b00d0a0f78fcce81c653972072faf8bcacba8967d5bfa97ad88bfc90d54d0eaf

Resubmissions

01-08-2024 21:24

240801-z9cxws1cjd 9

31-07-2024 11:45

240731-nwq2ta1enn 9

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

node_manager.exe
Size

83.3MB
MD5

c8649a472f93c776664366ef36ffba67
SHA1

e8b7c7196ff96d1b97fb7d71aed124c2a2eb1f5c
SHA256

b00d0a0f78fcce81c653972072faf8bcacba8967d5bfa97ad88bfc90d54d0eaf
SHA512

bf0ff3453dc17d9025eee2724cfe789bbb57282001e25b282e80dd604cb428670ddacd27d5d44650f3cd23d04090471cd3fa4a776303689b0be7f2b0386097b7
SSDEEP

1572864:w9eyHWNREH0/Mu4zF+gWkGfLHIm8MJu5RZDB1f+ptxbSJkBiOP+gfx2OIwy:wapf4zkXjzHIQu5XDB16BP2bwy

Score

9^/10

credential_access discovery execution spyware stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000\Control Panel\International\Geo\Nation	node_manager-ns.exe.exe

Executes dropped EXE 4 IoCs

pid	Process
1600	node_manager-ns.exe.exe
3404	node_manager-ns.exe.exe
1524	node_manager-ns.exe.exe
2824	node_manager-ns.exe.exe

Loads dropped DLL 14 IoCs

pid	Process
1408	node_manager.exe
1408	node_manager.exe
1408	node_manager.exe
1600	node_manager-ns.exe.exe
1600	node_manager-ns.exe.exe
3404	node_manager-ns.exe.exe
1524	node_manager-ns.exe.exe
3404	node_manager-ns.exe.exe
3404	node_manager-ns.exe.exe
3404	node_manager-ns.exe.exe
3404	node_manager-ns.exe.exe
1600	node_manager-ns.exe.exe
2824	node_manager-ns.exe.exe
2824	node_manager-ns.exe.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
18	ipinfo.io
19	ipinfo.io

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
1612	tasklist.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 16 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2780	powershell.exe
4032	powershell.exe
2488	powershell.exe
1868	powershell.exe
4924	powershell.exe
1000	powershell.exe
3636	powershell.exe
4220	powershell.exe
736	powershell.exe
452	powershell.exe
116	powershell.exe
2180	powershell.exe
3880	powershell.exe
4940	powershell.exe
3820	powershell.exe
2380	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	node_manager.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	node_manager-ns.exe.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	node_manager-ns.exe.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	node_manager-ns.exe.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	node_manager-ns.exe.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	node_manager-ns.exe.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	node_manager-ns.exe.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	node_manager-ns.exe.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	reg.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4240	taskkill.exe

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

pid	Process
3880	reg.exe
2944	reg.exe
1260	reg.exe
512	reg.exe
1960	reg.exe
3664	reg.exe
5976	reg.exe
5052	reg.exe
1768	reg.exe
3820	reg.exe
4984	reg.exe
6108	reg.exe
1420	reg.exe
5452	reg.exe
5952	reg.exe
928	reg.exe
3852	reg.exe
2784	reg.exe
3504	reg.exe
3124	reg.exe
5620	reg.exe
5504	reg.exe
3496	reg.exe
3648	reg.exe
1080	reg.exe
2820	reg.exe
1484	reg.exe
3596	reg.exe
5704	reg.exe
6128	reg.exe
6116	reg.exe
960	reg.exe
824	reg.exe
3420	reg.exe
1828	reg.exe
5360	reg.exe
3896	reg.exe
1000	reg.exe
3636	reg.exe
1144	reg.exe
3308	reg.exe
3420	reg.exe
5348	reg.exe
2232	reg.exe
4284	reg.exe
1344	reg.exe
4972	reg.exe
4932	reg.exe
2360	reg.exe
1828	reg.exe
5352	reg.exe
5248	reg.exe
6032	reg.exe
956	reg.exe
1164	reg.exe
4940	reg.exe
2172	reg.exe
4960	reg.exe
5556	reg.exe
3968	reg.exe
1084	reg.exe
3804	reg.exe
5484	reg.exe
116	reg.exe

Suspicious behavior: EnumeratesProcesses 47 IoCs

pid	Process
4924	powershell.exe
2780	powershell.exe
2780	powershell.exe
4924	powershell.exe
4924	powershell.exe
736	powershell.exe
736	powershell.exe
2780	powershell.exe
736	powershell.exe
1000	powershell.exe
1000	powershell.exe
3880	powershell.exe
3880	powershell.exe
3636	powershell.exe
3636	powershell.exe
1000	powershell.exe
3880	powershell.exe
3636	powershell.exe
1868	powershell.exe
1868	powershell.exe
4220	powershell.exe
4220	powershell.exe
3820	powershell.exe
3820	powershell.exe
2488	powershell.exe
2488	powershell.exe
4940	powershell.exe
4940	powershell.exe
4032	powershell.exe
4032	powershell.exe
452	powershell.exe
452	powershell.exe
4220	powershell.exe
2488	powershell.exe
3820	powershell.exe
1868	powershell.exe
452	powershell.exe
4940	powershell.exe
4032	powershell.exe
2380	powershell.exe
2380	powershell.exe
116	powershell.exe
116	powershell.exe
2180	powershell.exe
2180	powershell.exe
2824	node_manager-ns.exe.exe
2824	node_manager-ns.exe.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1408	node_manager.exe
Token: SeShutdownPrivilege	1600	node_manager-ns.exe.exe
Token: SeCreatePagefilePrivilege	1600	node_manager-ns.exe.exe
Token: SeShutdownPrivilege	1600	node_manager-ns.exe.exe
Token: SeCreatePagefilePrivilege	1600	node_manager-ns.exe.exe
Token: SeDebugPrivilege	4240	taskkill.exe
Token: SeDebugPrivilege	4924	powershell.exe
Token: SeDebugPrivilege	2780	powershell.exe
Token: SeDebugPrivilege	736	powershell.exe
Token: SeShutdownPrivilege	1600	node_manager-ns.exe.exe
Token: SeCreatePagefilePrivilege	1600	node_manager-ns.exe.exe
Token: SeIncreaseQuotaPrivilege	736	powershell.exe
Token: SeSecurityPrivilege	736	powershell.exe
Token: SeTakeOwnershipPrivilege	736	powershell.exe
Token: SeLoadDriverPrivilege	736	powershell.exe
Token: SeSystemProfilePrivilege	736	powershell.exe
Token: SeSystemtimePrivilege	736	powershell.exe
Token: SeProfSingleProcessPrivilege	736	powershell.exe
Token: SeIncBasePriorityPrivilege	736	powershell.exe
Token: SeCreatePagefilePrivilege	736	powershell.exe
Token: SeBackupPrivilege	736	powershell.exe
Token: SeRestorePrivilege	736	powershell.exe
Token: SeShutdownPrivilege	736	powershell.exe
Token: SeDebugPrivilege	736	powershell.exe
Token: SeSystemEnvironmentPrivilege	736	powershell.exe
Token: SeRemoteShutdownPrivilege	736	powershell.exe
Token: SeUndockPrivilege	736	powershell.exe
Token: SeManageVolumePrivilege	736	powershell.exe
Token: 33	736	powershell.exe
Token: 34	736	powershell.exe
Token: 35	736	powershell.exe
Token: 36	736	powershell.exe
Token: SeIncreaseQuotaPrivilege	4924	powershell.exe
Token: SeSecurityPrivilege	4924	powershell.exe
Token: SeTakeOwnershipPrivilege	4924	powershell.exe
Token: SeLoadDriverPrivilege	4924	powershell.exe
Token: SeSystemProfilePrivilege	4924	powershell.exe
Token: SeSystemtimePrivilege	4924	powershell.exe
Token: SeProfSingleProcessPrivilege	4924	powershell.exe
Token: SeIncBasePriorityPrivilege	4924	powershell.exe
Token: SeCreatePagefilePrivilege	4924	powershell.exe
Token: SeBackupPrivilege	4924	powershell.exe
Token: SeRestorePrivilege	4924	powershell.exe
Token: SeShutdownPrivilege	4924	powershell.exe
Token: SeDebugPrivilege	4924	powershell.exe
Token: SeSystemEnvironmentPrivilege	4924	powershell.exe
Token: SeRemoteShutdownPrivilege	4924	powershell.exe
Token: SeUndockPrivilege	4924	powershell.exe
Token: SeManageVolumePrivilege	4924	powershell.exe
Token: 33	4924	powershell.exe
Token: 34	4924	powershell.exe
Token: 35	4924	powershell.exe
Token: 36	4924	powershell.exe
Token: SeDebugPrivilege	3636	powershell.exe
Token: SeDebugPrivilege	1000	powershell.exe
Token: SeDebugPrivilege	3880	powershell.exe
Token: SeShutdownPrivilege	1600	node_manager-ns.exe.exe
Token: SeCreatePagefilePrivilege	1600	node_manager-ns.exe.exe
Token: SeIncreaseQuotaPrivilege	3880	powershell.exe
Token: SeSecurityPrivilege	3880	powershell.exe
Token: SeTakeOwnershipPrivilege	3880	powershell.exe
Token: SeLoadDriverPrivilege	3880	powershell.exe
Token: SeSystemProfilePrivilege	3880	powershell.exe
Token: SeSystemtimePrivilege	3880	powershell.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1600	node_manager-ns.exe.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 1600	1408	node_manager.exe	86
PID 1408 wrote to memory of 1600	1408	node_manager.exe	86
PID 1600 wrote to memory of 4176	1600	node_manager-ns.exe.exe	88
PID 1600 wrote to memory of 4176	1600	node_manager-ns.exe.exe	88
PID 4176 wrote to memory of 4204	4176	cmd.exe	90
PID 4176 wrote to memory of 4204	4176	cmd.exe	90
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 3404	1600	node_manager-ns.exe.exe	91
PID 1600 wrote to memory of 1524	1600	node_manager-ns.exe.exe	92
PID 1600 wrote to memory of 1524	1600	node_manager-ns.exe.exe	92
PID 1600 wrote to memory of 4520	1600	node_manager-ns.exe.exe	93
PID 1600 wrote to memory of 4520	1600	node_manager-ns.exe.exe	93
PID 1600 wrote to memory of 4084	1600	node_manager-ns.exe.exe	95
PID 1600 wrote to memory of 4084	1600	node_manager-ns.exe.exe	95
PID 4520 wrote to memory of 956	4520	cmd.exe	97
PID 4520 wrote to memory of 956	4520	cmd.exe	97
PID 4084 wrote to memory of 4240	4084	cmd.exe	98
PID 4084 wrote to memory of 4240	4084	cmd.exe	98
PID 1600 wrote to memory of 1084	1600	node_manager-ns.exe.exe	100
PID 1600 wrote to memory of 1084	1600	node_manager-ns.exe.exe	100
PID 1600 wrote to memory of 736	1600	node_manager-ns.exe.exe	102
PID 1600 wrote to memory of 736	1600	node_manager-ns.exe.exe	102
PID 1600 wrote to memory of 4924	1600	node_manager-ns.exe.exe	103
PID 1600 wrote to memory of 4924	1600	node_manager-ns.exe.exe	103
PID 1600 wrote to memory of 2780	1600	node_manager-ns.exe.exe	104
PID 1600 wrote to memory of 2780	1600	node_manager-ns.exe.exe	104
PID 1600 wrote to memory of 1620	1600	node_manager-ns.exe.exe	108
PID 1600 wrote to memory of 1620	1600	node_manager-ns.exe.exe	108
PID 1620 wrote to memory of 3852	1620	cmd.exe	110
PID 1620 wrote to memory of 3852	1620	cmd.exe	110
PID 1600 wrote to memory of 4564	1600	node_manager-ns.exe.exe	111
PID 1600 wrote to memory of 4564	1600	node_manager-ns.exe.exe	111
PID 4564 wrote to memory of 3752	4564	cmd.exe	113
PID 4564 wrote to memory of 3752	4564	cmd.exe	113
PID 1600 wrote to memory of 1000	1600	node_manager-ns.exe.exe	114
PID 1600 wrote to memory of 1000	1600	node_manager-ns.exe.exe	114

C:\Users\Admin\AppData\Local\Temp\node_manager.exe
"C:\Users\Admin\AppData\Local\Temp\node_manager.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Users\Admin\AppData\Local\Temp\2jkdcBfdFlHID3sDgPpZpWds9yV\node_manager-ns.exe.exe
  C:\Users\Admin\AppData\Local\Temp\2jkdcBfdFlHID3sDgPpZpWds9yV\node_manager-ns.exe.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4176
  - - C:\Windows\system32\chcp.com
      chcp
      4⤵
      PID:4204
- - C:\Users\Admin\AppData\Local\Temp\2jkdcBfdFlHID3sDgPpZpWds9yV\node_manager-ns.exe.exe
    "C:\Users\Admin\AppData\Local\Temp\2jkdcBfdFlHID3sDgPpZpWds9yV\node_manager-ns.exe.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\node_manager" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,13061826042500075624,12041743938693167643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1908 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3404
- - C:\Users\Admin\AppData\Local\Temp\2jkdcBfdFlHID3sDgPpZpWds9yV\node_manager-ns.exe.exe
    "C:\Users\Admin\AppData\Local\Temp\2jkdcBfdFlHID3sDgPpZpWds9yV\node_manager-ns.exe.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\node_manager" --field-trial-handle=2308,i,13061826042500075624,12041743938693167643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Martin Prikryl\WinSCP 2\Sessions""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4520
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKCU\Software\Martin Prikryl\WinSCP 2\Sessions"
      4⤵
      PID:956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4084
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
    3⤵
    PID:1084
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:736
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4924
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1620
  - - C:\Windows\system32\findstr.exe
      findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
      4⤵
      PID:3852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "reg query "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v FeatureSet"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4564
  - - C:\Windows\system32\reg.exe
      reg query "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v FeatureSet
      4⤵
      Checks processor information in registry
      PID:3752
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1000
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3636
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3880
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4220
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1868
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2488
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4032
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3820
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4940
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:452
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2380
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:116
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2180
- - C:\Windows\system32\tasklist.exe
    tasklist /nh /fo csv
    3⤵
    - Enumerates processes with tasklist
    PID:1612
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    3⤵
    - Modifies registry key
    PID:3820
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
    3⤵
    - Modifies registry key
    PID:960
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
    3⤵
    - Modifies registry key
    PID:3420
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
    3⤵
    PID:1724
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
    3⤵
    - Modifies registry key
    PID:3308
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
    3⤵
    - Modifies registry key
    PID:824
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
    3⤵
    - Modifies registry key
    PID:1828
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
    3⤵
    - Modifies registry key
    PID:3852
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
    3⤵
    - Modifies registry key
    PID:1260
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
    3⤵
    - Modifies registry key
    PID:1144
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
    3⤵
    - Modifies registry key
    PID:2360
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
    3⤵
    - Modifies registry key
    PID:1344
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 124.0.2 (x64 en-US)"
    3⤵
    PID:3736
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
    3⤵
    PID:1620
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
    3⤵
    - Modifies registry key
    PID:1084
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
    3⤵
    PID:3640
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
    3⤵
    - Modifies registry key
    PID:2172
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
    3⤵
    PID:2004
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
    3⤵
    - Modifies registry key
    PID:4940
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}
    3⤵
    PID:3344
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}
    3⤵
    PID:3624
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
    3⤵
    - Modifies registry key
    PID:3664
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}
    3⤵
    - Modifies registry key
    PID:3124
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}
    3⤵
    - Modifies registry key
    PID:3504
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}
    3⤵
    - Modifies registry key
    PID:3636
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
    3⤵
    - Modifies registry key
    PID:3648
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
    3⤵
    - Modifies registry key
    PID:2820
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}
    3⤵
    - Modifies registry key
    PID:1000
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}
    3⤵
    - Modifies registry key
    PID:2784
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
    3⤵
    - Modifies registry key
    PID:4984
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
    3⤵
    - Modifies registry key
    PID:3968
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}
    3⤵
    - Modifies registry key
    PID:1164
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}
    3⤵
    - Modifies registry key
    PID:928
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}
    3⤵
    - Modifies registry key
    PID:2944
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}
    3⤵
    - Modifies registry key
    PID:4932
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}
    3⤵
    - Modifies registry key
    PID:1960
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}
    3⤵
    PID:4348
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}
    3⤵
    PID:4060
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}
    3⤵
    - Modifies registry key
    PID:956
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}
    3⤵
    - Modifies registry key
    PID:1080
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}
    3⤵
    PID:5060
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
    3⤵
    - Modifies registry key
    PID:4972
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}
    3⤵
    PID:2380
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}
    3⤵
    - Modifies registry key
    PID:3880
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
    3⤵
    PID:5880
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
    3⤵
    PID:5928
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
    3⤵
    PID:5936
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
    3⤵
    - Modifies registry key
    PID:5952
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
    3⤵
    PID:5960
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
    3⤵
    - Modifies registry key
    PID:5976
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"
    3⤵
    PID:5984
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
    3⤵
    PID:5996
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
    3⤵
    PID:6016
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
    3⤵
    - Modifies registry key
    PID:6032
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
    3⤵
    PID:6044
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1724
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"
    3⤵
    PID:6064
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"
    3⤵
    PID:6072
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
    3⤵
    PID:6092
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
    3⤵
    - Modifies registry key
    PID:6108
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
    3⤵
    - Modifies registry key
    PID:6116
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
    3⤵
    - Modifies registry key
    PID:6128
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757
    3⤵
    - Modifies registry key
    PID:1768
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173
    3⤵
    PID:1388
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860
    3⤵
    - Modifies registry key
    PID:3896
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655
    3⤵
    - Modifies registry key
    PID:3496
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743
    3⤵
    - Modifies registry key
    PID:5248
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063
    3⤵
    - Modifies registry key
    PID:5052
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573
    3⤵
    PID:1560
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
    3⤵
    - Modifies registry key
    PID:5556
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
    3⤵
    - Modifies registry key
    PID:5348
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}
    3⤵
    - Modifies registry key
    PID:3420
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}
    3⤵
    - Modifies registry key
    PID:1420
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}
    3⤵
    - Modifies registry key
    PID:1484
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}
    3⤵
    - Modifies registry key
    PID:5360
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}
    3⤵
    PID:5420
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
    3⤵
    - Modifies registry key
    PID:512
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
    3⤵
    - Modifies registry key
    PID:1828
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3344
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}
    3⤵
    - Modifies registry key
    PID:5352
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
    3⤵
    - Modifies registry key
    PID:3804
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}
    3⤵
    PID:2400
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
    3⤵
    - Modifies registry key
    PID:5620
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}
    3⤵
    - Modifies registry key
    PID:4284
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}
    3⤵
    PID:5708
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}
    3⤵
    - Modifies registry key
    PID:5504
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}
    3⤵
    - Modifies registry key
    PID:5704
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
    3⤵
    - Modifies registry key
    PID:3596
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757
    3⤵
    - Modifies registry key
    PID:5452
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173
    3⤵
    - Modifies registry key
    PID:4960
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860
    3⤵
    - Modifies registry key
    PID:2232
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655
    3⤵
    - Modifies registry key
    PID:116
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1612
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743
    3⤵
    PID:432
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063
    3⤵
    PID:5640
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573
    3⤵
    - Modifies registry key
    PID:5484
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}
    3⤵
    PID:5404
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
    3⤵
    PID:5036
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe
    3⤵
    PID:5776
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
    3⤵
    PID:5080
- - C:\Users\Admin\AppData\Local\Temp\2jkdcBfdFlHID3sDgPpZpWds9yV\node_manager-ns.exe.exe
    "C:\Users\Admin\AppData\Local\Temp\2jkdcBfdFlHID3sDgPpZpWds9yV\node_manager-ns.exe.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\node_manager" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2524,i,13061826042500075624,12041743938693167643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2520 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2824

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv lOWHpwWoYk+7sDT/EO2/0A.0.1
1⤵
PID:116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
50c591ec2a1e49297738ea9f28e3ad23

SHA1
137e36b4c7c40900138a6bcf8cf5a3cce4d142af

SHA256
7648d785bda8cef95176c70711418cf3f18e065f7710f2ef467884b4887d8447

SHA512
33b5fa32501855c2617a822a4e1a2c9b71f2cf27e1b896cf6e5a28473cfd5e6d126840ca1aa1f59ef32b0d0a82a2a95c94a9cc8b845367b61e65ec70d456deec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
019f970150a28238d5eb12e357a5b278

SHA1
0f27decd03a1df01370afc7ee53d331462548792

SHA256
10166f6e3f9f7d6022cf3289b401a4c1a9ec10730a27cf61dd7e2d3e8561fb7c

SHA512
797397640ed1a7ab1e82f5a5e4c83d10e1c66ccfa6d1efe7970297f5130653300a3570f13b0dbc94506db88f3aa9a06726c9ca876e3446f94c5d4c4dbe235828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
2f87410b0d834a14ceff69e18946d066

SHA1
f2ec80550202d493db61806693439a57b76634f3

SHA256
5422bc17b852ad463110de0db9b59ffa4219e065d3e2843618d6ebbd14273c65

SHA512
a313702f22450ceff0a1d7f890b0c16cf667dbcd668dbafa6dbecd0791236c0bc68e834d12113cc75352365c2a2b6cfcf30b6ef7c97ea53ed135da50de389db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
e675a417ea7993e01138684d6f40f7c0

SHA1
8cd73f05516d82ae89f1af91e8c51943e5d857ff

SHA256
0e236634c3fc10a36037c30256e566518f47913b5b4370a2f20d6dea6006e2a4

SHA512
fb24e8b0f6c7764e9ef4cc7a84a95b560d6918c3e6a2faf5c6f67368cbf08a5bc5db2201c5a61513e7dde6081b762f94448bc393a54442ff8239f3eec62ef097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
31357f98a8859668bcc6be19fdee0071

SHA1
df24b1a5f129cf0445edb86d23ac4aa06a9e9b59

SHA256
6c913d16b87544a4cc981fd27456513c5f25326214a345ccafe2c89f9e697ed4

SHA512
6d2edc99710a2bb94a5945a3d4e70aeeea262e2d26dd7a19daf2e181160f3433065cbd66875b666c0edbac600041d09d1a9f686bf1cb3d28907d80566b4545c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
2c8282cffa0edd52b54833bab3038919

SHA1
59688e35195835d229755fc8d43f47d6ad60faa3

SHA256
2ea7ef3cad87209248d11cddb7582bed415595d3e2495e1f1ee582e2a6a19f16

SHA512
3789da7a33d164009d466b9197c55b97dc1b7234f86767bfbcee8a50b20b4522a39b9999862a24e71f14eb1f9771cc23a057ba68fa1c6299f53cbcbbf5fc84b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
b58bab743a8dc6b439281795220878bb

SHA1
1549f301b0eb4c1318b2b0b368f2c2504a2bee0d

SHA256
a834fc7652d15d22fdbd6b627eebb4a3e61c46ff5bd66a30a776c4d04f546c8f

SHA512
f45e4aa5dcf810af4b2402d343a7e5d7b4cf9f0f432f42004008cb6b780c9bee8c3892394d5e0093f974a51933f6f7a563d3ce5a58bd004479dd017535d7701e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
8949d859b195751fe5d524c8ab563c93

SHA1
98edc119fc8b29da5edb602c023fa7b897270438

SHA256
20f22b4ba680ab4e62529b06d691ddbd83aeb25e9adf21a2ed21407f201249a2

SHA512
fd27a7a6a09d6933a693138aaf061f2a4af36ef2dd87a02f7ec4de6e5f0809dae12c2b6480cede02759f81de4f2a536ee7302d8155dbb9f529a7f8d464cf015b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
b7d2c95f77260accb9347c7714dc0283

SHA1
1243f2a59271e783e31da22cbabbb6c36e567f46

SHA256
832ed75b407b04f91351847186631c0cbd1e0aba4c20522dfaed4d9e4b11073c

SHA512
c9421325287a0615e991a19f3dc31acd4e7fc0e4bebd9a987cece5f70b842d46ca6499db3738ac8d263b4f80e6e7be5b4be16034cc43f5d23b2d6f6cee4c06d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
4b907d87b25d37819c80941634384e5c

SHA1
74eb9eaeadc71d9e10861abf24e31050f0aa038e

SHA256
fc06477ef5258a2fca09d5d3ee293cc9b1b07d5636eb1caa7aadbb91bcda0b50

SHA512
e17d000e798dd6db30d88d9369483f2e6fad96ffb3126ed2410758c71f38c15ab56dc129dff66e690adbf9e4a8f636a3f5081d092356d1322f8bf65f643bfa5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jkdcBfdFlHID3sDgPpZpWds9yV\chrome_100_percent.pak

Filesize
148KB

MD5
cb4f128469cd84711ed1c9c02212c7a8

SHA1
8ae60303be80b74163d5c4132de4a465a1eafc52

SHA256
7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3

SHA512
0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

Download Submit
C:\Users\Admin\AppData\Local\Temp\8a30eedf-43a1-4197-8136-a3b467d35236.tmp.node

Filesize
1.6MB

MD5
b2726d66e0c754a2879c7e84d0c32242

SHA1
b91eb989b5eb400082ede220a6e1fd550b370b4d

SHA256
bd8f3f8d48f9b30b7b4c213bc9d4ef10442b4d7e464be400ba32c71053e59c2c

SHA512
d71b74e9663283bb326eabdcd4b3c96179230ff5a90bf7397ea5aa7c38c449b83c9844d97d69ce12ed164ea69c2b6e636ff77453cfb5588badade90d0595b994

Download Submit
C:\Users\Admin\AppData\Local\Temp\Aura-Admin\Desktop Screenshot (0).png

Filesize
258KB

MD5
11ac55ced204da6098dcfa8e0f7f5d3e

SHA1
4366744f4db3efb3a0073d4db1c5d48d6ab69124

SHA256
61e1f3e3828e84f2cdf6098168e7b3341e8d5df3a70aa9325fbd4ab87fc4df97

SHA512
e12c8cb9779ad7329f685ce3d77c2964d0cb9378b8dee12558f8c4aa4bf20e1a42574fb175c402040e7adaa2d42fdcf4710ec410639774402cca9eb4c637301f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Aura-Admin\System Informations.txt

Filesize
3KB

MD5
c69b4c9a25566073a80bf3d601ac62df

SHA1
90ac6b1cabb5dff49ce0a863e4c6244e5bd2e101

SHA256
9246d5b7611e0ebdc20c5aebe997dde7453b5496b63be0c5a2d70805700ce94a

SHA512
b0adfe9979ca02feb2cdca8bdda18c4b81a27cef01beec1d86f6786e970b0364370af90822474794ab8d97681ba025e8eb44824a2b296e0f3158b9ad225f0d34

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ms1i5wis.r1z.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\LICENSES.chromium.html

Filesize
9.0MB

MD5
aaea51a605688fcb2f178fd60e4ca64c

SHA1
69d4791bf3cfedb68bc4d8f766878103578171cb

SHA256
96837a4a521a61bd3d34f2f660e29902d228aaec501eeb2a84403f1926c3df9d

SHA512
d328bf2f9ff7372a716a09e5882b9e3c0051b0135412b3258453085db1de2c7699c8aae24edfaca7798f468802db975977c9976e19fca84fffe884bf8594c33e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\chrome_200_percent.pak

Filesize
223KB

MD5
e9c1423fe5d139a4c88ba8b107573536

SHA1
46d3efe892044761f19844c4c4b8f9576f9ca43e

SHA256
2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa

SHA512
abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\ffmpeg.dll

Filesize
2.6MB

MD5
bf71f43a11049f853e72c0b1552926bc

SHA1
75bcc1f3f5e515491b32202ac3fab2e2f4f40aa5

SHA256
1178ebc025d6309975aa35dc37e3d9b400b5ef0b17ee4ee70e8c7f0585dc5f62

SHA512
8ac6c94d49a33dac22edc0a73b95d09a5da18fe56301304acf43b600065775871621b80c7ccad9c1c0dc451b4fbb9adbdf46db7db1b054ab2ef80c29f0766223

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\libEGL.dll

Filesize
470KB

MD5
5e461770b31bb938599f8786b1c885bb

SHA1
ec1428334166a3e569ef1d6b86392741bad0d427

SHA256
10caa1a1e84d9a068a807f39de6e502e6386261b07b37ffb8d382af1fa814023

SHA512
b9577d55a8c373db85f7b800ab2f616d3d0ffa6f532980b1f88d64b9e07356ceb2a9aae9550baa158a704045b7592c438daef80814c318eba9dde43fa061c0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\libGLESv2.dll

Filesize
7.7MB

MD5
ac8eacbc17fa238bec9cd53583829d4f

SHA1
aed3a4b73dd6caec9302fed52ef844ef1f210468

SHA256
d2b525e5b5ca3eef75cd5191d563f5f01008fd94b643189d4b0afa502f34963a

SHA512
5105179d62287f53c41f20806d13b2ffcc1c9b626c1295577f867adb247f5f93618621dc64cdb7eda2ded513eb3e666e5be26b109d8b34e38234665f3f4b5c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\af.pak

Filesize
494KB

MD5
e48860fe82ef022ffab38cbc4c96dffc

SHA1
a832fa66bfddabf3ae7f219cf379f66d2903162a

SHA256
e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13

SHA512
e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\am.pak

Filesize
799KB

MD5
5d55f8a437e65dd7962337857e78970b

SHA1
b83d6a98718459951dc9272344cfde8f1291c05b

SHA256
f7d24b9cd21562665ba250caee9c280a1c95efea4b5f37d1afdd36c369a61b87

SHA512
02cb8b52a58dae796decbff871c45311396b29a7ba1737320b73c817cb3c417c447169940148958d7b741456b009c08461fb43f89a3a0205606fb407579341ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\ar.pak

Filesize
874KB

MD5
c49f4afca050466af21212e88860f8fe

SHA1
adddf85ea75a24b92f1fcc4fe07a81a35d08f2c4

SHA256
11df77de069364d7f0e2b42fd2b7291abd8da5e4fa2d69a1b82c12a98a89dd00

SHA512
6060d96a59e424f9a630e70efced6866c074f8bf0c89273a28f9766e8c2b625bc80ea5c691a8c33c1f11a3cf1c4d34d96cdacb19a2ca61b61fcd45365d138843

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\bg.pak

Filesize
913KB

MD5
e6608ecc589e87a6f78f9ce553ec2609

SHA1
9fdb2ff6291549df773ba243b3a92b984b15bdf6

SHA256
97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768

SHA512
25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\bn.pak

Filesize
1.1MB

MD5
e9d2d6a60e167ad6fc9617b3f82247f2

SHA1
3d028cc6b04eb6879a5c01fa24f280fba43a656f

SHA256
e3f2a4b955b9a701829cd71d22bdcc562a67bc7926a3a349d99dfa2c5863bdf5

SHA512
e588eb68b853b9d39a483081b7d622dc3d7d4eea0292bf15e8462f4fb3936bd803a3f077c3583a93de42468cf53fa1898625e11a4e358729f50136f818d2c7f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\ca.pak

Filesize
556KB

MD5
2c116e3a86dbbd83a0c4c3ded4ef4ab5

SHA1
c88668807d5bcffef0fd8fb379dfcbd33c2a8a2f

SHA256
07c60044a97a4df15d7061b2833e9cbe11efa26b095fc7aec269770eb36431bb

SHA512
235eecd6d39fe01e1a88d391b3040f8b62a31eed91e6d0923b3d0c20aa7951c3cec8a4e3299046ace03cd095bb0a97f471e3c7bf40be0fd2b0a2f6a96f2804a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\cs.pak

Filesize
572KB

MD5
3607f223a1fdd2d016fa7a3761f26c54

SHA1
90a50fea74a4982abba1ae86cdb08533d4180325

SHA256
85699626522c2a8eb1efa3354c570057c3f665217d9d02a5d366a7c9048db59c

SHA512
80d5230fca6398732b8003bbc73200c724682d05a743572997323cbad2f43de483e7840daa748e069404d5fef84a48958254c49edb799742822c499990e2b85b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\da.pak

Filesize
518KB

MD5
c22b2477e29ddbd8bcf1df1b51b738a5

SHA1
482f5591e4938ee86ab2c2339fe63ed84d17ea8d

SHA256
4738f526d617a8eae389e239925019ba73a7ab9d584f512b5e1000c9c3e81af6

SHA512
cb23d13ab54de8b232530ef5b9ac8aea6be942c32375323c5a88438ab79860d5b38c94642a35f2a42be233dcf3d1f1d7ff7e2675de9daababdfbd27b73b90fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\de.pak

Filesize
553KB

MD5
112a6f63c2964d6b5502da3f3f5cafed

SHA1
e4590d638a3f18aaf282f33a42221716cc9f8330

SHA256
a6a0ab85e5fb2988778ceab4fa526659574f1077ea063bb585c9185b12eb9874

SHA512
f902f2d92ea2d377f9223710e732a71f8127af92c3ff9709315538ae29d50fbbdba4f68376ecee89735be53d44683fb6c9050bcc8ca5adf87ffc87c0e32f8d22

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\el.pak

Filesize
1002KB

MD5
f86feba0f29bacae666e5daf69c99c3f

SHA1
4b1a3cd58e455d9c9a8e6ca9ea8e26556295642e

SHA256
6a2db5d60532c50501f247773aa225cc463772925fedd6959af4f64d69bcfe33

SHA512
745f9c7224253f13090b6ccdadb629e3920f601a2cba05939c372a30c3d05b93e7912b709f02b4c312facdd044969804b8e221a53b4afb5d725b6d08d54b9102

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\en-GB.pak

Filesize
450KB

MD5
5ab73db0270109c3331b6026a6af105c

SHA1
ac4ce9ac70cd9d69580e21919aefc4aa98d7efb3

SHA256
210e37e95d20f65a0d414efeea4a2bf2929c6d58c0c69f6b6e78742ab07bf09b

SHA512
eb70d001a5ac01144124f807af033b1618ebda032de62b7565ccb2f64dd2ced003af6922313e192934ec93ed23003324a3e03beab88e68f177d689632abbab52

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\en-US.pak

Filesize
454KB

MD5
9bce1a4c9a06d63e8b4f7eb40535c080

SHA1
11bc263876228d22b0bee57c6ba80c523c79e5cc

SHA256
0013a8efed8a17a93b0e718fb41652b8a2a6ed38128575cee89a258134167e41

SHA512
b6d1ea3a81cb1b32eba16a1cb4f337cbd15f28efea1e31ebf12efb795c33f6eea70abbfa4fed1b241103a8f0865cb2dd138db598c9cfbdce34497d46119e7566

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\es-419.pak

Filesize
547KB

MD5
bf24b0e8f3b5216a513d43e2c02d30e0

SHA1
53b76e36c7ff1d3d7b3b0c782c9933ef1fa5d0e3

SHA256
dd5fd63219fd11da697687b6ddeaab517109d2395762088c41c19573e7edfe0e

SHA512
f5c5332717b3ab7f93bab35d20770883d4d4979e89cacc64254ff5d7ec884a48ac70273f47cb1362097f273762b746fd0548c7f9a6979b464419a05c93455e35

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\es.pak

Filesize
547KB

MD5
4d7ad9f98967f3636b98f3ee3bc9befb

SHA1
777df13bf07fbb06c2151ced861f32f3f2ef34a5

SHA256
0e6e9b2f7810d1e69b5c4cffa86a8f356bc3530f89db59b6278e06a563b21135

SHA512
5d8a1667d13006c4c9f7bcf5b37bfe2f87044cd7302fbfe566580a5e6f9e4b339b5bd117312a59052e83c3f63e51623fe7fc6165f30ac67e07b2f29486b40eae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\et.pak

Filesize
497KB

MD5
c0610f85a202bca2f540756ace2323e7

SHA1
f770e638e59fdd47484ca51f1c1f42cd933616ca

SHA256
77822b71398a329c43b57d9d8c0b27fff7f30c3a35fbd7850161549a23b0b9b2

SHA512
386b65ce118ee0602dfd195290f922c5abb7b38bf974b04ee4477f765d507cb4c41a0b443930eca2aae5b4e1de23d8013ba241ebbb99713da4d26df46e9aa29c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\fa.pak

Filesize
813KB

MD5
fd518ebba4a93da744a4d9e81e5f350b

SHA1
7c166d73fc2acfffa02d90cdaa2bc9d021432bef

SHA256
be53bde0194b76f8324b21b3528644a7a59c40579266c1a837a95b962e9e70df

SHA512
d1dcad09f342c1c7d41678b9aff7ec342151349d203de9fe8417906ef632d297fff58c34ee56ac9f4c7117cf9709a7d7cbc26beb0f7ff7911a5b5df03891c092

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\fi.pak

Filesize
508KB

MD5
6d7aaddb1365b3efee94d4c510a3002e

SHA1
2a970204894c5ac163c980ec0fac2dbd1711e5b5

SHA256
11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274

SHA512
f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\fil.pak

Filesize
573KB

MD5
c744b92c8feff1c026034f214da59aca

SHA1
95780d3374841efdbc0d8a46cddc46bb860a26e0

SHA256
d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745

SHA512
eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\fr.pak

Filesize
591KB

MD5
77d7bad0f613b4c433986d03c5b7fc50

SHA1
6367d81a1cfd3e9b09861461036b70ff708eb83a

SHA256
6d669ea88e1fa4b253bf27e36be05c9eaea4286fef6d4930518ba97ea7b2ab01

SHA512
2eae203462366f70fb05a9c11016180ba76128937d0df0a162c73bacbe1e7b0337f4d655e761daf6e05f5cbb51ad296897871ae8fcbd3d87af4f989923915c77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\gu.pak

Filesize
1.1MB

MD5
7667d758f90e0d3c147da74ba06425de

SHA1
a453e2f358095849612756a1fe6e2849e1f3f7fb

SHA256
94cb050bd6ed8e588fc0148123c0440f3a1bc8b459ab4ca54f954d098eeb2a46

SHA512
0b469fde98b8558a8a037a7cae1066ff343d1355168e12fcfd80e9aae9c870525fbf4113d7a282728a2e40b606108430e967b574104e8d192be234a3eda4d09a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\he.pak

Filesize
713KB

MD5
a4c49de130cc39ec8454a03171e0af2e

SHA1
be70fc9c3096fde83e90a78dea655d4f20db545e

SHA256
1713e7cd1b63853068d3a8cb15d8c11da417ace8be914c27789086726c40da94

SHA512
a8855e65850364e488ea047489108bd133cc280ff6aa689e5a409c6c46a138f8d3209b9650557d9e47e62217230d89d5db71d256c52100c169493364cc4ea894

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\hi.pak

Filesize
1.2MB

MD5
b6213bc189d5d80607e756707dfa9f67

SHA1
8249b93bb4f6a861f0d42a5d950e0e0f8c03df04

SHA256
af4f84011a174aad128b5801a5bd19c96364b984af20511bd61eed9f1aab0a33

SHA512
1eb734ea48a8ed03aaf939315792ce9ec6a58ddf6ab9c4801c8018f43a27cdb1699f3ec28ada7b8ca649ae7f134f9a313835aa8240e3f85962535a898c6bec7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\hr.pak

Filesize
551KB

MD5
d71fe557583c8df4ed043233b9c2bf19

SHA1
a7c86ba07a8465888b17ba1b7b9c212c28e6d989

SHA256
723c65592d15311d33fe35b2865849cccffbbf58a280859af972c77df96e14d0

SHA512
d4a98e9d3c80d3cf1b71d3e63fa402462ed06e65cc7449d7253064d7b913140d49da8d01bc45d5a6751dfeaed751dbfa4205d7f14a6e10f746783896e262310f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\hu.pak

Filesize
595KB

MD5
2515bb367f56f282657b3dd3b9ffcbc3

SHA1
8cc350e359f1cfefdf0ce3b016109dd483d45a8e

SHA256
b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a

SHA512
779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\id.pak

Filesize
490KB

MD5
766e11f881396ecd982f0b9dfeb0675d

SHA1
210812c8c853ae2ced85aa8486e9872844201add

SHA256
e95ac873b16983ef8a9019fc7141bd56315e082f531d37c5b8377645226fe5ee

SHA512
fab3ab4e70137cfe73f883a407f40d6b22afd2461bfdccad720fb4e3e37b50c56cae61ffd8044f6dc463cb8cbfa03be989ab42304a29ff9432a6588580d31c87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\it.pak

Filesize
539KB

MD5
94c772c21818f1df64179d69695a89fb

SHA1
54ca1a6639f92f9d43cfe2adaa3eac2f1764292c

SHA256
e950434e4449edec533bb63801a8affe17cda7bb998b7f9fe06be15e7e94111b

SHA512
078f14cb61ba69d2904dd9fc1946a053866a47741cbd7d6a336e4b39749c21bd8d1d096bd832b6864d15e0e142014f23f347ba082dcc0d2164468dcfd3e4615f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\ja.pak

Filesize
659KB

MD5
876eff616b8be74165d98af07a44a89d

SHA1
b36bef68c8299abb376396299b6bd5a972789047

SHA256
0e658ee3d63263b3a298de006de50f47510083647312191f2a8706ed8a48cedf

SHA512
3865d8e9b6e0cbcee0e837a014ecf6507f56488b5b64f18fdef13646cf5da00ae0e6f5dfb26de28e34ec857cd83780e7db2db17195c775bb953bae228178c8bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\kn.pak

Filesize
1.3MB

MD5
bb4ca36f22833dbaf5c471b27b9333f0

SHA1
3f066305d5ab4c10f41e62e45eb657698a4ea6ac

SHA256
945a5c32c9b5a11eb710bf20f8e66fec770f470527c4c995bde82c13e48f80fc

SHA512
8d5ea3ae608a10aaa2516542bc94d347a90437accbfa56fa9de68432486d70aeb9d7df51775340219a21c53a16b3357d9acafa4543e28e8ee9681db12e51d282

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\ko.pak

Filesize
557KB

MD5
bb86f92aafa4fa6a5a43dc836c51cb2a

SHA1
8ecc78b69ade046f6bb18529682a800596484b84

SHA256
7234a1390377451087a764bd31c817a5ce6695fa517119e7dccba642fac65e43

SHA512
1cfa9afab366518f6e13c8ed4ce8addb3984e360263412486b7920f4b20c35b3e9dd7479b09fa879942e83bc112c6e9fcc70a56b72f261540648c2feca2ad4b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\lt.pak

Filesize
597KB

MD5
20906aec4a21bcbb8bc8bab067075ba6

SHA1
369da9c1567d4376852cebdb87cd9213dc4bd321

SHA256
a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58

SHA512
8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\lv.pak

Filesize
596KB

MD5
9f9d09b8e8b943733574c32e924cc834

SHA1
cd68a843884aec9eeba36a287902e5b39f128f82

SHA256
3e3c9953e679f391167a5d5536a4ace4d56558909ac8ad5b9f08650254d99f40

SHA512
8062ec8f8ca2507ac8e10d0a9a8a76ab02feab8993989043dbdfce3807d216087017ed14e6e9f52d87a2deb87ae5a69393e5d6c6963472ed98ecb22fc45d594e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\ml.pak

Filesize
1.3MB

MD5
39d4a5ed8cf7c8e0df946220fbfc0f68

SHA1
70794849b41d00f2b895f1211a6baaae3fa7d261

SHA256
87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6

SHA512
ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\mr.pak

Filesize
1.1MB

MD5
649e76b6666096a2258b942745ff9fe1

SHA1
82edf8ca68dff0caa36b17901c1e12a17172fa51

SHA256
039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4

SHA512
92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\ms.pak

Filesize
514KB

MD5
10a8463902589cfdc41c1580373b7728

SHA1
a2dd9ba97dad457826f6043d80f756b8c13dcb1b

SHA256
354d7a3fc5c9f6e965f54da155d66eafc8e5b5eab08cd782e9fdc379a5829e48

SHA512
02ba5c950e2be0c3e5f087d25e4d80ae544e53940a93a6381833bdf6538dfcb6fe51261b60aa376c2aae8654717560094fbfdd29821183f1b32068f26be092b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\nb.pak

Filesize
499KB

MD5
8ff27e7560b021587c15eb125c067a54

SHA1
8056ce2f55e940ec18d54b9ef75e8793c9a9ce66

SHA256
56b4c3973462a81f8eeb3ff84843e039940589fc62a128fbe5d91462f9092095

SHA512
b7179c9aaedeac82f7efc699e2b3fdf6e5500f10e87aa6fcd1f378e68a79e39c26758f0de4d69c07fc8bcce145889635a1df0324eb35bd1d3d1c11f5b0220347

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\nl.pak

Filesize
516KB

MD5
d59fed8986eee2b9d406ad52d88cbcf5

SHA1
f7e409e17723e21174361bc81e54bcef269f40f7

SHA256
619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e

SHA512
234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\pl.pak

Filesize
574KB

MD5
4dcc61567580814e3b121a966a29b81e

SHA1
4bfb71f05b9818ff59d8c7b116bccc27bf9a7109

SHA256
0913c3b10b593fe25c27a4b2c22d4a1f67098abea6cdcfbbb8ead03d9b546de6

SHA512
a160d965de34a2454355b7fa889f187c94868f809802ebd840d941e9748c88158fa1941e8c372dbb2413056b74676817c7e405182237ef176071e908540d551c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\pt-BR.pak

Filesize
540KB

MD5
7c01408447b075044ab34b35bd369678

SHA1
968d8d819f47fb191d25a3df6e9cd7a54811508b

SHA256
903a50517e3b6afa8e17687f6c154fdf8c097e09088975a7cb0e243f682e3386

SHA512
5e582670fc9318c442541f0b235c9f24b5be9cf73850d4a97441e0c75d3c1abde36dbea7880a5c69ea62e37eed38dfbf5054c1d728786cb6e74c66d06eb94f6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\pt-PT.pak

Filesize
543KB

MD5
f2eafa0bd70b7ff64c64fa0d5590ebb3

SHA1
9a945c61d79e886f05f3b13cad0420b020e7019e

SHA256
8ba5d7dd9100e14a51a9e77e2f8cede706978bfd21eaa6f334140d12af6ba974

SHA512
ed032c0373ccc59f64ae709f3c462f1c1c55b1abaf5b16398c9b64480ea5df94ab35e6897dfd1f98e18296e12528e3f27150948849b0bbb0e91bfef140c0bac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\ro.pak

Filesize
562KB

MD5
15dcb56e5a1bbcf32f6503d63b88dd16

SHA1
d234839aff1e18845488f47f04b7568e226c3124

SHA256
f360247be07a19a0a5a2f4a46195ab2411ea3f634e86cd884ef59fa60e9b6b7b

SHA512
62b7e37f2bd9a3977ace1d19fdfa76bf764719e670c2c0e887bfdde5b132a3abedcbaadbeda28883a5a464b0cfd9f2d9ef5bf85aa07f4ddb2156f516944e4cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\ru.pak

Filesize
924KB

MD5
e3fb9da109ed5c909dc5b0e9fcdfeb31

SHA1
fe85fcb1b7d5b9eec082f793c617dd6ac36fb4f9

SHA256
22f6c531e4660c6fa2be6cca19c4e617ab40d5ae47a9d3425df811b88b989130

SHA512
cb28b7fb674beaf0274ccf08a023a8094d5f3408741656f4149e1e531253ac80297ddec11ffe2f53a8d38e24a48c01dccdff946f0383d7133927639bf7c2f00f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\sk.pak

Filesize
580KB

MD5
7773015adbfd66d42b4a9cb11a29a7d4

SHA1
bd96538a2ff6c8884a545a7b10495107fc1f8395

SHA256
bfd5b52a544428c5aaa4f418903610f1373c808c20110c145d95b34c51c7cf80

SHA512
e8abceffff4fe1b6b1957ad99288bcf562fed2ccaa8ec20ee369fc5d50a3fad1ee823045860ad1028503f4dc730c5e816861ba5b2e0417433000dbe2db6be795

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\sl.pak

Filesize
556KB

MD5
33aa83936f6fc0ead34f2d89a3f6d3ce

SHA1
7e3a1df02daa63760e689f4a4bd6fb47fd888de8

SHA256
f7539df33ea860bc42a76047fa4fa0dc75044df6d602f8735c9acfa5d7995198

SHA512
f37979e94063ef24897657e33d3aab5cfe6258e071cbef13ac01dee1647353071f7e269f986d45e750013cde5ecf69599e94dd27fcd097cafa7054684018a684

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\sr.pak

Filesize
859KB

MD5
449ad5559d52df02f3474e2fa4272a7b

SHA1
da675fb589e5b872f61a18fac70a3d3bd03b16fc

SHA256
3aed83391c97ce05aab07239d0cbfe5a2b596d7a3bec39dbebced4e43704b8b7

SHA512
6af98bd5d58f73ff9724d171d56a6b844ebc01874765f1b322630b6b5571882511c2ab371deb941bb71466e18502eb81f7082d9f7aba4ddb358fc3b274de341c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\sv.pak

Filesize
501KB

MD5
f4e50ea270ec5579d0e14d9554fcd85a

SHA1
c912c576549dbc1b82dc891e7a0743bd2e2463db

SHA256
99a330ebeb222556d96d087e27158707ceb5b9050db5ff0ea09cdc2b0137e6bb

SHA512
e687db806a3c984049dafe646b6560c2002833b38f74d956b54da60c1b9c0ec5205a6b743d9a8b54b2d9e61849c6a416810e145fb97483782121189fa934dbbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\sw.pak

Filesize
529KB

MD5
d3ae31b63eb14fc353b6e8b872d266f8

SHA1
011647736ea51490cd7ccd49433f4529b708ccbe

SHA256
462809f4337c1d6511d53e496937828ed07d64e7144954da794c36584c94b543

SHA512
aad3c37beaf1224478214623f95a549b6167d1d061baf6c2e2adf8b8d034e44e8bc4a1e9409533f2830ec3bdb06208a1e144bbc4e3ce2a6cfc6bc82002d32b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\ta.pak

Filesize
1.3MB

MD5
52ee28471f2f9d01ef3f57233496554b

SHA1
abd7dd9989fac90636626a41f007eb6aa5ec7a2e

SHA256
1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242

SHA512
af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\te.pak

Filesize
1.2MB

MD5
3a71904057869c23d1bc108f1e8d0d31

SHA1
6fb6e60c80bc332a2bb66d02a1e3db69961a9c41

SHA256
8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e

SHA512
7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\th.pak

Filesize
1.0MB

MD5
879a881174501e22c3de65b9f80bc19b

SHA1
a2e020d5ed1be7dee50a495a2f8581e751cbf735

SHA256
647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d

SHA512
b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\tr.pak

Filesize
539KB

MD5
67c502d240b018fbf93c83ac04350f2d

SHA1
0a4af68147ba51ffe67e480bce2a34f4c1618e62

SHA256
4f4f9b81c22aaad9c2e2383acc8d968bbf1d8088c2abac05bf64f262111615dc

SHA512
8942b33910ce97a95ac40f224ea21ff8efcc620523aa6b82e92027bb43e04e95b37cfe2b0ed45b385d8b0a9d8ab06e6bdd7a297a98402ca70c64f0c31689444d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\uk.pak

Filesize
923KB

MD5
5b0e0cdc5bb5439cea7bbf22757c15c5

SHA1
131f7b5f72f1ff0e9d71d667674773766534c0c7

SHA256
7de252bb6f453c371f9bbf1ec51f96582c1637cf290abd6f3a6c7f940d34e5cb

SHA512
838e8228d2cbfbe03490c96fa7ea93b4b61780b34eddb5064f0b367c4670ae7ff775e28ad55011354de2a9f23ee505bd6105a3500a00b1c5553ce05be3f0daf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\ur.pak

Filesize
808KB

MD5
fb978b7d211112a0774ce09ca54ca96f

SHA1
fb0c69801230437dcd20e3803db81ee60fc042b0

SHA256
60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a

SHA512
abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\vi.pak

Filesize
639KB

MD5
9da50df23181f5c2036dd20e2490111c

SHA1
06a9c9f4c7e820df7743a4b0b6326ce538140cb7

SHA256
6e771fe02ec40375844c17c5b60389ebd46089864c24df7fe9755ea916de9469

SHA512
16d2aaf019810e3bfe000b73f5cad3c52c225d9debb43aed15df60f3995cbba66eee44de675d642e8bbaaf51bd1c2925078191d2954a0cd4a3de4cfc1151e05f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\zh-CN.pak

Filesize
460KB

MD5
271d3a6dace38055212286d872596283

SHA1
a660d98324966a9f76dabf8e3bf565363323d4cc

SHA256
ea08c31a5d4e6aafbc5b657c5960135e64506593729fdb759874e55876580666

SHA512
d7bbb76a2b601b925d3bfc2d91534b0876459cec6c8be859adf4890d68c2ff7dc882b0670976aa0fb2b1fc83c026eb8446476e8afe443b2788928944a2ce1fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\locales\zh-TW.pak

Filesize
455KB

MD5
e302e1102f3f5a21860f38f41b3c30f8

SHA1
78b5d1c451cf674a7641dfcc815f966fc920cf57

SHA256
d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b

SHA512
1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\darwin_arm64\koffi.node

Filesize
3.7MB

MD5
50d6b3e136a345c3dd4dfc215e0bda04

SHA1
73cf51ed64c9bc987907cadad2a6836329663137

SHA256
a5315737f9993f67d707853f987d14f2be1b891683c27a9a2cb47455218c3544

SHA512
544aaf97d384edb9527b34752460dd56edaaaad307f544f1027fda93d15910223c413a605683c8a8f73cd93832deb3fa035600f0774295b0a333d290698c2234

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\darwin_x64\koffi.node

Filesize
3.9MB

MD5
48f0d527c28704174d5d704d718e1a13

SHA1
bce0d21568a9583e6fbf71afd5c40d901948e6b9

SHA256
71797c049463105d48afbe3ddd9a339c6f3172aae88f4d7e38aa5940256b5c8f

SHA512
181cef8616250464de4102bf4e1c192fcf66c2852723ca5e6e3faff63cddd6bd452a59a3b550f5484be2651f8461e484f64a7f45c5364202c785408ff9ca97c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\freebsd_arm64\koffi.node

Filesize
4.8MB

MD5
5d7511ff90244bc0cb665d5097707cbe

SHA1
e7cd18818ec22fbf1ca90eae39f7637b99f7fcab

SHA256
02811d7bc898112582a5bab60ab9ff45b96536caf016e60c9aad8273095908bf

SHA512
1c0c191db8d63b8d98022c49f7c7656357a0b057872d22c083785bec6c9f9684e10facaf2bc5418605e7a7d2342862f04560f78aa1edd5add4c247158bb30e17

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\freebsd_ia32\koffi.node

Filesize
4.0MB

MD5
e65a8a0209b356f7909a9a963491663d

SHA1
d72521b132523adf331acec6ec5baae155d0a7cf

SHA256
fc5a0779f0a6cdd4dc122032fae7802dbaa83c3f4193abccc7896d61204251cc

SHA512
c9613075c9469b5bcfc918244acf3e734855c063aa1bb3439d4180e2f770d00d46c9bbe1fdcde5a2546ab6787089bb4685f44c612de637a2f9cbce28bede3a7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\freebsd_x64\koffi.node

Filesize
5.2MB

MD5
f65219783b15eb910b3ae0a958c0a03d

SHA1
e09ed43a396cf0f3a044302f4cb1b3419453168e

SHA256
b8e64d356ddb6402f2a2da70f53751c75e935b826c1b0a77896f3e6f2b13925c

SHA512
a9ce37b546d62dc46105842c91a2b7a409724f6fc43c5dd94351645b47d03af82acffa3895014e0e8892b21bc45a4129a10023cc3a6889c052470fb3346b6f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\linux_arm64\koffi.node

Filesize
4.6MB

MD5
7d28c4ef947b15c7585f4cc5d71d6f3a

SHA1
f8234b55a1850aef79cbb91d2ac6b32312dc5df1

SHA256
21eca0e6f2c13cc129a475032ae8b30d43967458e4f7634a1ca72e379f8d9cce

SHA512
ceb9515678c38c3745bc188868797cf119e102c2a7b4cb315ccf02abe7dc2ed1b4508bd458df0dfccace95d3a44768038ea2d9479bf9e0669425c2d2ace4d9e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\linux_armhf\koffi.node

Filesize
3.5MB

MD5
1e2fdc196588926ec3dff772a30507fb

SHA1
c827f3be82f8912dc14768a2dd8ae64f72764bed

SHA256
86fb843a2adcf82c733a6aa7094a8a129be7358aab7e4a4cf3d810a0f9daa69f

SHA512
3b580a3daef4422f701116929b4f2d69ac4585921ddd527b39c5fa86772fcf44447bd733a90a1658b7207561c406d22d5baebc5331325b99a615b792a08e2db7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\linux_ia32\koffi.node

Filesize
3.9MB

MD5
5ee031ccfd91cb608d8938c9d0b8d864

SHA1
0d9c10d16cc4ee2d1dd3100567c1ec7c62f11305

SHA256
828545994ab61867f29919ad897220bc2439b5d4a04bd601798814f9903e67cd

SHA512
9ae0100765307b4259f0a4d1980b63f34edd97629f0ca9e121bd79e34cc66ea86b451f3e5ae25a5fdc54ebc47ff66d6c7db36c7302e444b3229cac320b3a0cf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\linux_riscv64d\koffi.node

Filesize
3.3MB

MD5
225716bef12d79ed690d902e2ab1af68

SHA1
c3b27a409ba71386c748d2f4c3ff013485a8747b

SHA256
ed226ba0cf384700183eaff432f772224f6df265ca27163738e1babb04211639

SHA512
26ad9fac424470a859f3a34f5994b0fe75373dcffbb1366426b71ad38b0b21fd4a411cab2386365bb826cbe9339e49732b36408910ad9868f1063357fca2f951

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\linux_x64\koffi.node

Filesize
5.1MB

MD5
417492f0773fb13a40b92b38f1903ac8

SHA1
099cf0edb29d751e86356db9704b24630c3de109

SHA256
472926a9e519093ab94b43602e7856e41b04cb17b5a8c80a714636634e1f8bb8

SHA512
eb57e6d5b85fa0ba721b32ab9573d6a2b27142f7e082bf9a3d054d3bc3e4b1440107f96350bcb0b984e6d4c0eb9b984c40a4e4c5b8ad21e4c16929bcce2bfa07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\openbsd_ia32\koffi.node

Filesize
4.0MB

MD5
5f85c836b43db943bf557a218955ab98

SHA1
5647df0f8f4fb9d4eb964760952d11a7d328ff4e

SHA256
4dd4d4a79f410acef3d42361232dbf09a7c63c2a1b8b8d20beab0d2e423ff916

SHA512
f45a33ea16106e772394fba3dee4ef943fd3562116d5490e0a581547a6e548a9d460b47183b51f3c170d438e9b879bd7ba46d456c8a2675427a081597a3abfd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\openbsd_x64\koffi.node

Filesize
5.2MB

MD5
57015591824271debeaf37dab567b3db

SHA1
a0b1d1c8fb6d8943a25c2e7f024e088a5331cd80

SHA256
c822f6a7282b705ee75baff7188dad067f9edffa9146cf375bd9b7234ad46360

SHA512
f60ef978675670c6da894c87d1ed86d6882d8a193e104cc98b550c5f6c722c2e906108ab1834d43bc7ca34a567154c8997f8bd4124bf356e30b0e25e6f47114a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\win32_arm64\koffi.exp

Filesize
994B

MD5
ce9c2bc5a2d4bc4aa10dd23abf197ff9

SHA1
f265b8a04b599e37500adcfc526f8cf377f22b7b

SHA256
6b40e50ddd3e8203186be828d7db546eda74c4e6f8a8ce8fcfcffcce842cdd5a

SHA512
38faab8311dbe063e4f8a2f1ed372bb9fdb8e21d94ebafa7ffca06e87bc422503917fc12ef4eeec0cc8d92e3219891a4f4fde3748755520098c560c01cf4790e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\win32_arm64\koffi.lib

Filesize
2KB

MD5
323bd2201a653fc61ed133441f8c09b9

SHA1
cce5ebd7946ab0c3049259cf82124b2f572a83c5

SHA256
1a812c9b32f98cd6b0b2df145710d58ac050f661ece7277dbddfc8f0e76511d1

SHA512
0435d5e2d108377eafe6bb898dceb523611b3e15a5bd96c45949091e06d0b2e6eaaf4c5bc420dcf70a2dca6928df1c06e2edbaaf504140146d1da14d667ce66b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\win32_arm64\koffi.node

Filesize
1.8MB

MD5
d342ff0db6b167f1ed55c4626ea93667

SHA1
86d63078f841455e9ffdb5c3f3da502d61b349b3

SHA256
c80cefa03b725b1a614e4f0e4843232adca9a2b6dfca85bb57826a40a11e4285

SHA512
758c4192d92cbdf3f604abbbd3fc728ba83a261e7a4357b2202b54946c3ca15fe403a8670ec6d45dfdcbddadcc4bf0417df97a82f78bffe63fcfc2bb178c5a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\win32_ia32\koffi.exp

Filesize
992B

MD5
f22f145c93cdf384a697772bca98105d

SHA1
9da5b7aab23a1a442888860a53fbf455e7284d3b

SHA256
11a8f2bfa154e737491d3dc92e369a2df8409405f82797c65b8a99e8546adf7e

SHA512
08a87d3e52131f47338469103549a1807489845f47b672268c6a5ed819c8bc75539768d1e01cb00583054cab9a6e49664af69d7bb1f43acb6db89f7ebefabdaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\win32_ia32\koffi.lib

Filesize
2KB

MD5
255fb62e1e23b24eada82e53e443f07f

SHA1
23278e3f0b925ae584a7b5706b1a1d4a9c43468e

SHA256
d9f3e452905f6ed62f2d6520b7812a1d6e25c80641e6be18f6e489984d3ff549

SHA512
fa852d45b7b5dda1c7c43bff679b46246dd5509d60f352f4b4ec248c372ec03f16ad19aba9b14cd2f76c824c1a5c7178174ec89120d48f18594c36025c5641a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\win32_ia32\koffi.node

Filesize
1.6MB

MD5
76fc2892d6dc45efb44568216537bf48

SHA1
fa3d2a4f2e6f9fad387a836bcecbf8cb4c0b997b

SHA256
a14db9b048d562f81b6955f417b29a2785a2517f660d8a80c8c505a5fa7092fc

SHA512
1e57ad23a7403061c5a77b830c3d8e8d310a5968ff6277c1dfafec8c006638a4a0c8e08e12cbea870415f457025e924eb1c75e82a788768da77e15d4cb56e7ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\win32_x64\koffi.exp

Filesize
983B

MD5
dac8ee10a2b943d89635c78cc5f4cee3

SHA1
5c0a565a1f1b3b2b5f93bd17ccfe28483e5c61c4

SHA256
8e36f92a0b59ee52f7fe475b690494ed9aaac63eeb7e135f145b26cfc9856b9a

SHA512
e6af8edd01bb9d834cb718b31f815684a4d39c5e6509bc076ea863b9a6c05a92fa73eb3bbefb627a99ea1ca8843b5557c88940b31e57759fd7f5e024006beb9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\win32_x64\koffi.lib

Filesize
2KB

MD5
19da71311e3c842d5f4121cdf5e286e7

SHA1
9f19bbd5d0c871e9605185a7812c135bf5c4d725

SHA256
faef5139526f707ccf9340be5b280179d726daa8287635b0a20868b589ff0cde

SHA512
68518a0bca1b0e1db763a53eba9834a7f8bb3d1f64b8875b2608b7710414e6a7f6db634b774f7d2a6f37fc4038e0d4999bd47f6ef1252e449a6cd57ac893b3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\node_modules\koffi\build\koffi\win32_x64\koffi.node

Filesize
2.2MB

MD5
9694858c580f1ce0b7608aa5f29bcf99

SHA1
b152da6b0870356b5b2d554d6212787cfac3ee29

SHA256
303056c1aeea3851183ba790b90ffb9730113a577e3c6b4ef1fc740b16f71067

SHA512
4197cda548d7f767ef949ab71e87ee379aae240be140881ed1780c67f77341074b5d5880e0108fff403aa5b1224158c514b92ab3f8c93f6c2d2ad6f7ccb5e9ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\resources.pak

Filesize
5.3MB

MD5
6175c560fbbd33d77bb402792d32d0eb

SHA1
ca2928261a2bb621dccfdeccfa40b6a8a6e4a186

SHA256
c5ea37d00531012e538eaa4d8388deee41d3104d0a0800ec720f5f6edf4405bd

SHA512
322d1cfb8f04c7b3502089f1ba4bdecb96624cf401f9146ae4e6f7ce8445ddf7b31af7208a222698f781bc2cb32b61b6a34c9398711f54ea4ad6a3a388b5c677

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\snapshot_blob.bin

Filesize
302KB

MD5
8e8920b608b962e073ba3a15b7bbb1fe

SHA1
60995eea8977bf2efa21d35464d7b93954332aa3

SHA256
8e105f7073c063e658e245ef779fc2dc98504c2a80af1a699cd7eb8958572aff

SHA512
56151b21182ba409d9f74def2927c3f19f6ab09f2581ecc62e7b8cc24891adcfe043a9de8887e4abe267df1e17ffa4747b651cd6a9515a66f1543ee2fa84063b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\v8_context_snapshot.bin

Filesize
646KB

MD5
95fbaa11048d03e4205eefe0a631b694

SHA1
0b96fcec99112dbf855ec23001e231c11187633b

SHA256
0c063d0737cbd70d3029324c213518ddb8ca40ef4417609af05973aff1fd24c9

SHA512
bc0431e120166b0be912d55478159d89f4dd15055520de4b7323457825ac507e21b3b4ea690950e09e267f2dfd4d9df23d91c4c4b1b70b1bb3ce10bd047a52c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\vk_swiftshader.dll

Filesize
5.2MB

MD5
d709d2d427f8ddfa79c525ac73a276b7

SHA1
5044a6a5f05f121820a8aa8a78fd2bd94f9db69d

SHA256
bb15d6e52bfd91a9facfde9ab777fe881e51011fd76eb4d674495feda1708b07

SHA512
92daa8de0428774bb9494bb9f5a5ad58aae91ab91e3a4ed9003538abc54e7bd399fb0cd51d83fef3655503a0909060a01e44066ee7b42df34f5be4858eb72918

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\7z-out\vulkan-1.dll

Filesize
938KB

MD5
9ac2b03df92e7a9296850d600847147e

SHA1
bf4f04fbbd2e36be6d9c52151970fb27849c853b

SHA256
822cda1133a8542566404bf854d72f45b02d154508f3c621d5fa01ddf3fe53f8

SHA512
3b1f9517f591d9bd20fc80fc479b8bd98a75d94244ea0dee114259b4325871ada3da7857c6c8f7f550936663a7ef55dfa7e22ea18d16ac3b64507224df15cdca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnA6D0.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\node_manager\Network\Network Persistent State

Filesize
300B

MD5
9958d6370fd9eb5241bbf82a64454150

SHA1
335fc37993caa50c570bc2fbbe0b9b5344538b7a

SHA256
194f9da2b59a777851c9c70bc3dc3c80e6e24b13812474e81146a3df2861ec31

SHA512
3db99fb914b6a65df24b14f9371a518ec2ca822f77f307c2a601c1e5df3600e8d8cf1d1e9f8aba349ca149b126fb609b9270e7bb49e2d3988b59d712291d1b5c

Download Submit
C:\Users\Admin\AppData\Roaming\node_manager\Network\Network Persistent State~RFe5909ba.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
memory/736-810-0x000001E9ACD50000-0x000001E9ACD74000-memory.dmp

Filesize
144KB

Download
memory/2824-1148-0x0000020E72C00000-0x0000020E72C01000-memory.dmp

Filesize
4KB

Download
memory/2824-1145-0x0000020E72C00000-0x0000020E72C01000-memory.dmp

Filesize
4KB

Download
memory/2824-1146-0x0000020E72C00000-0x0000020E72C01000-memory.dmp

Filesize
4KB

Download
memory/2824-1147-0x0000020E72C00000-0x0000020E72C01000-memory.dmp

Filesize
4KB

Download
memory/2824-1139-0x0000020E72C00000-0x0000020E72C01000-memory.dmp

Filesize
4KB

Download
memory/2824-1141-0x0000020E72C00000-0x0000020E72C01000-memory.dmp

Filesize
4KB

Download
memory/2824-1140-0x0000020E72C00000-0x0000020E72C01000-memory.dmp

Filesize
4KB

Download
memory/2824-1149-0x0000020E72C00000-0x0000020E72C01000-memory.dmp

Filesize
4KB

Download
memory/2824-1150-0x0000020E72C00000-0x0000020E72C01000-memory.dmp

Filesize
4KB

Download
memory/2824-1151-0x0000020E72C00000-0x0000020E72C01000-memory.dmp

Filesize
4KB

Download
memory/4924-785-0x0000023E1D7F0000-0x0000023E1D812000-memory.dmp

Filesize
136KB

Download
memory/4924-809-0x0000023E1D9F0000-0x0000023E1DA1A000-memory.dmp

Filesize
168KB

Download
memory/4924-804-0x0000023E1D9A0000-0x0000023E1D9E4000-memory.dmp

Filesize
272KB

Download
memory/4924-805-0x0000023E1DE20000-0x0000023E1DE96000-memory.dmp

Filesize
472KB

Download