Malware Analysis Report

2025-01-23 15:31

Sample ID 240416-1tk41afb7y
Target Era Setup 1.0.71.exe
SHA256 f3be685607271c36836e02aa2596cd98bbc611c62298f7d1721bfd119404d453
Tags
discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f3be685607271c36836e02aa2596cd98bbc611c62298f7d1721bfd119404d453

Threat Level: Shows suspicious behavior

The file Era Setup 1.0.71.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery antivm

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Checks CPU configuration

Reads CPU attributes

Checks installed software on the system

Drops file in Program Files directory

Unsigned PE

Reads runtime system information

Program crash

Enumerates physical storage devices

Enumerates kernel/hardware configuration

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-16 21:57

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win7-20240221-en

Max time kernel

148s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\Era\Era.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Era\vulkan-1.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\cs.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\lt.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\nl.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\am.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\ar.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\bn.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\fil.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\tr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\elevate.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\it.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\pt-PT.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\te.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\ro.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\ur.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\chrome_100_percent.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\en-GB.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\et.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\fa.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\zh-CN.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\wheels C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\vk_swiftshader_icd.json C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\hr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\mr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\build-in-docker.sh C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\he.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\id.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\ml.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\sv.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\fi.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\sl.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\uk.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app-update.yml C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\libEGL.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\LICENSES.chromium.html C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\bg.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\de.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\gu.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\pt-BR.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\vi.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\Era.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\v8_context_snapshot.bin C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\binaries\FortniteLauncher.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\binaries\go_build_gemd_src.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\sr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\vk_swiftshader.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\af.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\es-419.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\ko.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\sw.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\da.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\hu.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\lv.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\ru.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe

"C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe"

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef59c9758,0x7fef59c9768,0x7fef59c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1376 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1488 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2272 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:2

C:\Program Files\Era\binaries\FortniteLauncher.exe

"C:\Program Files\Era\binaries\FortniteLauncher.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2956 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3412 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3856 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:8

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1036 --field-trial-handle=1204,i,13085744919783063866,19822180553394596,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --mojo-platform-channel-handle=1276 --field-trial-handle=1204,i,13085744919783063866,19822180553394596,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --app-user-model-id="Project Era" --app-path="C:\Program Files\Era\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1616 --field-trial-handle=1204,i,13085744919783063866,19822180553394596,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2456 --field-trial-handle=1204,i,13085744919783063866,19822180553394596,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=2036,i,9485334027287839281,15073667358607391206,131072 /prefetch:8

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1904 --field-trial-handle=1204,i,13085744919783063866,19822180553394596,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 sentry.erafn.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 172.67.36.183:443 sentry.erafn.org tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
GB 216.58.201.110:443 redirector.gvt1.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp

Files

\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\chrome_200_percent.pak

MD5 5604b67e3f03ab2741f910a250c91137
SHA1 a4bb15ac7914c22575f1051a29c448f215fe027f
SHA256 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
SHA512 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\chrome_100_percent.pak

MD5 d31f3439e2a3f7bee4ddd26f46a2b83f
SHA1 c5a26f86eb119ae364c5bf707bebed7e871fc214
SHA256 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
SHA512 aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\Era.exe

MD5 2f88617165e05e48e90f6969e5884227
SHA1 d796c61b1870a69cbcbdcf1687d23949a3c88b6c
SHA256 a06cba453802d87bec65b60b02a5f30c359e6d3d9cb0565243b4bcb8e51dd38a
SHA512 d4bee2d2ee7aa8b429f6f8b30a6d9104a49fadf73b649d28d04f2fe723abd4b79a373f8d1c4da884bbbd23bdcd77b168e768f13ab45d76258644d9e3d0d57965

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\ffmpeg.dll

MD5 c184ad77ac8ce299475c0c85621aa782
SHA1 308c55c03dbb1888fc0d214f5f5315707ec5af49
SHA256 ec8652d431dd41424cbad04957841538fce811898edd158488672df1da2450b9
SHA512 90ab519179e82b158f6a6b44247421e00db4477b4a3ed1135b6bc3af8e16d939aa6286b2781dc02424903f817d5a61b30251b26c9f2335e1ca570d4252c915eb

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\icudtl.dat

MD5 76bef9b8bb32e1e54fe1054c97b84a10
SHA1 05dfea2a3afeda799ab01bb7fbce628cacd596f4
SHA256 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
SHA512 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\libEGL.dll

MD5 773bbe681c1fab3d4d9ac505678f49e2
SHA1 6eb8dd50d3674d60ce805f59ed98a5bde42cafd5
SHA256 98a07bfe813d4e0917c82437b9489ab72694a76f71766c9b0cb61daab81ebf74
SHA512 2034ec31a8b71865ba7edf3bbcf5425756c46ffa896909e2c4b423171b205194ddec2933043ee906d8bd01bbfc3a34c2f09ed847aad3c8d5be09a886f19835f2

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\LICENSES.chromium.html

MD5 d18c09a075cb6531d7ffd7c3da77bd4e
SHA1 571f29b6004007111782bf5727c4bc9510cca286
SHA256 86f5222580a4ab03dad8ea62e6cea22b23454dccf1c77e74ae0e0410a13b16fc
SHA512 091cd68e12633919fc6100b606f3002b16f4b9c7c6d7c820ff20e31a3b9ea690c8a1fc90529ff3e5c21e8d778e254743a8708049830c3bb046eda8f2653000b7

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\snapshot_blob.bin

MD5 b82ff216a0babf602940759b9a3af870
SHA1 07e8a22dcf8d7be04a6ddbcab3098e040494bb0e
SHA256 943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5
SHA512 da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\vulkan-1.dll

MD5 f8e139bd2e17aa89ba7974490d9eff16
SHA1 c47ed79376fef9205f9678cb314158cd85874104
SHA256 757393d275a3ba855e44973b6e31730492ce72598f3e1a5c15c577334cc5d8b1
SHA512 36610001fd4fcd6d3be7712ee6229e8fc85dc7ae155ebab005318db8f3ec7b1a1952c0c0f353e2b55c993f86ce03a5ffd93b5d3c76a3ea6f2970cba58e6b22ab

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\vk_swiftshader.dll

MD5 804f1e0bacb8621541c8b18d098e4a51
SHA1 19432252cd892be774f6a0d5bba90ab2e18b51b6
SHA256 b8ac7a8b0d32ca5ad133dcc25a4128f8f379403e4700d2a2e988441bd50a2949
SHA512 51375fe442120fe6747a395c5bf26ff6ab82628823fff5f80a5e4cac0cc44676427722736ad82d2b13be57f47dcf9af3684dcbbf4be0bd2428691c3ac3ab6700

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\v8_context_snapshot.bin

MD5 031ea03da08fe1247280cfe781658791
SHA1 e91db50ad16b5a5fbbaf4118672d60b347ea6161
SHA256 c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c
SHA512 b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources.pak

MD5 fb620332959ee6e46ac1c2a2f0e1b2d1
SHA1 eb18c735d187647c3c529932b8b80d9c9af09286
SHA256 66153f7b388503a9bab9df1fa157d3af88548bee264525694bca9a61ce3495e7
SHA512 1e5bfcac24a76ca8fae7b7fa5407f4eafeecfcda54726d66586f1171a7ba30cf76544d75aa44f1eb64b202e686ccd2c00c8cc0b24b249fc5c6c28c156cd03775

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\libGLESv2.dll

MD5 977a79d2155e9dac5eb1a6741abfdb11
SHA1 8706344e4544a3381cbfa2ef83a223bc942464be
SHA256 364dbfa38fe501f73b3935f84398e9cb261a1b63f4e55934cb323255cfa0dd8a
SHA512 9c2b072592f313d7083bd762cd100e05ae2c50596aaddc083bb7f9b75d20077bd6c2328049de9c854b2653ee4b4834eb6728aa09edd146f18cb25d6655e8e558

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\binaries\FortniteLauncher.exe

MD5 aeaa6f47b71614437c0d47828da005ca
SHA1 f9d016d3817ebbc28556967b8b8c05d120acbc58
SHA256 31eb3c804c7a248fe505d948ad9b3891b6b6f9210bd84aaf0eb716478c490b66
SHA512 6785eb5ae5d6d78a9c2f004ba5c91dd6603fd8efb39cb50f4bc3ac16d7377fb1317ba12658b63d575c17de04696b88c09c8a812340c4c40394196dab99d41a60

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ca.pak

MD5 2f8d050c228583559cda181291b76e5a
SHA1 b047f1cfb30b1162b1dd79f7e424a83fd807eec7
SHA256 e1d6b5fd0bc411f2895eaaa1409916f5ffe39a5c6bd1bafe8af7ce33da5be17d
SHA512 e4f150cd9942ef5105e72376835da6edc31ef91783e41cd2fc04600c04f342bbc96e08e23c8af1c0c1e563bb8a7d3840a2289767525c30d08c2f23d0e837801f

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\es-419.pak

MD5 774ced79da2fd32bd1ba52a0f16e0a19
SHA1 ff36dcf8b62046871f441f301dd7af51cb9ce7ee
SHA256 5aff3762747a6e8c6df9f2a3b470bf231b44163006b17ce87e2a03694be27b81
SHA512 7763c15fa97efa9a5af73dcdedd4fe260139bd8ff782ca3aa0937d9355b2d14c3e482e570844ac33d22d7b016c7b9097d727c1dd585f421dccd59ca7bbc24269

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\hr.pak

MD5 7095ef4caf6bd39174487002a4e09300
SHA1 1efe686bd0b7f035aee7ab4c52be6133121cd0f3
SHA256 3d7685163c5eb6a11e745ff934312b8681c5f85dfa8d9ea701e9dcaee1e7a285
SHA512 45488d46dfe7a31a007932917f7baf4c195da899de5dc56d98e555336668af3edb77996487649b86f56beac688374ce77f8feadc01e3f84d30d83bd67631f9c1

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ms.pak

MD5 d5da199f347452c5904bff9332a08f84
SHA1 b5fb8c22708a7e3130684f1a9923b6dab10c3ae5
SHA256 fe58cc4f62fc31e32c1fb9a0893a5483391ab6a91b1c92ed4a5e3103a962da7a
SHA512 9fddeb376bececc51dec997b3ed1e22821340fa172636f641af774dae8bc9b5c0780757380bf3fa8df0f9682a555ede81c449ae9468f63215c17123d13ee9f35

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ru.pak

MD5 5cc0f54e022a9996773dbd64906d5580
SHA1 87c103bd69724579b478f904235e03caf61d5d79
SHA256 b4223b56ec88235819a427d60bb937eb3984076523f02a018f57819e0429bea9
SHA512 b3365fedcba50643cecf1a70297e1e67990d63ae05caa87de01a70ef6f28e0f73a9a0edb0ff80b4138c624e51aa2dac065a2d40877fc92137714ae07734c2f4a

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\zh-CN.pak

MD5 2febe4ef32e1a3884089908f402ad62f
SHA1 e65c54adc127b78494dd6189cca71f1c7bd2a5b0
SHA256 a7ac9fda6f4cd189b75fdadc4b70cd0d369a09b66eaeb5d032678cb97ffc98f6
SHA512 8e8b030af4c952c32ec277850d5573414630ff5196eaed52820f44e9c5bd03ab6f71a8add19215b0456eed859be0d5a6f28d48e12f1677d39842f35feffd5e57

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app-update.yml

MD5 d729a1d49bd7106abafb63e5c670c9aa
SHA1 1c92cffc2f1fb30f2c8281a135a6ad2b68f09b81
SHA256 ca4f2f0ef3f3a4d3ffdd5389d16f8562bcc1290d69a6e2245d0de621854b8244
SHA512 5ec24113065db1b14341b53079fff79f149bceeb9d850b42b8a2c28c54529430249e406da77650e83bbf20f9289dd4c7541aa434a538d5cb12d0821df77e8794

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE

MD5 c2710cd00242ca7d7bef0fc98dbbc7f8
SHA1 ba49c34590b171487fd5e383ca28632f551865e5
SHA256 9503def7b54ceb6e3cd182fd59bc05d3a30d7eae481e65aaba4b495133c83c14
SHA512 1b8fed37b379cfaac4e67e4ae0d0ae1c7e8fdd5178f1e9a289b646c5adb016c68cdcd743266fca87bd37bffc0951e0b9ecba8a57f0600a7dcd5cb52cd783637f

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\wheels

MD5 6fec563925ecab8b6a98c3f38655236d
SHA1 9ad08eb80167574de6373d871cfff5511d2554cf
SHA256 6fa0613c1edb0c6b26baac0b759bf756f389a11e0ec0e64904cffb26ef8dc016
SHA512 850a5285519965fe26ab0da2ae62d380648acb723d879e2ab770124e4146ce0a6d03f089e28af20604dd3e00913169f82ac568a1741014e0bc5ee7b2c583888d

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js

MD5 c63a1659a645a5095524923081813d51
SHA1 1d97d7ccb0804b7a15f0593c87990ab0da4b6887
SHA256 644476fd66a507adc49582e7371c87e4cacc3c7840c23fe920da2a09f05db08a
SHA512 ae452613a1dc728428ed2e596d7fbb041e00a8aa300aaada289fd454f71267569fa548fa7c7217134572decab12e56f4aadd4853c96ef705ccba2dcb377018cb

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js

MD5 1ffedd383c8097dd628411836505787e
SHA1 969306e8127b354f35f4c870f2da7b4034d4197b
SHA256 df3b6ca3fff442454ffee98e8e4db5e3fe0d82ff19a49216cd238fa9282cb30a
SHA512 1392958e5a9c2e0c6df617c48547f5fdae32960bfb55953528ee345e06e1ae191ca4001a618233adeab27e16de5ecd203c405e8b4fa7f3a739cd3d2c4a1e9ed2

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh

MD5 2ff8e17ece2c70eff9efdb2b1a524555
SHA1 d61c93df38f70f2244817c688a140224c9a99af9
SHA256 f07b481f34e732e74abe6402023f8b84f61281626ad6e25062a20fa8fd80ece4
SHA512 0f847fd2b05bd4627a56b452f065e878005b6307bc101663297afb5f45c24d965ddc48ea4818c34ab35bde06f5a7711cf29fb9182c8ed9cf34e17d6434c487ee

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\build-in-docker.sh

MD5 94b0fc212af523b8bfcd6c2aa5a5ab2a
SHA1 cc0cb35f7ce729f7affe6b2c463e57966515e476
SHA256 abaa92d196f6752f184b83b19aedd9b1e28d328e6817de213f61fbd108351e16
SHA512 af0a2174e0304fdaa56ddae249049c142450ad4a0a9c8975548f61aa2bc356837b1d7ed441108156af32c979da5647bd0233a49db700ff0bbf528f9fa2c862e6

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

MD5 d060ac623857ad5ca08e3a944768925a
SHA1 26fe78c92f55f9529ffa2b71da403873da29313f
SHA256 8d4bd4c779e177724aa7bf98e768e50ce8b2950ef5bf39fa08033057b400888b
SHA512 ae1b42d7e5c5d60f935bcd08417d4d9055d71bfb80653281e990a687353592731a7c4423655fbb988728152846aa56a5f180335d254885338bf6c96ef2a8357a

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

MD5 f42c24cde0162b93624df51f4e2abfab
SHA1 f819638944878ac4cb49438d8599d3fbd9081949
SHA256 3f2316e7fb20e82df9a8b08d6169a622a89808742806adee2e4d89885962357d
SHA512 67258cbaf9f46f1609cec9b87b7a577f855cde9c8efafa3d835a0d18fb3903fcc4733489bf81447cdf2c0a55701d569a75f11a81865dab8f624b722e76b7c674

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

MD5 e8282413c1895eaff49de6dd9b71ab13
SHA1 4e058f522a46e20bbd26f15a6922390ec2c1da36
SHA256 d6a28994173c1c36476121f8b0e3633e01ecd0589289901fba34fe218293443d
SHA512 301d2a6ae958e1ba936cae6f555a587ad87567055f4709d4676a3ef5b1a3112cb338b8a9e744c24cbfa784f00f13a1118ad48fd4f6bb060c5608e4ddc8779389

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js

MD5 1d26f69361e75ca5cd2eac5f99249c72
SHA1 787d51c708ce15b2c533a180a2bf639648bc40eb
SHA256 d7d63601d3347efc93425f4f93049cfb9ed2b9ead1dce662c9c1bed3cba302e0
SHA512 7350774074462d33ac9f2e130829306af08a6693fd597f40c39bfb194684f66d965cd23c10de5fc4389e4a2ffe84db727aad23dd683a805ae4825f10026cb040

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

MD5 50c3a734036b84685a15d56217207d67
SHA1 1893de2684072a3a2961337fa9a9b45a52c52c0a
SHA256 171990f108cd5582f83432c1569f2c3e1aebfbfb159599f4ff2ab693c20a8f78
SHA512 3aa037d12cee7cbf51826fb3e2aa87b4543dd62f5ff5f2f8915128061c07472304601766bddf949647c5ca92e8ee768a77139bbe91bdfaaae99dea4405168ea9

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

MD5 c29ad60a23d5406728a51afa4352b4c7
SHA1 2be817215890f5868717765570ce9f7422735c4e
SHA256 faa867204c92db252271c9d850962ae1ff5c9448444ca907af483a6c874a6eb0
SHA512 e1784b8bf7119bf3380b192f1597cb3179425ff7ab347b144011fd17b62794760e6e092a0a1dae99302eb6c333f1638440df4e4e0eaf64f26d4f3cc46a74d04a

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli

MD5 b7c89ec5dfb8b15555f32a3bef6c3103
SHA1 a92048052f5fc0af532cd97ebf82c1a9fbf12342
SHA256 7c5c97aaee075241bdc4fbc610b356445747e962ac3d986c5016acefd66a6ea0
SHA512 c47baa0e0896684403760a13cfa6dd5826152ec7ae83f783040d186eaca8af70bc97530bbb22b720d7482a4ad18c3959ab1af8ccfe3689b19a51955e777884e8

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli.exe

MD5 4c1bbccaec3f88e00c176e49b3ea9742
SHA1 eea00e776e5979ae8e650ee9ddf3d4d4e93ff2ef
SHA256 299e9f3632bd8278384e60f7384279ccb394ca532515448f44e089a3fb119f1c
SHA512 3c82f9f06be9bdbdb6fc94709d6c582641b2bd1ba1987c0b42a8d5c653fc32c006873c8f236b45c62970b3abe6a8b5f9faa1a57c0c85d52fdc94ecf1bd21abd6

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json

MD5 49f7deab5d526f6f79d8fd80be29c97e
SHA1 e6ef40032a68a979454d30e9a483a1043367a90e
SHA256 3fe1b2bd4e7ed12e73c5717dc162f9086a4b349528042c4313610573530c6992
SHA512 053d4996c3376aa0fbee16be84d0a7f86b043ee1928dfe81e5b8db1686ac5e42db26b13ecd168a86f7315e8c208549b68f1ee3b64df3c12426eeda73c4efcdbe

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt

MD5 1dcfcfdd8cce3e3b0fa697af106e4075
SHA1 f9261519f777790f7cd50c91e389d0e6589bd92a
SHA256 1357dc0a2f6ae355ab59b409c94cf635b7ed849a3bcb60e95b7132cbfd297324
SHA512 751ac3545299650e783daf0a45823660ce0b3f6dd7d722d303b9a801b02db61f7bb3a5129f4481294f2201fb5ad4e7bb1b2ab9a2d993ebde8a0d985f08ce34a2

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\resources\app.asar

MD5 774ff4d0ac7a0ded5523f80e718164ec
SHA1 5e9cf197b03584a2f1e22dcf97b5c4a33571b60e
SHA256 4135eb4ca7ebea03688ee0946b3e4958a1cec234a9bc296e561fd1701e7a6830
SHA512 4cda95b52402660d21c028a91aaa3b708d8648222710187f690d5a601f20b5ef6491be4da455110fdc2531451f4e4a12b07f8cbd386cdf291db7dfe6ec38b8e7

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\zh-TW.pak

MD5 02e9e0bc5c30ca60a869ea761fb662eb
SHA1 c5200f692544b681af8757627da430aeea4283ee
SHA256 c5061ec00bd969f76f3c0c6ff15ddacafed7491260bd8ced78118691ba57bdff
SHA512 07b5f401f89dfc36499a3e74318b471d9b2e795dc363dfd5a9394089d4783a4b51fd78e2092701b6974f1c51020f3b5f81171ce21690f8547ff3c8f3d54ce781

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\vi.pak

MD5 065179c466c5b7457e249f11d152b99f
SHA1 cfc05e9dfb91b2af2944aed4718fa05b43844914
SHA256 b75694e390bd2e20780b3bc72f6e1473ba45d7537c27642a7d888dfd3bb6c3bb
SHA512 fb598391a028b7d3c7e25cae21ccfde655e6f871e498767a54f7cf0d5d4e48207213cd2598ca88e4f46c303cd2d8175238a5a5b720ab37beec1873d681165a8d

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ur.pak

MD5 ba86f1f13fdc37a2c48c1da34c84f4c4
SHA1 2f1578d0eee76e60effb63967712b15c0d56829e
SHA256 4c7affdcc324cd791d10e235da809ce7501e8005be64340b6e8bf5595647a707
SHA512 fb2fe1548574da860bf27408a4f29d781fcefc300f744f4214843f343e343ad8bae29cb7047f87f5c3277641f561c6a30e5bc9d6490afbefc7af36974305a688

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\uk.pak

MD5 3b2a976a25dca963e91df3695c502d8c
SHA1 ce7ae51211f512c3723bb43ea0de9e6debb70597
SHA256 28ea88f19b2c34699d535ca0c691449b7e4001c12e8aed8d04b2078916e88a37
SHA512 ba41ee074239afdf8f194b4ccb33060fa9655e3ccdac6a16090959d3214f8db15396b3e038d7de26c478fdd003472f680d2b6ac9a92acaf6ebf8aa258747ecc6

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\tr.pak

MD5 46f9b2a35efdf1120a8a946e4f1d0115
SHA1 af7bec1fba32d912b50288a7d988440627e4ee85
SHA256 b22fc7b75c52cc142f201d5cf107d17c1b173a494a6add022127f559fb46bcb0
SHA512 cd67f9c328408a8295f224aec190c7c411a868755fc5c9e90b4985b3c41a05d6d34dd30d4a3866f6c24e1d640f4c324bfba8c7ab806a6b216151cf0a504a03d7

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\th.pak

MD5 a970b7e9d3aec2cd1b8ab798b3179f07
SHA1 bf17a7e80e01ac1704a1efdf27baf271b4c21e36
SHA256 cd80bf232f2f128a3d411f52c8039987559dbc1055f746eed6e0e8478b116dc1
SHA512 880555a2ac2f278aecb8794d8cc51f0833052e9f4ca187ed91fa35bb475e68ae3255cfe1dc074eac960c73c203e62c6b38077b266f5fab66ccc3ca73e94d4d60

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\te.pak

MD5 b1b6a9e3a04be79080ebbfacc1a0eb2d
SHA1 a5c8eb6a930062f6021d073d5f74ae146dc7fbc8
SHA256 d839531c4ff4a2885c993e0d358f78667215b0950c77a06ef01a6acff9221c5b
SHA512 bf0b163c8fc3988bfeb3cbb4b981596ce5afdf7e40149622fc3b60994e7d8efa5bb24c830036d168a6638feca48b8755aefa8640faae37055cae8fffb6a85568

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ta.pak

MD5 f100566697a96ce1f0a0c7e0bbfbe36d
SHA1 4c80a4930ba7d174c4203c199492463242bddf62
SHA256 7e818deedd50a533851bbf08e056bf2ad8d45f442a1a61d9b48e66804ea848db
SHA512 dfa6132a5b7e819e8d326bf5ee539d9ecb2dcd7fea429c75afec2291df9eeead6fa347b01f9feaf2235bce627fd39116176195f7a3d7d74de28951f939db1645

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\sw.pak

MD5 9632dd7d883fa4deb3963ea663e0ffd4
SHA1 0db135be4b3a7c54c39e9df5034d5576b68ea92e
SHA256 690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e
SHA512 3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\sv.pak

MD5 5130a033016b45ae2c3363edb3df7324
SHA1 9f696d78b1b9efec180dc89ee0defc3ba23e6677
SHA256 3420a1fbcca5bf8c2d65d6dcb0db78b03f95f7f2fc56479a0de6e3312333ce6f
SHA512 401b71360dcacf3b1fdc411c92195051370db110863cbed37143263e7804cb24b75ff1908ee39ee848c28776df00d6edd8cc748acf3725668af7815929e8066b

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\sr.pak

MD5 fca817ed4b839b976ebcbf59cac66d68
SHA1 413efa65470319999032b6a25b3b2ee33b8cd047
SHA256 524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb
SHA512 cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\sl.pak

MD5 4ad22c6c64dbe0fc432afaa28090c4d9
SHA1 19eb65ae52a585dbd9c25c32f22b099020c43091
SHA256 6002c129a56558832e9bd260c427c0bd2e1566e0aea3ad999f89c8e479534f9b
SHA512 94f9d34e76560059ef80fc04be4d54e52a7d934dd28747db7f0f6684243b841087245699a471a55d667623d2ce5e597a3d2c6bc37cfd7ebd2f5b8fb40e6207e7

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\sk.pak

MD5 72946b939f7bcaa98ab314cfba634e0b
SHA1 71c79a61712c8c5d3dac07a65d4c727e3b80ab17
SHA256 75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7
SHA512 2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ro.pak

MD5 745a9b8c6422682f2cfa5561cc1f4022
SHA1 31e3616ef09f9b1fd1c41cf8f43e504a6f90276f
SHA256 7247470057a936d03bfa2a8776508ab66aa1040c41a4eb8f79c1e93551c74bb8
SHA512 8e0b7f98cb842a862ceca65e0166462275feed26c32c9c299aba9986d36b716a90d4a8db5ccef355ac266b7e969071014cc7ab6439778e77c52754bc23b4c575

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\pt-PT.pak

MD5 3f367760b57a5e4360dabcd4a650bc5f
SHA1 8d7cd6b0eb42361ee862455ecfa475d28f5aa934
SHA256 c89170385b3afb2ec89fbd61b8470ac718713c7296441c8430f173dac218e74b
SHA512 3dc30780d57dee91215a716dc6b4cb432838aa0161af4371f49f70db2076bd155b170fd2c1617f59e1b572144a2e150a34143eda82d9f2227d24d2281d5aba60

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\pt-BR.pak

MD5 a064cb9d7cf18936600e9ccc03297006
SHA1 eb436a0c584ba91acb05dfccde139afbe26fe9f4
SHA256 c9ec3822044365457b8736348cf95a8e39bdfe3ed36267449bf3ed739accef2e
SHA512 95af684abf9d24cfc4d0668a02da1e2e69f5e671d671d8cdfadc22ec991908c6aa5663fe1fa88ca8e85c0508f409fa6c2bbc174c53674270f2b188018d358415

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\pl.pak

MD5 0dc77139d3530695cb4e85b708bc0bf6
SHA1 6915655afd1e37361c011f5c2113d72c7a0e85bc
SHA256 53b59486361b11512fb90f15065104b15ee2322bb7804f859cde2f2ecf9581fb
SHA512 ee1ca1d99ac279df4cc0e532aef2fc531061736b636a84310bdbd627e0f2435eac1a386ebb19aa901b6eae3929bda1c5da4f41b73a25a1b20137522e34547600

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\nl.pak

MD5 9f547a24e2840d77339ca20625125b4c
SHA1 23366411b334f990a0328a032b80b2667fda2fcd
SHA256 55413d5eddb3300e0ae0fa5d79d26fdf1e5a12922d7018c8054b1faa9d660301
SHA512 34da7a0b58ee3904d00cf02d16d5a3ef508fb708d7c0a887286fc32cd6145b2bd857d317c784d1d1b17662041eadcf7e225908980eb93f2b81161d845c0bb67f

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\nb.pak

MD5 bbae0915edec081b04bb903b689bc40b
SHA1 6a0fc635ce1c431e512b8b3b8448176aa4025556
SHA256 d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8
SHA512 573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\mr.pak

MD5 b9a2aa88c69c42ebcc41fef00c980a38
SHA1 9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8
SHA256 481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09
SHA512 5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ml.pak

MD5 00292b0801e0dd0a74091bf53f1574c9
SHA1 63a002e7a8796bc4b4459a19c95ce426fbd1ec7f
SHA256 61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6
SHA512 e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\lv.pak

MD5 e664eb35f1284e9fc615e1bb4fab892b
SHA1 e777653abec377a394170b04f79e78acbe4b6a3b
SHA256 b5a31cbfcb40ad8d911de1618c4eb7e8cc67b97eb8878220f15d40eb014d8ac8
SHA512 c3232997e8d306e91ded72e9d81ffae2018af3e6c32fe620532e03bccd2883fce59b2a2290a1580d7080c468c02bcd24c1bc90051f06bfa9a4e17857d4aa583f

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\lt.pak

MD5 7b6bf901352885c0699db71239b7cf24
SHA1 9e3ec5f327c0d0e54a449332061e60a8c79243cf
SHA256 9200a9509bd77834d9912f4ba8f4219d2b9bd2cdad49a11873db30e99b9d1350
SHA512 79ebef723fb4c17581eb869b4b4e1a364a3d28df0e168e7e1a3583e0c1ec5b9716dd270925c0545b8247421a64b03705f10910fe3416900de9258840c470d580

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ko.pak

MD5 b31780fff9541290c1d9f5b76141430d
SHA1 8b0fbdccd0a7f8141846763a0d27e4e0da0552dc
SHA256 b04c1b91cab31054be70cb851dc6716065545445801045daceb96eeee4d2334a
SHA512 a573dd09520059832e7f53386a64dcdde47452b02ce1e5d7e11385abbc8b734dcee0065b4ca351591bf9cc2f66fae204b9300702246d20265e8ddff4f7c1e6d8

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\kn.pak

MD5 d3d6bc60bead608e68e776e07d21ad30
SHA1 e40e38ca99026056c127e9e1a1ff821a50310887
SHA256 90b2df3338468e84e2cf2f2f67597cba5c3ceb5dba9c59ebd072ec15a70ce741
SHA512 05421db2f1202573a34de1e722c6bdb55a35821c4aebd54c80e6594fc92075cd9b97e5bfdfe93b4228c3a2646b92a27da4722ef3826e2807238dcc56ba273706

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ja.pak

MD5 8209dd8cf4e416416e015ff239b7c483
SHA1 7affd1707b9eec52c26a4c17708c8471c369e2f6
SHA256 3accfd9a1833ddeedb2082fb94101beb59b555c60f42e3070e9e04a372eba84a
SHA512 6a58a1ea8a46c325cac0629f2e3b571532a9a2a342ed61ca47bd1dcee20ce0b0350e4f6d3e8e4c6903c7ba4a4592a6382bf0fcb5437febd1673b3c2ce8cd7499

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\it.pak

MD5 91391f388b4b6c12a72710c35f4c355d
SHA1 f89e6ea977a10a9f050395489285ce8c041c2c05
SHA256 c0dc0a4a87f7bb054a30eb1174c3228ea2014bd94668a7d22995b99c4937d817
SHA512 8796d69d1a8bdbc7690ded45404174b7fa0b5bec8453d79a3c85bf4707c3f32caf634c792c72ce7bda3522eceb5fc6761b696471586397064d9f1f1988ceee88

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\id.pak

MD5 881ff04e220aa8c6ed9d0d76bfa07cb8
SHA1 cacf3620d1bf85648329902216e6cdc6f588a5ba
SHA256 9210c4c4c33e7ceb5f70005a92a4fd36ca4facdd41701fdc1d2ce638db8adf22
SHA512 9134102928aa80c49bbf2b862e8079b2ee23636ce63412a4c3813f234d623ff563f5ca1ac407ddb77cecf1224896ed59ae979dcf63435d35a4f13de9c22755d5

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\hu.pak

MD5 d6904e7d1b6750d43a6478877c42618d
SHA1 919f090a6a3aa1112916f5bb0d5b73a62be43c1e
SHA256 3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f
SHA512 d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\hi.pak

MD5 ede7fa471c5eebc1fa55b9b3b6f92d00
SHA1 1d1f529c615799bb3a3319ddd1357cb5dc71464e
SHA256 1e9623c7407ae8b8a88df3f69a47ae8117f74c4dcb56897bb794a9c38ee5805b
SHA512 0f51ea54e828700080effa6c728230c523ff8e26fb350e6f337028d18614d5dfc4a2792cb92b5e606bd0702067f55fea546029cddd1ebf7fa74ef5521ff08338

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\he.pak

MD5 6376d0a5f4273b76b1f4aabade194e0c
SHA1 337ba39f09454c0779ab64872b9fa11f866d6adc
SHA256 875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45
SHA512 00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\gu.pak

MD5 b7f4c73d56be31042d8edd7e8ea080f3
SHA1 c0c3595701c0a75c14931ed65958d36df0d925c5
SHA256 c36a20730d5f2b91cb61b5b2a5912db2ea5a328a9b8abe0fca0af300446d3c20
SHA512 ea0d766a754604cad4d5f3180c30f7dfdc3e1cfe79d67365b72adc0d7574851f21bdd5b748b16e8b4a95ade40c8ed0442bcefd511a2934cc9c701e379c955d60

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\fr.pak

MD5 51ee1ed54fec49effd103c29677885b5
SHA1 ced6fd3354007d1ef3ea7b6689aae5213c20cc69
SHA256 1f6bc09499ee37456968a28b67b81bbf5b9df4f0c6035a388242d2037a3b65a1
SHA512 dfd50ad99b89345940afead11c3a6940d4408a0e6265cddda1d71ad92527ea00d8057ac77ceb2ffe137a3f0d2f321c210bc7cf97ed821f01e538dc08d07149a4

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\fil.pak

MD5 3126f74d021e9423d71913bb45a62935
SHA1 c9a80c8585aabbfec34ae891416794b1b3e29a11
SHA256 4cd3fa70487e894400ad29e3bfbfba3e1c5edd799aab12c62c3aff3c2580ce5e
SHA512 fb360723ee53b3f7038eebd1b919a36784a0e3dc878e810bc905c4297379dade6006c8872ed68412b06161cacb0d6e32a7157ecf97d9e103a4ca3b2b71db8765

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\fi.pak

MD5 fa7dbd2ee35587ff31fde3c7107e4603
SHA1 baaa093dcb7eccf77ce599c8ff09df203e434b60
SHA256 5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c
SHA512 587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\fa.pak

MD5 d55f65c6fda6ed6f549d2c9f0a4ce874
SHA1 952792f2da5ed9cb1cfed14e5afb8abf5cf29cb3
SHA256 221bbbde078d135f6daca4978a31cc6a82f8f46536467ebc9a0cd322c58a7785
SHA512 d0bb83467182d8b3a8f8371d749e682cf05f89daefe28764f2c263e7cfbfc3f86cb388061b48dadda26c3dd246dd6f7a57af58ca9344c2f6b90de87af1e91c69

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\et.pak

MD5 e97fe1e6d06a2275a20d158dc4e3b892
SHA1 1575b9b1fc331a70bbe4ca7d1095d4ed6777ecc1
SHA256 d984aee4d18ca24a88846b1b6e0294d373733430f30bb4f1b97bc7d50d512c2e
SHA512 77879a4d1062671b616ba9b2ce0b6f69a5dbed6bd56b73ded902d1f9f44ecd96a2212690b3568c0ba273c73d91589ff2bf18c7ef9b66e0630fbaafde2a61b1b1

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\es.pak

MD5 ba80f46ef6e141cef4085273a966fd91
SHA1 878f35e15b02558f75f68ec42a5cc839368c6d61
SHA256 267e7b6376e7e5ab806b16fde93bbbcd961bf0c3a7b3a2cabccab37faa9a1d16
SHA512 8a8b4f7db23d4c93756b6dc4219f00c77358a8fe992da1f51431597b82c3aa87abf3a98d79e13e7b4a14a1a9e94d388760fb6abf3a744406dee951c8e78cf361

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\en-US.pak

MD5 3f6f4b2c2f24e3893882cdaa1ccfe1a3
SHA1 b021cca30e774e0b91ee21b5beb030fea646098f
SHA256 bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f
SHA512 bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\en-GB.pak

MD5 502260e74b65b96cd93f5e7bf0391157
SHA1 b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7
SHA256 463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b
SHA512 0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\el.pak

MD5 306a80dadadb1f9182810733269537fd
SHA1 bc01a65a9d024ec72e613aedc60f4838be798040
SHA256 92403b6160e38746597d4dd7f64d64cf19e30b5e7862901263c39679187b2c91
SHA512 491016b8fcca59a7dc9523358c4a7b56c55360f424e8fe9330d6f01480835805e961f1e48f8777660510d9af9a66961c639df162190dec595a867d54150eecfc

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\de.pak

MD5 ec069f60c9825080b9d18ff6492e816d
SHA1 34ce5101c9646f9c2deb9820a3b26eb91c525ebc
SHA256 e0f632ce324951002c80e019dd0169be9f6b0640533fa434cd6ca80f28a1d3f7
SHA512 95a88ac98f0957e5f200af76c1a743b976228f7da1bb6c6b3b88a54adcff05e1172d7cf2e6f0a82cbc8ad0aa79974a1bc046516250a3a5889fd7b2e4d7c0b804

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\da.pak

MD5 fecabf71853bab84eacdd95699c49f69
SHA1 8519afc13e100a550ca3d756518a0bc33674e0d3
SHA256 1b0793b1cbeb6a56ff1e64523c37ba753457320aa29f9718022caa07b4981d8f
SHA512 e932d382d41a79ece172349e916221a67d97f5fd4b2dc1325d6bd2f7c6757cbc01d6fbc8d9846f6ec462eb637210f7c650f6944418edbd3f8614ef99030d9392

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\cs.pak

MD5 26765c7be201444f0238962bb16a506b
SHA1 f9d4a33795e45127c14bcf35cc770845627e15e8
SHA256 936466784a55b965d23b016bc49377655bc5d281d012c8369c0809c961e05c74
SHA512 577d52d2d5048cd952aff1e76121a495328c1978cdea2eaa4f85812cc513917f69510e135e96f7967f4ed43cf88e180cb1d9059e17c855c8d4f94ca036730214

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\bn.pak

MD5 d6ccc9689654b84bc095cec4f1952cca
SHA1 286130971826b0af1b6d29c5283dfa71af7cd7b0
SHA256 e325d936cd97c3f9ddfca2d87caefb8b6e7465ffa31d0386ae2456b18f7a92da
SHA512 db0400820c5cd1100337c955084eac3036b55bbf66b403337bec2079bc47696e2e48a771214662b286f4f45f763d2ad423aeccbd0f06cf0bc11038662558f4a5

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\bg.pak

MD5 9dc95c3b9b47cc9fe5a34b2aab2d4d01
SHA1 bc19494d160e4af6abd0a10c5adbc8114d50a714
SHA256 fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e
SHA512 a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\ar.pak

MD5 98f8a48892b41e64bef135b86f3d4a6c
SHA1 32f8d57ec505332f711b9203aed969704bd97bc9
SHA256 e34d5cabaed4634c672591074057c12947bc9e728004228a9e75f87829f4a48a
SHA512 6ed3fe415b2f6de24136917da870b47c653d15c7a561baae55a285946a6f75e5141aba3bc064982f99baef0a893266693864c2d603c5c22c2b95627b2035f7a4

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\am.pak

MD5 952933d2d388683c91ee7eaa7539e625
SHA1 7a0f5a10d7d61c32577c0d027db8c66c27e56c7d
SHA256 55357baf28716a73f79ac9a6af1ae63972eb79f93c415715518027fc5c528504
SHA512 5aa5ef0ed1da98b36840389e694dc5dcef496524314b61603d0c5ee03a663bb4c753623fb400792754b51331df20ac6d9cf97c183922f19fc0072822688f988d

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\locales\af.pak

MD5 198092a7a82efced4d59715bd3e41703
SHA1 ac3cdfba133330fce825816b2f9579ac240dc176
SHA256 d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba
SHA512 590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

C:\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\7z-out\binaries\go_build_gemd_src.exe

MD5 b01e5bcca27ef38e986716ac5b336aac
SHA1 a6829cebfe26f0ef33463c8a8db2637070eed3c9
SHA256 160846ffbc47168d5e16bb3dc2ce8fae83e7705718099ba4662c5cebc89b3f05
SHA512 aa3a856e295f19c87d930053ebae89972778f928b30eb1036287900f735194396e2b18fa72e489f21cc5d0877b0be3f6d7e99a5c87fa7cb17dc7770b0ae95cc0

\Users\Admin\AppData\Local\Temp\nso7AAD.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

\Program Files\Era\Era.exe

MD5 2bed19c1ada45f46e6b3c72efb759cbe
SHA1 784d5f36828c133f1c59f7f7caed2078f15d1d92
SHA256 1f7774e101917848e899434ca9c184b8d0ec5fa6ac8bb4bb6f64ce608ca33ebd
SHA512 d39cd8f90a02f632d2023ff54227d5aa52ce36a1abbdac1de44b4ebeff41f48afeabd241ffe72aec5f034224880d6feaaf97c519e765b781066e752a7812f81d

C:\Program Files\Era\Era.exe

MD5 11c2d3c7ce1e0c3c5ab2000dfc9bf956
SHA1 563557aafeb51d4be008a9744bd0e2eadb442206
SHA256 773ed40b9e7492abc11b758032399d3b2102049d738eb74b511dd84a2fd16069
SHA512 13b19125b7663fadf0b827f2db1d1851e0d9e5045efbc90e31c09869f5066039c840499b9888a5bd81cbe100efaacd6ffd94d239014bf00953daf16e9c157840

memory/2736-701-0x0000000003CD0000-0x0000000003CD2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_1652_DBXSPWLLYOGTPCKU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

\Users\Admin\AppData\Local\Temp\54dc3f07-0ace-46f8-b961-404d33e4c1cd.tmp.node

MD5 9b652f6adccdd5bd8d3f7dde93e3b585
SHA1 97c5dd28348ca3105690088cfe44bc47e44bd1d3
SHA256 d0e957a8d2e2bfee49ef455215886403534137cfa1633658357a6455949e81f5
SHA512 1ad95b5f1b5190969c8d72deac8852e1e809b84a70b203b467b03a5f63238c2207c864b6cb4a56c002fd7003317e6e8d5e4bb664632d608cdc60c9fe8da49c17

\Users\Admin\AppData\Local\Temp\1b92c0d9-a4ee-4da7-942b-59d5b6bda571.tmp.node

MD5 8b711f2896e3b299a098571d94084119
SHA1 9cae797a9735100dd7b00bef26a6c48c6fe7dbb9
SHA256 50782c8a8ffa9ee7af10f432e01a03afe9dec4b7f6c8bc8af3cb29504b30fca2
SHA512 98455ae830e592aab8d038cbcc0ae21492f3c0f359305d3ddd4d9cdc2baf371bc72388a5019bc762b4d409f33f74838189a8f1b136498fcde60184feae49ab14

memory/1280-990-0x0000000000060000-0x0000000000061000-memory.dmp

C:\Users\Admin\AppData\Roaming\Era\Local Storage\leveldb\CURRENT~RFf771ef6.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Program Files\Era\Era.exe

MD5 8ea83dbd32ec3ffc578e8e800780f0f2
SHA1 c6055f767247804e1b9c04553c2336ee71496285
SHA256 53f2f8730900ad577070eaa97ff7515dca0971dc416485bd48efd37e85d4a251
SHA512 3d97d22f26e092143fb54abce7c536561a2eca7756f2a3480931a00142a35799175eb8eee583101baddbc950ca8d7489ee7c4f7c4bdbed1bad6621a3338db711

C:\Program Files\Era\Era.exe

MD5 b362720901d78c1174107e7a0347f5a2
SHA1 b4002b3dea66d270af2f9e0ed0bbe57b84484627
SHA256 df8aea35eae390f19b6964b85f4ca73939d759488b57bd2f63e2ff67529ddd75
SHA512 a64344678fdb3d66304d960a551b17d926ab2a6899adb44a8ddd1f4e39db1012d9894af7e4db3e3a36b3bb180e26c16c5dc604d982cbca76895cd7d7ff99b796

memory/1280-1041-0x0000000077950000-0x0000000077951000-memory.dmp

memory/1800-1058-0x0000000002470000-0x0000000002471000-memory.dmp

C:\Program Files\Era\Era.exe

MD5 c633f3741fee8a470722062cfdbbb7bf
SHA1 e2488f994035950ec7b50f52a0ecba039a1e07d1
SHA256 76e4f7f250b3934c90c2922204f50f2775f94e6c32997a885260fc266308b8f2
SHA512 249061145601250adea8f00046e75953f236df96cdf005028491059c7e22e124f4aff0ddb19346543dd26bee3768b45c2d56c8733450bf9dd10ae19ea1c1c58a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 aeeab24f2d99a679254f480b532f27e6
SHA1 dc1fa2bb4a334efb7d2c40c0b0e2d694d6f051a1
SHA256 565e97f8ee5926a161f6652e5f9d8586f4b2502eaa0c37f13271cb3d56483d9d
SHA512 a1a51c28991f870eff8295c632794b44d98d738986bc69b86b6379915f916888fa9eb2c9eb31db02434e52fa1dd1eda4cb986cc58453ad57f67d0ace666025c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\32201ab6-84b4-4c2a-83fd-1006820f3f8e.tmp

MD5 207b945d96315b4d7ed2af82391c43b6
SHA1 6197a1414fa898cf31d835c11b308720b4abd581
SHA256 aaddab28dcd0ffa002dde01a60826a013921c1b0ab0702137b1881871f7cccd6
SHA512 85e321ca0533738b1b754a1da967a59b6c30c846f316b99bfda6b93dc2820eea1e12b70957237587e3b6eecf3f5d1cf8d5b45a9ab0b36dfc705ab7c069bc8f29

C:\Program Files\Era\Era.exe

MD5 4f968aadc906c0ec701838cca15d637e
SHA1 eb53627d781ded9770414dae8f12cbf9054a6bb8
SHA256 8432cfd1fcb2dd815c4594bc69d3ac352e0b1666164310a8e8c11b2a5326f933
SHA512 b47bb02753e0252f18c58e09ee818aad7712bb025a131cc798ec052b338aee5b2fc06938faff206135a42d6efe7cbbe82b4c4aec13a9b8d0fc41722ec40c3c01

C:\Users\Admin\AppData\Roaming\Era\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

memory/2316-1151-0x0000000000400000-0x0000000000412000-memory.dmp

C:\Users\Admin\AppData\Roaming\Era\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Era\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Program Files\Era\Era.exe

MD5 aacf0c6698d4e57fd9152b54890dd51d
SHA1 84af83cf162b78fad9da97d1c5ad730667cbea27
SHA256 9fe1d39c39d282ef7606a3ae6e290d8701f9e9eef992139349f6fc5743bbc78e
SHA512 8feed293285a55564c5583477d2a39f7a27beb510f9fa34fe45a64a944758fa2160412415a89156bf3b68bce5129a7aa6ff59c48f3f4e66954a582e9fca34ad5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 36143f7504329f9c05857289de2f6b28
SHA1 49a2fb841b5964e4cf1d55eb161c20144e1ddd1a
SHA256 52a9eef815b4ca9978f9465efad1f27ddd777feeb7c7fe013feba54de4a707d8
SHA512 fc0c473514249ff6bdb8ad878e319659195eebb395853c8a9cbc31f1f0e08ce95e5e01030a42b4c22ecb9ba9d1b2630164034b48f7c1dac74bb1450bc6d7ac5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 920e82679bdd133a1018f705b7240487
SHA1 8277fcfeb831adbce6f9b804aeeff857faa87679
SHA256 40f22cff79790ba8d56a657dcc4e8dd6df689de30e456078d6df578be4e8ae89
SHA512 4aed0904f9cfb6d697d0c866e8f9a32242ed1afbbb7ae682f0233d06fb6da76be3989a80aad6adcecade706b582214caca7ded87554a2b9f5f0c1fc77463926a

C:\Program Files\Era\Era.exe

MD5 8dade3770dc2e57b8c2821f97dbd19dd
SHA1 079e5c51b984817df511f04f870dd9dd879232fe
SHA256 2a9a1205b0b909d0c7e280fd116a01c40248fde6c0ee9628f07462f9dcaf3036
SHA512 0ace24cefa9dc35d9421f3c117838a48e1049447e87403a3cd0f54ef7914a921db0951ecd9240976de709fd6d0019304bbc47690b1e5292754f24738ba25f155

\Program Files\Era\ffmpeg.dll

MD5 fe1981504b49a5192318a61ca2f9e82e
SHA1 3cb4ca7727d0a8070c1c14c26ee3b945f8b2ad08
SHA256 271a725908dd23abd35f53b8fa9f167fc4d927aab497bf31fcffbf60a2f67c49
SHA512 2499ae5971f33cbd3a9f03aee064fa56a9a7fd982f5182100d840a153b172370761ca99889d76cb1482dbb558cad79827495b97f28a64061161c3cc44bb13751

Analysis: behavioral10

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win10v2004-20240412-en

Max time kernel

120s

Max time network

176s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2368 wrote to memory of 1604 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2368 wrote to memory of 1604 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2368 wrote to memory of 1604 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1604 -ip 1604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 87.126.19.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win10v2004-20240412-en

Max time kernel

80s

Max time network

146s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

1s

Max time network

129s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Network

Country Destination Domain Proto
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
US 151.101.194.49:443 tcp
N/A 224.0.0.251:5353 udp
GB 195.181.164.20:443 tcp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:02

Platform

debian9-mipsel-20240226-en

Max time kernel

52s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win10v2004-20240412-en

Max time kernel

92s

Max time network

115s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2428 wrote to memory of 2144 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2428 wrote to memory of 2144 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2428 wrote to memory of 2144 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2144 -ip 2144

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 76.126.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

debian9-armhf-20240226-en

Max time kernel

39s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli]

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:02

Platform

win7-20240221-en

Max time kernel

119s

Max time network

147s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win7-20240221-en

Max time kernel

118s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

178s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.42:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win7-20240221-en

Max time kernel

121s

Max time network

128s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 224

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:02

Platform

debian9-mipsbe-20240226-en

Max time kernel

52s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:04

Platform

debian9-mipsel-20240226-en

Max time kernel

181s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win10v2004-20240412-en

Max time kernel

152s

Max time network

162s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Era.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era\URL Protocol C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era\ = "URL:era" C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era\shell\open\command C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era\shell C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era\shell\open C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Era.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-553605503-2331009851-2137262461-1000_Classes\era C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 564 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe
PID 564 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 564 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe"

C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe

C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1820,i,6812177286501208710,17659940137248560185,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --mojo-platform-channel-handle=1900 --field-trial-handle=1820,i,6812177286501208710,17659940137248560185,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --app-user-model-id="Project Era" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2488 --field-trial-handle=1820,i,6812177286501208710,17659940137248560185,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed""

C:\Windows\system32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed"

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=736 --field-trial-handle=1820,i,6812177286501208710,17659940137248560185,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 sentry.erafn.org udp
US 172.67.36.183:443 sentry.erafn.org tcp
US 8.8.8.8:53 183.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 api.v1.external.erafn.org udp
US 104.22.67.72:443 api.v1.external.erafn.org tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.67.22.104.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 87.126.19.2.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\a41ff747-8503-4f0e-adcb-765ab2d0de82.tmp.node

MD5 8b711f2896e3b299a098571d94084119
SHA1 9cae797a9735100dd7b00bef26a6c48c6fe7dbb9
SHA256 50782c8a8ffa9ee7af10f432e01a03afe9dec4b7f6c8bc8af3cb29504b30fca2
SHA512 98455ae830e592aab8d038cbcc0ae21492f3c0f359305d3ddd4d9cdc2baf371bc72388a5019bc762b4d409f33f74838189a8f1b136498fcde60184feae49ab14

C:\Users\Admin\AppData\Local\Temp\60bab1b8-b43e-43c2-a815-38c48efa8d8b.tmp.node

MD5 9b652f6adccdd5bd8d3f7dde93e3b585
SHA1 97c5dd28348ca3105690088cfe44bc47e44bd1d3
SHA256 d0e957a8d2e2bfee49ef455215886403534137cfa1633658357a6455949e81f5
SHA512 1ad95b5f1b5190969c8d72deac8852e1e809b84a70b203b467b03a5f63238c2207c864b6cb4a56c002fd7003317e6e8d5e4bb664632d608cdc60c9fe8da49c17

memory/3868-10-0x00007FF969310000-0x00007FF969311000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/1696-50-0x00007FF969470000-0x00007FF969471000-memory.dmp

memory/1696-60-0x00007FF969BE0000-0x00007FF969BE1000-memory.dmp

memory/2952-79-0x0000000000400000-0x0000000000412000-memory.dmp

C:\Users\Admin\AppData\Roaming\Era\Network\Network Persistent State

MD5 0695e5a0f0a426ccca81dbfe851c507d
SHA1 329840b2cd2b7a416020f9b235f35518ecc993f0
SHA256 62f1ef73f8e3bf4a2ebbefaa3e05d6605c45f955d7cd26262d92bb3abf5a7209
SHA512 a55b9f292ba90903d62ee44983404eaf9875c7fec59a837a9d937b9918d422a6ed4d07d28d1ac3c5c02d22a4914d0c0f5fccec1ea1113e3cbdaf1f81aea19b1c

C:\Users\Admin\AppData\Roaming\Era\Network\Network Persistent State~RFe593435.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/1256-93-0x0000028E98B10000-0x0000028E98B11000-memory.dmp

memory/1256-94-0x0000028E98B10000-0x0000028E98B11000-memory.dmp

memory/1256-96-0x0000028E98B10000-0x0000028E98B11000-memory.dmp

Analysis: behavioral28

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win10v2004-20240412-en

Max time kernel

90s

Max time network

154s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 87.126.19.2.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:02

Platform

debian9-armhf-20240226-en

Max time kernel

85s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win10v2004-20240412-en

Max time kernel

137s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation C:\Program Files\Era\Era.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation C:\Program Files\Era\Era.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Era\libEGL.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\binaries\FortniteLauncher.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\am.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\bg.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\es-419.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\sw.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\v8_context_snapshot.bin C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\fil.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File opened for modification C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\bin C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\zh-CN.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\de.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\ms.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\nb.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File opened for modification C:\Program Files\Era\resources C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\sl.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File opened for modification C:\Program Files\Era\chrome_100_percent.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\pl.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\th.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\bn.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File opened for modification C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\ta.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\et.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\ml.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\pt-PT.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File opened for modification C:\Program Files\Era\resources\app.asar.unpacked C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\chrome_200_percent.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\af.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\he.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\LICENSES.chromium.html C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\uk.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\chrome_100_percent.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\LICENSE.electron.txt C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\hu.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\it.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File opened for modification C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\icudtl.dat C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File opened for modification C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File opened for modification C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\hr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\ja.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\sr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\fr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\ro.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File opened for modification C:\Program Files\Era\resources\app.asar.unpacked\node_modules C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File opened for modification C:\Program Files\Era\locales C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\cs.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\kn.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\pt-BR.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\snapshot_blob.bin C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File opened for modification C:\Program Files\Era\binaries C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\sk.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
File created C:\Program Files\Era\locales\tr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Era\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\Era\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Program Files\Era\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\Era\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Program Files\Era\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Era\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Era\Era.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era\shell\open\command C:\Program Files\Era\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era\shell C:\Program Files\Era\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era\shell\open C:\Program Files\Era\Era.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era\shell\open\command\ = "\"C:\\Program Files\\Era\\Era.exe\" \"%1\"" C:\Program Files\Era\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era C:\Program Files\Era\Era.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era\URL Protocol C:\Program Files\Era\Era.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\era\ = "URL:era" C:\Program Files\Era\Era.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Program Files\Era\Era.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files\Era\Era.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files\Era\Era.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files\Era\Era.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files\Era\Era.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files\Era\Era.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 388 wrote to memory of 1224 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\binaries\FortniteLauncher.exe
PID 388 wrote to memory of 1224 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\binaries\FortniteLauncher.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 1664 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 4564 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 4564 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 388 wrote to memory of 3940 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe

"C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.71.exe"

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe"

C:\Program Files\Era\binaries\FortniteLauncher.exe

"C:\Program Files\Era\binaries\FortniteLauncher.exe"

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1812,i,13611124070292830365,13212109147470593824,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --mojo-platform-channel-handle=1896 --field-trial-handle=1812,i,13611124070292830365,13212109147470593824,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --app-user-model-id="Project Era" --app-path="C:\Program Files\Era\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2408 --field-trial-handle=1812,i,13611124070292830365,13212109147470593824,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed""

C:\Windows\system32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed"

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1812,i,13611124070292830365,13212109147470593824,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 sentry.erafn.org udp
US 104.22.66.72:443 sentry.erafn.org tcp
US 8.8.8.8:53 72.66.22.104.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 104.22.67.72:443 sentry.erafn.org tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
US 8.8.8.8:53 72.67.22.104.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 76.126.19.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Program Files\Era\chrome_100_percent.pak

MD5 d31f3439e2a3f7bee4ddd26f46a2b83f
SHA1 c5a26f86eb119ae364c5bf707bebed7e871fc214
SHA256 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
SHA512 aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\chrome_200_percent.pak

MD5 5604b67e3f03ab2741f910a250c91137
SHA1 a4bb15ac7914c22575f1051a29c448f215fe027f
SHA256 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
SHA512 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\Era.exe

MD5 2f88617165e05e48e90f6969e5884227
SHA1 d796c61b1870a69cbcbdcf1687d23949a3c88b6c
SHA256 a06cba453802d87bec65b60b02a5f30c359e6d3d9cb0565243b4bcb8e51dd38a
SHA512 d4bee2d2ee7aa8b429f6f8b30a6d9104a49fadf73b649d28d04f2fe723abd4b79a373f8d1c4da884bbbd23bdcd77b168e768f13ab45d76258644d9e3d0d57965

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\snapshot_blob.bin

MD5 b82ff216a0babf602940759b9a3af870
SHA1 07e8a22dcf8d7be04a6ddbcab3098e040494bb0e
SHA256 943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5
SHA512 da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources.pak

MD5 fb620332959ee6e46ac1c2a2f0e1b2d1
SHA1 eb18c735d187647c3c529932b8b80d9c9af09286
SHA256 66153f7b388503a9bab9df1fa157d3af88548bee264525694bca9a61ce3495e7
SHA512 1e5bfcac24a76ca8fae7b7fa5407f4eafeecfcda54726d66586f1171a7ba30cf76544d75aa44f1eb64b202e686ccd2c00c8cc0b24b249fc5c6c28c156cd03775

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\LICENSES.chromium.html

MD5 d18c09a075cb6531d7ffd7c3da77bd4e
SHA1 571f29b6004007111782bf5727c4bc9510cca286
SHA256 86f5222580a4ab03dad8ea62e6cea22b23454dccf1c77e74ae0e0410a13b16fc
SHA512 091cd68e12633919fc6100b606f3002b16f4b9c7c6d7c820ff20e31a3b9ea690c8a1fc90529ff3e5c21e8d778e254743a8708049830c3bb046eda8f2653000b7

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\libGLESv2.dll

MD5 977a79d2155e9dac5eb1a6741abfdb11
SHA1 8706344e4544a3381cbfa2ef83a223bc942464be
SHA256 364dbfa38fe501f73b3935f84398e9cb261a1b63f4e55934cb323255cfa0dd8a
SHA512 9c2b072592f313d7083bd762cd100e05ae2c50596aaddc083bb7f9b75d20077bd6c2328049de9c854b2653ee4b4834eb6728aa09edd146f18cb25d6655e8e558

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\libEGL.dll

MD5 773bbe681c1fab3d4d9ac505678f49e2
SHA1 6eb8dd50d3674d60ce805f59ed98a5bde42cafd5
SHA256 98a07bfe813d4e0917c82437b9489ab72694a76f71766c9b0cb61daab81ebf74
SHA512 2034ec31a8b71865ba7edf3bbcf5425756c46ffa896909e2c4b423171b205194ddec2933043ee906d8bd01bbfc3a34c2f09ed847aad3c8d5be09a886f19835f2

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\v8_context_snapshot.bin

MD5 031ea03da08fe1247280cfe781658791
SHA1 e91db50ad16b5a5fbbaf4118672d60b347ea6161
SHA256 c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c
SHA512 b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\vk_swiftshader.dll

MD5 804f1e0bacb8621541c8b18d098e4a51
SHA1 19432252cd892be774f6a0d5bba90ab2e18b51b6
SHA256 b8ac7a8b0d32ca5ad133dcc25a4128f8f379403e4700d2a2e988441bd50a2949
SHA512 51375fe442120fe6747a395c5bf26ff6ab82628823fff5f80a5e4cac0cc44676427722736ad82d2b13be57f47dcf9af3684dcbbf4be0bd2428691c3ac3ab6700

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\icudtl.dat

MD5 76bef9b8bb32e1e54fe1054c97b84a10
SHA1 05dfea2a3afeda799ab01bb7fbce628cacd596f4
SHA256 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
SHA512 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\ffmpeg.dll

MD5 c184ad77ac8ce299475c0c85621aa782
SHA1 308c55c03dbb1888fc0d214f5f5315707ec5af49
SHA256 ec8652d431dd41424cbad04957841538fce811898edd158488672df1da2450b9
SHA512 90ab519179e82b158f6a6b44247421e00db4477b4a3ed1135b6bc3af8e16d939aa6286b2781dc02424903f817d5a61b30251b26c9f2335e1ca570d4252c915eb

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\vulkan-1.dll

MD5 f8e139bd2e17aa89ba7974490d9eff16
SHA1 c47ed79376fef9205f9678cb314158cd85874104
SHA256 757393d275a3ba855e44973b6e31730492ce72598f3e1a5c15c577334cc5d8b1
SHA512 36610001fd4fcd6d3be7712ee6229e8fc85dc7ae155ebab005318db8f3ec7b1a1952c0c0f353e2b55c993f86ce03a5ffd93b5d3c76a3ea6f2970cba58e6b22ab

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\binaries\FortniteLauncher.exe

MD5 aeaa6f47b71614437c0d47828da005ca
SHA1 f9d016d3817ebbc28556967b8b8c05d120acbc58
SHA256 31eb3c804c7a248fe505d948ad9b3891b6b6f9210bd84aaf0eb716478c490b66
SHA512 6785eb5ae5d6d78a9c2f004ba5c91dd6603fd8efb39cb50f4bc3ac16d7377fb1317ba12658b63d575c17de04696b88c09c8a812340c4c40394196dab99d41a60

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ca.pak

MD5 2f8d050c228583559cda181291b76e5a
SHA1 b047f1cfb30b1162b1dd79f7e424a83fd807eec7
SHA256 e1d6b5fd0bc411f2895eaaa1409916f5ffe39a5c6bd1bafe8af7ce33da5be17d
SHA512 e4f150cd9942ef5105e72376835da6edc31ef91783e41cd2fc04600c04f342bbc96e08e23c8af1c0c1e563bb8a7d3840a2289767525c30d08c2f23d0e837801f

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\bn.pak

MD5 d6ccc9689654b84bc095cec4f1952cca
SHA1 286130971826b0af1b6d29c5283dfa71af7cd7b0
SHA256 e325d936cd97c3f9ddfca2d87caefb8b6e7465ffa31d0386ae2456b18f7a92da
SHA512 db0400820c5cd1100337c955084eac3036b55bbf66b403337bec2079bc47696e2e48a771214662b286f4f45f763d2ad423aeccbd0f06cf0bc11038662558f4a5

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\bg.pak

MD5 9dc95c3b9b47cc9fe5a34b2aab2d4d01
SHA1 bc19494d160e4af6abd0a10c5adbc8114d50a714
SHA256 fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e
SHA512 a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\es.pak

MD5 ba80f46ef6e141cef4085273a966fd91
SHA1 878f35e15b02558f75f68ec42a5cc839368c6d61
SHA256 267e7b6376e7e5ab806b16fde93bbbcd961bf0c3a7b3a2cabccab37faa9a1d16
SHA512 8a8b4f7db23d4c93756b6dc4219f00c77358a8fe992da1f51431597b82c3aa87abf3a98d79e13e7b4a14a1a9e94d388760fb6abf3a744406dee951c8e78cf361

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\it.pak

MD5 91391f388b4b6c12a72710c35f4c355d
SHA1 f89e6ea977a10a9f050395489285ce8c041c2c05
SHA256 c0dc0a4a87f7bb054a30eb1174c3228ea2014bd94668a7d22995b99c4937d817
SHA512 8796d69d1a8bdbc7690ded45404174b7fa0b5bec8453d79a3c85bf4707c3f32caf634c792c72ce7bda3522eceb5fc6761b696471586397064d9f1f1988ceee88

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\pl.pak

MD5 0dc77139d3530695cb4e85b708bc0bf6
SHA1 6915655afd1e37361c011f5c2113d72c7a0e85bc
SHA256 53b59486361b11512fb90f15065104b15ee2322bb7804f859cde2f2ecf9581fb
SHA512 ee1ca1d99ac279df4cc0e532aef2fc531061736b636a84310bdbd627e0f2435eac1a386ebb19aa901b6eae3929bda1c5da4f41b73a25a1b20137522e34547600

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\nl.pak

MD5 9f547a24e2840d77339ca20625125b4c
SHA1 23366411b334f990a0328a032b80b2667fda2fcd
SHA256 55413d5eddb3300e0ae0fa5d79d26fdf1e5a12922d7018c8054b1faa9d660301
SHA512 34da7a0b58ee3904d00cf02d16d5a3ef508fb708d7c0a887286fc32cd6145b2bd857d317c784d1d1b17662041eadcf7e225908980eb93f2b81161d845c0bb67f

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\nb.pak

MD5 bbae0915edec081b04bb903b689bc40b
SHA1 6a0fc635ce1c431e512b8b3b8448176aa4025556
SHA256 d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8
SHA512 573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ms.pak

MD5 d5da199f347452c5904bff9332a08f84
SHA1 b5fb8c22708a7e3130684f1a9923b6dab10c3ae5
SHA256 fe58cc4f62fc31e32c1fb9a0893a5483391ab6a91b1c92ed4a5e3103a962da7a
SHA512 9fddeb376bececc51dec997b3ed1e22821340fa172636f641af774dae8bc9b5c0780757380bf3fa8df0f9682a555ede81c449ae9468f63215c17123d13ee9f35

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\mr.pak

MD5 b9a2aa88c69c42ebcc41fef00c980a38
SHA1 9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8
SHA256 481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09
SHA512 5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ml.pak

MD5 00292b0801e0dd0a74091bf53f1574c9
SHA1 63a002e7a8796bc4b4459a19c95ce426fbd1ec7f
SHA256 61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6
SHA512 e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\lv.pak

MD5 e664eb35f1284e9fc615e1bb4fab892b
SHA1 e777653abec377a394170b04f79e78acbe4b6a3b
SHA256 b5a31cbfcb40ad8d911de1618c4eb7e8cc67b97eb8878220f15d40eb014d8ac8
SHA512 c3232997e8d306e91ded72e9d81ffae2018af3e6c32fe620532e03bccd2883fce59b2a2290a1580d7080c468c02bcd24c1bc90051f06bfa9a4e17857d4aa583f

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app-update.yml

MD5 d729a1d49bd7106abafb63e5c670c9aa
SHA1 1c92cffc2f1fb30f2c8281a135a6ad2b68f09b81
SHA256 ca4f2f0ef3f3a4d3ffdd5389d16f8562bcc1290d69a6e2245d0de621854b8244
SHA512 5ec24113065db1b14341b53079fff79f149bceeb9d850b42b8a2c28c54529430249e406da77650e83bbf20f9289dd4c7541aa434a538d5cb12d0821df77e8794

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar

MD5 774ff4d0ac7a0ded5523f80e718164ec
SHA1 5e9cf197b03584a2f1e22dcf97b5c4a33571b60e
SHA256 4135eb4ca7ebea03688ee0946b3e4958a1cec234a9bc296e561fd1701e7a6830
SHA512 4cda95b52402660d21c028a91aaa3b708d8648222710187f690d5a601f20b5ef6491be4da455110fdc2531451f4e4a12b07f8cbd386cdf291db7dfe6ec38b8e7

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli.exe

MD5 4c1bbccaec3f88e00c176e49b3ea9742
SHA1 eea00e776e5979ae8e650ee9ddf3d4d4e93ff2ef
SHA256 299e9f3632bd8278384e60f7384279ccb394ca532515448f44e089a3fb119f1c
SHA512 3c82f9f06be9bdbdb6fc94709d6c582641b2bd1ba1987c0b42a8d5c653fc32c006873c8f236b45c62970b3abe6a8b5f9faa1a57c0c85d52fdc94ecf1bd21abd6

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json

MD5 49f7deab5d526f6f79d8fd80be29c97e
SHA1 e6ef40032a68a979454d30e9a483a1043367a90e
SHA256 3fe1b2bd4e7ed12e73c5717dc162f9086a4b349528042c4313610573530c6992
SHA512 053d4996c3376aa0fbee16be84d0a7f86b043ee1928dfe81e5b8db1686ac5e42db26b13ecd168a86f7315e8c208549b68f1ee3b64df3c12426eeda73c4efcdbe

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE

MD5 c2710cd00242ca7d7bef0fc98dbbc7f8
SHA1 ba49c34590b171487fd5e383ca28632f551865e5
SHA256 9503def7b54ceb6e3cd182fd59bc05d3a30d7eae481e65aaba4b495133c83c14
SHA512 1b8fed37b379cfaac4e67e4ae0d0ae1c7e8fdd5178f1e9a289b646c5adb016c68cdcd743266fca87bd37bffc0951e0b9ecba8a57f0600a7dcd5cb52cd783637f

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt

MD5 1dcfcfdd8cce3e3b0fa697af106e4075
SHA1 f9261519f777790f7cd50c91e389d0e6589bd92a
SHA256 1357dc0a2f6ae355ab59b409c94cf635b7ed849a3bcb60e95b7132cbfd297324
SHA512 751ac3545299650e783daf0a45823660ce0b3f6dd7d722d303b9a801b02db61f7bb3a5129f4481294f2201fb5ad4e7bb1b2ab9a2d993ebde8a0d985f08ce34a2

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\zh-TW.pak

MD5 02e9e0bc5c30ca60a869ea761fb662eb
SHA1 c5200f692544b681af8757627da430aeea4283ee
SHA256 c5061ec00bd969f76f3c0c6ff15ddacafed7491260bd8ced78118691ba57bdff
SHA512 07b5f401f89dfc36499a3e74318b471d9b2e795dc363dfd5a9394089d4783a4b51fd78e2092701b6974f1c51020f3b5f81171ce21690f8547ff3c8f3d54ce781

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\zh-CN.pak

MD5 2febe4ef32e1a3884089908f402ad62f
SHA1 e65c54adc127b78494dd6189cca71f1c7bd2a5b0
SHA256 a7ac9fda6f4cd189b75fdadc4b70cd0d369a09b66eaeb5d032678cb97ffc98f6
SHA512 8e8b030af4c952c32ec277850d5573414630ff5196eaed52820f44e9c5bd03ab6f71a8add19215b0456eed859be0d5a6f28d48e12f1677d39842f35feffd5e57

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\vi.pak

MD5 065179c466c5b7457e249f11d152b99f
SHA1 cfc05e9dfb91b2af2944aed4718fa05b43844914
SHA256 b75694e390bd2e20780b3bc72f6e1473ba45d7537c27642a7d888dfd3bb6c3bb
SHA512 fb598391a028b7d3c7e25cae21ccfde655e6f871e498767a54f7cf0d5d4e48207213cd2598ca88e4f46c303cd2d8175238a5a5b720ab37beec1873d681165a8d

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ur.pak

MD5 ba86f1f13fdc37a2c48c1da34c84f4c4
SHA1 2f1578d0eee76e60effb63967712b15c0d56829e
SHA256 4c7affdcc324cd791d10e235da809ce7501e8005be64340b6e8bf5595647a707
SHA512 fb2fe1548574da860bf27408a4f29d781fcefc300f744f4214843f343e343ad8bae29cb7047f87f5c3277641f561c6a30e5bc9d6490afbefc7af36974305a688

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\uk.pak

MD5 3b2a976a25dca963e91df3695c502d8c
SHA1 ce7ae51211f512c3723bb43ea0de9e6debb70597
SHA256 28ea88f19b2c34699d535ca0c691449b7e4001c12e8aed8d04b2078916e88a37
SHA512 ba41ee074239afdf8f194b4ccb33060fa9655e3ccdac6a16090959d3214f8db15396b3e038d7de26c478fdd003472f680d2b6ac9a92acaf6ebf8aa258747ecc6

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\tr.pak

MD5 46f9b2a35efdf1120a8a946e4f1d0115
SHA1 af7bec1fba32d912b50288a7d988440627e4ee85
SHA256 b22fc7b75c52cc142f201d5cf107d17c1b173a494a6add022127f559fb46bcb0
SHA512 cd67f9c328408a8295f224aec190c7c411a868755fc5c9e90b4985b3c41a05d6d34dd30d4a3866f6c24e1d640f4c324bfba8c7ab806a6b216151cf0a504a03d7

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\th.pak

MD5 a970b7e9d3aec2cd1b8ab798b3179f07
SHA1 bf17a7e80e01ac1704a1efdf27baf271b4c21e36
SHA256 cd80bf232f2f128a3d411f52c8039987559dbc1055f746eed6e0e8478b116dc1
SHA512 880555a2ac2f278aecb8794d8cc51f0833052e9f4ca187ed91fa35bb475e68ae3255cfe1dc074eac960c73c203e62c6b38077b266f5fab66ccc3ca73e94d4d60

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\te.pak

MD5 b1b6a9e3a04be79080ebbfacc1a0eb2d
SHA1 a5c8eb6a930062f6021d073d5f74ae146dc7fbc8
SHA256 d839531c4ff4a2885c993e0d358f78667215b0950c77a06ef01a6acff9221c5b
SHA512 bf0b163c8fc3988bfeb3cbb4b981596ce5afdf7e40149622fc3b60994e7d8efa5bb24c830036d168a6638feca48b8755aefa8640faae37055cae8fffb6a85568

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ta.pak

MD5 f100566697a96ce1f0a0c7e0bbfbe36d
SHA1 4c80a4930ba7d174c4203c199492463242bddf62
SHA256 7e818deedd50a533851bbf08e056bf2ad8d45f442a1a61d9b48e66804ea848db
SHA512 dfa6132a5b7e819e8d326bf5ee539d9ecb2dcd7fea429c75afec2291df9eeead6fa347b01f9feaf2235bce627fd39116176195f7a3d7d74de28951f939db1645

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\sw.pak

MD5 9632dd7d883fa4deb3963ea663e0ffd4
SHA1 0db135be4b3a7c54c39e9df5034d5576b68ea92e
SHA256 690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e
SHA512 3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\sv.pak

MD5 5130a033016b45ae2c3363edb3df7324
SHA1 9f696d78b1b9efec180dc89ee0defc3ba23e6677
SHA256 3420a1fbcca5bf8c2d65d6dcb0db78b03f95f7f2fc56479a0de6e3312333ce6f
SHA512 401b71360dcacf3b1fdc411c92195051370db110863cbed37143263e7804cb24b75ff1908ee39ee848c28776df00d6edd8cc748acf3725668af7815929e8066b

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\sr.pak

MD5 fca817ed4b839b976ebcbf59cac66d68
SHA1 413efa65470319999032b6a25b3b2ee33b8cd047
SHA256 524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb
SHA512 cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\sl.pak

MD5 4ad22c6c64dbe0fc432afaa28090c4d9
SHA1 19eb65ae52a585dbd9c25c32f22b099020c43091
SHA256 6002c129a56558832e9bd260c427c0bd2e1566e0aea3ad999f89c8e479534f9b
SHA512 94f9d34e76560059ef80fc04be4d54e52a7d934dd28747db7f0f6684243b841087245699a471a55d667623d2ce5e597a3d2c6bc37cfd7ebd2f5b8fb40e6207e7

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\sk.pak

MD5 72946b939f7bcaa98ab314cfba634e0b
SHA1 71c79a61712c8c5d3dac07a65d4c727e3b80ab17
SHA256 75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7
SHA512 2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ru.pak

MD5 5cc0f54e022a9996773dbd64906d5580
SHA1 87c103bd69724579b478f904235e03caf61d5d79
SHA256 b4223b56ec88235819a427d60bb937eb3984076523f02a018f57819e0429bea9
SHA512 b3365fedcba50643cecf1a70297e1e67990d63ae05caa87de01a70ef6f28e0f73a9a0edb0ff80b4138c624e51aa2dac065a2d40877fc92137714ae07734c2f4a

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ro.pak

MD5 745a9b8c6422682f2cfa5561cc1f4022
SHA1 31e3616ef09f9b1fd1c41cf8f43e504a6f90276f
SHA256 7247470057a936d03bfa2a8776508ab66aa1040c41a4eb8f79c1e93551c74bb8
SHA512 8e0b7f98cb842a862ceca65e0166462275feed26c32c9c299aba9986d36b716a90d4a8db5ccef355ac266b7e969071014cc7ab6439778e77c52754bc23b4c575

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\pt-PT.pak

MD5 3f367760b57a5e4360dabcd4a650bc5f
SHA1 8d7cd6b0eb42361ee862455ecfa475d28f5aa934
SHA256 c89170385b3afb2ec89fbd61b8470ac718713c7296441c8430f173dac218e74b
SHA512 3dc30780d57dee91215a716dc6b4cb432838aa0161af4371f49f70db2076bd155b170fd2c1617f59e1b572144a2e150a34143eda82d9f2227d24d2281d5aba60

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\pt-BR.pak

MD5 a064cb9d7cf18936600e9ccc03297006
SHA1 eb436a0c584ba91acb05dfccde139afbe26fe9f4
SHA256 c9ec3822044365457b8736348cf95a8e39bdfe3ed36267449bf3ed739accef2e
SHA512 95af684abf9d24cfc4d0668a02da1e2e69f5e671d671d8cdfadc22ec991908c6aa5663fe1fa88ca8e85c0508f409fa6c2bbc174c53674270f2b188018d358415

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\lt.pak

MD5 7b6bf901352885c0699db71239b7cf24
SHA1 9e3ec5f327c0d0e54a449332061e60a8c79243cf
SHA256 9200a9509bd77834d9912f4ba8f4219d2b9bd2cdad49a11873db30e99b9d1350
SHA512 79ebef723fb4c17581eb869b4b4e1a364a3d28df0e168e7e1a3583e0c1ec5b9716dd270925c0545b8247421a64b03705f10910fe3416900de9258840c470d580

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ko.pak

MD5 b31780fff9541290c1d9f5b76141430d
SHA1 8b0fbdccd0a7f8141846763a0d27e4e0da0552dc
SHA256 b04c1b91cab31054be70cb851dc6716065545445801045daceb96eeee4d2334a
SHA512 a573dd09520059832e7f53386a64dcdde47452b02ce1e5d7e11385abbc8b734dcee0065b4ca351591bf9cc2f66fae204b9300702246d20265e8ddff4f7c1e6d8

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\kn.pak

MD5 d3d6bc60bead608e68e776e07d21ad30
SHA1 e40e38ca99026056c127e9e1a1ff821a50310887
SHA256 90b2df3338468e84e2cf2f2f67597cba5c3ceb5dba9c59ebd072ec15a70ce741
SHA512 05421db2f1202573a34de1e722c6bdb55a35821c4aebd54c80e6594fc92075cd9b97e5bfdfe93b4228c3a2646b92a27da4722ef3826e2807238dcc56ba273706

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ja.pak

MD5 8209dd8cf4e416416e015ff239b7c483
SHA1 7affd1707b9eec52c26a4c17708c8471c369e2f6
SHA256 3accfd9a1833ddeedb2082fb94101beb59b555c60f42e3070e9e04a372eba84a
SHA512 6a58a1ea8a46c325cac0629f2e3b571532a9a2a342ed61ca47bd1dcee20ce0b0350e4f6d3e8e4c6903c7ba4a4592a6382bf0fcb5437febd1673b3c2ce8cd7499

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\id.pak

MD5 881ff04e220aa8c6ed9d0d76bfa07cb8
SHA1 cacf3620d1bf85648329902216e6cdc6f588a5ba
SHA256 9210c4c4c33e7ceb5f70005a92a4fd36ca4facdd41701fdc1d2ce638db8adf22
SHA512 9134102928aa80c49bbf2b862e8079b2ee23636ce63412a4c3813f234d623ff563f5ca1ac407ddb77cecf1224896ed59ae979dcf63435d35a4f13de9c22755d5

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\hu.pak

MD5 d6904e7d1b6750d43a6478877c42618d
SHA1 919f090a6a3aa1112916f5bb0d5b73a62be43c1e
SHA256 3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f
SHA512 d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\hr.pak

MD5 7095ef4caf6bd39174487002a4e09300
SHA1 1efe686bd0b7f035aee7ab4c52be6133121cd0f3
SHA256 3d7685163c5eb6a11e745ff934312b8681c5f85dfa8d9ea701e9dcaee1e7a285
SHA512 45488d46dfe7a31a007932917f7baf4c195da899de5dc56d98e555336668af3edb77996487649b86f56beac688374ce77f8feadc01e3f84d30d83bd67631f9c1

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli

MD5 b7c89ec5dfb8b15555f32a3bef6c3103
SHA1 a92048052f5fc0af532cd97ebf82c1a9fbf12342
SHA256 7c5c97aaee075241bdc4fbc610b356445747e962ac3d986c5016acefd66a6ea0
SHA512 c47baa0e0896684403760a13cfa6dd5826152ec7ae83f783040d186eaca8af70bc97530bbb22b720d7482a4ad18c3959ab1af8ccfe3689b19a51955e777884e8

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

MD5 50c3a734036b84685a15d56217207d67
SHA1 1893de2684072a3a2961337fa9a9b45a52c52c0a
SHA256 171990f108cd5582f83432c1569f2c3e1aebfbfb159599f4ff2ab693c20a8f78
SHA512 3aa037d12cee7cbf51826fb3e2aa87b4543dd62f5ff5f2f8915128061c07472304601766bddf949647c5ca92e8ee768a77139bbe91bdfaaae99dea4405168ea9

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

MD5 c29ad60a23d5406728a51afa4352b4c7
SHA1 2be817215890f5868717765570ce9f7422735c4e
SHA256 faa867204c92db252271c9d850962ae1ff5c9448444ca907af483a6c874a6eb0
SHA512 e1784b8bf7119bf3380b192f1597cb3179425ff7ab347b144011fd17b62794760e6e092a0a1dae99302eb6c333f1638440df4e4e0eaf64f26d4f3cc46a74d04a

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\hi.pak

MD5 ede7fa471c5eebc1fa55b9b3b6f92d00
SHA1 1d1f529c615799bb3a3319ddd1357cb5dc71464e
SHA256 1e9623c7407ae8b8a88df3f69a47ae8117f74c4dcb56897bb794a9c38ee5805b
SHA512 0f51ea54e828700080effa6c728230c523ff8e26fb350e6f337028d18614d5dfc4a2792cb92b5e606bd0702067f55fea546029cddd1ebf7fa74ef5521ff08338

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\he.pak

MD5 6376d0a5f4273b76b1f4aabade194e0c
SHA1 337ba39f09454c0779ab64872b9fa11f866d6adc
SHA256 875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45
SHA512 00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\gu.pak

MD5 b7f4c73d56be31042d8edd7e8ea080f3
SHA1 c0c3595701c0a75c14931ed65958d36df0d925c5
SHA256 c36a20730d5f2b91cb61b5b2a5912db2ea5a328a9b8abe0fca0af300446d3c20
SHA512 ea0d766a754604cad4d5f3180c30f7dfdc3e1cfe79d67365b72adc0d7574851f21bdd5b748b16e8b4a95ade40c8ed0442bcefd511a2934cc9c701e379c955d60

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\fr.pak

MD5 51ee1ed54fec49effd103c29677885b5
SHA1 ced6fd3354007d1ef3ea7b6689aae5213c20cc69
SHA256 1f6bc09499ee37456968a28b67b81bbf5b9df4f0c6035a388242d2037a3b65a1
SHA512 dfd50ad99b89345940afead11c3a6940d4408a0e6265cddda1d71ad92527ea00d8057ac77ceb2ffe137a3f0d2f321c210bc7cf97ed821f01e538dc08d07149a4

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

MD5 e8282413c1895eaff49de6dd9b71ab13
SHA1 4e058f522a46e20bbd26f15a6922390ec2c1da36
SHA256 d6a28994173c1c36476121f8b0e3633e01ecd0589289901fba34fe218293443d
SHA512 301d2a6ae958e1ba936cae6f555a587ad87567055f4709d4676a3ef5b1a3112cb338b8a9e744c24cbfa784f00f13a1118ad48fd4f6bb060c5608e4ddc8779389

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

MD5 d060ac623857ad5ca08e3a944768925a
SHA1 26fe78c92f55f9529ffa2b71da403873da29313f
SHA256 8d4bd4c779e177724aa7bf98e768e50ce8b2950ef5bf39fa08033057b400888b
SHA512 ae1b42d7e5c5d60f935bcd08417d4d9055d71bfb80653281e990a687353592731a7c4423655fbb988728152846aa56a5f180335d254885338bf6c96ef2a8357a

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

MD5 f42c24cde0162b93624df51f4e2abfab
SHA1 f819638944878ac4cb49438d8599d3fbd9081949
SHA256 3f2316e7fb20e82df9a8b08d6169a622a89808742806adee2e4d89885962357d
SHA512 67258cbaf9f46f1609cec9b87b7a577f855cde9c8efafa3d835a0d18fb3903fcc4733489bf81447cdf2c0a55701d569a75f11a81865dab8f624b722e76b7c674

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js

MD5 1d26f69361e75ca5cd2eac5f99249c72
SHA1 787d51c708ce15b2c533a180a2bf639648bc40eb
SHA256 d7d63601d3347efc93425f4f93049cfb9ed2b9ead1dce662c9c1bed3cba302e0
SHA512 7350774074462d33ac9f2e130829306af08a6693fd597f40c39bfb194684f66d965cd23c10de5fc4389e4a2ffe84db727aad23dd683a805ae4825f10026cb040

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\fil.pak

MD5 3126f74d021e9423d71913bb45a62935
SHA1 c9a80c8585aabbfec34ae891416794b1b3e29a11
SHA256 4cd3fa70487e894400ad29e3bfbfba3e1c5edd799aab12c62c3aff3c2580ce5e
SHA512 fb360723ee53b3f7038eebd1b919a36784a0e3dc878e810bc905c4297379dade6006c8872ed68412b06161cacb0d6e32a7157ecf97d9e103a4ca3b2b71db8765

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\fi.pak

MD5 fa7dbd2ee35587ff31fde3c7107e4603
SHA1 baaa093dcb7eccf77ce599c8ff09df203e434b60
SHA256 5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c
SHA512 587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\fa.pak

MD5 d55f65c6fda6ed6f549d2c9f0a4ce874
SHA1 952792f2da5ed9cb1cfed14e5afb8abf5cf29cb3
SHA256 221bbbde078d135f6daca4978a31cc6a82f8f46536467ebc9a0cd322c58a7785
SHA512 d0bb83467182d8b3a8f8371d749e682cf05f89daefe28764f2c263e7cfbfc3f86cb388061b48dadda26c3dd246dd6f7a57af58ca9344c2f6b90de87af1e91c69

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\et.pak

MD5 e97fe1e6d06a2275a20d158dc4e3b892
SHA1 1575b9b1fc331a70bbe4ca7d1095d4ed6777ecc1
SHA256 d984aee4d18ca24a88846b1b6e0294d373733430f30bb4f1b97bc7d50d512c2e
SHA512 77879a4d1062671b616ba9b2ce0b6f69a5dbed6bd56b73ded902d1f9f44ecd96a2212690b3568c0ba273c73d91589ff2bf18c7ef9b66e0630fbaafde2a61b1b1

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\es-419.pak

MD5 774ced79da2fd32bd1ba52a0f16e0a19
SHA1 ff36dcf8b62046871f441f301dd7af51cb9ce7ee
SHA256 5aff3762747a6e8c6df9f2a3b470bf231b44163006b17ce87e2a03694be27b81
SHA512 7763c15fa97efa9a5af73dcdedd4fe260139bd8ff782ca3aa0937d9355b2d14c3e482e570844ac33d22d7b016c7b9097d727c1dd585f421dccd59ca7bbc24269

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\en-US.pak

MD5 3f6f4b2c2f24e3893882cdaa1ccfe1a3
SHA1 b021cca30e774e0b91ee21b5beb030fea646098f
SHA256 bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f
SHA512 bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\en-GB.pak

MD5 502260e74b65b96cd93f5e7bf0391157
SHA1 b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7
SHA256 463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b
SHA512 0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\el.pak

MD5 306a80dadadb1f9182810733269537fd
SHA1 bc01a65a9d024ec72e613aedc60f4838be798040
SHA256 92403b6160e38746597d4dd7f64d64cf19e30b5e7862901263c39679187b2c91
SHA512 491016b8fcca59a7dc9523358c4a7b56c55360f424e8fe9330d6f01480835805e961f1e48f8777660510d9af9a66961c639df162190dec595a867d54150eecfc

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\de.pak

MD5 ec069f60c9825080b9d18ff6492e816d
SHA1 34ce5101c9646f9c2deb9820a3b26eb91c525ebc
SHA256 e0f632ce324951002c80e019dd0169be9f6b0640533fa434cd6ca80f28a1d3f7
SHA512 95a88ac98f0957e5f200af76c1a743b976228f7da1bb6c6b3b88a54adcff05e1172d7cf2e6f0a82cbc8ad0aa79974a1bc046516250a3a5889fd7b2e4d7c0b804

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\da.pak

MD5 fecabf71853bab84eacdd95699c49f69
SHA1 8519afc13e100a550ca3d756518a0bc33674e0d3
SHA256 1b0793b1cbeb6a56ff1e64523c37ba753457320aa29f9718022caa07b4981d8f
SHA512 e932d382d41a79ece172349e916221a67d97f5fd4b2dc1325d6bd2f7c6757cbc01d6fbc8d9846f6ec462eb637210f7c650f6944418edbd3f8614ef99030d9392

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\cs.pak

MD5 26765c7be201444f0238962bb16a506b
SHA1 f9d4a33795e45127c14bcf35cc770845627e15e8
SHA256 936466784a55b965d23b016bc49377655bc5d281d012c8369c0809c961e05c74
SHA512 577d52d2d5048cd952aff1e76121a495328c1978cdea2eaa4f85812cc513917f69510e135e96f7967f4ed43cf88e180cb1d9059e17c855c8d4f94ca036730214

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\ar.pak

MD5 98f8a48892b41e64bef135b86f3d4a6c
SHA1 32f8d57ec505332f711b9203aed969704bd97bc9
SHA256 e34d5cabaed4634c672591074057c12947bc9e728004228a9e75f87829f4a48a
SHA512 6ed3fe415b2f6de24136917da870b47c653d15c7a561baae55a285946a6f75e5141aba3bc064982f99baef0a893266693864c2d603c5c22c2b95627b2035f7a4

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\am.pak

MD5 952933d2d388683c91ee7eaa7539e625
SHA1 7a0f5a10d7d61c32577c0d027db8c66c27e56c7d
SHA256 55357baf28716a73f79ac9a6af1ae63972eb79f93c415715518027fc5c528504
SHA512 5aa5ef0ed1da98b36840389e694dc5dcef496524314b61603d0c5ee03a663bb4c753623fb400792754b51331df20ac6d9cf97c183922f19fc0072822688f988d

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\locales\af.pak

MD5 198092a7a82efced4d59715bd3e41703
SHA1 ac3cdfba133330fce825816b2f9579ac240dc176
SHA256 d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba
SHA512 590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\binaries\go_build_gemd_src.exe

MD5 b01e5bcca27ef38e986716ac5b336aac
SHA1 a6829cebfe26f0ef33463c8a8db2637070eed3c9
SHA256 160846ffbc47168d5e16bb3dc2ce8fae83e7705718099ba4662c5cebc89b3f05
SHA512 aa3a856e295f19c87d930053ebae89972778f928b30eb1036287900f735194396e2b18fa72e489f21cc5d0877b0be3f6d7e99a5c87fa7cb17dc7770b0ae95cc0

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\build-in-docker.sh

MD5 94b0fc212af523b8bfcd6c2aa5a5ab2a
SHA1 cc0cb35f7ce729f7affe6b2c463e57966515e476
SHA256 abaa92d196f6752f184b83b19aedd9b1e28d328e6817de213f61fbd108351e16
SHA512 af0a2174e0304fdaa56ddae249049c142450ad4a0a9c8975548f61aa2bc356837b1d7ed441108156af32c979da5647bd0233a49db700ff0bbf528f9fa2c862e6

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js

MD5 1ffedd383c8097dd628411836505787e
SHA1 969306e8127b354f35f4c870f2da7b4034d4197b
SHA256 df3b6ca3fff442454ffee98e8e4db5e3fe0d82ff19a49216cd238fa9282cb30a
SHA512 1392958e5a9c2e0c6df617c48547f5fdae32960bfb55953528ee345e06e1ae191ca4001a618233adeab27e16de5ecd203c405e8b4fa7f3a739cd3d2c4a1e9ed2

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh

MD5 2ff8e17ece2c70eff9efdb2b1a524555
SHA1 d61c93df38f70f2244817c688a140224c9a99af9
SHA256 f07b481f34e732e74abe6402023f8b84f61281626ad6e25062a20fa8fd80ece4
SHA512 0f847fd2b05bd4627a56b452f065e878005b6307bc101663297afb5f45c24d965ddc48ea4818c34ab35bde06f5a7711cf29fb9182c8ed9cf34e17d6434c487ee

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js

MD5 c63a1659a645a5095524923081813d51
SHA1 1d97d7ccb0804b7a15f0593c87990ab0da4b6887
SHA256 644476fd66a507adc49582e7371c87e4cacc3c7840c23fe920da2a09f05db08a
SHA512 ae452613a1dc728428ed2e596d7fbb041e00a8aa300aaada289fd454f71267569fa548fa7c7217134572decab12e56f4aadd4853c96ef705ccba2dcb377018cb

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\wheels

MD5 6fec563925ecab8b6a98c3f38655236d
SHA1 9ad08eb80167574de6373d871cfff5511d2554cf
SHA256 6fa0613c1edb0c6b26baac0b759bf756f389a11e0ec0e64904cffb26ef8dc016
SHA512 850a5285519965fe26ab0da2ae62d380648acb723d879e2ab770124e4146ce0a6d03f089e28af20604dd3e00913169f82ac568a1741014e0bc5ee7b2c583888d

C:\Users\Admin\AppData\Local\Temp\nsc5843.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\84e465a8-c347-46ed-a23a-e91ad8055dfa.tmp.node

MD5 8b711f2896e3b299a098571d94084119
SHA1 9cae797a9735100dd7b00bef26a6c48c6fe7dbb9
SHA256 50782c8a8ffa9ee7af10f432e01a03afe9dec4b7f6c8bc8af3cb29504b30fca2
SHA512 98455ae830e592aab8d038cbcc0ae21492f3c0f359305d3ddd4d9cdc2baf371bc72388a5019bc762b4d409f33f74838189a8f1b136498fcde60184feae49ab14

C:\Users\Admin\AppData\Local\Temp\a14d5abf-3c26-42ac-be02-39ad48d26523.tmp.node

MD5 9b652f6adccdd5bd8d3f7dde93e3b585
SHA1 97c5dd28348ca3105690088cfe44bc47e44bd1d3
SHA256 d0e957a8d2e2bfee49ef455215886403534137cfa1633658357a6455949e81f5
SHA512 1ad95b5f1b5190969c8d72deac8852e1e809b84a70b203b467b03a5f63238c2207c864b6cb4a56c002fd7003317e6e8d5e4bb664632d608cdc60c9fe8da49c17

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/1664-923-0x00007FFC64B90000-0x00007FFC64B91000-memory.dmp

memory/3940-975-0x00007FFC66300000-0x00007FFC66301000-memory.dmp

memory/3940-985-0x00007FFC66310000-0x00007FFC66311000-memory.dmp

memory/1224-997-0x0000000000400000-0x0000000000412000-memory.dmp

memory/1664-998-0x0000027EE1F80000-0x0000027EE20AA000-memory.dmp

memory/3940-999-0x000001C9475E0000-0x000001C94770A000-memory.dmp

memory/3940-1002-0x000001C947D10000-0x000001C947DBC000-memory.dmp

memory/1664-1011-0x0000027EE1F80000-0x0000027EE20AA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Era\Network\Network Persistent State~RFe58c1b5.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\Era\Network\68c8a3c5-40d9-4765-9d3b-4d38c8b3cac9.tmp

MD5 ce402c79a842600662d7b6fdaf35378b
SHA1 b7b914b909dbbf03e4ebca795a9986ec168e894a
SHA256 4f6252435a384a0bd9f6cf6f3b6c27a92b1c6469361dcdbb018a8dffb9d43f06
SHA512 85c67be7a0754bbf7715262b09a54a6f399c7b11d3f3c9b90a1b6e4a9c6cb7abea5e4061fc489f847601a6012bf1a935de8baf07ebbea0ff3bcc4b4f96780a4b

memory/3940-1038-0x000001C947D10000-0x000001C947DBC000-memory.dmp

C:\Program Files\Era\Era.exe

MD5 966f6a8bad38cc620f548025156255f3
SHA1 5eca9e5476da137a459dfe01b0cc466721241d5b
SHA256 0106aa721968506f889ac69152904ceda9c109d5c7b960365ac50a9438d649ad
SHA512 a1d354b41fb0f10be1e7d0e6f9c45b400220778965838fc45a609ebac9b6e8dad8d7b574b2e12bb874d0d4dba016a5ab2e23208f2e85e3dce5e0cdcc11b7f1bb

C:\Program Files\Era\ffmpeg.dll

MD5 e92cd1d6c1c1dfce96ed3e75b07261d7
SHA1 561280b4b32d2d225feb96d087cd4cc6a73e5c62
SHA256 b6f7dc4cb7bddbd269ae5ad6680f5aa339a03de15b71e1dea17b5a1e3958d9b8
SHA512 f9cc8d26bd623fe5c191bc37b16d3c441b473daef09d20083a7d1a2fe9a3b8d5b7229dbfcaec96d510ff4aa6032d60308240b1fd6301a1565d49d3509a58a70c

C:\Program Files\Era\vk_swiftshader.dll

MD5 0b8353446a5ca5e62ad43ac3bfb23e5d
SHA1 7d9edd3ddd7bc9ca59d87e4b5d560b39b14adf72
SHA256 ed98ae5df99b1770db2ee2c9b69ca0c06b65033faea596cf54aaace9f84a6daf
SHA512 bc38fdd3db61f1daadd6cb5ccc833aa79c3d97bf2306d53ac695cca356a3380b53eb77a7a2c108a8eaa50e076a03e8ab145f6048f9f626cec96840d97e52a2d1

memory/4960-1062-0x000002A3A0FB0000-0x000002A3A0FB1000-memory.dmp

memory/4960-1063-0x000002A3A0FB0000-0x000002A3A0FB1000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win7-20240220-en

Max time kernel

120s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 220

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win10v2004-20240412-en

Max time kernel

0s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1060 wrote to memory of 3912 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1060 wrote to memory of 3912 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1060 wrote to memory of 3912 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3912 -ip 3912

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 612

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win7-20240221-en

Max time kernel

118s

Max time network

120s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1724 wrote to memory of 3028 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1724 wrote to memory of 3028 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1724 wrote to memory of 3028 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1724 wrote to memory of 3028 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1724 wrote to memory of 3028 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1724 wrote to memory of 3028 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1724 wrote to memory of 3028 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win10v2004-20240412-en

Max time kernel

141s

Max time network

161s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win7-20240221-en

Max time kernel

117s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

4s

Max time network

137s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli]

Network

Country Destination Domain Proto
US 151.101.194.49:443 tcp
US 151.101.65.91:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.66.49:443 cdn.fwupd.org tcp
GB 195.181.164.19:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.65.91:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.2:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win10v2004-20240412-en

Max time kernel

148s

Max time network

158s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
DE 104.126.37.161:443 www.bing.com tcp
US 8.8.8.8:53 161.37.126.104.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 52.111.227.13:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win10v2004-20240226-en

Max time kernel

135s

Max time network

165s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4452 wrote to memory of 4464 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4452 wrote to memory of 4464 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4452 wrote to memory of 4464 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win7-20240319-en

Max time kernel

121s

Max time network

133s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:02

Platform

debian9-mipsbe-20240226-en

Max time kernel

54s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win7-20240221-en

Max time kernel

119s

Max time network

133s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win10v2004-20240412-en

Max time kernel

109s

Max time network

139s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 20.189.173.4:443 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 76.126.19.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win7-20240221-en

Max time kernel

118s

Max time network

128s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 224

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win7-20240221-en

Max time kernel

9s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Era.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era\ = "URL:era" C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era\shell\open\command C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era\shell C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era\shell\open C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Era.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000_CLASSES\era\URL Protocol C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1680 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe
PID 1680 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe
PID 1680 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 1680 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe"

C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe

C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1040 --field-trial-handle=1208,i,15844764803904609672,2573737534469597621,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --mojo-platform-channel-handle=1272 --field-trial-handle=1208,i,15844764803904609672,2573737534469597621,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --app-user-model-id="Project Era" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1576 --field-trial-handle=1208,i,15844764803904609672,2573737534469597621,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1224 --field-trial-handle=1208,i,15844764803904609672,2573737534469597621,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed""

C:\Windows\system32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed"

Network

Country Destination Domain Proto
US 8.8.8.8:53 sentry.erafn.org udp
US 172.67.36.183:443 sentry.erafn.org tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.201.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r5---sn-5hne6n6e.gvt1.com udp
NL 172.217.132.234:443 r5---sn-5hne6n6e.gvt1.com udp
NL 172.217.132.234:443 r5---sn-5hne6n6e.gvt1.com tcp
US 8.8.8.8:53 api.v1.external.erafn.org udp
US 104.22.67.72:443 api.v1.external.erafn.org tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.171:80 apps.identrust.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google udp

Files

\Users\Admin\AppData\Local\Temp\acbd002b-c974-4da9-a5fd-15deb5a8a3f6.tmp.node

MD5 8b711f2896e3b299a098571d94084119
SHA1 9cae797a9735100dd7b00bef26a6c48c6fe7dbb9
SHA256 50782c8a8ffa9ee7af10f432e01a03afe9dec4b7f6c8bc8af3cb29504b30fca2
SHA512 98455ae830e592aab8d038cbcc0ae21492f3c0f359305d3ddd4d9cdc2baf371bc72388a5019bc762b4d409f33f74838189a8f1b136498fcde60184feae49ab14

\Users\Admin\AppData\Local\Temp\ff83515f-8269-458c-b2da-e3428e715302.tmp.node

MD5 9b652f6adccdd5bd8d3f7dde93e3b585
SHA1 97c5dd28348ca3105690088cfe44bc47e44bd1d3
SHA256 d0e957a8d2e2bfee49ef455215886403534137cfa1633658357a6455949e81f5
SHA512 1ad95b5f1b5190969c8d72deac8852e1e809b84a70b203b467b03a5f63238c2207c864b6cb4a56c002fd7003317e6e8d5e4bb664632d608cdc60c9fe8da49c17

memory/2552-9-0x0000000000060000-0x0000000000061000-memory.dmp

memory/2552-46-0x0000000076E00000-0x0000000076E01000-memory.dmp

memory/1680-51-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Era\Local Storage\leveldb\CURRENT~RFf7686ad.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Era\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Era\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Era\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Era\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar97D4.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eab64b0fa036c8feaa0417654b32ea2f
SHA1 74308b04145ecf23c186113d30837451a3e129da
SHA256 b749fa6007221316b5733f72ad71f8b11be548facf76789009f0f8842e112e78
SHA512 8f10558e0a5323fc239b6b75b287e0dd96b90c11a686d5458c6bcfd6c3687ec8ef945d38fa9796fd85954f50f4ab6ed9713694fb357f382ed926d6713bf0413b

memory/2628-256-0x0000000000400000-0x0000000000412000-memory.dmp

Analysis: behavioral21

Detonation Overview

Submitted

2024-04-16 21:56

Reported

2024-04-16 22:01

Platform

win7-20240221-en

Max time kernel

121s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js

Network

N/A

Files

N/A