
| MD5 | b1b6a9e3a04be79080ebbfacc1a0eb2d |
| SHA1 | a5c8eb6a930062f6021d073d5f74ae146dc7fbc8 |
| SHA256 | d839531c4ff4a2885c993e0d358f78667215b0950c77a06ef01a6acff9221c5b |
| SHA512 | bf0b163c8fc3988bfeb3cbb4b981596ce5afdf7e40149622fc3b60994e7d8efa5bb24c830036d168a6638feca48b8755aefa8640faae37055cae8fffb6a85568 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ta.pak
| MD5 | f100566697a96ce1f0a0c7e0bbfbe36d |
| SHA1 | 4c80a4930ba7d174c4203c199492463242bddf62 |
| SHA256 | 7e818deedd50a533851bbf08e056bf2ad8d45f442a1a61d9b48e66804ea848db |
| SHA512 | dfa6132a5b7e819e8d326bf5ee539d9ecb2dcd7fea429c75afec2291df9eeead6fa347b01f9feaf2235bce627fd39116176195f7a3d7d74de28951f939db1645 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\sw.pak
| MD5 | 9632dd7d883fa4deb3963ea663e0ffd4 |
| SHA1 | 0db135be4b3a7c54c39e9df5034d5576b68ea92e |
| SHA256 | 690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e |
| SHA512 | 3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\sv.pak
| MD5 | 5130a033016b45ae2c3363edb3df7324 |
| SHA1 | 9f696d78b1b9efec180dc89ee0defc3ba23e6677 |
| SHA256 | 3420a1fbcca5bf8c2d65d6dcb0db78b03f95f7f2fc56479a0de6e3312333ce6f |
| SHA512 | 401b71360dcacf3b1fdc411c92195051370db110863cbed37143263e7804cb24b75ff1908ee39ee848c28776df00d6edd8cc748acf3725668af7815929e8066b |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\sr.pak
| MD5 | fca817ed4b839b976ebcbf59cac66d68 |
| SHA1 | 413efa65470319999032b6a25b3b2ee33b8cd047 |
| SHA256 | 524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb |
| SHA512 | cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\sl.pak
| MD5 | 4ad22c6c64dbe0fc432afaa28090c4d9 |
| SHA1 | 19eb65ae52a585dbd9c25c32f22b099020c43091 |
| SHA256 | 6002c129a56558832e9bd260c427c0bd2e1566e0aea3ad999f89c8e479534f9b |
| SHA512 | 94f9d34e76560059ef80fc04be4d54e52a7d934dd28747db7f0f6684243b841087245699a471a55d667623d2ce5e597a3d2c6bc37cfd7ebd2f5b8fb40e6207e7 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\sk.pak
| MD5 | 72946b939f7bcaa98ab314cfba634e0b |
| SHA1 | 71c79a61712c8c5d3dac07a65d4c727e3b80ab17 |
| SHA256 | 75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7 |
| SHA512 | 2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ro.pak
| MD5 | 745a9b8c6422682f2cfa5561cc1f4022 |
| SHA1 | 31e3616ef09f9b1fd1c41cf8f43e504a6f90276f |
| SHA256 | 7247470057a936d03bfa2a8776508ab66aa1040c41a4eb8f79c1e93551c74bb8 |
| SHA512 | 8e0b7f98cb842a862ceca65e0166462275feed26c32c9c299aba9986d36b716a90d4a8db5ccef355ac266b7e969071014cc7ab6439778e77c52754bc23b4c575 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\pt-PT.pak
| MD5 | 3f367760b57a5e4360dabcd4a650bc5f |
| SHA1 | 8d7cd6b0eb42361ee862455ecfa475d28f5aa934 |
| SHA256 | c89170385b3afb2ec89fbd61b8470ac718713c7296441c8430f173dac218e74b |
| SHA512 | 3dc30780d57dee91215a716dc6b4cb432838aa0161af4371f49f70db2076bd155b170fd2c1617f59e1b572144a2e150a34143eda82d9f2227d24d2281d5aba60 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\pt-BR.pak
| MD5 | a064cb9d7cf18936600e9ccc03297006 |
| SHA1 | eb436a0c584ba91acb05dfccde139afbe26fe9f4 |
| SHA256 | c9ec3822044365457b8736348cf95a8e39bdfe3ed36267449bf3ed739accef2e |
| SHA512 | 95af684abf9d24cfc4d0668a02da1e2e69f5e671d671d8cdfadc22ec991908c6aa5663fe1fa88ca8e85c0508f409fa6c2bbc174c53674270f2b188018d358415 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\pl.pak
| MD5 | 0dc77139d3530695cb4e85b708bc0bf6 |
| SHA1 | 6915655afd1e37361c011f5c2113d72c7a0e85bc |
| SHA256 | 53b59486361b11512fb90f15065104b15ee2322bb7804f859cde2f2ecf9581fb |
| SHA512 | ee1ca1d99ac279df4cc0e532aef2fc531061736b636a84310bdbd627e0f2435eac1a386ebb19aa901b6eae3929bda1c5da4f41b73a25a1b20137522e34547600 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\nl.pak
| MD5 | 9f547a24e2840d77339ca20625125b4c |
| SHA1 | 23366411b334f990a0328a032b80b2667fda2fcd |
| SHA256 | 55413d5eddb3300e0ae0fa5d79d26fdf1e5a12922d7018c8054b1faa9d660301 |
| SHA512 | 34da7a0b58ee3904d00cf02d16d5a3ef508fb708d7c0a887286fc32cd6145b2bd857d317c784d1d1b17662041eadcf7e225908980eb93f2b81161d845c0bb67f |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\nb.pak
| MD5 | bbae0915edec081b04bb903b689bc40b |
| SHA1 | 6a0fc635ce1c431e512b8b3b8448176aa4025556 |
| SHA256 | d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8 |
| SHA512 | 573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\mr.pak
| MD5 | b9a2aa88c69c42ebcc41fef00c980a38 |
| SHA1 | 9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8 |
| SHA256 | 481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09 |
| SHA512 | 5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ml.pak
| MD5 | 00292b0801e0dd0a74091bf53f1574c9 |
| SHA1 | 63a002e7a8796bc4b4459a19c95ce426fbd1ec7f |
| SHA256 | 61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6 |
| SHA512 | e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\lv.pak
| MD5 | e664eb35f1284e9fc615e1bb4fab892b |
| SHA1 | e777653abec377a394170b04f79e78acbe4b6a3b |
| SHA256 | b5a31cbfcb40ad8d911de1618c4eb7e8cc67b97eb8878220f15d40eb014d8ac8 |
| SHA512 | c3232997e8d306e91ded72e9d81ffae2018af3e6c32fe620532e03bccd2883fce59b2a2290a1580d7080c468c02bcd24c1bc90051f06bfa9a4e17857d4aa583f |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\lt.pak
| MD5 | 7b6bf901352885c0699db71239b7cf24 |
| SHA1 | 9e3ec5f327c0d0e54a449332061e60a8c79243cf |
| SHA256 | 9200a9509bd77834d9912f4ba8f4219d2b9bd2cdad49a11873db30e99b9d1350 |
| SHA512 | 79ebef723fb4c17581eb869b4b4e1a364a3d28df0e168e7e1a3583e0c1ec5b9716dd270925c0545b8247421a64b03705f10910fe3416900de9258840c470d580 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ko.pak
| MD5 | b31780fff9541290c1d9f5b76141430d |
| SHA1 | 8b0fbdccd0a7f8141846763a0d27e4e0da0552dc |
| SHA256 | b04c1b91cab31054be70cb851dc6716065545445801045daceb96eeee4d2334a |
| SHA512 | a573dd09520059832e7f53386a64dcdde47452b02ce1e5d7e11385abbc8b734dcee0065b4ca351591bf9cc2f66fae204b9300702246d20265e8ddff4f7c1e6d8 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\kn.pak
| MD5 | d3d6bc60bead608e68e776e07d21ad30 |
| SHA1 | e40e38ca99026056c127e9e1a1ff821a50310887 |
| SHA256 | 90b2df3338468e84e2cf2f2f67597cba5c3ceb5dba9c59ebd072ec15a70ce741 |
| SHA512 | 05421db2f1202573a34de1e722c6bdb55a35821c4aebd54c80e6594fc92075cd9b97e5bfdfe93b4228c3a2646b92a27da4722ef3826e2807238dcc56ba273706 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ja.pak
| MD5 | 8209dd8cf4e416416e015ff239b7c483 |
| SHA1 | 7affd1707b9eec52c26a4c17708c8471c369e2f6 |
| SHA256 | 3accfd9a1833ddeedb2082fb94101beb59b555c60f42e3070e9e04a372eba84a |
| SHA512 | 6a58a1ea8a46c325cac0629f2e3b571532a9a2a342ed61ca47bd1dcee20ce0b0350e4f6d3e8e4c6903c7ba4a4592a6382bf0fcb5437febd1673b3c2ce8cd7499 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\it.pak
| MD5 | 91391f388b4b6c12a72710c35f4c355d |
| SHA1 | f89e6ea977a10a9f050395489285ce8c041c2c05 |
| SHA256 | c0dc0a4a87f7bb054a30eb1174c3228ea2014bd94668a7d22995b99c4937d817 |
| SHA512 | 8796d69d1a8bdbc7690ded45404174b7fa0b5bec8453d79a3c85bf4707c3f32caf634c792c72ce7bda3522eceb5fc6761b696471586397064d9f1f1988ceee88 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\id.pak
| MD5 | 881ff04e220aa8c6ed9d0d76bfa07cb8 |
| SHA1 | cacf3620d1bf85648329902216e6cdc6f588a5ba |
| SHA256 | 9210c4c4c33e7ceb5f70005a92a4fd36ca4facdd41701fdc1d2ce638db8adf22 |
| SHA512 | 9134102928aa80c49bbf2b862e8079b2ee23636ce63412a4c3813f234d623ff563f5ca1ac407ddb77cecf1224896ed59ae979dcf63435d35a4f13de9c22755d5 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\hu.pak
| MD5 | d6904e7d1b6750d43a6478877c42618d |
| SHA1 | 919f090a6a3aa1112916f5bb0d5b73a62be43c1e |
| SHA256 | 3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f |
| SHA512 | d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\hi.pak
| MD5 | ede7fa471c5eebc1fa55b9b3b6f92d00 |
| SHA1 | 1d1f529c615799bb3a3319ddd1357cb5dc71464e |
| SHA256 | 1e9623c7407ae8b8a88df3f69a47ae8117f74c4dcb56897bb794a9c38ee5805b |
| SHA512 | 0f51ea54e828700080effa6c728230c523ff8e26fb350e6f337028d18614d5dfc4a2792cb92b5e606bd0702067f55fea546029cddd1ebf7fa74ef5521ff08338 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\he.pak
| MD5 | 6376d0a5f4273b76b1f4aabade194e0c |
| SHA1 | 337ba39f09454c0779ab64872b9fa11f866d6adc |
| SHA256 | 875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45 |
| SHA512 | 00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\gu.pak
| MD5 | b7f4c73d56be31042d8edd7e8ea080f3 |
| SHA1 | c0c3595701c0a75c14931ed65958d36df0d925c5 |
| SHA256 | c36a20730d5f2b91cb61b5b2a5912db2ea5a328a9b8abe0fca0af300446d3c20 |
| SHA512 | ea0d766a754604cad4d5f3180c30f7dfdc3e1cfe79d67365b72adc0d7574851f21bdd5b748b16e8b4a95ade40c8ed0442bcefd511a2934cc9c701e379c955d60 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\fr.pak
| MD5 | 51ee1ed54fec49effd103c29677885b5 |
| SHA1 | ced6fd3354007d1ef3ea7b6689aae5213c20cc69 |
| SHA256 | 1f6bc09499ee37456968a28b67b81bbf5b9df4f0c6035a388242d2037a3b65a1 |
| SHA512 | dfd50ad99b89345940afead11c3a6940d4408a0e6265cddda1d71ad92527ea00d8057ac77ceb2ffe137a3f0d2f321c210bc7cf97ed821f01e538dc08d07149a4 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\fil.pak
| MD5 | 3126f74d021e9423d71913bb45a62935 |
| SHA1 | c9a80c8585aabbfec34ae891416794b1b3e29a11 |
| SHA256 | 4cd3fa70487e894400ad29e3bfbfba3e1c5edd799aab12c62c3aff3c2580ce5e |
| SHA512 | fb360723ee53b3f7038eebd1b919a36784a0e3dc878e810bc905c4297379dade6006c8872ed68412b06161cacb0d6e32a7157ecf97d9e103a4ca3b2b71db8765 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\fi.pak
| MD5 | fa7dbd2ee35587ff31fde3c7107e4603 |
| SHA1 | baaa093dcb7eccf77ce599c8ff09df203e434b60 |
| SHA256 | 5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c |
| SHA512 | 587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\fa.pak
| MD5 | d55f65c6fda6ed6f549d2c9f0a4ce874 |
| SHA1 | 952792f2da5ed9cb1cfed14e5afb8abf5cf29cb3 |
| SHA256 | 221bbbde078d135f6daca4978a31cc6a82f8f46536467ebc9a0cd322c58a7785 |
| SHA512 | d0bb83467182d8b3a8f8371d749e682cf05f89daefe28764f2c263e7cfbfc3f86cb388061b48dadda26c3dd246dd6f7a57af58ca9344c2f6b90de87af1e91c69 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\et.pak
| MD5 | e97fe1e6d06a2275a20d158dc4e3b892 |
| SHA1 | 1575b9b1fc331a70bbe4ca7d1095d4ed6777ecc1 |
| SHA256 | d984aee4d18ca24a88846b1b6e0294d373733430f30bb4f1b97bc7d50d512c2e |
| SHA512 | 77879a4d1062671b616ba9b2ce0b6f69a5dbed6bd56b73ded902d1f9f44ecd96a2212690b3568c0ba273c73d91589ff2bf18c7ef9b66e0630fbaafde2a61b1b1 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\es.pak
| MD5 | ba80f46ef6e141cef4085273a966fd91 |
| SHA1 | 878f35e15b02558f75f68ec42a5cc839368c6d61 |
| SHA256 | 267e7b6376e7e5ab806b16fde93bbbcd961bf0c3a7b3a2cabccab37faa9a1d16 |
| SHA512 | 8a8b4f7db23d4c93756b6dc4219f00c77358a8fe992da1f51431597b82c3aa87abf3a98d79e13e7b4a14a1a9e94d388760fb6abf3a744406dee951c8e78cf361 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\en-US.pak
| MD5 | 3f6f4b2c2f24e3893882cdaa1ccfe1a3 |
| SHA1 | b021cca30e774e0b91ee21b5beb030fea646098f |
| SHA256 | bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f |
| SHA512 | bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\en-GB.pak
| MD5 | 502260e74b65b96cd93f5e7bf0391157 |
| SHA1 | b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7 |
| SHA256 | 463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b |
| SHA512 | 0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\el.pak
| MD5 | 306a80dadadb1f9182810733269537fd |
| SHA1 | bc01a65a9d024ec72e613aedc60f4838be798040 |
| SHA256 | 92403b6160e38746597d4dd7f64d64cf19e30b5e7862901263c39679187b2c91 |
| SHA512 | 491016b8fcca59a7dc9523358c4a7b56c55360f424e8fe9330d6f01480835805e961f1e48f8777660510d9af9a66961c639df162190dec595a867d54150eecfc |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\de.pak
| MD5 | ec069f60c9825080b9d18ff6492e816d |
| SHA1 | 34ce5101c9646f9c2deb9820a3b26eb91c525ebc |
| SHA256 | e0f632ce324951002c80e019dd0169be9f6b0640533fa434cd6ca80f28a1d3f7 |
| SHA512 | 95a88ac98f0957e5f200af76c1a743b976228f7da1bb6c6b3b88a54adcff05e1172d7cf2e6f0a82cbc8ad0aa79974a1bc046516250a3a5889fd7b2e4d7c0b804 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\da.pak
| MD5 | fecabf71853bab84eacdd95699c49f69 |
| SHA1 | 8519afc13e100a550ca3d756518a0bc33674e0d3 |
| SHA256 | 1b0793b1cbeb6a56ff1e64523c37ba753457320aa29f9718022caa07b4981d8f |
| SHA512 | e932d382d41a79ece172349e916221a67d97f5fd4b2dc1325d6bd2f7c6757cbc01d6fbc8d9846f6ec462eb637210f7c650f6944418edbd3f8614ef99030d9392 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\cs.pak
| MD5 | 26765c7be201444f0238962bb16a506b |
| SHA1 | f9d4a33795e45127c14bcf35cc770845627e15e8 |
| SHA256 | 936466784a55b965d23b016bc49377655bc5d281d012c8369c0809c961e05c74 |
| SHA512 | 577d52d2d5048cd952aff1e76121a495328c1978cdea2eaa4f85812cc513917f69510e135e96f7967f4ed43cf88e180cb1d9059e17c855c8d4f94ca036730214 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\bn.pak
| MD5 | d6ccc9689654b84bc095cec4f1952cca |
| SHA1 | 286130971826b0af1b6d29c5283dfa71af7cd7b0 |
| SHA256 | e325d936cd97c3f9ddfca2d87caefb8b6e7465ffa31d0386ae2456b18f7a92da |
| SHA512 | db0400820c5cd1100337c955084eac3036b55bbf66b403337bec2079bc47696e2e48a771214662b286f4f45f763d2ad423aeccbd0f06cf0bc11038662558f4a5 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\bg.pak
| MD5 | 9dc95c3b9b47cc9fe5a34b2aab2d4d01 |
| SHA1 | bc19494d160e4af6abd0a10c5adbc8114d50a714 |
| SHA256 | fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e |
| SHA512 | a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ar.pak
| MD5 | 98f8a48892b41e64bef135b86f3d4a6c |
| SHA1 | 32f8d57ec505332f711b9203aed969704bd97bc9 |
| SHA256 | e34d5cabaed4634c672591074057c12947bc9e728004228a9e75f87829f4a48a |
| SHA512 | 6ed3fe415b2f6de24136917da870b47c653d15c7a561baae55a285946a6f75e5141aba3bc064982f99baef0a893266693864c2d603c5c22c2b95627b2035f7a4 |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\am.pak
| MD5 | 952933d2d388683c91ee7eaa7539e625 |
| SHA1 | 7a0f5a10d7d61c32577c0d027db8c66c27e56c7d |
| SHA256 | 55357baf28716a73f79ac9a6af1ae63972eb79f93c415715518027fc5c528504 |
| SHA512 | 5aa5ef0ed1da98b36840389e694dc5dcef496524314b61603d0c5ee03a663bb4c753623fb400792754b51331df20ac6d9cf97c183922f19fc0072822688f988d |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\af.pak
| MD5 | 198092a7a82efced4d59715bd3e41703 |
| SHA1 | ac3cdfba133330fce825816b2f9579ac240dc176 |
| SHA256 | d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba |
| SHA512 | 590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d |
C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\binaries\go_build_gemd_src.exe
| MD5 | b01e5bcca27ef38e986716ac5b336aac |
| SHA1 | a6829cebfe26f0ef33463c8a8db2637070eed3c9 |
| SHA256 | 160846ffbc47168d5e16bb3dc2ce8fae83e7705718099ba4662c5cebc89b3f05 |
| SHA512 | aa3a856e295f19c87d930053ebae89972778f928b30eb1036287900f735194396e2b18fa72e489f21cc5d0877b0be3f6d7e99a5c87fa7cb17dc7770b0ae95cc0 |
\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
\Program Files\Era\Era.exe
| MD5 | 2bed19c1ada45f46e6b3c72efb759cbe |
| SHA1 | 784d5f36828c133f1c59f7f7caed2078f15d1d92 |
| SHA256 | 1f7774e101917848e899434ca9c184b8d0ec5fa6ac8bb4bb6f64ce608ca33ebd |
| SHA512 | d39cd8f90a02f632d2023ff54227d5aa52ce36a1abbdac1de44b4ebeff41f48afeabd241ffe72aec5f034224880d6feaaf97c519e765b781066e752a7812f81d |
C:\Program Files\Era\Era.exe
| MD5 | 11c2d3c7ce1e0c3c5ab2000dfc9bf956 |
| SHA1 | 563557aafeb51d4be008a9744bd0e2eadb442206 |
| SHA256 | 773ed40b9e7492abc11b758032399d3b2102049d738eb74b511dd84a2fd16069 |
| SHA512 | 13b19125b7663fadf0b827f2db1d1851e0d9e5045efbc90e31c09869f5066039c840499b9888a5bd81cbe100efaacd6ffd94d239014bf00953daf16e9c157840 |
memory/2736-701-0x0000000003CD0000-0x0000000003CD2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
\??\pipe\crashpad_1652_DBXSPWLLYOGTPCKU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
\Users\Admin\AppData\Local\Temp\54dc3f07-0ace-46f8-b961-404d33e4c1cd.tmp.node
| MD5 | 9b652f6adccdd5bd8d3f7dde93e3b585 |
| SHA1 | 97c5dd28348ca3105690088cfe44bc47e44bd1d3 |
| SHA256 | d0e957a8d2e2bfee49ef455215886403534137cfa1633658357a6455949e81f5 |
| SHA512 | 1ad95b5f1b5190969c8d72deac8852e1e809b84a70b203b467b03a5f63238c2207c864b6cb4a56c002fd7003317e6e8d5e4bb664632d608cdc60c9fe8da49c17 |
\Users\Admin\AppData\Local\Temp\1b92c0d9-a4ee-4da7-942b-59d5b6bda571.tmp.node
| MD5 | 8b711f2896e3b299a098571d94084119 |
| SHA1 | 9cae797a9735100dd7b00bef26a6c48c6fe7dbb9 |
| SHA256 | 50782c8a8ffa9ee7af10f432e01a03afe9dec4b7f6c8bc8af3cb29504b30fca2 |
| SHA512 | 98455ae830e592aab8d038cbcc0ae21492f3c0f359305d3ddd4d9cdc2baf371bc72388a5019bc762b4d409f33f74838189a8f1b136498fcde60184feae49ab14 |
memory/1280-990-0x0000000000060000-0x0000000000061000-memory.dmp
C:\Users\Admin\AppData\Roaming\Era\Local Storage\leveldb\CURRENT~RFf771ef6.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Program Files\Era\Era.exe
| MD5 | 8ea83dbd32ec3ffc578e8e800780f0f2 |
| SHA1 | c6055f767247804e1b9c04553c2336ee71496285 |
| SHA256 | 53f2f8730900ad577070eaa97ff7515dca0971dc416485bd48efd37e85d4a251 |
| SHA512 | 3d97d22f26e092143fb54abce7c536561a2eca7756f2a3480931a00142a35799175eb8eee583101baddbc950ca8d7489ee7c4f7c4bdbed1bad6621a3338db711 |
C:\Program Files\Era\Era.exe
| MD5 | b362720901d78c1174107e7a0347f5a2 |
| SHA1 | b4002b3dea66d270af2f9e0ed0bbe57b84484627 |
| SHA256 | df8aea35eae390f19b6964b85f4ca73939d759488b57bd2f63e2ff67529ddd75 |
| SHA512 | a64344678fdb3d66304d960a551b17d926ab2a6899adb44a8ddd1f4e39db1012d9894af7e4db3e3a36b3bb180e26c16c5dc604d982cbca76895cd7d7ff99b796 |
memory/1280-1041-0x0000000077950000-0x0000000077951000-memory.dmp
memory/1800-1058-0x0000000002470000-0x0000000002471000-memory.dmp
C:\Program Files\Era\Era.exe
| MD5 | c633f3741fee8a470722062cfdbbb7bf |
| SHA1 | e2488f994035950ec7b50f52a0ecba039a1e07d1 |
| SHA256 | 76e4f7f250b3934c90c2922204f50f2775f94e6c32997a885260fc266308b8f2 |
| SHA512 | 249061145601250adea8f00046e75953f236df96cdf005028491059c7e22e124f4aff0ddb19346543dd26bee3768b45c2d56c8733450bf9dd10ae19ea1c1c58a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | aeeab24f2d99a679254f480b532f27e6 |
| SHA1 | dc1fa2bb4a334efb7d2c40c0b0e2d694d6f051a1 |
| SHA256 | 565e97f8ee5926a161f6652e5f9d8586f4b2502eaa0c37f13271cb3d56483d9d |
| SHA512 | a1a51c28991f870eff8295c632794b44d98d738986bc69b86b6379915f916888fa9eb2c9eb31db02434e52fa1dd1eda4cb986cc58453ad57f67d0ace666025c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\32201ab6-84b4-4c2a-83fd-1006820f3f8e.tmp
| MD5 | 207b945d96315b4d7ed2af82391c43b6 |
| SHA1 | 6197a1414fa898cf31d835c11b308720b4abd581 |
| SHA256 | aaddab28dcd0ffa002dde01a60826a013921c1b0ab0702137b1881871f7cccd6 |
| SHA512 | 85e321ca0533738b1b754a1da967a59b6c30c846f316b99bfda6b93dc2820eea1e12b70957237587e3b6eecf3f5d1cf8d5b45a9ab0b36dfc705ab7c069bc8f29 |
C:\Program Files\Era\Era.exe
| MD5 | 4f968aadc906c0ec701838cca15d637e |
| SHA1 | eb53627d781ded9770414dae8f12cbf9054a6bb8 |
| SHA256 | 8432cfd1fcb2dd815c4594bc69d3ac352e0b1666164310a8e8c11b2a5326f933 |
| SHA512 | b47bb02753e0252f18c58e09ee818aad7712bb025a131cc798ec052b338aee5b2fc06938faff206135a42d6efe7cbbe82b4c4aec13a9b8d0fc41722ec40c3c01 |
C:\Users\Admin\AppData\Roaming\Era\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
memory/2316-1151-0x0000000000400000-0x0000000000412000-memory.dmp
C:\Users\Admin\AppData\Roaming\Era\DawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Era\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Program Files\Era\Era.exe
| MD5 | aacf0c6698d4e57fd9152b54890dd51d |
| SHA1 | 84af83cf162b78fad9da97d1c5ad730667cbea27 |
| SHA256 | 9fe1d39c39d282ef7606a3ae6e290d8701f9e9eef992139349f6fc5743bbc78e |
| SHA512 | 8feed293285a55564c5583477d2a39f7a27beb510f9fa34fe45a64a944758fa2160412415a89156bf3b68bce5129a7aa6ff59c48f3f4e66954a582e9fca34ad5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 36143f7504329f9c05857289de2f6b28 |
| SHA1 | 49a2fb841b5964e4cf1d55eb161c20144e1ddd1a |
| SHA256 | 52a9eef815b4ca9978f9465efad1f27ddd777feeb7c7fe013feba54de4a707d8 |
| SHA512 | fc0c473514249ff6bdb8ad878e319659195eebb395853c8a9cbc31f1f0e08ce95e5e01030a42b4c22ecb9ba9d1b2630164034b48f7c1dac74bb1450bc6d7ac5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 920e82679bdd133a1018f705b7240487 |
| SHA1 | 8277fcfeb831adbce6f9b804aeeff857faa87679 |
| SHA256 | 40f22cff79790ba8d56a657dcc4e8dd6df689de30e456078d6df578be4e8ae89 |
| SHA512 | 4aed0904f9cfb6d697d0c866e8f9a32242ed1afbbb7ae682f0233d06fb6da76be3989a80aad6adcecade706b582214caca7ded87554a2b9f5f0c1fc77463926a |
C:\Program Files\Era\Era.exe
| MD5 | 8dade3770dc2e57b8c2821f97dbd19dd |
| SHA1 | 079e5c51b984817df511f04f870dd9dd879232fe |
| SHA256 | 2a9a1205b0b909d0c7e280fd116a01c40248fde6c0ee9628f07462f9dcaf3036 |
| SHA512 | 0ace24cefa9dc35d9421f3c117838a48e1049447e87403a3cd0f54ef7914a921db0951ecd9240976de709fd6d0019304bbc47690b1e5292754f24738ba25f155 |
\Program Files\Era\ffmpeg.dll
| MD5 | fe1981504b49a5192318a61ca2f9e82e |
| SHA1 | 3cb4ca7727d0a8070c1c14c26ee3b945f8b2ad08 |
| SHA256 | 271a725908dd23abd35f53b8fa9f167fc4d927aab497bf31fcffbf60a2f67c49 |
| SHA512 | 2499ae5971f33cbd3a9f03aee064fa56a9a7fd982f5182100d840a153b172370761ca99889d76cb1482dbb558cad79827495b97f28a64061161c3cc44bb13751 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win10v2004-20240412-en
Max time kernel
120s
Max time network
176s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2368 wrote to memory of 1604 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2368 wrote to memory of 1604 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2368 wrote to memory of 1604 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1604 -ip 1604
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.126.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win10v2004-20240412-en
Max time kernel
80s
Max time network
146s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
1s
Max time network
129s
Command Line
Signatures
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.194.49:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 195.181.164.20:443 | tcp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:02
Platform
debian9-mipsel-20240226-en
Max time kernel
52s
Command Line
Signatures
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win10v2004-20240412-en
Max time kernel
92s
Max time network
115s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2428 wrote to memory of 2144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2428 wrote to memory of 2144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2428 wrote to memory of 2144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2144 -ip 2144
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.126.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
debian9-armhf-20240226-en
Max time kernel
39s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/node | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | N/A | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli]
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:02
Platform
win7-20240221-en
Max time kernel
119s
Max time network
147s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win7-20240221-en
Max time kernel
118s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win10v2004-20240226-en
Max time kernel
151s
Max time network
178s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.200.42:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win7-20240221-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 224
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:02
Platform
debian9-mipsbe-20240226-en
Max time kernel
52s
Command Line
Signatures
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:04
Platform
debian9-mipsel-20240226-en
Max time kernel
181s
Command Line
Signatures
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win10v2004-20240412-en
Max time kernel
152s
Max time network
162s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era\URL Protocol | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era\ = "URL:era" | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era\shell\open\command | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era\shell | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era\shell\open | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Era.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Era.exe
"C:\Users\Admin\AppData\Local\Temp\Era.exe"
C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe
C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe
C:\Users\Admin\AppData\Local\Temp\Era.exe
"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1820,i,6812177286501208710,17659940137248560185,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Era.exe
"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --mojo-platform-channel-handle=1900 --field-trial-handle=1820,i,6812177286501208710,17659940137248560185,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Era.exe
"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --app-user-model-id="Project Era" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2488 --field-trial-handle=1820,i,6812177286501208710,17659940137248560185,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed""
C:\Windows\system32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed"
C:\Users\Admin\AppData\Local\Temp\Era.exe
"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=736 --field-trial-handle=1820,i,6812177286501208710,17659940137248560185,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.erafn.org | udp |
| US | 172.67.36.183:443 | sentry.erafn.org | tcp |
| US | 8.8.8.8:53 | 183.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.v1.external.erafn.org | udp |
| US | 104.22.67.72:443 | api.v1.external.erafn.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.67.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.126.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\a41ff747-8503-4f0e-adcb-765ab2d0de82.tmp.node
| MD5 | 8b711f2896e3b299a098571d94084119 |
| SHA1 | 9cae797a9735100dd7b00bef26a6c48c6fe7dbb9 |
| SHA256 | 50782c8a8ffa9ee7af10f432e01a03afe9dec4b7f6c8bc8af3cb29504b30fca2 |
| SHA512 | 98455ae830e592aab8d038cbcc0ae21492f3c0f359305d3ddd4d9cdc2baf371bc72388a5019bc762b4d409f33f74838189a8f1b136498fcde60184feae49ab14 |
C:\Users\Admin\AppData\Local\Temp\60bab1b8-b43e-43c2-a815-38c48efa8d8b.tmp.node
| MD5 | 9b652f6adccdd5bd8d3f7dde93e3b585 |
| SHA1 | 97c5dd28348ca3105690088cfe44bc47e44bd1d3 |
| SHA256 | d0e957a8d2e2bfee49ef455215886403534137cfa1633658357a6455949e81f5 |
| SHA512 | 1ad95b5f1b5190969c8d72deac8852e1e809b84a70b203b467b03a5f63238c2207c864b6cb4a56c002fd7003317e6e8d5e4bb664632d608cdc60c9fe8da49c17 |
memory/3868-10-0x00007FF969310000-0x00007FF969311000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/1696-50-0x00007FF969470000-0x00007FF969471000-memory.dmp
memory/1696-60-0x00007FF969BE0000-0x00007FF969BE1000-memory.dmp
memory/2952-79-0x0000000000400000-0x0000000000412000-memory.dmp
C:\Users\Admin\AppData\Roaming\Era\Network\Network Persistent State
| MD5 | 0695e5a0f0a426ccca81dbfe851c507d |
| SHA1 | 329840b2cd2b7a416020f9b235f35518ecc993f0 |
| SHA256 | 62f1ef73f8e3bf4a2ebbefaa3e05d6605c45f955d7cd26262d92bb3abf5a7209 |
| SHA512 | a55b9f292ba90903d62ee44983404eaf9875c7fec59a837a9d937b9918d422a6ed4d07d28d1ac3c5c02d22a4914d0c0f5fccec1ea1113e3cbdaf1f81aea19b1c |
C:\Users\Admin\AppData\Roaming\Era\Network\Network Persistent State~RFe593435.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
memory/1256-93-0x0000028E98B10000-0x0000028E98B11000-memory.dmp
memory/1256-94-0x0000028E98B10000-0x0000028E98B11000-memory.dmp
memory/1256-96-0x0000028E98B10000-0x0000028E98B11000-memory.dmp
Analysis: behavioral28
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win10v2004-20240412-en
Max time kernel
90s
Max time network
154s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.126.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:02
Platform
debian9-armhf-20240226-en
Max time kernel
85s
Command Line
Signatures
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win10v2004-20240412-en
Max time kernel
137s
Max time network
126s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation | C:\Program Files\Era\Era.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation | C:\Program Files\Era\Era.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
| N/A | N/A | C:\Program Files\Era\binaries\FortniteLauncher.exe | N/A |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Era\libEGL.dll | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\binaries\FortniteLauncher.exe | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\am.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\bg.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\es-419.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\sw.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\v8_context_snapshot.bin | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\fil.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\bin | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\zh-CN.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\de.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\ms.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\nb.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\sl.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File opened for modification | C:\Program Files\Era\chrome_100_percent.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\pl.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\th.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\bn.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\ta.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\et.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\ml.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\pt-PT.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\chrome_200_percent.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\af.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\he.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\LICENSES.chromium.html | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\uk.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\chrome_100_percent.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\d3dcompiler_47.dll | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\LICENSE.electron.txt | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\hu.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\it.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\icudtl.dat | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\hr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\ja.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\sr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\fr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\ro.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File opened for modification | C:\Program Files\Era\locales | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\cs.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\kn.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\pt-BR.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\snapshot_blob.bin | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File opened for modification | C:\Program Files\Era\binaries | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\sk.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| File created | C:\Program Files\Era\locales\tr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Era\Era.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Program Files\Era\Era.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Program Files\Era\Era.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Program Files\Era\Era.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Program Files\Era\Era.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Era\Era.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Era\Era.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era\shell\open\command | C:\Program Files\Era\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era\shell | C:\Program Files\Era\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era\shell\open | C:\Program Files\Era\Era.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era\shell\open\command\ = "\"C:\\Program Files\\Era\\Era.exe\" \"%1\"" | C:\Program Files\Era\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era | C:\Program Files\Era\Era.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era\URL Protocol | C:\Program Files\Era\Era.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era\ = "URL:era" | C:\Program Files\Era\Era.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Program Files\Era\Era.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files\Era\Era.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files\Era\Era.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Program Files\Era\Era.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files\Era\Era.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files\Era\Era.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe
"C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe"
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe"
C:\Program Files\Era\binaries\FortniteLauncher.exe
"C:\Program Files\Era\binaries\FortniteLauncher.exe"
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1812,i,13611124070292830365,13212109147470593824,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --mojo-platform-channel-handle=1896 --field-trial-handle=1812,i,13611124070292830365,13212109147470593824,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --app-user-model-id="Project Era" --app-path="C:\Program Files\Era\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2408 --field-trial-handle=1812,i,13611124070292830365,13212109147470593824,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed""
C:\Windows\system32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed"
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1812,i,13611124070292830365,13212109147470593824,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.erafn.org | udp |
| US | 104.22.66.72:443 | sentry.erafn.org | tcp |
| US | 8.8.8.8:53 | 72.66.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 104.22.67.72:443 | sentry.erafn.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 72.67.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.126.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Program Files\Era\chrome_100_percent.pak
| MD5 | d31f3439e2a3f7bee4ddd26f46a2b83f |
| SHA1 | c5a26f86eb119ae364c5bf707bebed7e871fc214 |
| SHA256 | 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e |
| SHA512 | aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\chrome_200_percent.pak
| MD5 | 5604b67e3f03ab2741f910a250c91137 |
| SHA1 | a4bb15ac7914c22575f1051a29c448f215fe027f |
| SHA256 | 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c |
| SHA512 | 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\Era.exe
| MD5 | 2f88617165e05e48e90f6969e5884227 |
| SHA1 | d796c61b1870a69cbcbdcf1687d23949a3c88b6c |
| SHA256 | a06cba453802d87bec65b60b02a5f30c359e6d3d9cb0565243b4bcb8e51dd38a |
| SHA512 | d4bee2d2ee7aa8b429f6f8b30a6d9104a49fadf73b649d28d04f2fe723abd4b79a373f8d1c4da884bbbd23bdcd77b168e768f13ab45d76258644d9e3d0d57965 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\snapshot_blob.bin
| MD5 | b82ff216a0babf602940759b9a3af870 |
| SHA1 | 07e8a22dcf8d7be04a6ddbcab3098e040494bb0e |
| SHA256 | 943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5 |
| SHA512 | da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources.pak
| MD5 | fb620332959ee6e46ac1c2a2f0e1b2d1 |
| SHA1 | eb18c735d187647c3c529932b8b80d9c9af09286 |
| SHA256 | 66153f7b388503a9bab9df1fa157d3af88548bee264525694bca9a61ce3495e7 |
| SHA512 | 1e5bfcac24a76ca8fae7b7fa5407f4eafeecfcda54726d66586f1171a7ba30cf76544d75aa44f1eb64b202e686ccd2c00c8cc0b24b249fc5c6c28c156cd03775 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\LICENSES.chromium.html
| MD5 | d18c09a075cb6531d7ffd7c3da77bd4e |
| SHA1 | 571f29b6004007111782bf5727c4bc9510cca286 |
| SHA256 | 86f5222580a4ab03dad8ea62e6cea22b23454dccf1c77e74ae0e0410a13b16fc |
| SHA512 | 091cd68e12633919fc6100b606f3002b16f4b9c7c6d7c820ff20e31a3b9ea690c8a1fc90529ff3e5c21e8d778e254743a8708049830c3bb046eda8f2653000b7 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\libGLESv2.dll
| MD5 | 977a79d2155e9dac5eb1a6741abfdb11 |
| SHA1 | 8706344e4544a3381cbfa2ef83a223bc942464be |
| SHA256 | 364dbfa38fe501f73b3935f84398e9cb261a1b63f4e55934cb323255cfa0dd8a |
| SHA512 | 9c2b072592f313d7083bd762cd100e05ae2c50596aaddc083bb7f9b75d20077bd6c2328049de9c854b2653ee4b4834eb6728aa09edd146f18cb25d6655e8e558 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\libEGL.dll
| MD5 | 773bbe681c1fab3d4d9ac505678f49e2 |
| SHA1 | 6eb8dd50d3674d60ce805f59ed98a5bde42cafd5 |
| SHA256 | 98a07bfe813d4e0917c82437b9489ab72694a76f71766c9b0cb61daab81ebf74 |
| SHA512 | 2034ec31a8b71865ba7edf3bbcf5425756c46ffa896909e2c4b423171b205194ddec2933043ee906d8bd01bbfc3a34c2f09ed847aad3c8d5be09a886f19835f2 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 031ea03da08fe1247280cfe781658791 |
| SHA1 | e91db50ad16b5a5fbbaf4118672d60b347ea6161 |
| SHA256 | c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c |
| SHA512 | b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\vk_swiftshader.dll
| MD5 | 804f1e0bacb8621541c8b18d098e4a51 |
| SHA1 | 19432252cd892be774f6a0d5bba90ab2e18b51b6 |
| SHA256 | b8ac7a8b0d32ca5ad133dcc25a4128f8f379403e4700d2a2e988441bd50a2949 |
| SHA512 | 51375fe442120fe6747a395c5bf26ff6ab82628823fff5f80a5e4cac0cc44676427722736ad82d2b13be57f47dcf9af3684dcbbf4be0bd2428691c3ac3ab6700 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\icudtl.dat
| MD5 | 76bef9b8bb32e1e54fe1054c97b84a10 |
| SHA1 | 05dfea2a3afeda799ab01bb7fbce628cacd596f4 |
| SHA256 | 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3 |
| SHA512 | 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\ffmpeg.dll
| MD5 | c184ad77ac8ce299475c0c85621aa782 |
| SHA1 | 308c55c03dbb1888fc0d214f5f5315707ec5af49 |
| SHA256 | ec8652d431dd41424cbad04957841538fce811898edd158488672df1da2450b9 |
| SHA512 | 90ab519179e82b158f6a6b44247421e00db4477b4a3ed1135b6bc3af8e16d939aa6286b2781dc02424903f817d5a61b30251b26c9f2335e1ca570d4252c915eb |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\vulkan-1.dll
| MD5 | f8e139bd2e17aa89ba7974490d9eff16 |
| SHA1 | c47ed79376fef9205f9678cb314158cd85874104 |
| SHA256 | 757393d275a3ba855e44973b6e31730492ce72598f3e1a5c15c577334cc5d8b1 |
| SHA512 | 36610001fd4fcd6d3be7712ee6229e8fc85dc7ae155ebab005318db8f3ec7b1a1952c0c0f353e2b55c993f86ce03a5ffd93b5d3c76a3ea6f2970cba58e6b22ab |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\binaries\FortniteLauncher.exe
| MD5 | aeaa6f47b71614437c0d47828da005ca |
| SHA1 | f9d016d3817ebbc28556967b8b8c05d120acbc58 |
| SHA256 | 31eb3c804c7a248fe505d948ad9b3891b6b6f9210bd84aaf0eb716478c490b66 |
| SHA512 | 6785eb5ae5d6d78a9c2f004ba5c91dd6603fd8efb39cb50f4bc3ac16d7377fb1317ba12658b63d575c17de04696b88c09c8a812340c4c40394196dab99d41a60 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ca.pak
| MD5 | 2f8d050c228583559cda181291b76e5a |
| SHA1 | b047f1cfb30b1162b1dd79f7e424a83fd807eec7 |
| SHA256 | e1d6b5fd0bc411f2895eaaa1409916f5ffe39a5c6bd1bafe8af7ce33da5be17d |
| SHA512 | e4f150cd9942ef5105e72376835da6edc31ef91783e41cd2fc04600c04f342bbc96e08e23c8af1c0c1e563bb8a7d3840a2289767525c30d08c2f23d0e837801f |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\bn.pak
| MD5 | d6ccc9689654b84bc095cec4f1952cca |
| SHA1 | 286130971826b0af1b6d29c5283dfa71af7cd7b0 |
| SHA256 | e325d936cd97c3f9ddfca2d87caefb8b6e7465ffa31d0386ae2456b18f7a92da |
| SHA512 | db0400820c5cd1100337c955084eac3036b55bbf66b403337bec2079bc47696e2e48a771214662b286f4f45f763d2ad423aeccbd0f06cf0bc11038662558f4a5 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\bg.pak
| MD5 | 9dc95c3b9b47cc9fe5a34b2aab2d4d01 |
| SHA1 | bc19494d160e4af6abd0a10c5adbc8114d50a714 |
| SHA256 | fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e |
| SHA512 | a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\es.pak
| MD5 | ba80f46ef6e141cef4085273a966fd91 |
| SHA1 | 878f35e15b02558f75f68ec42a5cc839368c6d61 |
| SHA256 | 267e7b6376e7e5ab806b16fde93bbbcd961bf0c3a7b3a2cabccab37faa9a1d16 |
| SHA512 | 8a8b4f7db23d4c93756b6dc4219f00c77358a8fe992da1f51431597b82c3aa87abf3a98d79e13e7b4a14a1a9e94d388760fb6abf3a744406dee951c8e78cf361 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\it.pak
| MD5 | 91391f388b4b6c12a72710c35f4c355d |
| SHA1 | f89e6ea977a10a9f050395489285ce8c041c2c05 |
| SHA256 | c0dc0a4a87f7bb054a30eb1174c3228ea2014bd94668a7d22995b99c4937d817 |
| SHA512 | 8796d69d1a8bdbc7690ded45404174b7fa0b5bec8453d79a3c85bf4707c3f32caf634c792c72ce7bda3522eceb5fc6761b696471586397064d9f1f1988ceee88 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\pl.pak
| MD5 | 0dc77139d3530695cb4e85b708bc0bf6 |
| SHA1 | 6915655afd1e37361c011f5c2113d72c7a0e85bc |
| SHA256 | 53b59486361b11512fb90f15065104b15ee2322bb7804f859cde2f2ecf9581fb |
| SHA512 | ee1ca1d99ac279df4cc0e532aef2fc531061736b636a84310bdbd627e0f2435eac1a386ebb19aa901b6eae3929bda1c5da4f41b73a25a1b20137522e34547600 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\nl.pak
| MD5 | 9f547a24e2840d77339ca20625125b4c |
| SHA1 | 23366411b334f990a0328a032b80b2667fda2fcd |
| SHA256 | 55413d5eddb3300e0ae0fa5d79d26fdf1e5a12922d7018c8054b1faa9d660301 |
| SHA512 | 34da7a0b58ee3904d00cf02d16d5a3ef508fb708d7c0a887286fc32cd6145b2bd857d317c784d1d1b17662041eadcf7e225908980eb93f2b81161d845c0bb67f |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\nb.pak
| MD5 | bbae0915edec081b04bb903b689bc40b |
| SHA1 | 6a0fc635ce1c431e512b8b3b8448176aa4025556 |
| SHA256 | d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8 |
| SHA512 | 573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ms.pak
| MD5 | d5da199f347452c5904bff9332a08f84 |
| SHA1 | b5fb8c22708a7e3130684f1a9923b6dab10c3ae5 |
| SHA256 | fe58cc4f62fc31e32c1fb9a0893a5483391ab6a91b1c92ed4a5e3103a962da7a |
| SHA512 | 9fddeb376bececc51dec997b3ed1e22821340fa172636f641af774dae8bc9b5c0780757380bf3fa8df0f9682a555ede81c449ae9468f63215c17123d13ee9f35 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\mr.pak
| MD5 | b9a2aa88c69c42ebcc41fef00c980a38 |
| SHA1 | 9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8 |
| SHA256 | 481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09 |
| SHA512 | 5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ml.pak
| MD5 | 00292b0801e0dd0a74091bf53f1574c9 |
| SHA1 | 63a002e7a8796bc4b4459a19c95ce426fbd1ec7f |
| SHA256 | 61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6 |
| SHA512 | e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\lv.pak
| MD5 | e664eb35f1284e9fc615e1bb4fab892b |
| SHA1 | e777653abec377a394170b04f79e78acbe4b6a3b |
| SHA256 | b5a31cbfcb40ad8d911de1618c4eb7e8cc67b97eb8878220f15d40eb014d8ac8 |
| SHA512 | c3232997e8d306e91ded72e9d81ffae2018af3e6c32fe620532e03bccd2883fce59b2a2290a1580d7080c468c02bcd24c1bc90051f06bfa9a4e17857d4aa583f |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app-update.yml
| MD5 | d729a1d49bd7106abafb63e5c670c9aa |
| SHA1 | 1c92cffc2f1fb30f2c8281a135a6ad2b68f09b81 |
| SHA256 | ca4f2f0ef3f3a4d3ffdd5389d16f8562bcc1290d69a6e2245d0de621854b8244 |
| SHA512 | 5ec24113065db1b14341b53079fff79f149bceeb9d850b42b8a2c28c54529430249e406da77650e83bbf20f9289dd4c7541aa434a538d5cb12d0821df77e8794 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar
| MD5 | 774ff4d0ac7a0ded5523f80e718164ec |
| SHA1 | 5e9cf197b03584a2f1e22dcf97b5c4a33571b60e |
| SHA256 | 4135eb4ca7ebea03688ee0946b3e4958a1cec234a9bc296e561fd1701e7a6830 |
| SHA512 | 4cda95b52402660d21c028a91aaa3b708d8648222710187f690d5a601f20b5ef6491be4da455110fdc2531451f4e4a12b07f8cbd386cdf291db7dfe6ec38b8e7 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli.exe
| MD5 | 4c1bbccaec3f88e00c176e49b3ea9742 |
| SHA1 | eea00e776e5979ae8e650ee9ddf3d4d4e93ff2ef |
| SHA256 | 299e9f3632bd8278384e60f7384279ccb394ca532515448f44e089a3fb119f1c |
| SHA512 | 3c82f9f06be9bdbdb6fc94709d6c582641b2bd1ba1987c0b42a8d5c653fc32c006873c8f236b45c62970b3abe6a8b5f9faa1a57c0c85d52fdc94ecf1bd21abd6 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json
| MD5 | 49f7deab5d526f6f79d8fd80be29c97e |
| SHA1 | e6ef40032a68a979454d30e9a483a1043367a90e |
| SHA256 | 3fe1b2bd4e7ed12e73c5717dc162f9086a4b349528042c4313610573530c6992 |
| SHA512 | 053d4996c3376aa0fbee16be84d0a7f86b043ee1928dfe81e5b8db1686ac5e42db26b13ecd168a86f7315e8c208549b68f1ee3b64df3c12426eeda73c4efcdbe |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE
| MD5 | c2710cd00242ca7d7bef0fc98dbbc7f8 |
| SHA1 | ba49c34590b171487fd5e383ca28632f551865e5 |
| SHA256 | 9503def7b54ceb6e3cd182fd59bc05d3a30d7eae481e65aaba4b495133c83c14 |
| SHA512 | 1b8fed37b379cfaac4e67e4ae0d0ae1c7e8fdd5178f1e9a289b646c5adb016c68cdcd743266fca87bd37bffc0951e0b9ecba8a57f0600a7dcd5cb52cd783637f |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt
| MD5 | 1dcfcfdd8cce3e3b0fa697af106e4075 |
| SHA1 | f9261519f777790f7cd50c91e389d0e6589bd92a |
| SHA256 | 1357dc0a2f6ae355ab59b409c94cf635b7ed849a3bcb60e95b7132cbfd297324 |
| SHA512 | 751ac3545299650e783daf0a45823660ce0b3f6dd7d722d303b9a801b02db61f7bb3a5129f4481294f2201fb5ad4e7bb1b2ab9a2d993ebde8a0d985f08ce34a2 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\zh-TW.pak
| MD5 | 02e9e0bc5c30ca60a869ea761fb662eb |
| SHA1 | c5200f692544b681af8757627da430aeea4283ee |
| SHA256 | c5061ec00bd969f76f3c0c6ff15ddacafed7491260bd8ced78118691ba57bdff |
| SHA512 | 07b5f401f89dfc36499a3e74318b471d9b2e795dc363dfd5a9394089d4783a4b51fd78e2092701b6974f1c51020f3b5f81171ce21690f8547ff3c8f3d54ce781 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\zh-CN.pak
| MD5 | 2febe4ef32e1a3884089908f402ad62f |
| SHA1 | e65c54adc127b78494dd6189cca71f1c7bd2a5b0 |
| SHA256 | a7ac9fda6f4cd189b75fdadc4b70cd0d369a09b66eaeb5d032678cb97ffc98f6 |
| SHA512 | 8e8b030af4c952c32ec277850d5573414630ff5196eaed52820f44e9c5bd03ab6f71a8add19215b0456eed859be0d5a6f28d48e12f1677d39842f35feffd5e57 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\vi.pak
| MD5 | 065179c466c5b7457e249f11d152b99f |
| SHA1 | cfc05e9dfb91b2af2944aed4718fa05b43844914 |
| SHA256 | b75694e390bd2e20780b3bc72f6e1473ba45d7537c27642a7d888dfd3bb6c3bb |
| SHA512 | fb598391a028b7d3c7e25cae21ccfde655e6f871e498767a54f7cf0d5d4e48207213cd2598ca88e4f46c303cd2d8175238a5a5b720ab37beec1873d681165a8d |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ur.pak
| MD5 | ba86f1f13fdc37a2c48c1da34c84f4c4 |
| SHA1 | 2f1578d0eee76e60effb63967712b15c0d56829e |
| SHA256 | 4c7affdcc324cd791d10e235da809ce7501e8005be64340b6e8bf5595647a707 |
| SHA512 | fb2fe1548574da860bf27408a4f29d781fcefc300f744f4214843f343e343ad8bae29cb7047f87f5c3277641f561c6a30e5bc9d6490afbefc7af36974305a688 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\uk.pak
| MD5 | 3b2a976a25dca963e91df3695c502d8c |
| SHA1 | ce7ae51211f512c3723bb43ea0de9e6debb70597 |
| SHA256 | 28ea88f19b2c34699d535ca0c691449b7e4001c12e8aed8d04b2078916e88a37 |
| SHA512 | ba41ee074239afdf8f194b4ccb33060fa9655e3ccdac6a16090959d3214f8db15396b3e038d7de26c478fdd003472f680d2b6ac9a92acaf6ebf8aa258747ecc6 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\tr.pak
| MD5 | 46f9b2a35efdf1120a8a946e4f1d0115 |
| SHA1 | af7bec1fba32d912b50288a7d988440627e4ee85 |
| SHA256 | b22fc7b75c52cc142f201d5cf107d17c1b173a494a6add022127f559fb46bcb0 |
| SHA512 | cd67f9c328408a8295f224aec190c7c411a868755fc5c9e90b4985b3c41a05d6d34dd30d4a3866f6c24e1d640f4c324bfba8c7ab806a6b216151cf0a504a03d7 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\th.pak
| MD5 | a970b7e9d3aec2cd1b8ab798b3179f07 |
| SHA1 | bf17a7e80e01ac1704a1efdf27baf271b4c21e36 |
| SHA256 | cd80bf232f2f128a3d411f52c8039987559dbc1055f746eed6e0e8478b116dc1 |
| SHA512 | 880555a2ac2f278aecb8794d8cc51f0833052e9f4ca187ed91fa35bb475e68ae3255cfe1dc074eac960c73c203e62c6b38077b266f5fab66ccc3ca73e94d4d60 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\te.pak
| MD5 | b1b6a9e3a04be79080ebbfacc1a0eb2d |
| SHA1 | a5c8eb6a930062f6021d073d5f74ae146dc7fbc8 |
| SHA256 | d839531c4ff4a2885c993e0d358f78667215b0950c77a06ef01a6acff9221c5b |
| SHA512 | bf0b163c8fc3988bfeb3cbb4b981596ce5afdf7e40149622fc3b60994e7d8efa5bb24c830036d168a6638feca48b8755aefa8640faae37055cae8fffb6a85568 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ta.pak
| MD5 | f100566697a96ce1f0a0c7e0bbfbe36d |
| SHA1 | 4c80a4930ba7d174c4203c199492463242bddf62 |
| SHA256 | 7e818deedd50a533851bbf08e056bf2ad8d45f442a1a61d9b48e66804ea848db |
| SHA512 | dfa6132a5b7e819e8d326bf5ee539d9ecb2dcd7fea429c75afec2291df9eeead6fa347b01f9feaf2235bce627fd39116176195f7a3d7d74de28951f939db1645 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\sw.pak
| MD5 | 9632dd7d883fa4deb3963ea663e0ffd4 |
| SHA1 | 0db135be4b3a7c54c39e9df5034d5576b68ea92e |
| SHA256 | 690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e |
| SHA512 | 3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\sv.pak
| MD5 | 5130a033016b45ae2c3363edb3df7324 |
| SHA1 | 9f696d78b1b9efec180dc89ee0defc3ba23e6677 |
| SHA256 | 3420a1fbcca5bf8c2d65d6dcb0db78b03f95f7f2fc56479a0de6e3312333ce6f |
| SHA512 | 401b71360dcacf3b1fdc411c92195051370db110863cbed37143263e7804cb24b75ff1908ee39ee848c28776df00d6edd8cc748acf3725668af7815929e8066b |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\sr.pak
| MD5 | fca817ed4b839b976ebcbf59cac66d68 |
| SHA1 | 413efa65470319999032b6a25b3b2ee33b8cd047 |
| SHA256 | 524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb |
| SHA512 | cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\sl.pak
| MD5 | 4ad22c6c64dbe0fc432afaa28090c4d9 |
| SHA1 | 19eb65ae52a585dbd9c25c32f22b099020c43091 |
| SHA256 | 6002c129a56558832e9bd260c427c0bd2e1566e0aea3ad999f89c8e479534f9b |
| SHA512 | 94f9d34e76560059ef80fc04be4d54e52a7d934dd28747db7f0f6684243b841087245699a471a55d667623d2ce5e597a3d2c6bc37cfd7ebd2f5b8fb40e6207e7 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\sk.pak
| MD5 | 72946b939f7bcaa98ab314cfba634e0b |
| SHA1 | 71c79a61712c8c5d3dac07a65d4c727e3b80ab17 |
| SHA256 | 75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7 |
| SHA512 | 2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ru.pak
| MD5 | 5cc0f54e022a9996773dbd64906d5580 |
| SHA1 | 87c103bd69724579b478f904235e03caf61d5d79 |
| SHA256 | b4223b56ec88235819a427d60bb937eb3984076523f02a018f57819e0429bea9 |
| SHA512 | b3365fedcba50643cecf1a70297e1e67990d63ae05caa87de01a70ef6f28e0f73a9a0edb0ff80b4138c624e51aa2dac065a2d40877fc92137714ae07734c2f4a |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ro.pak
| MD5 | 745a9b8c6422682f2cfa5561cc1f4022 |
| SHA1 | 31e3616ef09f9b1fd1c41cf8f43e504a6f90276f |
| SHA256 | 7247470057a936d03bfa2a8776508ab66aa1040c41a4eb8f79c1e93551c74bb8 |
| SHA512 | 8e0b7f98cb842a862ceca65e0166462275feed26c32c9c299aba9986d36b716a90d4a8db5ccef355ac266b7e969071014cc7ab6439778e77c52754bc23b4c575 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\pt-PT.pak
| MD5 | 3f367760b57a5e4360dabcd4a650bc5f |
| SHA1 | 8d7cd6b0eb42361ee862455ecfa475d28f5aa934 |
| SHA256 | c89170385b3afb2ec89fbd61b8470ac718713c7296441c8430f173dac218e74b |
| SHA512 | 3dc30780d57dee91215a716dc6b4cb432838aa0161af4371f49f70db2076bd155b170fd2c1617f59e1b572144a2e150a34143eda82d9f2227d24d2281d5aba60 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\pt-BR.pak
| MD5 | a064cb9d7cf18936600e9ccc03297006 |
| SHA1 | eb436a0c584ba91acb05dfccde139afbe26fe9f4 |
| SHA256 | c9ec3822044365457b8736348cf95a8e39bdfe3ed36267449bf3ed739accef2e |
| SHA512 | 95af684abf9d24cfc4d0668a02da1e2e69f5e671d671d8cdfadc22ec991908c6aa5663fe1fa88ca8e85c0508f409fa6c2bbc174c53674270f2b188018d358415 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\lt.pak
| MD5 | 7b6bf901352885c0699db71239b7cf24 |
| SHA1 | 9e3ec5f327c0d0e54a449332061e60a8c79243cf |
| SHA256 | 9200a9509bd77834d9912f4ba8f4219d2b9bd2cdad49a11873db30e99b9d1350 |
| SHA512 | 79ebef723fb4c17581eb869b4b4e1a364a3d28df0e168e7e1a3583e0c1ec5b9716dd270925c0545b8247421a64b03705f10910fe3416900de9258840c470d580 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ko.pak
| MD5 | b31780fff9541290c1d9f5b76141430d |
| SHA1 | 8b0fbdccd0a7f8141846763a0d27e4e0da0552dc |
| SHA256 | b04c1b91cab31054be70cb851dc6716065545445801045daceb96eeee4d2334a |
| SHA512 | a573dd09520059832e7f53386a64dcdde47452b02ce1e5d7e11385abbc8b734dcee0065b4ca351591bf9cc2f66fae204b9300702246d20265e8ddff4f7c1e6d8 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\kn.pak
| MD5 | d3d6bc60bead608e68e776e07d21ad30 |
| SHA1 | e40e38ca99026056c127e9e1a1ff821a50310887 |
| SHA256 | 90b2df3338468e84e2cf2f2f67597cba5c3ceb5dba9c59ebd072ec15a70ce741 |
| SHA512 | 05421db2f1202573a34de1e722c6bdb55a35821c4aebd54c80e6594fc92075cd9b97e5bfdfe93b4228c3a2646b92a27da4722ef3826e2807238dcc56ba273706 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ja.pak
| MD5 | 8209dd8cf4e416416e015ff239b7c483 |
| SHA1 | 7affd1707b9eec52c26a4c17708c8471c369e2f6 |
| SHA256 | 3accfd9a1833ddeedb2082fb94101beb59b555c60f42e3070e9e04a372eba84a |
| SHA512 | 6a58a1ea8a46c325cac0629f2e3b571532a9a2a342ed61ca47bd1dcee20ce0b0350e4f6d3e8e4c6903c7ba4a4592a6382bf0fcb5437febd1673b3c2ce8cd7499 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\id.pak
| MD5 | 881ff04e220aa8c6ed9d0d76bfa07cb8 |
| SHA1 | cacf3620d1bf85648329902216e6cdc6f588a5ba |
| SHA256 | 9210c4c4c33e7ceb5f70005a92a4fd36ca4facdd41701fdc1d2ce638db8adf22 |
| SHA512 | 9134102928aa80c49bbf2b862e8079b2ee23636ce63412a4c3813f234d623ff563f5ca1ac407ddb77cecf1224896ed59ae979dcf63435d35a4f13de9c22755d5 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\hu.pak
| MD5 | d6904e7d1b6750d43a6478877c42618d |
| SHA1 | 919f090a6a3aa1112916f5bb0d5b73a62be43c1e |
| SHA256 | 3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f |
| SHA512 | d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\hr.pak
| MD5 | 7095ef4caf6bd39174487002a4e09300 |
| SHA1 | 1efe686bd0b7f035aee7ab4c52be6133121cd0f3 |
| SHA256 | 3d7685163c5eb6a11e745ff934312b8681c5f85dfa8d9ea701e9dcaee1e7a285 |
| SHA512 | 45488d46dfe7a31a007932917f7baf4c195da899de5dc56d98e555336668af3edb77996487649b86f56beac688374ce77f8feadc01e3f84d30d83bd67631f9c1 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli
| MD5 | b7c89ec5dfb8b15555f32a3bef6c3103 |
| SHA1 | a92048052f5fc0af532cd97ebf82c1a9fbf12342 |
| SHA256 | 7c5c97aaee075241bdc4fbc610b356445747e962ac3d986c5016acefd66a6ea0 |
| SHA512 | c47baa0e0896684403760a13cfa6dd5826152ec7ae83f783040d186eaca8af70bc97530bbb22b720d7482a4ad18c3959ab1af8ccfe3689b19a51955e777884e8 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js
| MD5 | 50c3a734036b84685a15d56217207d67 |
| SHA1 | 1893de2684072a3a2961337fa9a9b45a52c52c0a |
| SHA256 | 171990f108cd5582f83432c1569f2c3e1aebfbfb159599f4ff2ab693c20a8f78 |
| SHA512 | 3aa037d12cee7cbf51826fb3e2aa87b4543dd62f5ff5f2f8915128061c07472304601766bddf949647c5ca92e8ee768a77139bbe91bdfaaae99dea4405168ea9 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js
| MD5 | c29ad60a23d5406728a51afa4352b4c7 |
| SHA1 | 2be817215890f5868717765570ce9f7422735c4e |
| SHA256 | faa867204c92db252271c9d850962ae1ff5c9448444ca907af483a6c874a6eb0 |
| SHA512 | e1784b8bf7119bf3380b192f1597cb3179425ff7ab347b144011fd17b62794760e6e092a0a1dae99302eb6c333f1638440df4e4e0eaf64f26d4f3cc46a74d04a |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\hi.pak
| MD5 | ede7fa471c5eebc1fa55b9b3b6f92d00 |
| SHA1 | 1d1f529c615799bb3a3319ddd1357cb5dc71464e |
| SHA256 | 1e9623c7407ae8b8a88df3f69a47ae8117f74c4dcb56897bb794a9c38ee5805b |
| SHA512 | 0f51ea54e828700080effa6c728230c523ff8e26fb350e6f337028d18614d5dfc4a2792cb92b5e606bd0702067f55fea546029cddd1ebf7fa74ef5521ff08338 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\he.pak
| MD5 | 6376d0a5f4273b76b1f4aabade194e0c |
| SHA1 | 337ba39f09454c0779ab64872b9fa11f866d6adc |
| SHA256 | 875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45 |
| SHA512 | 00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\gu.pak
| MD5 | b7f4c73d56be31042d8edd7e8ea080f3 |
| SHA1 | c0c3595701c0a75c14931ed65958d36df0d925c5 |
| SHA256 | c36a20730d5f2b91cb61b5b2a5912db2ea5a328a9b8abe0fca0af300446d3c20 |
| SHA512 | ea0d766a754604cad4d5f3180c30f7dfdc3e1cfe79d67365b72adc0d7574851f21bdd5b748b16e8b4a95ade40c8ed0442bcefd511a2934cc9c701e379c955d60 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\fr.pak
| MD5 | 51ee1ed54fec49effd103c29677885b5 |
| SHA1 | ced6fd3354007d1ef3ea7b6689aae5213c20cc69 |
| SHA256 | 1f6bc09499ee37456968a28b67b81bbf5b9df4f0c6035a388242d2037a3b65a1 |
| SHA512 | dfd50ad99b89345940afead11c3a6940d4408a0e6265cddda1d71ad92527ea00d8057ac77ceb2ffe137a3f0d2f321c210bc7cf97ed821f01e538dc08d07149a4 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js
| MD5 | e8282413c1895eaff49de6dd9b71ab13 |
| SHA1 | 4e058f522a46e20bbd26f15a6922390ec2c1da36 |
| SHA256 | d6a28994173c1c36476121f8b0e3633e01ecd0589289901fba34fe218293443d |
| SHA512 | 301d2a6ae958e1ba936cae6f555a587ad87567055f4709d4676a3ef5b1a3112cb338b8a9e744c24cbfa784f00f13a1118ad48fd4f6bb060c5608e4ddc8779389 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js
| MD5 | d060ac623857ad5ca08e3a944768925a |
| SHA1 | 26fe78c92f55f9529ffa2b71da403873da29313f |
| SHA256 | 8d4bd4c779e177724aa7bf98e768e50ce8b2950ef5bf39fa08033057b400888b |
| SHA512 | ae1b42d7e5c5d60f935bcd08417d4d9055d71bfb80653281e990a687353592731a7c4423655fbb988728152846aa56a5f180335d254885338bf6c96ef2a8357a |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js
| MD5 | f42c24cde0162b93624df51f4e2abfab |
| SHA1 | f819638944878ac4cb49438d8599d3fbd9081949 |
| SHA256 | 3f2316e7fb20e82df9a8b08d6169a622a89808742806adee2e4d89885962357d |
| SHA512 | 67258cbaf9f46f1609cec9b87b7a577f855cde9c8efafa3d835a0d18fb3903fcc4733489bf81447cdf2c0a55701d569a75f11a81865dab8f624b722e76b7c674 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js
| MD5 | 1d26f69361e75ca5cd2eac5f99249c72 |
| SHA1 | 787d51c708ce15b2c533a180a2bf639648bc40eb |
| SHA256 | d7d63601d3347efc93425f4f93049cfb9ed2b9ead1dce662c9c1bed3cba302e0 |
| SHA512 | 7350774074462d33ac9f2e130829306af08a6693fd597f40c39bfb194684f66d965cd23c10de5fc4389e4a2ffe84db727aad23dd683a805ae4825f10026cb040 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\fil.pak
| MD5 | 3126f74d021e9423d71913bb45a62935 |
| SHA1 | c9a80c8585aabbfec34ae891416794b1b3e29a11 |
| SHA256 | 4cd3fa70487e894400ad29e3bfbfba3e1c5edd799aab12c62c3aff3c2580ce5e |
| SHA512 | fb360723ee53b3f7038eebd1b919a36784a0e3dc878e810bc905c4297379dade6006c8872ed68412b06161cacb0d6e32a7157ecf97d9e103a4ca3b2b71db8765 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\fi.pak
| MD5 | fa7dbd2ee35587ff31fde3c7107e4603 |
| SHA1 | baaa093dcb7eccf77ce599c8ff09df203e434b60 |
| SHA256 | 5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c |
| SHA512 | 587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\fa.pak
| MD5 | d55f65c6fda6ed6f549d2c9f0a4ce874 |
| SHA1 | 952792f2da5ed9cb1cfed14e5afb8abf5cf29cb3 |
| SHA256 | 221bbbde078d135f6daca4978a31cc6a82f8f46536467ebc9a0cd322c58a7785 |
| SHA512 | d0bb83467182d8b3a8f8371d749e682cf05f89daefe28764f2c263e7cfbfc3f86cb388061b48dadda26c3dd246dd6f7a57af58ca9344c2f6b90de87af1e91c69 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\et.pak
| MD5 | e97fe1e6d06a2275a20d158dc4e3b892 |
| SHA1 | 1575b9b1fc331a70bbe4ca7d1095d4ed6777ecc1 |
| SHA256 | d984aee4d18ca24a88846b1b6e0294d373733430f30bb4f1b97bc7d50d512c2e |
| SHA512 | 77879a4d1062671b616ba9b2ce0b6f69a5dbed6bd56b73ded902d1f9f44ecd96a2212690b3568c0ba273c73d91589ff2bf18c7ef9b66e0630fbaafde2a61b1b1 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\es-419.pak
| MD5 | 774ced79da2fd32bd1ba52a0f16e0a19 |
| SHA1 | ff36dcf8b62046871f441f301dd7af51cb9ce7ee |
| SHA256 | 5aff3762747a6e8c6df9f2a3b470bf231b44163006b17ce87e2a03694be27b81 |
| SHA512 | 7763c15fa97efa9a5af73dcdedd4fe260139bd8ff782ca3aa0937d9355b2d14c3e482e570844ac33d22d7b016c7b9097d727c1dd585f421dccd59ca7bbc24269 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\en-US.pak
| MD5 | 3f6f4b2c2f24e3893882cdaa1ccfe1a3 |
| SHA1 | b021cca30e774e0b91ee21b5beb030fea646098f |
| SHA256 | bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f |
| SHA512 | bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\en-GB.pak
| MD5 | 502260e74b65b96cd93f5e7bf0391157 |
| SHA1 | b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7 |
| SHA256 | 463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b |
| SHA512 | 0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\el.pak
| MD5 | 306a80dadadb1f9182810733269537fd |
| SHA1 | bc01a65a9d024ec72e613aedc60f4838be798040 |
| SHA256 | 92403b6160e38746597d4dd7f64d64cf19e30b5e7862901263c39679187b2c91 |
| SHA512 | 491016b8fcca59a7dc9523358c4a7b56c55360f424e8fe9330d6f01480835805e961f1e48f8777660510d9af9a66961c639df162190dec595a867d54150eecfc |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\de.pak
| MD5 | ec069f60c9825080b9d18ff6492e816d |
| SHA1 | 34ce5101c9646f9c2deb9820a3b26eb91c525ebc |
| SHA256 | e0f632ce324951002c80e019dd0169be9f6b0640533fa434cd6ca80f28a1d3f7 |
| SHA512 | 95a88ac98f0957e5f200af76c1a743b976228f7da1bb6c6b3b88a54adcff05e1172d7cf2e6f0a82cbc8ad0aa79974a1bc046516250a3a5889fd7b2e4d7c0b804 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\da.pak
| MD5 | fecabf71853bab84eacdd95699c49f69 |
| SHA1 | 8519afc13e100a550ca3d756518a0bc33674e0d3 |
| SHA256 | 1b0793b1cbeb6a56ff1e64523c37ba753457320aa29f9718022caa07b4981d8f |
| SHA512 | e932d382d41a79ece172349e916221a67d97f5fd4b2dc1325d6bd2f7c6757cbc01d6fbc8d9846f6ec462eb637210f7c650f6944418edbd3f8614ef99030d9392 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\cs.pak
| MD5 | 26765c7be201444f0238962bb16a506b |
| SHA1 | f9d4a33795e45127c14bcf35cc770845627e15e8 |
| SHA256 | 936466784a55b965d23b016bc49377655bc5d281d012c8369c0809c961e05c74 |
| SHA512 | 577d52d2d5048cd952aff1e76121a495328c1978cdea2eaa4f85812cc513917f69510e135e96f7967f4ed43cf88e180cb1d9059e17c855c8d4f94ca036730214 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ar.pak
| MD5 | 98f8a48892b41e64bef135b86f3d4a6c |
| SHA1 | 32f8d57ec505332f711b9203aed969704bd97bc9 |
| SHA256 | e34d5cabaed4634c672591074057c12947bc9e728004228a9e75f87829f4a48a |
| SHA512 | 6ed3fe415b2f6de24136917da870b47c653d15c7a561baae55a285946a6f75e5141aba3bc064982f99baef0a893266693864c2d603c5c22c2b95627b2035f7a4 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\am.pak
| MD5 | 952933d2d388683c91ee7eaa7539e625 |
| SHA1 | 7a0f5a10d7d61c32577c0d027db8c66c27e56c7d |
| SHA256 | 55357baf28716a73f79ac9a6af1ae63972eb79f93c415715518027fc5c528504 |
| SHA512 | 5aa5ef0ed1da98b36840389e694dc5dcef496524314b61603d0c5ee03a663bb4c753623fb400792754b51331df20ac6d9cf97c183922f19fc0072822688f988d |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\af.pak
| MD5 | 198092a7a82efced4d59715bd3e41703 |
| SHA1 | ac3cdfba133330fce825816b2f9579ac240dc176 |
| SHA256 | d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba |
| SHA512 | 590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\binaries\go_build_gemd_src.exe
| MD5 | b01e5bcca27ef38e986716ac5b336aac |
| SHA1 | a6829cebfe26f0ef33463c8a8db2637070eed3c9 |
| SHA256 | 160846ffbc47168d5e16bb3dc2ce8fae83e7705718099ba4662c5cebc89b3f05 |
| SHA512 | aa3a856e295f19c87d930053ebae89972778f928b30eb1036287900f735194396e2b18fa72e489f21cc5d0877b0be3f6d7e99a5c87fa7cb17dc7770b0ae95cc0 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\build-in-docker.sh
| MD5 | 94b0fc212af523b8bfcd6c2aa5a5ab2a |
| SHA1 | cc0cb35f7ce729f7affe6b2c463e57966515e476 |
| SHA256 | abaa92d196f6752f184b83b19aedd9b1e28d328e6817de213f61fbd108351e16 |
| SHA512 | af0a2174e0304fdaa56ddae249049c142450ad4a0a9c8975548f61aa2bc356837b1d7ed441108156af32c979da5647bd0233a49db700ff0bbf528f9fa2c862e6 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js
| MD5 | 1ffedd383c8097dd628411836505787e |
| SHA1 | 969306e8127b354f35f4c870f2da7b4034d4197b |
| SHA256 | df3b6ca3fff442454ffee98e8e4db5e3fe0d82ff19a49216cd238fa9282cb30a |
| SHA512 | 1392958e5a9c2e0c6df617c48547f5fdae32960bfb55953528ee345e06e1ae191ca4001a618233adeab27e16de5ecd203c405e8b4fa7f3a739cd3d2c4a1e9ed2 |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh
| MD5 | 2ff8e17ece2c70eff9efdb2b1a524555 |
| SHA1 | d61c93df38f70f2244817c688a140224c9a99af9 |
| SHA256 | f07b481f34e732e74abe6402023f8b84f61281626ad6e25062a20fa8fd80ece4 |
| SHA512 | 0f847fd2b05bd4627a56b452f065e878005b6307bc101663297afb5f45c24d965ddc48ea4818c34ab35bde06f5a7711cf29fb9182c8ed9cf34e17d6434c487ee |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js
| MD5 | c63a1659a645a5095524923081813d51 |
| SHA1 | 1d97d7ccb0804b7a15f0593c87990ab0da4b6887 |
| SHA256 | 644476fd66a507adc49582e7371c87e4cacc3c7840c23fe920da2a09f05db08a |
| SHA512 | ae452613a1dc728428ed2e596d7fbb041e00a8aa300aaada289fd454f71267569fa548fa7c7217134572decab12e56f4aadd4853c96ef705ccba2dcb377018cb |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\wheels
| MD5 | 6fec563925ecab8b6a98c3f38655236d |
| SHA1 | 9ad08eb80167574de6373d871cfff5511d2554cf |
| SHA256 | 6fa0613c1edb0c6b26baac0b759bf756f389a11e0ec0e64904cffb26ef8dc016 |
| SHA512 | 850a5285519965fe26ab0da2ae62d380648acb723d879e2ab770124e4146ce0a6d03f089e28af20604dd3e00913169f82ac568a1741014e0bc5ee7b2c583888d |
C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\84e465a8-c347-46ed-a23a-e91ad8055dfa.tmp.node
| MD5 | 8b711f2896e3b299a098571d94084119 |
| SHA1 | 9cae797a9735100dd7b00bef26a6c48c6fe7dbb9 |
| SHA256 | 50782c8a8ffa9ee7af10f432e01a03afe9dec4b7f6c8bc8af3cb29504b30fca2 |
| SHA512 | 98455ae830e592aab8d038cbcc0ae21492f3c0f359305d3ddd4d9cdc2baf371bc72388a5019bc762b4d409f33f74838189a8f1b136498fcde60184feae49ab14 |
C:\Users\Admin\AppData\Local\Temp\a14d5abf-3c26-42ac-be02-39ad48d26523.tmp.node
| MD5 | 9b652f6adccdd5bd8d3f7dde93e3b585 |
| SHA1 | 97c5dd28348ca3105690088cfe44bc47e44bd1d3 |
| SHA256 | d0e957a8d2e2bfee49ef455215886403534137cfa1633658357a6455949e81f5 |
| SHA512 | 1ad95b5f1b5190969c8d72deac8852e1e809b84a70b203b467b03a5f63238c2207c864b6cb4a56c002fd7003317e6e8d5e4bb664632d608cdc60c9fe8da49c17 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/1664-923-0x00007FFC64B90000-0x00007FFC64B91000-memory.dmp
memory/3940-975-0x00007FFC66300000-0x00007FFC66301000-memory.dmp
memory/3940-985-0x00007FFC66310000-0x00007FFC66311000-memory.dmp
memory/1224-997-0x0000000000400000-0x0000000000412000-memory.dmp
memory/1664-998-0x0000027EE1F80000-0x0000027EE20AA000-memory.dmp
memory/3940-999-0x000001C9475E0000-0x000001C94770A000-memory.dmp
memory/3940-1002-0x000001C947D10000-0x000001C947DBC000-memory.dmp
memory/1664-1011-0x0000027EE1F80000-0x0000027EE20AA000-memory.dmp
C:\Users\Admin\AppData\Roaming\Era\Network\Network Persistent State~RFe58c1b5.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\Era\Network\68c8a3c5-40d9-4765-9d3b-4d38c8b3cac9.tmp
| MD5 | ce402c79a842600662d7b6fdaf35378b |
| SHA1 | b7b914b909dbbf03e4ebca795a9986ec168e894a |
| SHA256 | 4f6252435a384a0bd9f6cf6f3b6c27a92b1c6469361dcdbb018a8dffb9d43f06 |
| SHA512 | 85c67be7a0754bbf7715262b09a54a6f399c7b11d3f3c9b90a1b6e4a9c6cb7abea5e4061fc489f847601a6012bf1a935de8baf07ebbea0ff3bcc4b4f96780a4b |
memory/3940-1038-0x000001C947D10000-0x000001C947DBC000-memory.dmp
C:\Program Files\Era\Era.exe
| MD5 | 966f6a8bad38cc620f548025156255f3 |
| SHA1 | 5eca9e5476da137a459dfe01b0cc466721241d5b |
| SHA256 | 0106aa721968506f889ac69152904ceda9c109d5c7b960365ac50a9438d649ad |
| SHA512 | a1d354b41fb0f10be1e7d0e6f9c45b400220778965838fc45a609ebac9b6e8dad8d7b574b2e12bb874d0d4dba016a5ab2e23208f2e85e3dce5e0cdcc11b7f1bb |
C:\Program Files\Era\ffmpeg.dll
| MD5 | e92cd1d6c1c1dfce96ed3e75b07261d7 |
| SHA1 | 561280b4b32d2d225feb96d087cd4cc6a73e5c62 |
| SHA256 | b6f7dc4cb7bddbd269ae5ad6680f5aa339a03de15b71e1dea17b5a1e3958d9b8 |
| SHA512 | f9cc8d26bd623fe5c191bc37b16d3c441b473daef09d20083a7d1a2fe9a3b8d5b7229dbfcaec96d510ff4aa6032d60308240b1fd6301a1565d49d3509a58a70c |
C:\Program Files\Era\vk_swiftshader.dll
| MD5 | 0b8353446a5ca5e62ad43ac3bfb23e5d |
| SHA1 | 7d9edd3ddd7bc9ca59d87e4b5d560b39b14adf72 |
| SHA256 | ed98ae5df99b1770db2ee2c9b69ca0c06b65033faea596cf54aaace9f84a6daf |
| SHA512 | bc38fdd3db61f1daadd6cb5ccc833aa79c3d97bf2306d53ac695cca356a3380b53eb77a7a2c108a8eaa50e076a03e8ab145f6048f9f626cec96840d97e52a2d1 |
memory/4960-1062-0x000002A3A0FB0000-0x000002A3A0FB1000-memory.dmp
memory/4960-1063-0x000002A3A0FB0000-0x000002A3A0FB1000-memory.dmp
Analysis: behavioral7
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win7-20240220-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 220
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win10v2004-20240412-en
Max time kernel
0s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1060 wrote to memory of 3912 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1060 wrote to memory of 3912 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1060 wrote to memory of 3912 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3912 -ip 3912
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 612
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win7-20240221-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1724 wrote to memory of 3028 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1724 wrote to memory of 3028 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1724 wrote to memory of 3028 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1724 wrote to memory of 3028 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1724 wrote to memory of 3028 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1724 wrote to memory of 3028 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1724 wrote to memory of 3028 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win10v2004-20240412-en
Max time kernel
141s
Max time network
161s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win7-20240221-en
Max time kernel
117s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
4s
Max time network
137s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.194.49:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 151.101.66.49:443 | cdn.fwupd.org | tcp |
| GB | 195.181.164.19:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.2:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win10v2004-20240412-en
Max time kernel
148s
Max time network
158s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| DE | 104.126.37.161:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 161.37.126.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 52.111.227.13:443 | tcp | |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win10v2004-20240226-en
Max time kernel
135s
Max time network
165s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4452 wrote to memory of 4464 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4452 wrote to memory of 4464 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4452 wrote to memory of 4464 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.42:443 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win7-20240319-en
Max time kernel
121s
Max time network
133s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:02
Platform
debian9-mipsbe-20240226-en
Max time kernel
54s
Command Line
Signatures
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win7-20240221-en
Max time kernel
119s
Max time network
133s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win10v2004-20240412-en
Max time kernel
109s
Max time network
139s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 20.189.173.4:443 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.126.19.2.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win7-20240221-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 224
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win7-20240221-en
Max time kernel
9s
Max time network
150s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era\ = "URL:era" | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era\shell\open\command | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era\shell | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era\shell\open | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Era.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era\URL Protocol | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Era.exe
"C:\Users\Admin\AppData\Local\Temp\Era.exe"
C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe
C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe
C:\Users\Admin\AppData\Local\Temp\Era.exe
"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1040 --field-trial-handle=1208,i,15844764803904609672,2573737534469597621,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Era.exe
"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --mojo-platform-channel-handle=1272 --field-trial-handle=1208,i,15844764803904609672,2573737534469597621,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Era.exe
"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --app-user-model-id="Project Era" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1576 --field-trial-handle=1208,i,15844764803904609672,2573737534469597621,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Era.exe
"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1224 --field-trial-handle=1208,i,15844764803904609672,2573737534469597621,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed""
C:\Windows\system32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sentry.erafn.org | udp |
| US | 172.67.36.183:443 | sentry.erafn.org | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5---sn-5hne6n6e.gvt1.com | udp |
| NL | 172.217.132.234:443 | r5---sn-5hne6n6e.gvt1.com | udp |
| NL | 172.217.132.234:443 | r5---sn-5hne6n6e.gvt1.com | tcp |
| US | 8.8.8.8:53 | api.v1.external.erafn.org | udp |
| US | 104.22.67.72:443 | api.v1.external.erafn.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
Files
\Users\Admin\AppData\Local\Temp\acbd002b-c974-4da9-a5fd-15deb5a8a3f6.tmp.node
| MD5 | 8b711f2896e3b299a098571d94084119 |
| SHA1 | 9cae797a9735100dd7b00bef26a6c48c6fe7dbb9 |
| SHA256 | 50782c8a8ffa9ee7af10f432e01a03afe9dec4b7f6c8bc8af3cb29504b30fca2 |
| SHA512 | 98455ae830e592aab8d038cbcc0ae21492f3c0f359305d3ddd4d9cdc2baf371bc72388a5019bc762b4d409f33f74838189a8f1b136498fcde60184feae49ab14 |
\Users\Admin\AppData\Local\Temp\ff83515f-8269-458c-b2da-e3428e715302.tmp.node
| MD5 | 9b652f6adccdd5bd8d3f7dde93e3b585 |
| SHA1 | 97c5dd28348ca3105690088cfe44bc47e44bd1d3 |
| SHA256 | d0e957a8d2e2bfee49ef455215886403534137cfa1633658357a6455949e81f5 |
| SHA512 | 1ad95b5f1b5190969c8d72deac8852e1e809b84a70b203b467b03a5f63238c2207c864b6cb4a56c002fd7003317e6e8d5e4bb664632d608cdc60c9fe8da49c17 |
memory/2552-9-0x0000000000060000-0x0000000000061000-memory.dmp
memory/2552-46-0x0000000076E00000-0x0000000076E01000-memory.dmp
memory/1680-51-0x0000000002BB0000-0x0000000002BB1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Era\Local Storage\leveldb\CURRENT~RFf7686ad.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Era\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Era\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Roaming\Era\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\Era\DawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar97D4.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eab64b0fa036c8feaa0417654b32ea2f |
| SHA1 | 74308b04145ecf23c186113d30837451a3e129da |
| SHA256 | b749fa6007221316b5733f72ad71f8b11be548facf76789009f0f8842e112e78 |
| SHA512 | 8f10558e0a5323fc239b6b75b287e0dd96b90c11a686d5458c6bcfd6c3687ec8ef945d38fa9796fd85954f50f4ab6ed9713694fb357f382ed926d6713bf0413b |
memory/2628-256-0x0000000000400000-0x0000000000412000-memory.dmp
Analysis: behavioral21
Detonation Overview
Submitted
2024-04-16 21:56
Reported
2024-04-16 22:01
Platform
win7-20240221-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js