hxxps://github[.]com/ismail50490/Roblox-Electron-Executor

Analysis

max time kernel
485s
max time network
502s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ismail50490/Roblox-Electron-Executor

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

Processes:

InstaIIer.exeInstaIIer.exe

pid process

1988 InstaIIer.exe
4924 InstaIIer.exe
4924 InstaIIer.exe
4924 InstaIIer.exe
4924 InstaIIer.exe
4924 InstaIIer.exe
4924 InstaIIer.exe
4924 InstaIIer.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4448 1988 WerFault.exe InstaIIer.exe
Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery
T1057

Processes:

tasklist.exe

pid process

1152 tasklist.exe

pid	process
1988	InstaIIer.exe
4924	InstaIIer.exe
4924	InstaIIer.exe
4924	InstaIIer.exe
4924	InstaIIer.exe
4924	InstaIIer.exe
4924	InstaIIer.exe
4924	InstaIIer.exe

pid	pid_target	process	target process
4448	1988	WerFault.exe	InstaIIer.exe

pid	process
1152	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587305417685680"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exechrome.exeInstaIIer.exetasklist.exe

pid process

4708 chrome.exe
4708 chrome.exe
4816 chrome.exe
4816 chrome.exe
4924 InstaIIer.exe
4924 InstaIIer.exe
1152 tasklist.exe
1152 tasklist.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4708 chrome.exe
4708 chrome.exe
4708 chrome.exe
4708 chrome.exe
4708 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4708 wrote to memory of 1208	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 1208	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 4712	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 1032	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 1032	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe
PID 4708 wrote to memory of 2292	4708	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/ismail50490/Roblox-Electron-Executor
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4404ab58,0x7ffa4404ab68,0x7ffa4404ab78
2⤵
PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:2
2⤵
PID:4712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:8
2⤵
PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:8
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:1
2⤵
PID:1228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:1
2⤵
PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:8
2⤵
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:8
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:8
2⤵
PID:728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1132 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:1
2⤵
PID:3840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4496 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:1
2⤵
PID:3320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4336 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:8
2⤵
PID:3900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5180 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:8
2⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5156 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:1
2⤵
PID:1436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:8
2⤵
PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1972,i,14990558550967148650,16146501555945190381,131072 /prefetch:8
2⤵
PID:2024

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1748

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1700

C:\Users\Admin\Downloads\EIectron\leet-software.com\InstaIIer.exe
"C:\Users\Admin\Downloads\EIectron\leet-software.com\InstaIIer.exe"
1⤵
- Loads dropped DLL
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 784
2⤵
- Program crash
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1988 -ip 1988
1⤵
PID:548

C:\Users\Admin\Downloads\EIectron\leet-software.com\InstaIIer.exe
"C:\Users\Admin\Downloads\EIectron\leet-software.com\InstaIIer.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4924

C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Launcher.exe" | %SYSTEMROOT%\System32\find.exe "Launcher.exe"
2⤵
PID:4364

C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Launcher.exe"
3⤵
- Enumerates processes with tasklist
- Suspicious behavior: EnumeratesProcesses
PID:1152

C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Launcher.exe"
3⤵
PID:3256

C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe"
1⤵
PID:2624

C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1756,i,12486076477363228519,16572772869332757755,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
2⤵
PID:3356

C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --mojo-platform-channel-handle=2116 --field-trial-handle=1756,i,12486076477363228519,16572772869332757755,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
2⤵
PID:2016

C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --app-path="C:\Users\Admin\AppData\Local\Programs\Launcher\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2444 --field-trial-handle=1756,i,12486076477363228519,16572772869332757755,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
2⤵
PID:1848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 4924 -ip 4924
1⤵
PID:4860

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
a74c02fcacf6b2d79e243ef48b630146

SHA1
8de3da060c7edf498bf43c73ec4161f0d9c95d23

SHA256
feb5a57efd7d51ff29e1976c02b40a33369df3417fc1dc64427a05c8d6148bce

SHA512
35cd532a706d25e3387fc8e517f8f79427c0c7027f209c139d8854496aa4cbc4a98b682206420ad4182a484ff295bff5a0e140a63ed36f0b8de5ade5c9150e61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
a9197a3c7d9e590b3c10b9efa030d224

SHA1
fcb80d3c7e2126070442c53bf36600f4e108ddb6

SHA256
699a39c0ad47607dfc47b752456846276e24f28d1127fb19324cd3ab951aea42

SHA512
cb19bf28452d11a64f4c0fd390808998a15bd39e95d6c7f64eed943192bf14c918bbf859466e8b36b2c3d1d6ef09e3f9eea2d86288b644934e8783bfc5ea5ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
9763b33c46695b280a8e5dc18a23e3ab

SHA1
c210954b3121ba66af02840efa068e58ae1d2737

SHA256
74faa062e0ef04131315b035a7ddafe64ba19e5295caffa1257d00cd749f9f58

SHA512
a7364cd3f05f3d67a7a2ee0327cbaa2018509a90f0113b9e93907fa094bd3388145da36372665c7ece1741c37b11220a95487580959c4743116545766fbd4f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
ed461a8f259659987d808780d2760f7f

SHA1
a2386b758c615956af46b11957143a25f8fc6cab

SHA256
f626d4ce9275a075dba0e5c3838ffe184e21d87b0a67cee529c79da95fbb923c

SHA512
0dda98e962d080f297d2fad65de6aeee7fcd0c6f68b34aa48427ef854e75c399e7d85ae5b0efd200c1fb5db06dc27da79225317f0da3eae2fe3e3da850d368a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
099b0dbe9025e2912c1e3d300109f114

SHA1
c020c5386aff2f557432124f719a8dbdd8b5019a

SHA256
49efb19469da55189c2ac091d81f8a073082026ed31099dd6b68f47f8ee3fcbd

SHA512
f8272b3c8a79583a493e76b2898f5bc33877913f50173d12ecadc36e10abc4a8e471fe457ea5788cc5cff473b9d4c31f00fa9d5cb2079085c2e855c916c9cba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
d5ddd82409ce1e412a49fb0ba9ec5497

SHA1
31b3442c4abe3242c47c84915bea1003e8de6d5e

SHA256
8e72a0e65189c883e2d540376eafc3c7c851bd1eb9a3a9f69f545651ac9c6d84

SHA512
e3f2df656533e4838811e2a89caf40de6bbc73a3491eb3932f2f5763d00996133bf68d083f30aa1a3a77befc5f8b405e0cab556e6c7c4ddf74ed90de4f2c44cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
58b391f50d723fa0939afab230c54f7c

SHA1
685ff8571658fca403b33f1d074bf84373551480

SHA256
bcd778ef39846df571b4c3cf13b907b78c6609e7a9e7138d1aa7980503f6bc04

SHA512
715161119e3e9ac075a6a5ad79634f9196f04a20d3a8df4aff983171738105968f7468b31aaca2ca818b7dd02696bd7b0069d6bab3886b145d5b61c0363c3988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
263d4ba7002773e12426dc0ca441906f

SHA1
8ddab556ff552c8a4d1bfbb788fb71cc941f198d

SHA256
4dfbfff6fe7cf214d4c75cb7ee52f9b39ff73f5cfcbc76686cd1187b63c0b902

SHA512
1965ea9b0b3c461b97866c5b9080ef75312df4cb09886c2ef75c476a1f07f542098679ced06d2d24cfb968e8afccba6b6f2ed21da3a54598e5c7d3237a001206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9da8dbba5e5b979b6ba42b2e730ea7e3

SHA1
9f2f5c5bc87d17cc1bf354019d6d3cfbb9181278

SHA256
7fbf3ca648ce37151dede9eabd943b8aa2892fcac668c04cc076dcc85c8abe3e

SHA512
38000930de216017e421f26ff51fb7e4b5793327f89d5de28f459190c3cb40d670fd7a181e6bc56551ce0f03a76edba43f8b3d6765e2f90107628e392135f3d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
070e43822b5eb4ab7a8e1861bd7255ba

SHA1
9faa73f2ba9ddfc966a951cc5edd5004c6fd0039

SHA256
d71d2d3e76911d78b76e2389c46d2b97fbbcce7c7a694573e16f5b78f2c9ce2a

SHA512
9d4add6953e98fa4352103c20497875628df174ffea0ff3c0c16b1fdcaa3fc97c85aa043cca496f0d2eebb792fa118d86755f73cb89e0f35a775c327a3182486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
dfe1f3bfdb099e86a97fec93b0f1f0cd

SHA1
c79349d36983bb9d4fbef2780b87f223b53738fb

SHA256
d0e9f3b24cf832b02ca3fe7336284a221acd6d44fd3496cde6f01941815723e7

SHA512
df939800c59af8bde471ec804a7324f3de6c1d842dcdf50acf31517057cca06ab3443f5121e5512bb10868a9c2d6b4a287d3b6fa705f03258eeab476fde25fec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5fbaaee323084cf074f865093cf2d686

SHA1
c830bca69f374e6f48de533c12f137b0755d6331

SHA256
e75aa5f2e06e77d3577af0557dd32231b4eec6cd99596752c486e2849cdcbaa5

SHA512
b4ee609f57c67a45bf3fff4319fa8b7579cdd6ad5709aea13393dc1c75ffeb04c187a485e928c3112fb4ffebc79a3f24b1af8f781db18a94a251209e281f6142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
474f1888327caf11622afd6bafb169c0

SHA1
e501f4f47ad8a6ce41b3e3148455aa0c57195869

SHA256
511b6363662418c3d5bfe6f4e355881ae10bd0412179d58c23557d1fe4791e0c

SHA512
910ca519541a21174919135313edf46261bf2d906d19fe98a1dd58b610ea3609677a0b05a5838169324ae1f65b114549d46488f7c8a827763e49849d479da548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
740c1a748f5e0a2a41703ba11615893c

SHA1
17ff96bb0e9a4a32d857812cb2d00312a31a5374

SHA256
3db3dfce20992ebdaa8f7a8011331a9af1e142d93d2789e6a90688dbb9e67af3

SHA512
c1b9ca2ef92c42c71065452600c18b1c1693b1a89297afe5cdbea36cca2515052a696ffaefbbb8a80b07bc2190130a2d364e28d5c1ea689b02a00469d8c4efca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f7320b639b3c0386881caaf26a97de4a

SHA1
53dcade301a48e95e4dad19e3bb0103c2a7f8e80

SHA256
a8461c1f8c041d9cade92b67c6f2ebe7bfb19b14e6c813503fccaacaa9a747a9

SHA512
670977be53c006bc436d63218ee8660ecbfd8ae1dd928615af2f685fc2c31ac1813f48ffdb652be73c9ebf7b0a07e078b9779cde81b9cb48ed500d803699118f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
d203d89397abe90be382f013c4abcd57

SHA1
02f3d77f4b72ff484edc83f8c6f58d3fa0486e17

SHA256
92a6296ba55eadea8e690ec03b2216cc71732a81030934842c74e7b0018a6946

SHA512
b0d5baab3ac125c4cdfeee2e646a6fa2d7ece8a6f14a7701d1ac236a2606638607095d9a4866dddb1e2eb33d260346e505b90a9ed6a15e23e0c0a33dc94522ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
39a290f16dd6071e21a7304214ab2ca2

SHA1
f37c4237324e742b3386e81e990d769959a4eb94

SHA256
58aa54b0b3eaad1b20a8bc75f3743d8f20a0ee243beefb6b1982bb78df6230d6

SHA512
57a9cf8007024486c2839b2577ee3d66a2c5cbcea2d26b1b1bee3f89cda259d2b9ff67e63330c1860ac60ee41a27fb65b8ea0387b1fd19e344396da204677dba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
dec4a0f122e84db8208a8c2b0ce9253b

SHA1
65331fece5bd2d857253f66b4a5ccc1b271323f4

SHA256
e412bda881ceca4de7913a242d90db1611822de87760d85e3740a1a0c35ef9a7

SHA512
b349c7e094767537f9dfede61678487503e3cb582da5e9232f17248db2059c75ef9b60a181ee96ee38d419f91925ae739aaf548352385c6c79187241d6909610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
ae7e3e19e0b570431a13324c68693d93

SHA1
c1ea5a42f324b923196c64e8e05cf2c7a83b227e

SHA256
4269f57e8f49e47e980b1ce9431098eb4e7cb70bec67d185972a3cb587088f73

SHA512
44fc479e58720e3f45761e9e656d1854efd403e35710a3123234b1211b8d786212a26be110b3ad3cc5bbb106778a561bcf4f07afd71eea5ddd7c85b5676bfe34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585fce.TMP
Filesize
88KB

MD5
45c85221e2a1042ffd61ec262be9c543

SHA1
5a8f5fad9df9a88050fff8fed248c86d9fd994c8

SHA256
9fd9a03529eaf79eeabb5ba24a45e303edb90e2db44a6613350cf2da0dbd0e49

SHA512
92794745124d9fd878fb77bfcf6633d3030ee5ffd0ad74362a6a2704110edb072f2a14433d2614a9e3339f359da0c77e90376c195107c106c3ea5cbf6205fa2d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
Filesize
17.6MB

MD5
8df36ddb5dff15a061f7f3f5ecf856a2

SHA1
0cb561534fccc24dcc2e535e53c4fa7bddac1991

SHA256
88abdd1397b6b0830cd8bd85283d475df294f2fe6a84d06f8f381899daf9d982

SHA512
9eba2e975703331c050b4f813008c96c99445f955d0c2cb1d8d7ac3b5743bfdd5710640d6a7f46062a0ea31224b2419ff3a68f88cab08de050361f9ae5a979cf

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
Filesize
17.6MB

MD5
c596b265de893dd6482ab36e329cd1ee

SHA1
168c13f79cc6766071107ed63ffc83c36331bfe2

SHA256
ac19b5fd261539f05706717723e0cd81165f8fdd64e09f611f48085035eedf30

SHA512
883ead4e5d76e83472f03f6e8a5dc872984f14c39a2e9ed3d0f836a4147d612a16c32c337155bb6676c70e37e52609bf5ec604dada9339cb115c9428afd89a14

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
Filesize
15.4MB

MD5
32497c4ef4ce8c621d299e46b23e80d7

SHA1
354e880fcc3afcc4c95dd9ea211f4afaee9b3a73

SHA256
1c4942df9048bb042196d2bcdc4057eb79dba36451b7a08f8e8ac060fd979485

SHA512
1c58ab616ed0a18831b43a4f1a5d3ed19259a5aaaefc09b47eaaefc501540bf0e045b5b02dc96b2eae971aca23b9c56824ecf70ecdfbde1bdf582216485e0714

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
Filesize
41.8MB

MD5
61ba760421da7d2457ad0bdc4777ab10

SHA1
fb2b66c9f8c63e4980f4028ba23267cc04b1fcce

SHA256
c7747b920f775b71472cb8e45c499b6757449e9e4f134d3cc67c6a9f72e3113e

SHA512
bfb31c811625d45600c6deaf660b42cbf55d3e43c2b1c74e7122df0ab3ac078226c9c714e7867f4a6f27d9f509a820adc043a578b69520eda007cffe931dfe38

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
Filesize
78.4MB

MD5
6a930eb036558eb23e467f0b4ddb56e4

SHA1
02098ec7c9eb26cebf2ffc240ca36e2e4de25989

SHA256
753e3d62680cd6487df8c5f69bdd5f0bd58b5c8c22a4b48290f0714187ac366a

SHA512
430cc8eced41e8ffb389972a921ce1eeb66c1eb136d384db469dff6600f54c2a011add531d463e5fe5a5cd10c47ad7d04feee4bd27e9a90e1ff5855b8e5bdcd4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\chrome_100_percent.pak
Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\resources\app.asar
Filesize
19.2MB

MD5
9e22ef804746427fe241f6456bd24851

SHA1
e5e9916ab68d60705624a52bb6f0a18df5165866

SHA256
1f20117a77ffcbab489bb3eec5504051ae5f5453625dc286aa188a16e889b7da

SHA512
81788eeea940d50861f2bddcd1cc091918d68b30af382e13c9f81c616a73f1af7560e726b3f6fe495523138ffaeebf7e132e1348230c647bb85a31d41acb797d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp84DE.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\LICENSE.electron.txt
Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\LICENSES.chromium.html
Filesize
6.5MB

MD5
d18c09a075cb6531d7ffd7c3da77bd4e

SHA1
571f29b6004007111782bf5727c4bc9510cca286

SHA256
86f5222580a4ab03dad8ea62e6cea22b23454dccf1c77e74ae0e0410a13b16fc

SHA512
091cd68e12633919fc6100b606f3002b16f4b9c7c6d7c820ff20e31a3b9ea690c8a1fc90529ff3e5c21e8d778e254743a8708049830c3bb046eda8f2653000b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\Launcher.exe
Filesize
134.6MB

MD5
3792600d4eb0fd75c62247dc967875e4

SHA1
eeaef7371bc2984f56462d83ee1e51c1a40c12cf

SHA256
db90bee8f50203b849706b4be81c3d299fc63167bca523c8d4d5ae1fbb8cffe1

SHA512
cea81cbad3fc6a88c4e07529f52173c6a11f964c67e46959a362613cd9c40248566a44733aa3566370549800898b04c7ef5e3ea8e695a6c9aceff64b370ee2ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\chrome_200_percent.pak
Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\d3dcompiler_47.dll
Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\ffmpeg.dll
Filesize
2.6MB

MD5
e3ab6f226a9189a456d53dd700f5d503

SHA1
0d3f467e9f36a404eb10b318c758edaf02305e26

SHA256
16070fc0fc3ae0d3d5872e5bd2194d883a1d91cf021e1fcb708c785a348c1a80

SHA512
b1d5b362489b5d26037c035c8b1e9bac24a4555b64371b41f8549ab70d5d591589ba154e163ec84d4b4b4435903db32f7ffe0f720f5e6d01b7656ed03f6757d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\icudtl.dat
Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\libEGL.dll
Filesize
473KB

MD5
637eeb39ddbeb3ff518ff1988604505f

SHA1
8b3d9a0d542718fb906f8fafb2583d7bb53176ef

SHA256
3c51a8e53ef7473e9a335673e909dc9c67bf962997e6e2a319c3bd70fd52b4ed

SHA512
3257f9c96665f1bc8bb39acd0d98015b7d5e32f3cf3f84e795df4d19f6bd3bcc14a4e89759cc0de83289b79cd290fd5f4b176c3e9a4cb2eca3acfba0c9e232df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\libGLESv2.dll
Filesize
7.2MB

MD5
438d089addd02af6f33b42f92cf19489

SHA1
b0de553d91c92e4d104d99a265442fbc51be67de

SHA256
05236819cd357b0f16ed2d8559a3c4da3b153ad7932ec2fd1d8e36d008a8633a

SHA512
0b6774d50becb18f471cbfb86aaa63cd360bb60f6fd77ab93b60c79f5019edcda6ccb23b6a7724f66b6ecedfefc0f0e2d098daee825185a261821903a3bc4fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\af.pak
Filesize
340KB

MD5
198092a7a82efced4d59715bd3e41703

SHA1
ac3cdfba133330fce825816b2f9579ac240dc176

SHA256
d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba

SHA512
590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\am.pak
Filesize
551KB

MD5
a2a17bdd83467a027505bc817d1ac028

SHA1
cc1266a22606a1055db9653b82e90c9d1f551d44

SHA256
f92b0299185d963337e96df1016e1cf5ca335e22ff86568c1a6507c3fea29094

SHA512
193c5db0a30a3c8ef5e8c821cafb9d0b5671b7e7821748c7b432e927bd4638ecf5bfc1d99721ce89fb3df4f6f23b5e55d753430e8ef2bedd1e1633e613321028

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\ar.pak
Filesize
602KB

MD5
b2a23f285858db5e3e53d6a5d5291623

SHA1
674adfeb57075f86f40ff4b14916c3af29695813

SHA256
7ab39416b60ee342ff2874aaa7b9b95b290828807b1395192cdbd29ee1be15e8

SHA512
92c9b31f82f62b15eed3edaf437412cb630e8deb2226ad162d7cb4c252d8cb7f0453b3121a846ffcb1547570e2eadb04cfd3877ab120496a7fefb47a6d96cba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\bg.pak
Filesize
631KB

MD5
9dc95c3b9b47cc9fe5a34b2aab2d4d01

SHA1
bc19494d160e4af6abd0a10c5adbc8114d50a714

SHA256
fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e

SHA512
a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\bn.pak
Filesize
812KB

MD5
fac2c752c57175a4b1f4630e3667123e

SHA1
a2dbcf1dd7b3cac499b9f782c7393ab438039584

SHA256
71f99a67bb310fab8068eeed7ce24ea7624a66051ba4e719d051cc7e67e78001

SHA512
4820704bd92dfb60736da5b84c8bc9135fca484c678585ec9d26dcb90632e382f354d03b539599f4816feb027dd285ff06ed8a520bede56d7a1c590d942e4250

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\ca.pak
Filesize
384KB

MD5
0312c87b6436e733a037bfb3084f7550

SHA1
e3f30b8f3bfc8ddbf4b8f85f845733ed5ac8c632

SHA256
b6c895fbca90c36ae2cfefefda989922162a2cc259603fbca066f0cfbf43c4ff

SHA512
24b7780211b9dcaf7cbe3915851c7b873562e0cff022c29ca1b4e159b9da152b517305f81dd33712a0224fc3b77e594405e432fe5eecf29b7a4f83f441d6905e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\cs.pak
Filesize
393KB

MD5
ff919631102a3a9ec635b3080b63e305

SHA1
e43b117ad5b2d5b373321ab0ae63dd4bc1352a89

SHA256
1b8c3add009028eb567b0094759daff29b7861e11d5a9d864071012200e9735a

SHA512
21833774413cc71ba9c0c592504ae6288e3c8ac4e5d1d62768f4b3eca09e90009abec5e8fadcb4e7d63b99a522ae48fd608aad432eb4165ec7021c8888ad7df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\da.pak
Filesize
356KB

MD5
4bccba46add5ebaf6efd4ade3c42aed9

SHA1
e48dcc2de930bbf0ea8ee7b735ead321dadb5be8

SHA256
2497368658a988e4eb3f64cd17423ea04e7555b104d43c8996c0ecbbfed5f74d

SHA512
e2059e2a7f80353981eef6982a7da006fa3753aeba9aca5279eef71aa2fa4b7adbf9cbb17c85b8060359f9e871b1a5c665226f8d3b8a6fe49f908fd44e1b46bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\de.pak
Filesize
381KB

MD5
8569900305a5661573f7766b93909f16

SHA1
3529376f54e32c17447b065d08c77314c4db2ec8

SHA256
068ba3e34e7f253fad7dc526b1078aaa969bea044d48171925534598aa8becb3

SHA512
d544febbe20a9bc5cf31f79f7ef74c1a742cccc99136e9828187c9a643bd0317c7cc48706346ee1a3c9eda8984be9c8606e9dfa7a6ce2cff49db2d785c2aa1c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\el.pak
Filesize
691KB

MD5
8025eb8756d4bf3126d83c9078935520

SHA1
78895218a90680fe223af0b003c195da84902e1f

SHA256
e42aeaea80dabe82657983a462e4cd3ec74f71d4f08a689f5825f55fc02f3141

SHA512
f99f47e54583b60857a31648b985216713725496d8653ca04eb1d6634f2b7f7a1f9f70b8a7938529bfc6c8665360da5e6bfb6b68c314c011fef4a9817010c42b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\en-GB.pak
Filesize
310KB

MD5
502260e74b65b96cd93f5e7bf0391157

SHA1
b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7

SHA256
463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b

SHA512
0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\en-US.pak
Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\es-419.pak
Filesize
380KB

MD5
02452424bb0cf6ab832808d04883f147

SHA1
a8e97ee52f3d97c1a4c678f7578808416e9fac65

SHA256
1b23cda69927c77764bda121ee398ffefcf5edcb5866432aa3526c378553c9b5

SHA512
9e750b26ab40b5f1c075acbdeb15a57cda9e6bd8049488cfaf368b5cbe8cd9b6e5dc96130e4137370c90bb0777b97515ea2be0787e255cff750fb7e188e22ab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\es.pak
Filesize
380KB

MD5
4ca91891b2d4670d02931f0ca84e4744

SHA1
85f6559b09c80af2575e3b7626842c10081e188e

SHA256
85fff1ca6bd2527073de03fa77dd013db2557a57cce1fd370caa2b185abb9336

SHA512
83eae7ab2f03598c657786bff6171803b6bbe2128d1a5b8a01d9a13337113632279712dd8ffcd3b707fa6052a936d92a57cb67d848c77ee291e75700e29f2bf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\et.pak
Filesize
342KB

MD5
74eda453b23793ced4480ea7a595fe44

SHA1
76964af9c8024bd84fa1d89f60784e7ee6569350

SHA256
e2d38131a5ef4b0e8438f45e8c74c56bcf666760d4682120c8071c9220230555

SHA512
e9928cfac01f10b040c74e63242ffa1f7f616d8598f49f0aa7ddad063e18666cf5649cc65d00b3526526af8a7b46ee3b3655da22adf46aa44c0c6a1c2ac4dc7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\fa.pak
Filesize
557KB

MD5
99de8cfda36ab9ab3342889fb6da393d

SHA1
6bdd3d627d4b6702f43725039089562af58898c0

SHA256
b93145f30e25122015373a248d6ea22a539c7d0d58c8aa853ac35cc80dc06bfe

SHA512
aa20793f9ece5823cb9e74a4a3ff97d7a1860a593f427fb5eacb0390569a48122589610fe5a02577577f3a30f981c5e3da97cf73bdfe158a6bb845586c5b19d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\fi.pak
Filesize
351KB

MD5
fa7dbd2ee35587ff31fde3c7107e4603

SHA1
baaa093dcb7eccf77ce599c8ff09df203e434b60

SHA256
5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c

SHA512
587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\fil.pak
Filesize
394KB

MD5
0b7d25d70a2d94a032b7ff7faea45a75

SHA1
d9d473b2ea936ffea4f751d8716cb03407a95785

SHA256
a737a14f84b10b2e3c9ad4d147b430fd30c5ac0e125d5aaaf1ea19b0507de5af

SHA512
e4dbef6fae4cb56c3cd7bd5dbb239b5136eb2534a17cacbf628f5e5d77bfca924580ad4e4d0ec580ffaf94d6e1fafad58e9c5f472c3a3ff782702ea5eae2aea3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\fr.pak
Filesize
410KB

MD5
a7c88eda9e12b6dbd432c544767acbe2

SHA1
81f1abe537870f7888431e820b636b17b5213835

SHA256
a4d0e5a39241a6326143afa4c8ec881d6edb0382c66425411881946f98e053e0

SHA512
88ca203256aaaaa26afd4a0aacb6fba2eb41618d09df6fc6aaa80ab8d699b30e73c373fa75098b1ec4912c042341dd1c79ee3d04f98b4bd59a44481d350a7988

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\gu.pak
Filesize
787KB

MD5
3268b8d9b4d4db87ec627b09f1c55a6d

SHA1
683ba367e40abb2fefd4548805e845fc1b452855

SHA256
dee5ef4f4b36fc5fe0f3b5e10c7cc3a7edc14bf948317b31a3287a95bfe0afa4

SHA512
59cff62843d35f790092f42b611e9bcd80d948c0ef27a770b2d7af859997f40c320d67df3c5a9420d28d5c8f1678df4677e01cb99b729664d198b3b95b5fbd20

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\he.pak
Filesize
488KB

MD5
6376d0a5f4273b76b1f4aabade194e0c

SHA1
337ba39f09454c0779ab64872b9fa11f866d6adc

SHA256
875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45

SHA512
00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\hi.pak
Filesize
821KB

MD5
9b5d94450fb03c34759653deb0551441

SHA1
b9134fbc75304ca73b156e77425505ed6dc6d629

SHA256
5e8f2593dbea5a57c3a974558a3fc91b6087329a1e7b11622a6eac120a973718

SHA512
caed9535d487833bdde51e82b76d3b8d2e6ea18ec0b4b7a98552be9266ff0728bb1133d8f9cbd169345aa08b0073f04d649baa71bb487483951cfa1a92080d63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\hr.pak
Filesize
381KB

MD5
7dbd4a9de6e30de028c97a7d39f8038a

SHA1
18d68f37b3c5eea3a2fe42c4ab1694a439a189c0

SHA256
e1c793e08e062043cc65271718d9b21d5742729dfa2e076ab012e8a008d06c04

SHA512
a18c43257d26380ec14ae0259cf192257fee0c6895b82240c3b41c5d6e8bd6f8023cb39dc2da0701bbcf05e8eb2cd13c84af971c28c94099a6d0ea02ce745ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\hu.pak
Filesize
411KB

MD5
d6904e7d1b6750d43a6478877c42618d

SHA1
919f090a6a3aa1112916f5bb0d5b73a62be43c1e

SHA256
3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f

SHA512
d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\id.pak
Filesize
336KB

MD5
881ff04e220aa8c6ed9d0d76bfa07cb8

SHA1
cacf3620d1bf85648329902216e6cdc6f588a5ba

SHA256
9210c4c4c33e7ceb5f70005a92a4fd36ca4facdd41701fdc1d2ce638db8adf22

SHA512
9134102928aa80c49bbf2b862e8079b2ee23636ce63412a4c3813f234d623ff563f5ca1ac407ddb77cecf1224896ed59ae979dcf63435d35a4f13de9c22755d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\it.pak
Filesize
373KB

MD5
6629c344b6e5ee8fb476522627b34221

SHA1
28335e3c96a68a560c68756860394a0a86c21870

SHA256
e76c3f15529fa7cc088dc32903c6885f4cfa170a1e0144710b05965f3210c31c

SHA512
78ca2ebf40d6cc3eb7035cca78364be63b8eb69e27caf2cae57e3489b39a9e443409e800fd95e1b646d37655c37ee8a9ae1ab344b506cf65f8603a6a3ad892ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\ja.pak
Filesize
456KB

MD5
c294012268f9e611fdc2904be57e45d8

SHA1
9ba4bd190ced7ffe053fa74071fc5836bdebea53

SHA256
21cd7ae581f6d0c19e90ac7df03d7dd5305b882776a1f091573f824bd28514da

SHA512
d16653f30617e52a040c5e033896a71055fee9992e54ffca5029601bb62a41b9685a68655b9c8bf7a7ba54a914836a0f7a49cccacae0eda180a6b68c0471a268

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\kn.pak
Filesize
910KB

MD5
01e8dc084d07743fbda50d54d86ee3bd

SHA1
e0709217e1a6785706b7d14037b1478ee2a3a59d

SHA256
ae4e003458f1a8bd3652e61241e11ff91bd887f6b95c1fe2700e76a117ba2119

SHA512
7d8db84f975d778bde21253f43d174921c2c71111644a953ad8671754e5d656f72bcabf62f4b960cbf4ca0ccc5f67d1558ed250b568c1f2308a31970e380654d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\ko.pak
Filesize
383KB

MD5
ce19dea7b7d0b9472f99427de2b307f0

SHA1
9c84dbff9927c052dcb9818ed73bb272abf9054a

SHA256
586f34de2c7bb0e92fc376f3ad962bf9bae1a768398459d39f8ed06b59d8ccbb

SHA512
9a6c84ef9bb03be9ce96948bea94ec0ba83ecbd06ed648acab9d6fd27c1ab85f011a5670591da6256781dc147fc234d627cfc4bf5eb29bc2c8bfc84aaf89085f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\lt.pak
Filesize
412KB

MD5
7b6bf901352885c0699db71239b7cf24

SHA1
9e3ec5f327c0d0e54a449332061e60a8c79243cf

SHA256
9200a9509bd77834d9912f4ba8f4219d2b9bd2cdad49a11873db30e99b9d1350

SHA512
79ebef723fb4c17581eb869b4b4e1a364a3d28df0e168e7e1a3583e0c1ec5b9716dd270925c0545b8247421a64b03705f10910fe3416900de9258840c470d580

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\lv.pak
Filesize
410KB

MD5
cccbd7f8a0c34c7094ce4d7b8e7e0588

SHA1
1a08401e2dc8c59200c4ecaa1886b43b6faa6979

SHA256
7467360f9addd4d8694e1508a6ab3a3e00dce57e5897d5376ad27d8e651b23d4

SHA512
2cc43437f1cd8d5fda0e95e7dd117c9b82e90cfed58ad8f492f46b4634aa01cd1b0ebe39377231a0828fc1ccd39641e4efc2f1210d629f9aba12ea9048accd95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\ml.pak
Filesize
948KB

MD5
00292b0801e0dd0a74091bf53f1574c9

SHA1
63a002e7a8796bc4b4459a19c95ce426fbd1ec7f

SHA256
61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6

SHA512
e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\mr.pak
Filesize
772KB

MD5
b9a2aa88c69c42ebcc41fef00c980a38

SHA1
9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8

SHA256
481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09

SHA512
5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\ms.pak
Filesize
351KB

MD5
6de7b004a86967a3433545b3b38bf89d

SHA1
113bd5b28dda669b27c798e0b46fd680f3a04956

SHA256
ead5a37549b98d55839ffcf0dc8f8201d37d71968ec9138fdea79d7c9b79549d

SHA512
239c4acd2c0b6c08fb92fd95b89a302ddefc01ea843950a0247b7310c2b024383ae98286c2d4b83b99833452c41b386e047b2ef33610ef122fcf2f439ef43726

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\nb.pak
Filesize
344KB

MD5
bbae0915edec081b04bb903b689bc40b

SHA1
6a0fc635ce1c431e512b8b3b8448176aa4025556

SHA256
d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8

SHA512
573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\nl.pak
Filesize
356KB

MD5
9fdf47fef5b549497005ef8efd2a2c59

SHA1
3449de72bfc2be537f4b007c81e5bc5de6ff3d0a

SHA256
65a9c1efcdd451504e2e9b44b0c8fafd2c3c1445d760fd6c435305e2f8534f59

SHA512
3e77178dcd9e8894847039a997c87d5d04eef8a1ace1846132fde229285da08ffc8d3ba697226130bd07ab122a868cc53693981a21f8211c839ccdaba77207cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\pl.pak
Filesize
396KB

MD5
c9da926441d438b952149650c86a033e

SHA1
74ee60342bda33048570dd3c03f897668cdfc971

SHA256
ce96fd415ffcda01345146faac716e2d45e2c556e5c6c38e9a1ea5ac19dafe84

SHA512
3e718e8df695cbd80146c3e911de9b235ccc06f574739e5720d47952f69eab089b56451cdc321174da9b239c0a71a720baf9d68b46046efa0edcb2a3f1804ea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\pt-BR.pak
Filesize
374KB

MD5
c68170e4948cf3ae6910364c1e68ce90

SHA1
420f3a392db28b6fd6be44fd702b455518b67bbd

SHA256
b26499a256d66feed42b372ea2eaceb75c279694b40a7b5d0f8c1a5c24cf381c

SHA512
29482ced2091873a8c6242a608ed641b3a4d72fb93ccc2eb58d2769c446195f717b438d5633522f457234f3d209029936e9ea4ccd65d45ba8ae0c2df71043797

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\pt-PT.pak
Filesize
376KB

MD5
9b04c89c2d17c7c00a6a4342f0771fec

SHA1
a0886040fd5f870023cc3038f5722f4ba6d7c8b6

SHA256
abb012215610178b7f8203f61f41103546d3949ac3df4acb3a622b01663f39cc

SHA512
7c4cf5e7bfad4709db49779c1e3e762b8d0bac6cd736c511711ddca7682e08bc6b3274c9872d88db78bc36b0456b29680d3c4e518d4a401830cfb37b48567bb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\ro.pak
Filesize
387KB

MD5
9b9c22a12ddce43a4a3c0c047a16a5c3

SHA1
901e072d644a79e0b18be2f4a81e6842b070485d

SHA256
3e89d43b86b2582fd7db236659af47ff459a44c5b5ebcbb0bcc9eda244c8e501

SHA512
196a5bb1b0b5093d4a18279037ef7993525c36c136d4560b7e902c815687f7992ecd2b64d96422911a3468cf3f1478b21df6465d3b31486466cbb5573ff0e7e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\ru.pak
Filesize
634KB

MD5
aa75c21bfe54bb70e7abd9fce1347a8f

SHA1
3492307cec15b367274c948beb76598f72347846

SHA256
bd981aa65536b544228ed1d60a552ff4c7800b46f815177b33b3e628b97d77e4

SHA512
0e77f1c7e4b5410e9eaed875f5dae6485d8de5b650ec44133b1634645cc3055fa7bea316e843b491f29d9c137b20623b120e014b1c74bbf4e8d1f08dbeaf5bb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\sk.pak
Filesize
399KB

MD5
72946b939f7bcaa98ab314cfba634e0b

SHA1
71c79a61712c8c5d3dac07a65d4c727e3b80ab17

SHA256
75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7

SHA512
2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\sl.pak
Filesize
385KB

MD5
6a2efcb886dd33a5d05a112c141c520d

SHA1
ba89d9ef7ce1862d1e9933e910529ec5a3e2a933

SHA256
4fa004d80c7e89e38cdfed3a652003787fa810256d294c16aab0bca815eb7c02

SHA512
0475df28a602ec90c4331da4e7d742eded2cb3264b41924628bfc45e2662f2ceb7b9518ac88a231da1c3caf18d176ff3a4931c2b1751f3b74bce3af73d0088cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\sr.pak
Filesize
595KB

MD5
fca817ed4b839b976ebcbf59cac66d68

SHA1
413efa65470319999032b6a25b3b2ee33b8cd047

SHA256
524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb

SHA512
cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\sv.pak
Filesize
347KB

MD5
14ecf7684d7987950a9655258d3a72be

SHA1
b1506b3b4be332081dde72bf54a197b1ee0bde66

SHA256
690a83bbefe1e97de5d2c1c0791707e8ddc3414a12cf30b79329fa5d21840d6e

SHA512
fd9d36c63b00bb1caf6a25f2c797f3a844395f16016a9010819462d647e8e759fd8887e5eae3ef300871f4abef05f4ceca9edb5b30ffdd56efeede9c75f56e30

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\sw.pak
Filesize
365KB

MD5
9632dd7d883fa4deb3963ea663e0ffd4

SHA1
0db135be4b3a7c54c39e9df5034d5576b68ea92e

SHA256
690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e

SHA512
3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\ta.pak
Filesize
936KB

MD5
714ef30e819d791b41ab093d515e1704

SHA1
5410b58dcaa0bc82146655ed56493581d18d5c04

SHA256
9be97a18356b05ac4c3aa2b7e719eb29b47d8ad406aa50cf0f24bdde1d613083

SHA512
a35074a54dc12a68301553345c69f02ad31bc010690d5f4c4fad5d65b3fd9c3f7c3ec7e3637673d250cb33496b93a9582e28b5210d11137bc0bd5b2e219c0aab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\te.pak
Filesize
869KB

MD5
28f500e12a7b91d91d8f99395fce8332

SHA1
885fd6c78259ae38f7dba3887f7fee783c1766bc

SHA256
06dd7ae122d6f1f394aeb85089a9c837ec05dad627b0bcc92863ab2830e971c9

SHA512
6f0fe4a527e9c53a41d20f95cafda7a2488bab310eecf68c98271a2db6f3efe5d2180e158b5018a9c56a0580b0735146f0ae07d884f564de1e8780956a10d190

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\th.pak
Filesize
731KB

MD5
d34a2993eaf0ee6bf65c3729baee426d

SHA1
d796911e57c89b11a603c645dd0e32aad7819d75

SHA256
7870b92c64f7776c469b4d19be8881ce30a5263cc8287c3d7de573aed43c7dba

SHA512
eb2f4b3cb7741c996acbd121d0c69eda6cfac6bdbd7b8036dc6394ed7e49c9a45641c7983431b5f8c5db685fc7ce958e7c9f5e79837b381caeecf009f79ca4c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\tr.pak
Filesize
371KB

MD5
0662e2b67524444e843d0104adab0b7e

SHA1
ec39112f57e28010295398c24c6a17e60a88fd47

SHA256
e8f86dc87dbf11935863efb3a5af8213a97123889019e98a7ef313b488088790

SHA512
6529083d04e777be3cdaa14f06bb6b3a3d26006ed9d067f7a1bdfcf669856cc6340bf0caf90bbceb75666062fac1bc02ca2d2cff94c6ca5627ccaece6f973a65

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\uk.pak
Filesize
634KB

MD5
0d9b7f3ce815f7bcfd63ee3492350d52

SHA1
6138b5dc296cf406b2314b8b797f9f96de2b40fb

SHA256
b86358579a9cec015c996c6ae862ddcb8cb558f30eedd0d0b9ef3cb18c3cc130

SHA512
17d874849e5eb17bff2ac98c8191f9f38a07a66eccc502122c0ed2bdd6af94eb17db1b0a2477a75c1fd4f3ed00c76b1818eac5bc4093d92eca0d0a5323718cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\ur.pak
Filesize
552KB

MD5
6733dba4f3f0afeffc40bd87300b9d6e

SHA1
610aab026d25f2cec6c636fbaee922c099d26ef2

SHA256
d0c8ae8f4f60f04d4eee8cc639ee3b52ad073f5c9ee6fb84c774eb855fd51e9c

SHA512
40c1cb7be3709bb6ef01a4e66bfd85e20641020a800292a2a14f4cf188242aa0b8d42cabd0f323acd3d2f257243c7dc04b346a39475343c761af7a1833c3366a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\vi.pak
Filesize
439KB

MD5
5b8fc875f0b57ac7793e19e0ac6f4899

SHA1
b8ec064365fc29a70bc3a8d3df0ef222ed244fa8

SHA256
ff3cdd834569cf9f957a444ab8a51ebe673bd26d7c907a907aedfeed248d4890

SHA512
f3a9ad912823aaae0d089cf53151cfba0b6fbc2cebf826b1b7c70fec03bf3f967e440558fef94c990c87349b82c36379bf645b828ab6b69eb9f396165dd6178d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\zh-CN.pak
Filesize
319KB

MD5
37b051269289e0eaafd411d374663135

SHA1
fa94bc7fe89475f1d5e1c9a2d88161cc992a638b

SHA256
4ff334da089d2ffb9c6173de7c918b74c9326ed7bd76317b2696d57861871488

SHA512
357350ec552765df460cd66ae59ebcc771df72431baa380247750627ee974f1859bfa423461a2197d4e608063d021faa7fc94bd30c6fe2b1a0cf9b9f7e64ea73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\locales\zh-TW.pak
Filesize
316KB

MD5
032c4f24764d531d0de876f1e9d51dc9

SHA1
6662a5e3466c1ca415e219634cd67863ff830b32

SHA256
a0a715a3ef1ead036f0f03d02a8252fbdbd52ce6f8cc5b9298fc1c4494d4e508

SHA512
3cf212a638cfe9d08e625f7f70d453263e44721be9550c2aebfb67462666a8d67b87cd2ed613cc12c7d1fc7d1c1368c7d198a6669fa3a10c2c2bf61966c46aff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\resources.pak
Filesize
5.1MB

MD5
dc12ee2bb266627cf127c9049fee5a70

SHA1
2f8d5cb6c70781a0b67e4bdd180c5364e01e8328

SHA256
368cc254981294714ccb085152c62e386f017f77691e0d2713978d77e2a033cb

SHA512
17a53f9dbf703c7f8d752896002b8f5909ddad5fa78d60b176b8fb8c351b90bc644de1097cee7da490ff7e97d3b0fbac0f627106d054d1d10d1917ce35b38f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\resources\app.asar
Filesize
20.3MB

MD5
acaa3b7d400e6945788fbc8480101570

SHA1
7c2fe63cdcdf1537014b0382ddf7d2563eed86c7

SHA256
4d8b5696e5ec91eb7f6c55b7c439be7e2e598af7b7f5f3bf8f82f31ee7765ae4

SHA512
dd1bb24d3d3b84d8f0dd7dfb03f2dc7bf5df467ff50c01b3b02ab608e723709a874b59c779685d63aa4dc0caada9a2b9c73a5185b27654a0ece67779520adc8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\resources\elevate.exe
Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\snapshot_blob.bin
Filesize
168KB

MD5
b82ff216a0babf602940759b9a3af870

SHA1
07e8a22dcf8d7be04a6ddbcab3098e040494bb0e

SHA256
943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5

SHA512
da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\v8_context_snapshot.bin
Filesize
471KB

MD5
031ea03da08fe1247280cfe781658791

SHA1
e91db50ad16b5a5fbbaf4118672d60b347ea6161

SHA256
c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c

SHA512
b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\vk_swiftshader.dll
Filesize
4.9MB

MD5
3a8600d95c9c163940f05e60a69eb457

SHA1
cce71f6a5490b48eaeb272cbf55792819fb2050b

SHA256
3477f8305c88838f894f0a304b8d2013542e9379f0310d398cd6a267e854e9af

SHA512
492a02352546065108c200b41026c711e09a32d3aa26e5356856d081bc1192445d7b98f789b6856b02217e84d8b3baa3288e3b9e359e59af6d0c7dcdd1888cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\7z-out\vulkan-1.dll
Filesize
894KB

MD5
c286e1191c5b91130b6d16e23cbd44f3

SHA1
8231664efdf30b07ff0dbc6b6f4e4d46ec574de0

SHA256
8d4b92d08f42bfe9d30362b9cf671fd6ae3166ade44f94de17dfc531393b66cd

SHA512
5cd07f2edec7bbe8684ea291a9d1dd3709f6a25c55fda3d92938eaf9c3b047ec481e3e7f3fc64973f6833422ab5880f1318a15afa666e2dd207763c7d3822bbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\nsExec.dll
Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBCA8.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_4708_LTAQQMCPMUFKACBO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3356-1110-0x00007FFA52FB0000-0x00007FFA52FB1000-memory.dmp

Filesize
4KB

Download