hxxps://cdn[.]discordapp[.]com/attachments/1246110906447036487/1246111252862996561/BY_JOSECITOV4[.]zip?ex=665c848a&is=665b330a&hm=33cd51f5ca8d2f8aafd9186c8ed20bd7460731450f3afeb1a01c2206d6c34b0e&

Analysis

max time kernel
629s
max time network
454s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1246110906447036487/1246111252862996561/BY_JOSECITOV4.zip?ex=665c848a&is=665b330a&hm=33cd51f5ca8d2f8aafd9186c8ed20bd7460731450f3afeb1a01c2206d6c34b0e&

Score

8^/10

spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	ExecutorUPD.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ExecutorUPD.exe	ExecutorUPD.exe

Executes dropped EXE 5 IoCs

pid	Process
2040	winrar-x64-701.exe
5000	ExecutorUPD.exe
3840	ExecutorUPD.exe
3280	ExecutorUPD.exe
5040	ExecutorUPD.exe

Loads dropped DLL 14 IoCs

pid	Process
4736	BY JOSECITO!V4.exe
4736	BY JOSECITO!V4.exe
4736	BY JOSECITO!V4.exe
5000	ExecutorUPD.exe
5000	ExecutorUPD.exe
5000	ExecutorUPD.exe
3840	ExecutorUPD.exe
3840	ExecutorUPD.exe
3840	ExecutorUPD.exe
3840	ExecutorUPD.exe
3840	ExecutorUPD.exe
3280	ExecutorUPD.exe
5040	ExecutorUPD.exe
5040	ExecutorUPD.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
108	discord.com
112	discord.com

An obfuscated cmd.exe command-line is typically used to evade detection. 2 IoCs

pid	Process
3052	cmd.exe
3640	cmd.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
1920	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
864	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617594912941264"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3352	chrome.exe
3352	chrome.exe
2532	chrome.exe
2532	chrome.exe
3172	powershell.exe
3172	powershell.exe
1788	powershell.exe
1788	powershell.exe
5040	ExecutorUPD.exe
5040	ExecutorUPD.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1752	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2040	winrar-x64-701.exe
2040	winrar-x64-701.exe
2040	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 4036	3352	chrome.exe	80
PID 3352 wrote to memory of 4036	3352	chrome.exe	80
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 4028	3352	chrome.exe	81
PID 3352 wrote to memory of 2108	3352	chrome.exe	82
PID 3352 wrote to memory of 2108	3352	chrome.exe	82
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83
PID 3352 wrote to memory of 1800	3352	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1246110906447036487/1246111252862996561/BY_JOSECITOV4.zip?ex=665c848a&is=665b330a&hm=33cd51f5ca8d2f8aafd9186c8ed20bd7460731450f3afeb1a01c2206d6c34b0e&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff739aab58,0x7fff739aab68,0x7fff739aab78
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5080 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5160 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5448 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5468 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5444 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5744 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5000 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5024 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1840 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6124 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1672 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5316 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1908,i,7885473410993443984,9960026039682587899,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2532

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2580

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1900

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\BY JOSECITO!V4.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1752

C:\Users\Admin\Desktop\BY JOSECITO!V4.exe
"C:\Users\Admin\Desktop\BY JOSECITO!V4.exe"
1⤵
- Loads dropped DLL
PID:4736
- C:\Users\Admin\AppData\Local\Temp\2hEiES8kcXVx6DhehytOMt66F8H\ExecutorUPD.exe
  C:\Users\Admin\AppData\Local\Temp\2hEiES8kcXVx6DhehytOMt66F8H\ExecutorUPD.exe
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:544
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:1920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
    3⤵
    PID:3140
  - - C:\Windows\system32\taskkill.exe
      taskkill /IM chrome.exe /F
      4⤵
      Kills process with taskkill
      PID:864
- - C:\Users\Admin\AppData\Local\Temp\2hEiES8kcXVx6DhehytOMt66F8H\ExecutorUPD.exe
    "C:\Users\Admin\AppData\Local\Temp\2hEiES8kcXVx6DhehytOMt66F8H\ExecutorUPD.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ExecutorUPD" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1860,i,17820087165841172534,3213432409351968595,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3840
- - C:\Users\Admin\AppData\Local\Temp\2hEiES8kcXVx6DhehytOMt66F8H\ExecutorUPD.exe
    "C:\Users\Admin\AppData\Local\Temp\2hEiES8kcXVx6DhehytOMt66F8H\ExecutorUPD.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ExecutorUPD" --mojo-platform-channel-handle=2072 --field-trial-handle=1860,i,17820087165841172534,3213432409351968595,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,35,167,165,23,108,64,42,78,189,79,209,36,15,157,160,224,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,92,189,224,153,149,154,254,15,90,25,191,67,109,35,188,255,47,151,9,21,172,109,172,152,78,250,241,191,140,181,162,184,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,209,235,215,220,194,5,197,88,53,204,186,212,66,146,226,188,79,204,39,241,55,33,198,3,57,197,104,32,254,164,222,53,48,0,0,0,190,0,161,123,65,14,46,171,239,38,157,125,28,95,192,236,16,13,130,184,221,191,110,38,80,70,146,60,47,32,10,203,90,20,66,70,106,81,223,50,206,68,184,16,75,136,60,134,64,0,0,0,70,232,28,94,65,45,27,44,230,217,177,254,232,17,18,175,206,168,72,136,197,118,127,130,242,66,19,188,10,231,102,228,166,149,101,103,226,180,241,31,220,52,111,182,118,173,9,121,124,121,42,179,127,86,97,46,106,209,100,22,161,216,139,82), $null, 'CurrentUser')"
    3⤵
    - An obfuscated cmd.exe command-line is typically used to evade detection.
    PID:3052
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,35,167,165,23,108,64,42,78,189,79,209,36,15,157,160,224,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,92,189,224,153,149,154,254,15,90,25,191,67,109,35,188,255,47,151,9,21,172,109,172,152,78,250,241,191,140,181,162,184,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,209,235,215,220,194,5,197,88,53,204,186,212,66,146,226,188,79,204,39,241,55,33,198,3,57,197,104,32,254,164,222,53,48,0,0,0,190,0,161,123,65,14,46,171,239,38,157,125,28,95,192,236,16,13,130,184,221,191,110,38,80,70,146,60,47,32,10,203,90,20,66,70,106,81,223,50,206,68,184,16,75,136,60,134,64,0,0,0,70,232,28,94,65,45,27,44,230,217,177,254,232,17,18,175,206,168,72,136,197,118,127,130,242,66,19,188,10,231,102,228,166,149,101,103,226,180,241,31,220,52,111,182,118,173,9,121,124,121,42,179,127,86,97,46,106,209,100,22,161,216,139,82), $null, 'CurrentUser')
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,35,167,165,23,108,64,42,78,189,79,209,36,15,157,160,224,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,212,42,2,65,16,208,86,239,119,31,48,12,125,255,255,16,35,229,28,212,118,235,50,133,44,37,118,117,201,246,141,209,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,73,164,249,209,239,154,151,218,48,206,11,82,161,3,159,9,224,155,252,245,175,208,199,64,94,88,244,43,40,88,194,246,48,0,0,0,139,84,34,152,122,62,162,151,147,226,168,84,240,87,105,110,166,215,210,118,192,192,245,219,97,138,74,192,131,101,218,100,49,184,183,187,125,119,185,182,32,14,67,163,25,109,208,13,64,0,0,0,227,205,221,78,197,37,10,166,0,128,167,243,193,236,123,89,55,116,6,215,52,123,147,52,72,250,198,255,30,6,10,45,139,195,88,251,172,7,9,40,196,46,34,184,241,154,11,218,245,73,126,185,94,212,164,210,43,132,173,66,17,12,245,143), $null, 'CurrentUser')"
    3⤵
    - An obfuscated cmd.exe command-line is typically used to evade detection.
    PID:3640
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,35,167,165,23,108,64,42,78,189,79,209,36,15,157,160,224,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,212,42,2,65,16,208,86,239,119,31,48,12,125,255,255,16,35,229,28,212,118,235,50,133,44,37,118,117,201,246,141,209,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,73,164,249,209,239,154,151,218,48,206,11,82,161,3,159,9,224,155,252,245,175,208,199,64,94,88,244,43,40,88,194,246,48,0,0,0,139,84,34,152,122,62,162,151,147,226,168,84,240,87,105,110,166,215,210,118,192,192,245,219,97,138,74,192,131,101,218,100,49,184,183,187,125,119,185,182,32,14,67,163,25,109,208,13,64,0,0,0,227,205,221,78,197,37,10,166,0,128,167,243,193,236,123,89,55,116,6,215,52,123,147,52,72,250,198,255,30,6,10,45,139,195,88,251,172,7,9,40,196,46,34,184,241,154,11,218,245,73,126,185,94,212,164,210,43,132,173,66,17,12,245,143), $null, 'CurrentUser')
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.', 0, 'Error', 16);close()""
    3⤵
    PID:1472
  - - C:\Windows\system32\cmd.exe
      cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.', 0, 'Error', 16);close()"
      4⤵
      PID:3348
    - - C:\Windows\system32\mshta.exe
        
        mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.', 0, 'Error', 16);close()"
        5⤵
        
        PID:3472
- - C:\Users\Admin\AppData\Local\Temp\2hEiES8kcXVx6DhehytOMt66F8H\ExecutorUPD.exe
    "C:\Users\Admin\AppData\Local\Temp\2hEiES8kcXVx6DhehytOMt66F8H\ExecutorUPD.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\ExecutorUPD" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1224 --field-trial-handle=1860,i,17820087165841172534,3213432409351968595,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:5040

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\ccfef098a48b48219c8b99ccdd5162d3 /t 4832 /p 2040
1⤵
PID:4816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
168B

MD5
cdbcbcb0e0a0a520bbd998c638bed419

SHA1
2a23d80a19207d2d22db97fbb68fc19857d19087

SHA256
f905cc1022c3758f3a7d76c3c9332056ea00180f309ede953b1f6d0f3129ed86

SHA512
4c612e75ae70993b45b51ad0dd0a88c0a847f3bbf26103d52854dbd4894c089ac21b25d6020b738b44b89f9e001e9595b2acc6c47d6b566098a8d0cf63169722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
45ef3bd5406f322961709b2f0304472b

SHA1
009fb09e6d5785edb7b6846f9253c99d55958828

SHA256
ba4cc5a6c54f26cc4d21a62c92b75ccc25510adc9e6a100e4ac41d34506f8a11

SHA512
39e7350c06ec0f9b92b3b59928e16c6ec63680d34d7a9d648e3fbd36848dc41479adbebe3877dba45acb37e3962e88ab693f29a1bf9a4b2bbceef662a19ae6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
fe4ab53e4c898c6c92a13e81bfb28636

SHA1
1806d1fe844dd221cffe6398c31e503891df6ecb

SHA256
9a269328d3cbc1f02f249779a459041b3f3dc6dd824bf90ca1e3b3d89d7c7318

SHA512
385e39af0dcac81eac70dcb4da7556a8495f22af03d65320a783cc56bb5c7b4b907e8aa3f244686e21e4f607734f50a1229ca547753661232da987d7d1137492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
5KB

MD5
0e9b2946994bc54d747f962b809ebb70

SHA1
9cca0b9b2f5c35f4fc286e43b7e256f1915006c5

SHA256
9d1bf870c47fbfa9899411b93d93d6a3723c18541bd7cea02034fee3db824f09

SHA512
fa0a97f52bcea8874204377ab54baad970d3f3bca15afb10c1c51f6555d0650c11df1e073268958ff359f12cba5c0ad78d874abedf361945933e720c9d570b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
86a60ae8ffe3046fb6328bed1f0524bc

SHA1
122d8116a435344cdb0232e6212c34428025aae6

SHA256
1ad8816e54e1989c6a957a86b8169e2780dc853a2e43c3266c6bcf5563e3d0e5

SHA512
e12da4667d744da235f4ddfc1044372402f322c69314e46b6f2316551aba8fafe9f680668af49739b3f842342a65e7048580ec1ddfe2b2d75408b1c743d98eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5f8dea777e10c7c7b923d814653e19bb

SHA1
646b7fa3c97e5e0f15286786c63b18007ebf3e80

SHA256
021663cc8a1802b0fea4042b004ed912d4e03d155222b0568cda0c88423fe05a

SHA512
832584e7cf4ad1d45dc1fc523e45f28a2b3c76783faa5013ad1dd0efc183f598fa14b2f412ee154bdb8803e94e62a26267650f9ec95464aad8eef675e2a2ba22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ce7dca96cb3dc72d25e492bc80d14eb9

SHA1
b436f6819bdf3b1c18d438cff7233dd793f7dda9

SHA256
6cf3f8a3849ccead64f4a45691f68cd28a086e478806c30dcb8dbefd14684134

SHA512
e3060ee8f4e4626201328e9768094ed2c99d6869ce0f60e9f2ba80dfe8aa7600373e1381fd0ab0ff39d7bd3ded6e401b8b24c8162c6e9a72f734eaff5d3f7454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b4fd953b0c252e14262fcdee39da916e

SHA1
e8af008ade816d2af8d657e2d33bdd44933bac89

SHA256
47b3c8aac1e1cb7dcebc799ee8ec5407aa4a85681d294f67857b5b9a69c943e2

SHA512
5a874bc79c1b5edd085b3267e16319679402933b03eeb1e618ed65b7d1cb5af53162c910a8e30d92494cf0bd9ddaf80b0725707f26e1ad42ef8710ddeb6d6f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
c1b8b10c980e93ac8f91e9a9e83de171

SHA1
dbe319fb5abcb73334b85723746ebef68e768c01

SHA256
f7cd8a6e8434bc51ca3058a1b8c02fdfa917c5648d80de968e60af15d8e01c45

SHA512
b0a791a4cf65327d85ce9bc223c2f0f895e929308c88f979f349651cdecdad6572b569b273ec6336e2d3c4e667a159bbd251f53a6d50c10fa222ab51a370d4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
d551540e88c0f14e1a052816e4843654

SHA1
6216936edcdc51e443b31489151593052fe87c1b

SHA256
de4ae0fe70d75801e7b85956a5ee4b054a99bf66892ff0bf4aa3bbe37783b9a4

SHA512
fd9602ab3b0008a3a617ea68f84c6e0e521fcd176743c97e9345924fb5343f002ef23c127e986ad2315486ff255d4389184d7f10b73e45be918a5d9bf03157c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e125b2901725a3a1e3054dd46b45488e

SHA1
fdf30cf11b5f4e2cae3c9022168eeac0180a2897

SHA256
781c8f9997f3f4c4de55811d27850cbbbae30cba5f0ed7e9cc888df332b4d5ae

SHA512
b0867f5260fd3b998a00d02d8a17fcdf31bbc6fbfe73a2099f73dbfd3bd55591b8acda94a12da9671326b077c72df6fb27f62ad402e3717d7b21cc151d498c17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
049e8285437f074788ed617efb0d7be8

SHA1
e8a071c3d9b309f9f631e6342d4c8921b395f36b

SHA256
81ca5f1c512740d1476c53ba22d3ee924db22ff0134db56823c440db6e0dc151

SHA512
5c52ff8948f08de62125ef4a5bc9cd039fe45f8938dc818c17eb3dba8a8c978933242b0e4011cc54dd41853165dba1d8d7a188e2763e4a58705485930bf9b91c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3c7ec4afecafbddc92d4922ca5ad0c5b

SHA1
13896b6d5860035f2e6e671926b61eeac7386fd4

SHA256
7b06d7cdb5989173a6134265ac2e51f20687bf40b70fcc395b8fedc51a94eea9

SHA512
f57217ebf150f350db5a614730a2a6deefc55fcddfe3c6edffc3126b3305ec081012f55ad81d1b8f39e659f295c5d533f4f705efe65ec6ead1e1d6d3a8213e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ffad41d428826d6f2efe40d7527f59a9

SHA1
8ce13202c86f0a4bd92018c3e001eab3d38620b6

SHA256
7e215ac6ca935eb9108f763470bc1177c8e44c0c22d9d40ea672240eb6bf71b8

SHA512
d0de1f2a5800725743b842d42f21ac40f331cda05a9debf47819d6a3f9111023550005fe421387ed19a5f7e1202dd79754d1cc0985ced69a98262b6f6c8a43bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
100KB

MD5
c0340476f411e45ccae3b0ec1af8892f

SHA1
90395862f1eacd9cf4b177c3849da5a938cefdd5

SHA256
e34a3af8b1950386c14fa81f553bc45aa523f827ac10eeb2972d2376d4e0bdca

SHA512
0de4e3263c5cc73ecf6542cf0991bbe3c7ca4a1db57a1cae57d6d5ef49d8f97de0d37c0122bc485a59e23a4a7f20343cb99acc0dba64a47a009bcbab1a97fcc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
5684bf415c1e7939063e886724af49b5

SHA1
73ba79e3fc831c97a3a2b53b43db20de2ab650a9

SHA256
1ae3d92d2122e0b75536eeae7250004621121a181cc4430373f98621822a505e

SHA512
084808727e1c4f3d228d5cd91cfe53a2ee2b3fce2e879bdcde07deb5df332e8c8dc9dc1ebc2e0c500412eab1e7260b0b1a6a56d10381ddcb55bb5de74ce662fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
323e9c52d43e2ba4217f3317b7d3c73b

SHA1
315caacb1c0ecbaa6a6c6f165a4faed26cfc491e

SHA256
f4ce3a9c3c141f2269b1f907bdd245f175c3c97b356369e8dfa115f9ef5af41b

SHA512
e80bfcef3e244714f0ef3d1e004f8c95b2569b5a67e29f3fe989da18faec79d4e44cce08bae2561c24ddeec9c14cfd4fed78eb1e6a71f61e8a971fc6c7d05615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
281540661ab2f29206fd3d44752fa0a9

SHA1
7af271537019c9f24f03498a0d3381112e372b3a

SHA256
940b16960a2989cc81be8432c34d179528a49a67aba41c75b8e05742a9ace55e

SHA512
d0fb1123b455852bcc748864171c687ac7a36538962fa2bd2b2eeedfd3c7cf0357474dcaf3648b730e1a55b10a688c51a7de179f67bf46b357f30fa186a6b0c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cd4e.TMP

Filesize
94KB

MD5
fcdf0a6b045a8b80089c3998e7771671

SHA1
2c9ec5b7fbce0ee08c85cdfbf5bbf26bd0a71608

SHA256
7e5fdd69c4505209e0aea2ccdf08549f14ba1b0bbe54c2d3cbd2e68ab02bf2ea

SHA512
6a46df5efbed3575408f61f3ed522c3368e01b5479c4a78fa1fe531f26816f46634a9983c79e47313e6751257b17240b0631d7723e02c5f2395a195d90768447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
f48896adf9a23882050cdff97f610a7f

SHA1
4c5a610df62834d43f470cae7e851946530e3086

SHA256
3ae35c2828715a2f9a5531d334a0cfffc81396c2dc058ca42a9943f3cdc22e78

SHA512
16644246f2a35a186fcb5c2b6456ed6a16e8db65ad1383109e06547f9b1f9358f071c30cca541ca4cf7bae66cb534535e88f75f6296a4bfc6c7b22b0684a6ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
45b2b0b1dab19ef161a2c8d961f1f6f5

SHA1
ed1afee29e6ff54a73ed1280e73b86af802a29d7

SHA256
ab238ea4fc4cec37d6ba3cb49e0893f985035d10d30c042758d3a2822081524e

SHA512
977874601462d69d8a905418b9eec99d5bc2cd4117562ba9e2ce81f6cd17a003d713d35d9c9b8745284bea3eebfc3ce22b23ebfbe04825a16cb32f859827413e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2hEiES8kcXVx6DhehytOMt66F8H\chrome_100_percent.pak

Filesize
126KB

MD5
8626e1d68e87f86c5b4dabdf66591913

SHA1
4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c

SHA256
2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59

SHA512
03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

Download Submit
C:\Users\Admin\AppData\Local\Temp\2hEiES8kcXVx6DhehytOMt66F8H\locales\hu.pak

Filesize
427KB

MD5
2aa0a175df21583a68176742400c6508

SHA1
3c25ba31c2b698e0c88e7d01b2cc241f0916e79a

SHA256
b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72

SHA512
03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\2hEiES8kcXVx6DhehytOMt66F8H\stealcordlol\Browser.zip

Filesize
935B

MD5
cf19baace4fff7e0c19c46a80c28cb2b

SHA1
cecea740794a37b85078abb98619408c45e69c5b

SHA256
93424151cdae4312aa6d5babef4b7af0e1e04a1340167025081a11a4c08b4b63

SHA512
88109d9fc6e512dff57f124026a37e2a98cc5ff1256388a1c8833cd71e3f0415e8501611df20530a8c616d7fc32cc5d5de5cb0bc544e1557c909627203503c71

Download Submit
C:\Users\Admin\AppData\Local\Temp\635ef1f5-663b-47d8-a455-a53788403653.tmp.node

Filesize
1.8MB

MD5
3072b68e3c226aff39e6782d025f25a8

SHA1
cf559196d74fa490ac8ce192db222c9f5c5a006a

SHA256
7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01

SHA512
61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hahnjltx.b3y.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\fefc399a-39f1-47ad-9b75-04a90d00bb05.tmp.node

Filesize
137KB

MD5
04bfbfec8db966420fe4c7b85ebb506a

SHA1
939bb742a354a92e1dcd3661a62d69e48030a335

SHA256
da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd

SHA512
4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\LICENSES.chromium.html

Filesize
6.5MB

MD5
180f8acc70405077badc751453d13625

SHA1
35dc54acad60a98aeec47c7ade3e6a8c81f06883

SHA256
0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c

SHA512
40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
48515d600258d60019c6b9c6421f79f6

SHA1
0ef0b44641d38327a360aa6954b3b6e5aab2af16

SHA256
07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce

SHA512
b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
d49e7a8f096ad4722bd0f6963e0efc08

SHA1
6835f12391023c0c7e3c8cc37b0496e3a93a5985

SHA256
f11576bf7ffbc3669d1a5364378f35a1ed0811b7831528b6c4c55b0cdc7dc014

SHA512
ca50c28d6aac75f749ed62eec8acbb53317f6bdcef8794759af3fad861446de5b7fa31622ce67a347949abb1098eccb32689b4f1c54458a125bc46574ad51575

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\icudtl.dat

Filesize
10.1MB

MD5
adfd2a259608207f256aeadb48635645

SHA1
300bb0ae3d6b6514fb144788643d260b602ac6a4

SHA256
7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050

SHA512
8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\libEGL.dll

Filesize
468KB

MD5
09134e6b407083baaedf9a8c0bce68f2

SHA1
8847344cceeab35c1cdf8637af9bd59671b4e97d

SHA256
d2107ba0f4e28e35b22837c3982e53784d15348795b399ad6292d0f727986577

SHA512
6ff3adcb8be48d0b505a3c44e6550d30a8feaf4aa108982a7992ed1820c06f49e0ad48d9bd92685fb82783dfd643629bd1fe4073300b61346b63320cbdb051ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\libGLESv2.dll

Filesize
7.2MB

MD5
a5f1921e6dcde9eaf42e2ccc82b3d353

SHA1
1f6f4df99ae475acec4a7d3910badb26c15919d1

SHA256
50c4dc73d69b6c0189eab56d27470ee15f99bbbc12bfd87ebe9963a7f9ba404e

SHA512
0c24ae7d75404adf8682868d0ebf05f02bbf603f7ddd177cf2af5726802d0a5afcf539dc5d68e10dab3fcfba58903871c9c81054560cf08799af1cc88f33c702

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\af.pak

Filesize
353KB

MD5
464e5eeaba5eff8bc93995ba2cb2d73f

SHA1
3b216e0c5246c874ad0ad7d3e1636384dad2255d

SHA256
0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1

SHA512
726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\am.pak

Filesize
569KB

MD5
2c933f084d960f8094e24bee73fa826c

SHA1
91dfddc2cff764275872149d454a8397a1a20ab1

SHA256
fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450

SHA512
3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\ar.pak

Filesize
624KB

MD5
fdbad4c84ac66ee78a5c8dd16d259c43

SHA1
3ce3cd751bb947b19d004bd6916b67e8db5017ac

SHA256
a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b

SHA512
376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\bg.pak

Filesize
652KB

MD5
38bcabb6a0072b3a5f8b86b693eb545d

SHA1
d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89

SHA256
898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1

SHA512
002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\bn.pak

Filesize
838KB

MD5
9340520696e7cb3c2495a78893e50add

SHA1
eed5aeef46131e4c70cd578177c527b656d08586

SHA256
1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39

SHA512
62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\ca.pak

Filesize
400KB

MD5
4cd6b3a91669ddcfcc9eef9b679ab65c

SHA1
43c41cb00067de68d24f72e0f5c77d3b50b71f83

SHA256
56efff228ee3e112357d6121b2256a2c3acd718769c89413de82c9d4305459c6

SHA512
699be9962d8aae241abd1d1f35cd8468ffbd6157bcd6bdf2c599d902768351b247baad6145b9826d87271fd4a19744eb11bf7065db7fefb01d66d2f1f39015a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\cs.pak

Filesize
409KB

MD5
eeee212072ea6589660c9eb216855318

SHA1
d50f9e6ca528725ced8ac186072174b99b48ea05

SHA256
de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43

SHA512
ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\da.pak

Filesize
371KB

MD5
e7ba94c827c2b04e925a76cb5bdd262c

SHA1
abba6c7fcec8b6c396a6374331993c8502c80f91

SHA256
d8da7ab28992c8299484bc116641e19b448c20adf6a8b187383e2dba5cd29a0b

SHA512
1f44fce789cf41fd62f4d387b7b8c9d80f1e391edd2c8c901714dd0a6e3af32266e9d3c915c15ad47c95ece4c7d627aa7339f33eea838d1af9901e48edb0187e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\de.pak

Filesize
397KB

MD5
cf22ec11a33be744a61f7de1a1e4514f

SHA1
73e84848c6d9f1a2abe62020eb8c6797e4c49b36

SHA256
7cc213e2c9a2d2e2e463083dd030b86da6bba545d5cee4c04df8f80f9a01a641

SHA512
c10c8446e3041d7c0195da184a53cfbd58288c06eaf8885546d2d188b59667c270d647fa7259f5ce140ec6400031a7fc060d0f2348ab627485e2207569154495

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\el.pak

Filesize
712KB

MD5
e66a75680f21ce281995f37099045714

SHA1
d553e80658ee1eea5b0912db1ecc4e27b0ed4790

SHA256
21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f

SHA512
d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\en-GB.pak

Filesize
324KB

MD5
825ed4c70c942939ffb94e77a4593903

SHA1
7a3faee9bf4c915b0f116cb90cec961dda770468

SHA256
e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16

SHA512
41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\en-US.pak

Filesize
326KB

MD5
19d18f8181a4201d542c7195b1e9ff81

SHA1
7debd3cf27bbe200c6a90b34adacb7394cb5929c

SHA256
1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb

SHA512
af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\es-419.pak

Filesize
395KB

MD5
7da3e8aa47ba35d014e1d2a32982a5bb

SHA1
8e35320b16305ad9f16cb0f4c881a89818cd75bb

SHA256
7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c

SHA512
1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\es.pak

Filesize
394KB

MD5
04a9ba7316dc81766098e238a667de87

SHA1
24d7eb4388ecdfecada59c6a791c754181d114de

SHA256
7fa148369c64bc59c2832d617357879b095357fe970bab9e0042175c9ba7cb03

SHA512
650856b6187df41a50f9bed29681c19b4502de6af8177b47bad0bf12e86a25e92aa728311310c28041a18e4d9f48ef66d5ad5d977b6662c44b49bfd1da84522b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\et.pak

Filesize
356KB

MD5
ccc71f88984a7788c8d01add2252d019

SHA1
6a87752eac3044792a93599428f31d25debea369

SHA256
d69489a723b304e305cb1767e6c8da5d5d1d237e50f6ddc76e941dcb01684944

SHA512
d35ccd639f2c199862e178a9fab768d7db10d5a654bc3bc1fab45d00ceb35a01119a5b4d199e2db3c3576f512b108f4a1df7faf6624d961c0fc4bca5af5f0e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\fa.pak

Filesize
577KB

MD5
2e37fd4e23a1707a1eccea3264508dff

SHA1
e00e58ed06584b19b18e9d28b1d52dbfc36d70f3

SHA256
b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e

SHA512
7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\fi.pak

Filesize
365KB

MD5
21e534869b90411b4f9ea9120ffb71c8

SHA1
cc91ffbd19157189e44172392b2752c5f73984c5

SHA256
2d337924139ffe77804d2742eda8e58d4e548e65349f827840368e43d567810b

SHA512
3ca3c0adaf743f92277452b7bd82db4cf3f347de5568a20379d8c9364ff122713befd547fbd3096505ec293ae6771ada4cd3dadac93cc686129b9e5aacf363bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\fil.pak

Filesize
410KB

MD5
d7df2ea381f37d6c92e4f18290c6ffe0

SHA1
7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4

SHA256
db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a

SHA512
96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\fr.pak

Filesize
426KB

MD5
3ee48a860ecf45bafa63c9284dfd63e2

SHA1
1cb51d14964f4dced8dea883bf9c4b84a78f8eb6

SHA256
1923e0edf1ef6935a4a718e3e2fc9a0a541ea0b4f3b27553802308f9fd4fc807

SHA512
eb6105faca13c191fef0c51c651a406b1da66326bb5705615770135d834e58dee9bed82aa36f2dfb0fe020e695c192c224ec76bb5c21a1c716e5f26dfe02f763

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\gu.pak

Filesize
813KB

MD5
308619d65b677d99f48b74ccfe060567

SHA1
9f834df93fd48f4fb4ca30c4058e23288cf7d35e

SHA256
e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4

SHA512
3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\he.pak

Filesize
507KB

MD5
fc84ea7dc7b9408d1eea11beeb72b296

SHA1
de9118194952c2d9f614f8e0868fb273ddfac255

SHA256
15951767dafa7bdbedac803d842686820de9c6df478416f34c476209b19d2d8c

SHA512
49d13976dddb6a58c6fdcd9588e243d705d99dc1325c1d9e411a1d68d8ee47314dfcb661d36e2c4963c249a1542f95715f658427810afcabdf9253aa27eb3b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\hi.pak

Filesize
848KB

MD5
b5dfce8e3ba0aec2721cc1692b0ad698

SHA1
c5d6fa21a9ba3d526f3e998e3f627afb8d1eecf3

SHA256
b1c7fb6909c8a416b513d6de21eea0b5a6b13c7f0a94cabd0d9154b5834a5e8b

SHA512
facf0a9b81af6bb35d0fc5e69809d5c986a2c91a166e507784bdad115644b96697fe504b8d70d9bbb06f0c558f746c085d37e385eef41f0a1c29729d3d97980f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\hr.pak

Filesize
397KB

MD5
255f808210dbf995446d10ff436e0946

SHA1
1785d3293595f0b13648fb28aec6936c48ea3111

SHA256
4df972b7f6d81aa7bdc39e2441310a37f746ae5015146b4e434a878d1244375b

SHA512
8b1a4d487b0782055717b718d58cd21e815b874e2686cdfd2087876b70ae75f9182f783c70bf747cf4ca17a3afc68517a9db4c99449fa09bef658b5e68087f2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\id.pak

Filesize
350KB

MD5
b6fcd5160a3a1ae1f65b0540347a13f2

SHA1
4cf37346318efb67908bba7380dbad30229c4d3d

SHA256
7fd715914e3b0cf2048d4429f3236e0660d5bd5e61623c8fef9b8e474c2ac313

SHA512
a8b4a96e8f9a528b2df3bd1251b72ab14feccf491dd254a7c6ecba831dfaba328adb0fd0b4acddb89584f58f94b123e97caa420f9d7b34131cc51bdbdbf3ed73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\it.pak

Filesize
388KB

MD5
745f16ca860ee751f70517c299c4ab0e

SHA1
54d933ad839c961dd63a47c92a5b935eef208119

SHA256
10e65f42ce01ba19ebf4b074e8b2456213234482eadf443dfad6105faf6cde4c

SHA512
238343d6c80b82ae900f5abf4347e542c9ea016d75fb787b93e41e3c9c471ab33f6b4584387e5ee76950424e25486dd74b9901e7f72876960c0916c8b9cee9a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\ja.pak

Filesize
472KB

MD5
38cd3ef9b7dff9efbbe086fa39541333

SHA1
321ef69a298d2f9830c14140b0b3b0b50bd95cb0

SHA256
d8fab5714dafecb89b3e5fce4c4d75d2b72893e685e148e9b60f7c096e5b3337

SHA512
40785871032b222a758f29e0c6ec696fbe0f6f5f3274cc80085961621bec68d7e0fb47c764649c4dd0c27c6ee02460407775fae9d3a2a8a59362d25a39266ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\kn.pak

Filesize
938KB

MD5
caab4deb1c40507848f9610d849834cf

SHA1
1bc87ff70817ba1e1fdd1b5cb961213418680cbe

SHA256
7a34483e6272f9b8881f0f5a725b477540166561c75b9e7ab627815d4be1a8a4

SHA512
dc4b63e5a037479bb831b0771aec0fe6eb016723bcd920b41ab87ef11505626632877073ce4e5e0755510fe19ba134a7b5899332ecef854008b15639f915860c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\ko.pak

Filesize
398KB

MD5
d6194fc52e962534b360558061de2a25

SHA1
98ed833f8c4beac685e55317c452249579610ff8

SHA256
1a5884bd6665b2f404b7328de013522ee7c41130e57a53038fc991ec38290d21

SHA512
5207a07426c6ceb78f0504613b6d2b8dadf9f31378e67a61091f16d72287adbc7768d1b7f2a923369197e732426d15a872c091cf88680686581d48a7f94988ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\lt.pak

Filesize
429KB

MD5
64b08ffc40a605fe74ecc24c3024ee3b

SHA1
516296e8a3114ddbf77601a11faf4326a47975ab

SHA256
8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e

SHA512
05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\lv.pak

Filesize
427KB

MD5
a8cbd741a764f40b16afea275f240e7e

SHA1
317d30bbad8fd0c30de383998ea5be4eec0bb246

SHA256
a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086

SHA512
3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\ml.pak

Filesize
974KB

MD5
1c81104ac2cbf7f7739af62eb77d20d5

SHA1
0f0d564f1860302f171356ea35b3a6306c051c10

SHA256
66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108

SHA512
969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\mr.pak

Filesize
797KB

MD5
2cf9f07ddf7a3a70a48e8b524a5aed43

SHA1
974c1a01f651092f78d2d20553c3462267ddf4e9

SHA256
23058c0f71d9e40f927775d980524d866f70322e0ef215aa5748c239707451e7

SHA512
0b21570deefa41defc3c25c57b3171635bcb5593761d48a8116888ce8be34c1499ff79c7a3ebbe13b5a565c90027d294c6835e92e6254d582a86750640fe90f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\ms.pak

Filesize
365KB

MD5
aee105366a1870b9d10f0f897e9295db

SHA1
eee9d789a8eeafe593ce77a7c554f92a26a2296f

SHA256
c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939

SHA512
240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\nb.pak

Filesize
358KB

MD5
55d5ad4eacb12824cfcd89470664c856

SHA1
f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673

SHA256
4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261

SHA512
555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\nl.pak

Filesize
370KB

MD5
0f04bac280035fab018f634bcb5f53ae

SHA1
4cad76eaecd924b12013e98c3a0e99b192be8936

SHA256
be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b

SHA512
1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\pl.pak

Filesize
412KB

MD5
f1d48a7dcd4880a27e39b7561b6eb0ab

SHA1
353c3ba213cd2e1f7423c6ba857a8d8be40d8302

SHA256
2593c8b59849fbc690cbd513f06685ea3292cd0187fcf6b9069cbf3c9b0e8a85

SHA512
132da2d3c1a4dad5ccb399b107d7b6d9203a4b264ef8a65add11c5e8c75859115443e1c65ece2e690c046a82687829f54ec855f99d4843f859ab1dd7c71f35a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\pt-BR.pak

Filesize
389KB

MD5
8e931ffbded8933891fb27d2cca7f37d

SHA1
ab0a49b86079d3e0eb9b684ca36eb98d1d1fd473

SHA256
6632bd12f04a5385012b5cdebe8c0dad4a06750dc91c974264d8fe60e8b6951d

SHA512
cf0f6485a65c13cf5ddd6457d34cdea222708b0bb5ca57034ed2c4900fd22765385547af2e2391e78f02dcf00b7a2b3ac42a3509dd4237581cfb87b8f389e48d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\pt-PT.pak

Filesize
390KB

MD5
b4954b064e3f6a9ba546dda5fa625927

SHA1
584686c6026518932991f7de611e2266d8523f9d

SHA256
ee1e014550b85e3d18fb5128984a713d9f6de2258001b50ddd18391e7307b4a1

SHA512
cb3b465b311f83b972eca1c66862b2c5d6ea6ac15282e0094aea455123ddf32e85df24a94a0aedbe1b925ff3ed005ba1e00d5ee820676d7a5a366153ade90ef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\ro.pak

Filesize
403KB

MD5
d2758f6adbaeea7cd5d95f4ad6dde954

SHA1
d7476db23d8b0e11bbabf6a59fde7609586bdc8a

SHA256
2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c

SHA512
8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\ru.pak

Filesize
657KB

MD5
2885bde990ee3b30f2c54a4067421b68

SHA1
ae16c4d534b120fdd68d33c091a0ec89fd58793f

SHA256
9fcda0d1fab7fff7e2f27980de8d94ff31e14287f58bd5d35929de5dd9cbcdca

SHA512
f7781f5c07fbf128399b88245f35055964ff0cde1cc6b35563abc64f520971ce9916827097ca18855b46ec6397639f5416a6e8386a9390afba4332d47d21693f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\sk.pak

Filesize
416KB

MD5
b7e97cc98b104053e5f1d6a671c703b7

SHA1
0f7293f1744ae2cd858eb3431ee016641478ae7d

SHA256
b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f

SHA512
ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\sl.pak

Filesize
401KB

MD5
ca763e801de642e4d68510900ff6fabb

SHA1
c32a871831ce486514f621b3ab09387548ee1cff

SHA256
340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de

SHA512
e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\sr.pak

Filesize
616KB

MD5
c68c235d8e696c098cf66191e648196b

SHA1
5c967fbbd90403a755d6c4b2411e359884dc8317

SHA256
ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b

SHA512
34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\sv.pak

Filesize
361KB

MD5
272f8a8b517c7283eab83ba6993eea63

SHA1
ad4175331b948bd4f1f323a4938863472d9b700c

SHA256
d15b46bc9b5e31449b11251df19cd2ba4920c759bd6d4fa8ca93fd3361fdd968

SHA512
3a0930b7f228a779f727ebfb6ae8820ab5cc2c9e04c986bce7b0f49f9bf124f349248ecdf108edf8870f96b06d58dea93a3e0e2f2da90537632f2109e1aa65f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\sw.pak

Filesize
379KB

MD5
67a443a5c2eaad32625edb5f8deb7852

SHA1
a6137841e8e7736c5ede1d0dc0ce3a44dc41013f

SHA256
41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd

SHA512
e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\ta.pak

Filesize
964KB

MD5
18ec8ff3c0701a6a8c48f341d368bab5

SHA1
8bff8aee26b990cf739a29f83efdf883817e59d8

SHA256
052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9

SHA512
a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\te.pak

Filesize
894KB

MD5
a17f16d7a038b0fa3a87d7b1b8095766

SHA1
b2f845e52b32c513e6565248f91901ab6874e117

SHA256
d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e

SHA512
371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\th.pak

Filesize
753KB

MD5
a32ba63feeed9b91f6d6800b51e5aeae

SHA1
2fbf6783996e8315a4fb94b7d859564350ee5918

SHA256
e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6

SHA512
adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\tr.pak

Filesize
385KB

MD5
5ff2e5c95067a339e3d6b8985156ec1f

SHA1
7525b25c7b07f54b63b6459a0d8c8c720bd8a398

SHA256
14a131ba318274cf10de533a19776db288f08a294cf7e564b7769fd41c7f2582

SHA512
2414386df8d7ab75dcbd6ca2b9ae62ba8e953ddb8cd8661a9f984eb5e573637740c7a79050b2b303af3d5b1d4d1bb21dc658283638718fdd04fc6e5891949d1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\uk.pak

Filesize
657KB

MD5
361a0e1f665b9082a457d36209b92a25

SHA1
3c89e1b70b51820bb6baa64365c64da6a9898e2f

SHA256
bd02966f6c6258b66eae7ff014710925e53fe26e8254d7db4e9147266025cc3a

SHA512
d4d25fc58053f8cce4c073846706dc1ecbc0dc19308ba35501e19676f3e7ed855d7b57ae22a5637f81cefc1aa032bf8770d0737df1924f3504813349387c08cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\ur.pak

Filesize
571KB

MD5
1ca4fa13bd0089d65da7cd2376feb4c6

SHA1
b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c

SHA256
3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f

SHA512
d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\vi.pak

Filesize
455KB

MD5
db0eb3183007de5aae10f934fffacc59

SHA1
e9ea7aeffe2b3f5cf75ab78630da342c6f8b7fd9

SHA256
ddabb225b671b989789e9c2ccd1b5a8f22141a7d9364d4e6ee9b8648305e7897

SHA512
703efd12fcace8172c873006161712de1919572c58d98b11de7834c5628444229f5143d231c41da5b9cf729e32de58dee3603cb3d18c6cdd94aa9aa36fbf5de0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\zh-CN.pak

Filesize
332KB

MD5
82326e465e3015c64ca1db77dc6a56bc

SHA1
e8abe12a8dd2cc741b9637fa8f0e646043bbfe3d

SHA256
6655fd9dcdfaf2abf814ffb6c524d67495aed4d923a69924c65abeab30bc74fb

SHA512
4989789c0b2439666dda4c4f959dffc0ddcb77595b1f817c13a95ed97619c270151597160320b3f2327a7daffc8b521b68878f9e5e5fb3870eb0c43619060407

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\locales\zh-TW.pak

Filesize
330KB

MD5
2456bf42275f15e016689da166df9008

SHA1
70f7de47e585dfea3f5597b5bba1f436510decd7

SHA256
adf8df051b55507e5a79fa47ae88c7f38707d02dfac0cc4a3a7e8e17b58c6479

SHA512
7e622afa15c70785aaf7c19604d281efe0984f621d6599058c97c19d3c0379b2ee2e03b3a7ec597040a4eee250a782d7ec55c335274dd7db7c7ca97ddcfd378a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\resources.pak

Filesize
5.2MB

MD5
7971a016aed2fb453c87eb1b8e3f5eb2

SHA1
92b91e352be8209fadcf081134334dea147e23b8

SHA256
9cfd5d29cde3de2f042e5e1da629743a7c95c1211e1b0b001e4eebc0f0741e06

SHA512
42082ac0c033655f2edae876425a320d96cdaee6423b85449032c63fc0f7d30914aa3531e65428451c07912265b85f5fee2ed0bbdb362994d3a1fa7b14186013

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\resources\app.asar

Filesize
27.6MB

MD5
ad6ec9fb21829f05f645298418cbd99a

SHA1
d3075ed59c02744fe038729501081f83ddf85e49

SHA256
294b94ab608a9578b51c412ddd7c4e4dfed0b7ab7c74d8dad8217ad69f8d4bcb

SHA512
c424dbf28ada3b333f6cfae5e95b038ebabce9d6caa6783af2b9889694c82a534d168da4e3cb1e419c6b113cd18ac89b431cda78c5820aa0564dc70b699302d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\snapshot_blob.bin

Filesize
158KB

MD5
8fef5a96dbcc46887c3ff392cbdb1b48

SHA1
ed592d75222b7828b7b7aab97b83516f60772351

SHA256
4de0f720c416776423add7ada621da95d0d188d574f08e36e822ad10d85c3ece

SHA512
e52c7820c69863ecc1e3b552b7f20da2ad5492b52cac97502152ebff45e7a45b00e6925679fd7477cdc79c68b081d6572eeed7aed773416d42c9200accc7230e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\v8_context_snapshot.bin

Filesize
465KB

MD5
a373d83d4c43ba957693ad57172a251b

SHA1
8e0fdb714df2f4cb058beb46c06aa78f77e5ff86

SHA256
43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c

SHA512
07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\vk_swiftshader.dll

Filesize
5.0MB

MD5
a0845e0774702da9550222ab1b4fded7

SHA1
65d5bd6c64090f0774fd0a4c9b215a868b48e19b

SHA256
6150a413ebe00f92f38737bdccf493d19921ef6329fcd48e53de9dbde4780810

SHA512
4be0cb1e3c942a1695bae7b45d21c5f70e407132ecc65efb5b085a50cdab3c33c26e90bd7c86198ec40fb2b18d026474b6c649776a3ca2ca5bff6f922de2319b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\7z-out\vulkan-1.dll

Filesize
899KB

MD5
0e4e0f481b261ea59f196e5076025f77

SHA1
c73c1f33b5b42e9d67d819226db69e60d2262d7b

SHA256
f681844896c084d2140ac210a974d8db099138fe75edb4df80e233d4b287196a

SHA512
e6127d778ec73acbeb182d42e5cf36c8da76448fbdab49971de88ec4eb13ce63140a2a83fc3a1b116e41f87508ff546c0d7c042b8f4cdd9e07963801f3156ba2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC02A.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
memory/3172-924-0x000001175C0F0000-0x000001175C140000-memory.dmp

Filesize
320KB

Download
memory/3172-914-0x000001175BF40000-0x000001175BF62000-memory.dmp

Filesize
136KB

Download
memory/5040-986-0x0000018F60280000-0x0000018F60281000-memory.dmp

Filesize
4KB

Download
memory/5040-987-0x0000018F60280000-0x0000018F60281000-memory.dmp

Filesize
4KB

Download
memory/5040-985-0x0000018F60280000-0x0000018F60281000-memory.dmp

Filesize
4KB

Download
memory/5040-992-0x0000018F60280000-0x0000018F60281000-memory.dmp

Filesize
4KB

Download
memory/5040-997-0x0000018F60280000-0x0000018F60281000-memory.dmp

Filesize
4KB

Download
memory/5040-996-0x0000018F60280000-0x0000018F60281000-memory.dmp

Filesize
4KB

Download
memory/5040-995-0x0000018F60280000-0x0000018F60281000-memory.dmp

Filesize
4KB

Download
memory/5040-994-0x0000018F60280000-0x0000018F60281000-memory.dmp

Filesize
4KB

Download
memory/5040-993-0x0000018F60280000-0x0000018F60281000-memory.dmp

Filesize
4KB

Download
memory/5040-991-0x0000018F60280000-0x0000018F60281000-memory.dmp

Filesize
4KB

Download