30091faafd62ea7ba9868db2ee575dab98fd126a78d39590f57ea7b38b20d966

Resubmissions

12-08-2024 23:52

240812-3w194ssepc 10

Analysis

max time kernel
150s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12-08-2024 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ultimate Tweaks.exe
Size

168.2MB
MD5

02c4b9609f04037960d947113bc2a017
SHA1

b593fc590fafb5e11ccceb199ff405874183c4e8
SHA256

3b47e84d5ca6ad15d2e8916d6cbd6af9ab943a42e84241e0517eaab66b5ef214
SHA512

d4b3d0f440f6c61716dc156494e0be5cb4053d170d8917f7686e26734023c4e29785f354f0bc21912da06a33547573256379874027dc990cdc91d648f176826a
SSDEEP

1572864:9QqT4eFUirK1e2zSQ5Rcw/N5cae/bHhrPdacyodvcPSBoHESUlyAzl/:vBKRcAMyAzB

Score

7^/10

discovery execution

Malware Config

Signatures

Executes dropped EXE 5 IoCs

Processes:

Ultimate-Tweaks-Setup-1.0.1.exeUltimate Tweaks.exeUltimate Tweaks.exeUltimate Tweaks.exeUltimate Tweaks.exe

pid process

2012 Ultimate-Tweaks-Setup-1.0.1.exe
4928 Ultimate Tweaks.exe
1552 Ultimate Tweaks.exe
2280 Ultimate Tweaks.exe
3552 Ultimate Tweaks.exe

Loads dropped DLL 17 IoCs

Processes:

Ultimate-Tweaks-Setup-1.0.1.exeUltimate Tweaks.exeUltimate Tweaks.exeUltimate Tweaks.exeUltimate Tweaks.exe

pid	process
2012	Ultimate-Tweaks-Setup-1.0.1.exe
2012	Ultimate-Tweaks-Setup-1.0.1.exe
2012	Ultimate-Tweaks-Setup-1.0.1.exe
2012	Ultimate-Tweaks-Setup-1.0.1.exe
2012	Ultimate-Tweaks-Setup-1.0.1.exe
2012	Ultimate-Tweaks-Setup-1.0.1.exe
2012	Ultimate-Tweaks-Setup-1.0.1.exe
2012	Ultimate-Tweaks-Setup-1.0.1.exe
2012	Ultimate-Tweaks-Setup-1.0.1.exe
4928	Ultimate Tweaks.exe
1552	Ultimate Tweaks.exe
1552	Ultimate Tweaks.exe
1552	Ultimate Tweaks.exe
1552	Ultimate Tweaks.exe
1552	Ultimate Tweaks.exe
2280	Ultimate Tweaks.exe
3552	Ultimate Tweaks.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

Processes:

Ultimate Tweaks.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	Ultimate Tweaks.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	Ultimate Tweaks.exe

Drops file in Windows directory 2 IoCs

Processes:

Ultimate Tweaks.exeUltimate Tweaks.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	Ultimate Tweaks.exe
File opened for modification	C:\Windows\SystemTemp	Ultimate Tweaks.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 58 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exe

pid	process
1860	powershell.exe
852	powershell.exe
240	powershell.exe
1060	powershell.exe
2988	powershell.exe
2188	powershell.exe
2396	powershell.exe
4012	powershell.exe
3976	powershell.exe
1372	powershell.exe
3904	powershell.exe
3788	powershell.exe
4208	powershell.exe
1872	powershell.exe
612	powershell.exe
4796	powershell.exe
3168	powershell.exe
808	powershell.exe
3756	powershell.exe
3896	powershell.exe
400	powershell.exe
4584	powershell.exe
2376	powershell.exe
2344	powershell.exe
4060	powershell.exe
5044	powershell.exe
4796	powershell.exe
4584	powershell.exe
4804	powershell.exe
5016	powershell.exe
784	powershell.exe
1892	powershell.exe
5088	powershell.exe
2608	powershell.exe
1116	powershell.exe
3268	powershell.exe
2348	powershell.exe
3984	powershell.exe
784	powershell.exe
1412	powershell.exe
536	powershell.exe
2148	powershell.exe
4552	powershell.exe
2784	powershell.exe
4052	powershell.exe
1844	powershell.exe
2384	powershell.exe
3780	powershell.exe
4340	powershell.exe
1336	powershell.exe
776	powershell.exe
792	powershell.exe
2636	powershell.exe
1216	powershell.exe
3480	powershell.exe
5044	powershell.exe
720	powershell.exe
1428	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Ultimate-Tweaks-Setup-1.0.1.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Ultimate-Tweaks-Setup-1.0.1.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Tweaks-Setup-1.0.1.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Ultimate Tweaks.exeUltimate Tweaks.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Ultimate Tweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Ultimate Tweaks.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Ultimate Tweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Ultimate Tweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Ultimate Tweaks.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Ultimate Tweaks.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Ultimate Tweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Ultimate Tweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Ultimate Tweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Ultimate Tweaks.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Ultimate Tweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Ultimate Tweaks.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Ultimate Tweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Ultimate Tweaks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

pid	process
536	powershell.exe
2608	powershell.exe
2608	powershell.exe
536	powershell.exe
1116	powershell.exe
4552	powershell.exe
4552	powershell.exe
1116	powershell.exe
784	powershell.exe
3896	powershell.exe
784	powershell.exe
3896	powershell.exe
1216	powershell.exe
2784	powershell.exe
2784	powershell.exe
1216	powershell.exe
1872	powershell.exe
1844	powershell.exe
1844	powershell.exe
1872	powershell.exe
240	powershell.exe
3268	powershell.exe
3268	powershell.exe
240	powershell.exe
1060	powershell.exe
1892	powershell.exe
1060	powershell.exe
1892	powershell.exe
4012	powershell.exe
5044	powershell.exe
5044	powershell.exe
4012	powershell.exe
4804	powershell.exe
4796	powershell.exe
4804	powershell.exe
4796	powershell.exe
2384	powershell.exe
3480	powershell.exe
3480	powershell.exe
2384	powershell.exe
3780	powershell.exe
3984	powershell.exe
3780	powershell.exe
3984	powershell.exe
4584	powershell.exe
1860	powershell.exe
4584	powershell.exe
1860	powershell.exe
4052	powershell.exe
3976	powershell.exe
3976	powershell.exe
4052	powershell.exe
5044	powershell.exe
1372	powershell.exe
5044	powershell.exe
1372	powershell.exe
612	powershell.exe
5088	powershell.exe
5088	powershell.exe
612	powershell.exe
5016	powershell.exe
720	powershell.exe
5016	powershell.exe
720	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Ultimate Tweaks.exepowershell.exepowershell.exepowershell.exepowershell.exe

description	pid	process
Token: SeShutdownPrivilege	1436	Ultimate Tweaks.exe
Token: SeCreatePagefilePrivilege	1436	Ultimate Tweaks.exe
Token: SeDebugPrivilege	536	powershell.exe
Token: SeDebugPrivilege	2608	powershell.exe
Token: SeShutdownPrivilege	1436	Ultimate Tweaks.exe
Token: SeCreatePagefilePrivilege	1436	Ultimate Tweaks.exe
Token: SeIncreaseQuotaPrivilege	2608	powershell.exe
Token: SeSecurityPrivilege	2608	powershell.exe
Token: SeTakeOwnershipPrivilege	2608	powershell.exe
Token: SeLoadDriverPrivilege	2608	powershell.exe
Token: SeSystemProfilePrivilege	2608	powershell.exe
Token: SeSystemtimePrivilege	2608	powershell.exe
Token: SeProfSingleProcessPrivilege	2608	powershell.exe
Token: SeIncBasePriorityPrivilege	2608	powershell.exe
Token: SeCreatePagefilePrivilege	2608	powershell.exe
Token: SeBackupPrivilege	2608	powershell.exe
Token: SeRestorePrivilege	2608	powershell.exe
Token: SeShutdownPrivilege	2608	powershell.exe
Token: SeDebugPrivilege	2608	powershell.exe
Token: SeSystemEnvironmentPrivilege	2608	powershell.exe
Token: SeRemoteShutdownPrivilege	2608	powershell.exe
Token: SeUndockPrivilege	2608	powershell.exe
Token: SeManageVolumePrivilege	2608	powershell.exe
Token: 33	2608	powershell.exe
Token: 34	2608	powershell.exe
Token: 35	2608	powershell.exe
Token: 36	2608	powershell.exe
Token: SeShutdownPrivilege	1436	Ultimate Tweaks.exe
Token: SeCreatePagefilePrivilege	1436	Ultimate Tweaks.exe
Token: SeShutdownPrivilege	1436	Ultimate Tweaks.exe
Token: SeCreatePagefilePrivilege	1436	Ultimate Tweaks.exe
Token: SeShutdownPrivilege	1436	Ultimate Tweaks.exe
Token: SeCreatePagefilePrivilege	1436	Ultimate Tweaks.exe
Token: SeShutdownPrivilege	1436	Ultimate Tweaks.exe
Token: SeCreatePagefilePrivilege	1436	Ultimate Tweaks.exe
Token: SeDebugPrivilege	1116	powershell.exe
Token: SeDebugPrivilege	4552	powershell.exe
Token: SeIncreaseQuotaPrivilege	1116	powershell.exe
Token: SeSecurityPrivilege	1116	powershell.exe
Token: SeTakeOwnershipPrivilege	1116	powershell.exe
Token: SeLoadDriverPrivilege	1116	powershell.exe
Token: SeSystemProfilePrivilege	1116	powershell.exe
Token: SeSystemtimePrivilege	1116	powershell.exe
Token: SeProfSingleProcessPrivilege	1116	powershell.exe
Token: SeIncBasePriorityPrivilege	1116	powershell.exe
Token: SeCreatePagefilePrivilege	1116	powershell.exe
Token: SeBackupPrivilege	1116	powershell.exe
Token: SeRestorePrivilege	1116	powershell.exe
Token: SeShutdownPrivilege	1116	powershell.exe
Token: SeDebugPrivilege	1116	powershell.exe
Token: SeSystemEnvironmentPrivilege	1116	powershell.exe
Token: SeRemoteShutdownPrivilege	1116	powershell.exe
Token: SeUndockPrivilege	1116	powershell.exe
Token: SeManageVolumePrivilege	1116	powershell.exe
Token: 33	1116	powershell.exe
Token: 34	1116	powershell.exe
Token: 35	1116	powershell.exe
Token: 36	1116	powershell.exe
Token: SeShutdownPrivilege	1436	Ultimate Tweaks.exe
Token: SeCreatePagefilePrivilege	1436	Ultimate Tweaks.exe
Token: SeShutdownPrivilege	1436	Ultimate Tweaks.exe
Token: SeCreatePagefilePrivilege	1436	Ultimate Tweaks.exe
Token: SeShutdownPrivilege	1436	Ultimate Tweaks.exe
Token: SeCreatePagefilePrivilege	1436	Ultimate Tweaks.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Ultimate Tweaks.exeUltimate Tweaks.execmd.exe

description	pid	process	target process
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 772	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 1088	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 1088	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 2460	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 1436 wrote to memory of 2460	1436	Ultimate Tweaks.exe	Ultimate Tweaks.exe
PID 2460 wrote to memory of 3480	2460	Ultimate Tweaks.exe	cmd.exe
PID 2460 wrote to memory of 3480	2460	Ultimate Tweaks.exe	cmd.exe
PID 3480 wrote to memory of 4508	3480	cmd.exe	chcp.com
PID 3480 wrote to memory of 4508	3480	cmd.exe	chcp.com
PID 2460 wrote to memory of 536	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 536	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 2608	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 2608	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 4552	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 4552	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 1116	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 1116	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 3896	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 3896	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 784	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 784	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 1216	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 1216	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 2784	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 2784	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 1872	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 1872	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 1844	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 1844	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 240	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 240	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 3268	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 3268	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 1892	2460	Ultimate Tweaks.exe	powershell.exe
PID 2460 wrote to memory of 1892	2460	Ultimate Tweaks.exe	powershell.exe

C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe
  "C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1632 --field-trial-handle=1636,i,8052091583088479152,18295214054955358894,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
  2⤵
  PID:772
- C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe
  "C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --mojo-platform-channel-handle=2056 --field-trial-handle=1636,i,8052091583088479152,18295214054955358894,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
  2⤵
  PID:1088
- C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe
  "C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2260 --field-trial-handle=1636,i,8052091583088479152,18295214054955358894,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
  2⤵
  - Checks processor information in registry
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3480
  - - C:\Windows\system32\chcp.com
      chcp
      4⤵
      PID:4508
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:536
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2608
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4552
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1116
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3896
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:784
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1216
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2784
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1872
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1844
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:240
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3268
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1892
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1060
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4012
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:5044
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4796
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4804
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3480
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2384
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3984
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3780
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1860
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4584
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3976
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4052
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:5044
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1372
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:5088
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:612
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:720
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:5016
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4340
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:792
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4796
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3904
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2148
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1336
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3168
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:784
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:400
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2988
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4584
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3788
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2188
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1428
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2376
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2344
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1412
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:808
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2636
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:776
- C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe
  "C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1116 --field-trial-handle=1636,i,8052091583088479152,18295214054955358894,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:1312
- C:\Users\Admin\AppData\Local\ultimate-tweaks-updater\pending\Ultimate-Tweaks-Setup-1.0.1.exe
  C:\Users\Admin\AppData\Local\ultimate-tweaks-updater\pending\Ultimate-Tweaks-Setup-1.0.1.exe --updated /S --force-run
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2012

C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe" --updated
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:4928
- C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe
  "C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1696 --field-trial-handle=1704,i,7418495398252176928,7543329402280977057,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1552
- C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe
  "C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --mojo-platform-channel-handle=2160 --field-trial-handle=1704,i,7418495398252176928,7543329402280977057,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2280
- C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe
  "C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --app-path="C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2196 --field-trial-handle=1704,i,7418495398252176928,7543329402280977057,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  PID:3552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:1656
  - - C:\Windows\system32\chcp.com
      chcp
      4⤵
      PID:2920
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2396
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4208
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3756
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2348
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:852
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\d466c90afe4f152a\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
fcc0cce07dbb902e4064407d2fc2425b

SHA1
86cf08308ffb5c45c1e58431d5e057a633c04b16

SHA256
d321c7e598dbcab3cf80bd43986740426f18422563e019bf1a4c28d2d6521f20

SHA512
27773cab3f5dac8feb8f1715e5f807afdd2670f87a06fbc92db1cd36f3660a8fd6ebd6750dfc37f9be6df7637e9966954ea9fcac5836ff26d668eed3255f4e91

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\d466c90afe4f152a\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\d466c90afe4f152a\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
79eb1bf05d37819065222de66352bdf4

SHA1
3f24ec54ed92633b7a12be840d6832daa3b2c931

SHA256
0538ed97b50b8af6043ac493227459be4c78726f9ea37040d0f053bb4a46c33e

SHA512
062ffffc9bfdb45b4cbca6856fd38cb6ad00cb4e65f63e9e0ed6377cfdf89cd5f1508e0b06ed5b183b50110fb031f861397d9c5998e46bc5f5d3890d3092c968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
22e796539d05c5390c21787da1fb4c2b

SHA1
55320ebdedd3069b2aaf1a258462600d9ef53a58

SHA256
7c6c09f48f03421430d707d27632810414e5e2bf2eecd5eb675fecf8b45a9a92

SHA512
d9cc0cb22df56db72a71504bb3ebc36697e0a7a1d2869e0e0ab61349bda603298fe6c667737b79bf2235314fb49b883ba4c5f137d002e273e79391038ecf9c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
9877f54bb5b97845b6c6d45d5872203b

SHA1
880b29ec1b3fd33686d2db07af8d3579b1306196

SHA256
7b819e7912a46e49ed90581d531e4dbfa2d610eacb9f201ad3690f18e79d7080

SHA512
3045278c632fe4aa4d60afd4b6dc7871e38f254671c267d08852a3b6a82b5f28015504f2fd65cd9c327cf1548df7b928b985d0be1182e505efbce339a35d7668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
b8e4cfd848f7ca6ae5118a697ab45f6f

SHA1
05fabc65a2a6cf7ef83896ad30b4512c24978582

SHA256
f5a00b9157a37cc56cc299c2777e051245474e43f117c8e1295a99ea6c24bb93

SHA512
02008817b7ac5262f1f14e7913231f3a4de8e68da357b579dc9a2915cd8cb79f2b9629d1bc7ea236c3bb83f6e03c8f75509eaadfad2ae74bb5019078900960f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
0254494a4c89bf8f623066957ccb7ea1

SHA1
0a31bf0f80c2e5caaf36fdf4266b72379cfb3751

SHA256
ffda9233d24b63e14924cddc16d3885111c7cf09abe840547c0a266c2000687f

SHA512
8f8c04122ae09f4a544d482eb72c30fc6d1ae9840e4247eb9e7a5cbe6e912fbff9132afc78974509923c24c30a8049199d43d83aba49b8a66ab78316546673bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
1ea0ad2a8025bfb3111f789817e68b3c

SHA1
daf9537aa9ffea53bcc05e958f38eec2ec255910

SHA256
97c7bd5ac65d551ee5e3af75106b0fe1452f6b1a516f3d13353fdd422147bf51

SHA512
1d272aa2c4d2b1ecf1f1fff08549dee128a40f7b59ad3b8dac8ae7a221b3dd4d92b60dc394dc0d5039641e47ee56776d6f45255ff73946c004f3d203d7857dc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
5a70d177096a321ac209de3853693282

SHA1
931026199a9da0ab93007cecf0840b982cc26adb

SHA256
a93603cfc100ce502013d5b9d4cf7c181a2d8da431240eeb2c9cd2b4864d27c2

SHA512
671f4873123278fd3a45cd91434a81710913cdf3a584ce4aa3dc77f837d86054bc663a5712aad4547cad08252074cb7a96eb89bfa18ab4a90018c8762d24f341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
b7b26b4f7f44b7476c2276d9a088feb6

SHA1
d142446911663f375b8b7fd1b1f536f18f9772f1

SHA256
1001f3a73d062a5b8d4afddb497121452a3318fef8f256e41ba46d14563b12f7

SHA512
344c21426ecc191fbcb49eb8b6bcdd7318cb87a97aa44fcc24c4b65c5ecd0590f45c17bc8dcfbc8e168ef85a461c229d8c0116ed0a111ee5112707a554df895d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
7b821f1d6dc8ce026aee1780d67e240e

SHA1
35cde17addaf65a330c6e0b0f10217a45fa358b3

SHA256
511737852a1c9fe09f01238beb8514c7f1e86e6e54177da8dd03d8a97729c0c9

SHA512
4bc5a2d6fdde244fd097c6ed47104119d2778a0dc0a5e672526ce49b6eb45d8c7fa11a4d76eb578975c2ba43f1f0e654ff73d1f8cffbc1e83fbce724e4270b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
a1c5b291c6fd708e8954c11fd5704f51

SHA1
f566f7cd1c5f01a2c4a094d63581ee791d97b94f

SHA256
52fb0a7c10fd1f7c5a3870dadbab4a1522eb2b2cc387fe3ec80bb30724a87721

SHA512
6eeb540bdcf5d8b8687919a4a143a351d8559e1a434cdcdf5020c5525f0eb25853cf1e44ed57424e2b1c1b2c51d13540ed61e0a8283ad1d354b6e2f0a21b0d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
ef252fc30ccff92e39c33bf6c3744f29

SHA1
df072ee84748d72a44a68f57efcaf90866177557

SHA256
023a076fe2a2471fa334ae12b77169ebf6bf9ab0a9a5ca27d1fc9d987fe3e363

SHA512
32df16a83890d80714314503d101d468f27cd5a20c59a458e6cff857628fd25910c95dfe679ad959c5064ad625dc200b1745b1485ca9fe7fb9baa02b930767c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
b504b726500de66c066354683051c01a

SHA1
4b4711e5dac3eb9a6d6b4a7eb970665ee90efd43

SHA256
d33d156400bc7ff2456199f150ab7b8bd63445ea476ba4719eac878ab5b6dd6c

SHA512
c0de294eb670d4ecb00a76d64e35b3c64e76928b75e85803741c289d55ea22d1b003b3d5257fd2eb0fc5fb939f3b1ce90b6407e1678b3da48ba19381cf353b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
7019c7fea2e06ea323cea721adf8e8ad

SHA1
653dc357a5788dd04bb45e984d7c98a4f6e64c5e

SHA256
2cb2d6c56c5f1e9a2d47dc859d5b8e2d1bfb1b4446edcf19ab8c3e7b4964d16a

SHA512
69d10cfa9db567d4b8fe16a8f57c3a94ec4c3195eedae65a7cde44fc1546749a8fe2575ef06228c95cf76f4c26539eada5678508a8cd1ed6ac383f440e83491f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
e0ce6f13aea5090bde3fd18437682aa1

SHA1
89a66835a91d84ca27897ef23851a42fffff7525

SHA256
59d55a55d43b6e858d1752cbc57b0f073e847feb30ee65ce5bf902549187060f

SHA512
c263624e5bef2d7c4a70df2f9a2c984d09ad681addb73b68f1f8e4db467f55c911ae2f1b017e00cbae0de01f95b7da257c5eb282a48675593854b877bf4c1b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
1802972b57f2457c3b74219a16cc366e

SHA1
3338c1993c82af6dc87727439f8b691268dde8cd

SHA256
c08b6091ee7df9428f74f2bac73268065406612198648b0405752fd2ef6958df

SHA512
1d80274516db8fc5d6f68b11ca80e0b6bce71fe93de4532679a31c78332d582ece2595f9f79ccab974052fcf160aee2a087cf05fe4a3403e9e1373d07590a240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
a0d03a5a051e0babb0b92e2c6c47e697

SHA1
5731b8fa7dce7a7d7ceec614ce5cac572131369e

SHA256
de1c0e15f778026a1bc1cb8394b9b64fcd11a79f524392a542c6e1acf6fe89b0

SHA512
f3939e7813ccf9f610136ee5194adc48f227812e69e4acd9186e0629f2f1f66ca28869efd5e02268c0ad874006f8e07a41555c37e967c504e85de5c4b5f55e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
7dc5e9a617aa0392cc78415b51ee49c7

SHA1
9912767eb09598ab65f6fd1edab950cde2837421

SHA256
7fbc45d83ecd2a37b971405528e48f1e9daaeca9d6f396b0ffbf0707e5fc78d5

SHA512
0dc77085ec6d4a6f36a22d5f47047879190e8c0922bddc421e20714e7557c2f3d14e217e1f5499cc755c33971052df323bb9e228b197379f5c5473f047edd010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
4a077dd89ce64419db0cc3fa7c9c76b1

SHA1
2d9932fb0aa80587ec549602bc86d0e7b1ae6ac4

SHA256
6f27152630ee86d3ab697dfe15819b871d3ec5df93c4e5043a7174a70bf22599

SHA512
1d843990907126ca3b76e721462f7b82811681e9197d6d96a0bd2591a867c172406734e60f5f65397b911460c72fed6e20f17ca35b270d715a484b3c7e9852aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
9df799a0eaef802acffc3f7875fdc912

SHA1
25b4cc05590b63bbe68d76c7932d814f56aae12d

SHA256
975d2ba9e7b5eaee198bcfde1a954d17871bc04138bf8169946ee929afe6b6e6

SHA512
c75387cb9e0e7ca8a9e6454954ae94156dbe6f27f0b451eada02728497d47d325a7977d4bf372ff96e56c21f8c3289fa709c1a12183c3c7458c8fac05c03fcf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
bc9f4dc08f27123516cc6d0a824cf2e5

SHA1
92145fd35cb4366a77a0ee5ca43deaf949e39b47

SHA256
1e5d6c9b62adeca03ef517344f01646453b821f245890a904c53bea61881b228

SHA512
dc869df9cb5241abd1a2fb2b630812cc60cfbbb99ae2320f30ee52324554468296c7ff621ba333f4899010b7039fb3e798733589bb7d1d241ec36f1e705bca1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
cb56ed14881825c073c8f9d7bc6fca9f

SHA1
a485ffd18305601558fcac2e6ea8812b46bf42aa

SHA256
245e173c875783c81b234848de0396c4dbb4defd4db0b43b9f852c745b9dd0ba

SHA512
3e08119d0191e02f309f571bc0c8d7d855d3f222bd91a61ab3354cd4619f8444b1ff4b34f90996c228107c9c302bae436378b46ebe392b1e889221372772cf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
8a714bbf37d0f5640e7245c7d9134364

SHA1
766ade77b99e855235c745cfd4974cc8db099af8

SHA256
a087e6aa14bceecd8f478950ea87e7e93daf1275c30d6a42da5506e72cbedcf9

SHA512
4d95d8ab7902dd6f6a3ee21f7f13e0f0263e1744dd4db94629f0ff16486b3838c097d492c32c3be000590725c10015b1d3fde30903bcfc728e09192c21194b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
e4f788eda5a58a645ccd8041b742eade

SHA1
9d2d95e5517d7d834416fda58ed9c3bf59fed077

SHA256
391b48a9da24ecf8a84bfb8cc2e1a6c5fae0c067cf26214a844686bdc4d2faf2

SHA512
130926f53852ddb80b66b193923e246a035e1e16da0254288c12eff1a0196bd1da48995ae5239c29dcf1962fbb329ec70644556a797f21818e161f32ae955cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
ae26aa5bfb77d8e928597cb0baf16c98

SHA1
674170d765d741772e77c8e44059126a59160837

SHA256
70867fdf3cad3573c868ded505a584fb68fa342b1ad4b627e764885c963b7979

SHA512
6b2cfefab499c0eed610d52ccbe9207476f3203be5a0a77a53665711598a48f58644acd883e9231204ab68b86ae29139a53862e4e22e5eb10aac409e9ce303fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
4f7bc6cd68785e617f430656e4770f59

SHA1
f7f8e07ef68400428b08610898338c000566195c

SHA256
e807935c86ec82b423bda95436cd488d7950c25f250c5f6beeccfd0542f48805

SHA512
5fb9e1dd8357db187514cf12cfc63462590c191abc6307d1effd27679be4944c47ef73a3114a76618ae5dfe8e836aeed054eb0d83771003e69b95618e0c6b9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
509B

MD5
477031787382610c812bd9d8273d66dd

SHA1
c0721792ed62c74ff66771c7e604d540a86b98b8

SHA256
7dca992282ee4ee9fee1c54c12e887dd94eeec7b7a036a77094b6558837f3b5a

SHA512
d6060440f9333dfb15a5289cb284602aa243cbcf391f9ee945811df512d19b11c92ac542fc5fa0d19a85b3a835ae7db15b3998dc09c42f4c39ffa237dea39d97

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\chrome_100_percent.pak

Filesize
150KB

MD5
b1bccf31fa5710207026d373edd96161

SHA1
ae7bb0c083aea838df1d78d61b54fb76c9a1182e

SHA256
49aff5690cb9b0f54f831351aa0f64416ba180a0c4891a859fa7294e81e9c8e3

SHA512
134a13ad86f8bd20a1d2350236269fd39c306389a600556a82025d5e0d5adaab0709d59e9b7ee96e8e2d25b6df49fefea27cdccefe5fba9687abf92a9a941d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_p42teyrb.k3q.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\LICENSES.chromium.html

Filesize
8.7MB

MD5
bd0ced1bc275f592b03bafac4b301a93

SHA1
68776b7d9139588c71fbc51fe15243c9835acb67

SHA256
ad35e72893910d6f6ed20f4916457417af05b94ab5204c435c35f66a058d156b

SHA512
5052ae32dae0705cc29ea170bcc5210b48e4af91d4ecec380cb4a57ce1c56bc1d834fc2d96e2a0f5f640fcac8cafe4a4fdd0542f26ca430d76aa8b9212ba77aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\chrome_200_percent.pak

Filesize
229KB

MD5
e02160c24b8077b36ff06dc05a9df057

SHA1
fc722e071ce9caf52ad9a463c90fc2319aa6c790

SHA256
4d5b51f720f7d3146e131c54a6f75e4e826c61b2ff15c8955f6d6dd15bedf106

SHA512
1bf873b89b571974537b685cdb739f8ed148f710f6f24f0f362f8b6bb605996fcfec1501411f2cb2df374d5fdaf6e2daaada8cea68051e3c10a67030ea25929e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
bf09deeeb497aeddaf6194e695776b8b

SHA1
e7d8719d6d0664b8746581b88eb03a486f588844

SHA256
450d5e6a11dc31dc6e1a7af472cd08b7e7a78976b1f0aa1c62055a0a720f5080

SHA512
38d3cac922634df85ddfd8d070b38cf4973bba8f37d3246453377f30165cc4377b4e67c4e0bca0ffe3c3fa0e024b23a31ec009e16d0ab3042593b5a6e164669f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\libEGL.dll

Filesize
467KB

MD5
3a5cbf0ce848ec30a2f8fe1760564515

SHA1
31bf9312cd1beaedaa91766e5cde13406d6ea219

SHA256
afef052c621f72ba986d917a9e090d23a13f4ab6bc09f158eeb73fd671b94219

SHA512
bd5713e1d22145b4cc52f4e46b464f443aad6f783a5793268e7d9dca969f27b70e706eecd54cb01be1c94256e6a95864c6b7e50027cef7fa870cdb16820ad602

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\libGLESv2.dll

Filesize
7.3MB

MD5
c783045e4b7f00c847678d43a77367f7

SHA1
7f9192ce0b23ac93561aeec9d9c38daa3136c146

SHA256
3a39137dcee6cb6663ae9cca424b6b05cf56c0ad7e32fb72cb94549ea9dbcae8

SHA512
64e6d4fc84f1217ceef05a22ad63a6618ffdc470b1faf4ad9e2d7bab59e9285527b9c5fd7ea4be673a08b9466434e3c098e839bf6955597e3d8aa0e80589f4a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\af.pak

Filesize
478KB

MD5
9554e414159d76754147d7e185056094

SHA1
e0fb0c95cef8e8d1ebeb11a6e2ea03b9067d799e

SHA256
f402c0d8494c9a2fceedcd7845ddf43b62e7d01ddb1d9c8e132efea83b724824

SHA512
9e8b41f69605d7bd426243e49b0f22347b211f7d13038ee6350d86d06cc7274bb2ef1918e27548802a5437903a653d86fce85338fa97f8c9642c0e74ed59ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\am.pak

Filesize
776KB

MD5
92ffe73f193d41c5a90303955b2da67f

SHA1
1d4136d8bb752da2834ebf0f4f62de56efefd78f

SHA256
325dd137903fc0d9e5010a62a314d9c6984ff82afbdff2254f7c48bd03dda06a

SHA512
6c4f0aac10276ab84ec4e63ec9ad0e20a1b3ce9d2368ec966cc6471600c3d28df8f9e501b4843bafa5bcf2aab57242559ba430d58853180ea653afbc8f468e67

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\ar.pak

Filesize
851KB

MD5
7608398c66cd0b55396f7250b3c8747c

SHA1
7e8417dfc7055fb9ecbe7cfc97a8aba0bd5a0e13

SHA256
3bb407fa588fb801ab241e8dda018461b54010a38648c3acc1e3550c0dfbd75a

SHA512
5dd757e4f114782eab9ab8cadbfe3179ded594285b3d0f7f6fa5ca50d80d866e7c8ff6a1f44deba8bdf09c04106de635c1da22597c008023b1fdf1cc747b6f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\bg.pak

Filesize
885KB

MD5
c80a2008d9f61c182430a728a6e059af

SHA1
2f2aa33573156d9939e3fc81f8d81de4aac21e61

SHA256
5947f567ce1f4ab945dc6dab1599422d412f4417b9097905150d669122e43f7d

SHA512
016ce835b6bac4d5b38d72c0b3adf4d6b4e0ac04677d70c53e5938acd28b12220d2878bca7875471d008b779ea6ab4972a9875b44304e867d0bb5e4318c0edc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\bn.pak

Filesize
1.1MB

MD5
d179d38e8b9f7e60a943e2fc9f9471ad

SHA1
8d109081959d194c82b89fb25a514a65233435a7

SHA256
a45279ccc13390e0d93cfe1e33a7f276a5d9e97f6aefa6b6e14ecc4289703bda

SHA512
fa6f3e45f40e1e48f191e4a65f5d15dabd7058af4537eea3e34998dc67dd250b00e52d1f07b10a73a67a15aada4523e50f40160d98a5f37ef4684a30ff338468

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\ca.pak

Filesize
538KB

MD5
bd846046383d64073da6eb192f5cddb1

SHA1
6dd4bfb982101ecafc14eb35834caa1fe5b1e3f5

SHA256
1dca9a7fcd850aecd48288999b436ff7e70cd4a96f47b40319759a800fb8eefa

SHA512
521ddf6e8fb444b911212501825392562af14cfb5b31a80707fdeffb13c8afb04852b0e3f7e3363a1c3a37c5c35bb1cbe84b458e14e30b5e8d8cb00a6a349ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\cs.pak

Filesize
555KB

MD5
926b4d7f540ce0b1912e5fb6383dabb7

SHA1
a7adbc83ef38092a90d964d61359a6caa1253090

SHA256
2964edcdcb27b2edf73515615501d8af28ad94b5dd31d2794f2624808c74de38

SHA512
bf6160e46eebf16d6b6f05d330068fa226118457ff03277b59ed4e1a6d2d28b212155cae2f48c34adfa81d20ff71e4206f25052257559f4768323b342dd16278

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\da.pak

Filesize
501KB

MD5
c54edb2260d2b907049cdd4772d5313b

SHA1
a12f623e6310b667a9c38b4c9143920d08564377

SHA256
318a9ec9e9fbe35d5d8cb9b719ecfbe1ecba9d8f246876c949c082107b439ddb

SHA512
4eef045080fecaf55bf2cca7d72d039b7d7a7b28021b649becee320a3a8c0753f4e0e5f869a188813e746bad05fd08c726b5c25f40ef9555967fafd93f7f6989

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\de.pak

Filesize
536KB

MD5
5a252c49719970b8fb33fbc8ec98971a

SHA1
931834866af36a9e25582a1f631a8cbc965a8e84

SHA256
d5746f48800efbff7db9d1bb8d6e5a5102eb7d79ae136e0485fd427be1ca63a1

SHA512
d4e6ab68d0b1a564b886c8bbe60e7bf67c3f71e6fc70ed5bfbb63a974f72afce62e03559f29f46a424908c256e990ff6cebeab8fddfbd79f6deca997cf7117cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\el.pak

Filesize
971KB

MD5
35ba1b364ecfff6486daed2a33cc6431

SHA1
b894b392d400fde4d35bc3b4edc130853cda340b

SHA256
c0434492be64b08f9ad00bc7cff65314822406dfb0c591fea0df6af9b6fc89c5

SHA512
5f5d2cf1d5c8158c62fe310338bfb1c9683ea2f43726c9f02fe6d2c29482e3211fd3d61a30dc0cf738549dc7047dfce0dbac36b9d22dfffb558f118fdbb3d856

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\en-GB.pak

Filesize
436KB

MD5
a44922cb4cd8816b9ce3d018dba9e6a0

SHA1
2ed3a8bd4a11bb89d3699f583372ad7aecc46ddd

SHA256
e0df967ffdf872f0a9589a0d74d68a742fa9b956add7a6736b82aebd9e8f02d3

SHA512
461b04a170c562382f6c1022f881db9f6928a36c962a2e3aeabee62dd4c46e08b59ef33a2d1d26af21dcc47d00b0c51e10b43f14dcd627f84104ab4f31a9e526

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\en-US.pak

Filesize
440KB

MD5
731c45f9f23957acc11b43d775758aaa

SHA1
12e66417a2dc0c5211ed67f026208ef02fcb40af

SHA256
02b97817b6eebd7caeaaff750f6462abc68911c398ddf0571b7900ff9b4ea9a2

SHA512
1a008df585ef76d9cf4459fc3e617b8d4397e7078c77852712fc7cf4f304081bc5195243437e64074016b05a8cd671db93666042e59b959595ba854ceb330a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\es-419.pak

Filesize
530KB

MD5
763f8c8ce092a3d64bbebddf4169e108

SHA1
89f2834c1b4e3f84870af29650bda6fe360350f5

SHA256
0c816f00b15d59809d30b6611aa455ea1bf8b022d2f887137f1c9d7a5600d5d9

SHA512
8401cec52e80a5136543473b317f0e2d920008c83b9667605cd0deb9fa5f933deeda0aa475b436520001c6a7c91118a4d9b11e28a9f4b31271662780e678dc06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\es.pak

Filesize
530KB

MD5
f6f452e9fe45b56b489b2e99c99848d7

SHA1
c64384626ea966d3a24dfd4d6c2f42c1cc082d2f

SHA256
54f85551269c8b5f3985a09d313fdc04c4595e5058163cf147ede049b8faa605

SHA512
f3c50308531f9654ff394cbdfdcc6029c60dc6659fe60e0326b4855a31f3eedc86f3df82a96a9e7691d12c7a69079c4abe2722f599aae29f48b291fb5a39a3a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\et.pak

Filesize
481KB

MD5
97918bb7b36900705b1a53b7851db6b3

SHA1
f8cca656478c6e15baa8f344dda2704087f54776

SHA256
8021814965878c4913d1f9f9d226da49cc2a37746d976f3b84aad7fe096fd14f

SHA512
6daa8f56c231cfd7dfc17bb5d5c56afca9490f953f22c92365a1f88e995c3a1705de98a725177001bb449070c860fd1c843ee0a499c6dd8321f2e6f4cf914da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\fa.pak

Filesize
789KB

MD5
04f629bc5fa6d761f1d7b5dc28a6b97e

SHA1
d80f74a2b6508bae49b8344809062b48dc2b2dc5

SHA256
9b5334e4883a716c5616c859889aacd7b179b30ac65e5657198eb4e877700f81

SHA512
ea412096170ae29b33f3d54f17fb9f2f5a41035df56e2af9596ec7c15422277943c5c651df6b3a232aca4e979946732bec496da03b3e47e0d4629675751a4c67

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\fi.pak

Filesize
492KB

MD5
3acdfec7edd4d3eb473f0deb32713c14

SHA1
41fdd4af5f9fa78f4f81d3996ecafd69587f05ef

SHA256
4bf099ac8a76449bf597caf005790f5c02efd533b9a329c5fdc460d38f77607e

SHA512
b167caf1e5ff38b0c80f891715866a7754e9bf3f1479aa1faa3cf3e8ae7fe9b71a87109239750f71855330b6d20704b43e814f188672aa52a5dc6912297f1997

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\fil.pak

Filesize
556KB

MD5
89a63085d14b1b80f259e166e6ffe56d

SHA1
d1326c879a6ad203489226f7c5be08c897be71ac

SHA256
00b8cfe6131499a8a67a51dd8560a965a2abb863d52635dd3931df0479c3f5ee

SHA512
ab48fc4bc604648b4cc010a530fbcc5138b9d0a0f09398d2a69b6219799a43a052722c47dba96c9d001b4f6ddd491683c0a871c19ac2abc12843e68f9d4c2cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\fr.pak

Filesize
574KB

MD5
6708a286a0529ba7bed9840d53035be8

SHA1
af289ed518d9d90c75b69a870615e3f475c5d0e4

SHA256
7169684ff44f342b98648839b8963916f7323115dead332c2471baed6264b80e

SHA512
b329798fd85eac1505d0af5cb827ba11a5850eb926be39b414c40b5fdb56432db5f3dbc45237510bd4d1174c1cd62f623c6cc8ab10eb0ca51dea5d5487f0b0fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\gu.pak

Filesize
1.1MB

MD5
ba34657d3f5ebe61b36a807c4a053d72

SHA1
163875c4ef39e3473d9d5aec4b6273f34a90a02d

SHA256
8c762963cca8eef2cbd39bd7bcd8b809f3b57a75353e687743894add9c19440f

SHA512
cb1c4adc59c3e99f819645ae84e3e6b601b340e05ae2182c0b1568bbbcd3eabf7bf09ef34e5d0757530997d0734dc52dd744b8b0edbb3702a3c06e29ba7f0c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\he.pak

Filesize
691KB

MD5
c47322869b458a1cd231f3dc385f80fb

SHA1
4155444dcb69c5b64711139cadb32a6df95ce3ae

SHA256
9e5544340da0e0aa28298e68765716a3960a28e50d86146b5324fd70fd756b41

SHA512
ca4664a9acbdd5896c6a0921e09d99f1a7ce3d7a80338c1a4310ad499a5a2cbb60ca074a02fcff128789da0a4cf82d3869f83836ae3ae3171085e58d6155fb73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\hi.pak

Filesize
1.2MB

MD5
6d3ce5a6049eda31ecbc55a9d3abb163

SHA1
100afed265c77a20f6636a0ab48c8a723e30b087

SHA256
8dae029a489f1bd7530650a9cb1be1f03741e1d7018503feb3c78759da8af531

SHA512
3668952ea707da9ee8fd3753c04d5dfbed97685b76dcc75dcf8d6a3699a832c3ff0db9cd40810f6ea9364f2b7aff4b1cd68980c74b59808fcb4900a36d933bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\hr.pak

Filesize
535KB

MD5
2f7462a076c14f2c2733a41dcc5ecf1b

SHA1
c453dbf62d1cfe85adb64ae374b6a79cff2ef97f

SHA256
6dcc7d5d771475874471b78ee84db0230341f8634f4b38a9cb90c37226d70b00

SHA512
f1df750b779c908547a38b49bae0ed8734fe37cd96d3502186926e6cbd657c248c528cf9944353dfd26695ab384f17f22f0bec251e65a20906da4d67852cc516

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\hu.pak

Filesize
576KB

MD5
f55e37076460b2e8b5ed0f414618d256

SHA1
b313287de6197f1bf9f9770e3d2c99e70c4d8179

SHA256
61854ab102bc57a7ad7b85a4fa008c3f071306838ba1a0491f68c19153decd49

SHA512
e8121a064a3209878f24c33e9c20c810c56aa15476909de1ce076c80ef635e69a60ac655b7714a116951de5b99bb690827edafddcd5e6b00ee6310807d78ce58

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\id.pak

Filesize
475KB

MD5
260d34aaada70c9d491bfbedcf5ca8d1

SHA1
5fa83a3e53e6aa9eede9fa34a84eb55ee8493314

SHA256
64a8a25717ffae1855114d84b02223ad5b3963c1c6a21c826636146726d0a8a2

SHA512
a19ec6fae22689a8f851c1a782eb748ee9f38dfad89f05291c01a6070b24a8a02fac4bb4a441421f411966e8bc08e996900871d498efa307ac1793191710ebd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\it.pak

Filesize
523KB

MD5
cfb2ddc4caafd038db00c1e7378d316e

SHA1
2573f32a41735efde916f0a73b415ca689c0dd36

SHA256
9395bf9a547561df6cd20d8e076452369cb72184f215448d1acd802dccf3a47d

SHA512
8a02ca980a8de8af8b179d610ff25557f81f67bfb5a9f82511641ec87b378a2ab7214d5ec681797acba1a865bd726cb9c5f609647ae6ee71a393b7e16fc06f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\ja.pak

Filesize
639KB

MD5
d84e12cecf6e4355933ed68816f090f6

SHA1
eb35ef52f341442dd887d43a52af7f02926d5288

SHA256
8de18410e38f4036367113bd4ed253a4957709d87e0aeb11134742bc89e16d62

SHA512
9dbe703493acb7b48ee1dbc4458ce0b9d757419e3fbf01379bc8dcbd22cc30a99348f7cb96840c19e873d6d97bb4d1a3baa4fcd6e0d332480273020a6e13a375

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\kn.pak

Filesize
1.3MB

MD5
a4cce1cfe646eb2c268493603dcb358b

SHA1
aa19ee1cdf8776d07bf35614ff063aed5a798ef8

SHA256
01250aec7310bb59e0e847382325f940ea2cdab00369c1c7efe2f340d01ff806

SHA512
cecb7794a288e879324e74e7522bee61a43072ab58a289b686f1d48d98fe9a0d29a5505b8c891fe411b823c3d8366d6c1cffbcc1deffa6c7d3a04339a769dbc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\ko.pak

Filesize
540KB

MD5
c21dde26f43530135ef37323b00dc1fd

SHA1
a118e9713b155bd2999f04c3075f2e1bb05bffaa

SHA256
ff88b56be0614232947bfb07e6beb88327a18ebec98cece17caa9b7cd8e6dd24

SHA512
0db144f03992c41c3703719e985183a6ec988265e5a629d09bf683d9b208656d605565d6b5597cead909c814f25ce200739e65b1327172afe10d395a5018206c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\lt.pak

Filesize
580KB

MD5
93a0a8181e8c251a2375645a552293d6

SHA1
57faf2e9f965a49d5294cf9759b9b50d87c2ad1d

SHA256
f87b2baacdde69b2b24dc7859d47bad0844cf4d275072812aaf4eedb10318450

SHA512
51e1ff74442cfd51fd2fe218755335ed99e4850c8266425b8d55aa0abde2712ab765ff909d6ee620268ade9d7b51a93be659d6a52143da2abf4ec309bbe9f2fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\lv.pak

Filesize
579KB

MD5
07405dc51eddde72e367737c093c20db

SHA1
c66b8eccf167060c43b3c53631fc0c95b3afe05d

SHA256
dbc860a35ad08e4f502b8784ca1548110d3c7334478f6c392db42f52cb3074f2

SHA512
98f276fc137d6592cdbc1c804dd59983e290409bf7908137627ab114ab485e332f568d28c60a35d1dcb3d9753c2d1740065c654396af5f56f0dd5e1dfcffcf71

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\ml.pak

Filesize
1.3MB

MD5
70c0c80fdfc006be0ff502e0e6115b2b

SHA1
43f96be4652ecbd22677b18ffe2260b79bcca19c

SHA256
878e268428ec7aa51105c921740931c545d4ba6a274b367c52675c90741d23bf

SHA512
c463c5d91b3cae6b2c70ef6b7e3758bacecbe76088d813e2632bde7939c1fb28bad3cccf914a14861b8611a490ea74ef2d8d10e7336b203d12cee9904e8f9423

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\mr.pak

Filesize
1.1MB

MD5
fcaca3a4264563461b42b16d8fde4b02

SHA1
af37d4e73588d4a6d3d52f2dba67414393c9b168

SHA256
362df1aa112a0a521617c0496087b3547a242eb79a5416b8414c5798f31e187d

SHA512
9114dc4e7da2affdcee5c86b1f1f78e47279c31d0f76c8deb1eac545e0268b9592463bbe1a4b433ff4fcab1ad4a596655b775608515bf7455fda550d3bf47b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\ms.pak

Filesize
498KB

MD5
578dcc1aef901d00a57f2698a6e15826

SHA1
4dca370c3b22f9f54a62d31166a84848336a8fea

SHA256
e5e77421c5fca5b1eaef96fbf33c345c63119015986163cb43d65075df6265d0

SHA512
073aecedf4132faef7e896e6840bb6297e866a06fd65a7490f0a61179013f27b6592a4fb2be91cb5e139c77f6db7695bf60e5788154e51c9ab7889f6e7040a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\nb.pak

Filesize
483KB

MD5
c2c49ebaebc448cfeb7933ce2cbd6ca6

SHA1
c3efca0fee40a3daf7d69768d7659de60b3e2c4f

SHA256
67d997fff8a24eaa030eadede7f5345fff5e954e96bc8f36d399839bed998774

SHA512
c500bc1097ed9077742c5708bd55dc4215c45f751522131b8203d7ae802d278ffc3a9ef607325bbea5b650d594dde0d74e7fa4502e1a0f905534c32fa1521bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\nl.pak

Filesize
499KB

MD5
9229e4ded3219c948747a4dc9a6a5e32

SHA1
9147b2f2ac3837588aa3b71eb4a255d29cab0e74

SHA256
d88b02d74e01b9350d3ac9c48fe08333ca9c68e3e3824d64fae86c5b8b531feb

SHA512
8a81cefd9fa718b18de87555cb2d5c8e87ed14921fd3a0247b47988a1f3896d63b16dbf86fbf103097c73181473c37393c0f4e9e0a07d95d847aebcad526e8e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\pl.pak

Filesize
557KB

MD5
ab94060826404cc09d5fed31f63cec05

SHA1
20d1cea9d2e60b9bbd4fddb38a652856a3561008

SHA256
03258ecf731487231cc7eab8f6cb96e92b7ede4cc5b63c3def6ba08e0f16da10

SHA512
a9ec28912bdd2b8b1e1b3fc4d5c76139253ee4ada8f0d562ecd611d7366b0cdc97c379c5ae93c9db69eb045d8834cd0e1e0ba84813ac0071b5a2bf6cea81173e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\pt-BR.pak

Filesize
524KB

MD5
f18cae95b8bb6760d370b435235c5629

SHA1
eb62bc4249ea8e5688c67aa65bfa2b628fd5e1d8

SHA256
952234ef1d2792204f4e65cc814e9fc6dc007610668ceffb980c74fc0167ba0b

SHA512
218e9e4e59c875fe7931f16e6df877f67b8466a5e8a5565a1cab0f091b40b0652eefcf205536f5f4b8697966aa201092c26249142dcd8b40e055529e23ef7819

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\pt-PT.pak

Filesize
527KB

MD5
4aa908b531adedb0ee795704ab72e248

SHA1
2ea9f4a7e561e70b06b675b3fe35ccb0f2a12fca

SHA256
72ca754dcb34c54b72087ab7fd5a4a3fa03e09cd1ced906d99d6525c7a19ee9c

SHA512
7d4a1add737136acfc7ed7848b0ee54646d5c8aa3a54addd7cf0340ebf42b58f6ce2eff56a2ba94125475e7b64989d06fedfc8b1ee41ece63b18b1f95686ad08

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\ro.pak

Filesize
546KB

MD5
36f8327b36f2c6c003f864895968af2f

SHA1
248d88aa9fe46cbcd013ea7d7270f8483215c073

SHA256
6343589863bdd2ae81ec9c33e335048fd8792d2c2e8872f91f7a325a1f0d97ac

SHA512
bb03b5af3ddf676dadb35d5b94f40ae1c95cba2e7175c87d128c319e0055dd91f412883daace89fa33a17b9761f1cd7bccdf261b16ffadd6e10da594445c2c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\ru.pak

Filesize
897KB

MD5
a0072d84d1bcb2fa7bbe7ae4e06151ba

SHA1
b9227c6cd4ff9f6db6a8edf694c444beccd369f6

SHA256
8c169d6995d97feae8b8ec947be27697ca0ff731b593fff36163e4f31969a6fd

SHA512
fad335e81a24427f2b0a2853733da94c9839139a7982796bf742eacba306ecd9998914bcac49b925d5bb18953091a4dcc62ea6a628fff125c086099cfd33e3b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\sk.pak

Filesize
563KB

MD5
e9bb6352cdd0f1c2fdd543a48ba076fe

SHA1
50053620d7be5566bb3ee588feda1a4daa207672

SHA256
441155d63257beaac9e2998afa1a9e65957286ed1cd9e0670072a63e24ff3f8b

SHA512
c1f87c7976159c8ff3e28185adcabf93d47ace0dc9b95fbaa4d1e5ed9ea8257263276880486a4c17a68a5869e6ec640eaf81f5ae6c4481e351e73e7b4dd9dd9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\sl.pak

Filesize
541KB

MD5
299acf51d74b95ae4272730c437763aa

SHA1
8a0ff73f37d830b6677e514371a5825631aa455d

SHA256
26e29cd70c4143d7e9fb65e86e02c9173997f2fc062633a5edb2b7df55942157

SHA512
d7d298a4eb476a3cd4411261058f6f9409d0dddb3756cdc1e27e64280efc8b84fe40afbd92c754d56f58ea333623b0481766320b5969f5dd71f0c2a93be8ff77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\sr.pak

Filesize
833KB

MD5
02bdb4d99bd466eed5fed3445560d52d

SHA1
c24e1895145b3066840be0d349f5e866e46e2a39

SHA256
ac09005a83d4ac8f61855c7e301e48a753d2f3558a04cdb94f23b539e2086e54

SHA512
fac7bcefe31f41b6e37f215f271b33ab21dad281c1b0bdaf28769c99e31bccca625f213fcfd7c0047b3e2104a8f51b2ebc5fb374b32f58ae22c4130e315aee1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\sv.pak

Filesize
486KB

MD5
eb39645ebed4f980ab12585feae2f4b5

SHA1
fc7c471b93f59bef13f7bb4669e683385a8b9dec

SHA256
ca34ee1c147358b5e32b5829acc0c355708925dc8df91c21d8e495c7485fa5c7

SHA512
5fb25d7dfca3483967a5262d2c62b5d37a192f5a7a19dcf6722a9a8753e299e567bf7f26171859c374c8d035bb521fb4eddc4821aebf9ceea1253c63e1595c60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\sw.pak

Filesize
512KB

MD5
e2958cf2ab6cc74551c8360e6cc34333

SHA1
806aa1129f228ee48744cfa55d061149b37522b0

SHA256
51482431411be2d89bfc026b9acf9ce1a0fb971376468a47829a15392b47178a

SHA512
1f5f306b7233279800d18fa461f4c94ecad809b2bb7c292fce16abcac2e963f7567a86e43a3c950fc86bc73b4fef8451389fc57ac6750fe7546afad8ae00f589

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\ta.pak

Filesize
1.3MB

MD5
474a2016df48f886e91fb9fd331d9bf9

SHA1
2548525143292d7d150f5014b44ef294ba7c4189

SHA256
75638ac7fdb226c0840d5c2edf763bae35afa1f47e89199d9724ff46c003a2c2

SHA512
a4c2c2c046420c77948a0479cbd2be3aa11c1b347eb508d020231eece5cf0c2cba8d4f6a0e9f875dece4a16413157fd9e9f1cf09e1746335eb11e8f8590cd013

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\te.pak

Filesize
1.2MB

MD5
1f20952c1a61fa6e42a7f055de8986ea

SHA1
301ec89ca80695865d884927c4c07c6777fb321e

SHA256
caeba6c853a0ee12a802fb9f610a95c676071414c1d8407d18b05f2fe8ce6bb7

SHA512
c43f5316dff21cd08f86e0d3d7c407449cdc751ff466683dff9a51e3a07bda203e8e22064bf240726e6e389b661d6dc2bf5ed5dc42750539990379e513228d53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\th.pak

Filesize
1.0MB

MD5
7512a162ea0b65dd9477ac8c190136b9

SHA1
ae5fbce9516882a0d58da9ebee3c767c7ba4c305

SHA256
d01ecd4edecf1809d5c2133366df2502a4621e88d894817e80b913f3a0926fa4

SHA512
425fd803cd3ed9589df5d04bb8ca4b62af0e573301d31c48a1a05bf3b707a0672e1a033965946223e5873a98eb3c9d52bcdcc1296a08cb4971d0b1b6d2e95eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\tr.pak

Filesize
523KB

MD5
4727af70df9094888ba46f3a62eff264

SHA1
d2ead301efab607d040c69c238a06d3b4d080717

SHA256
026fc65ed90fe356ce2b5e2b459a4487512d89e48f0ff8b044d6739ef51c1658

SHA512
5bb8dd6ad100581a7e0cb87b57e054ab23551c263144f7ffebf729b2280a1bd95e92eba9c64b80e2f77ce59c3c4315ba2b5253ac83dbb540828e7a59a70e74ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\uk.pak

Filesize
896KB

MD5
7f8d31b43f7319164bc0f6453bbaf007

SHA1
4be254da0ccb13040489403cc2d8015f448292da

SHA256
e33b1a611feca93d105dee7c867521b5fbf27da38532ea3ca0aec61bec7f6108

SHA512
9569bd24aa5d2f9b0a13784f5f3d98e636f72177c7ff7a14c7d390f1d5f0b39ffab512276f70e4d2df0d37fba94a2c2322a840ba303a4cde33ccb20f7980395f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\ur.pak

Filesize
782KB

MD5
305d39b5de5a1935d786da4bfc736dc5

SHA1
8dd952fea4dae937b9f87d229638cd22ca197a8c

SHA256
b551a93a300ab78ee6da5087ea417584c4fd3941fbac99c84c9c58be2c88a7e8

SHA512
d75ef12a56c2dbde5c7a1967297270f7d717a366776f6b2a316784f033c71fcb9d25dabc857398e8459d8ac40aae1bae59e82f551e00e9b96bfbea00a54fcde5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\vi.pak

Filesize
619KB

MD5
593d33203c539d027c5b5bcc13bb38c9

SHA1
2f6288bc43ddf31e49a733af97e3e9e2fb8a2940

SHA256
d435c4c7154c24982185842a09cacd343cea77a5eb7fb859c4d38973cf240a42

SHA512
7c41c74f7220270da242562b93db8db053c0a7b08fdc1864d063706caccbc6926f288ae6bff1de43af656af67fcf2d8ad57f53d791bbc47a3b29a6a0856a68e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\zh-CN.pak

Filesize
447KB

MD5
156894db535f0fbe193d66c0afb4b112

SHA1
e347caa3c41ea7461c217c029dbca54567fbe27c

SHA256
cc5a411d3bf0ddfba9e5041dfeeaed70265ba949f7b7ccba0170b88e3e14ceb0

SHA512
e81a0968598536e91c17a1998682cb5fff42bd3199c41b64e2d76827c96b187e8f86182843c061735dad2b7cd5e32750e473c1a5f9c82bcc0dcc30f1bdb8b806

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\locales\zh-TW.pak

Filesize
442KB

MD5
337bba163068f2dd7ff107ea929c8473

SHA1
536ec5756f229696dd6f875180778afcee1966fb

SHA256
58753d4313ed7f548df16a9cd9aa1f0e30cebee675a76b8359ed23fc95825574

SHA512
000b98249d7b0e4c7e463bafdf827e3dc5afac447750320d6344c984f4ad41cab5795861920525f03dcaeea5aa3615684101b08bbc103d3ba01065676c8bd64f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\resources.pak

Filesize
5.0MB

MD5
67bb5e75ceb8ced4c98cf0454933cb45

SHA1
c2b1c8c8d753318bc5ec18762c27512a5eb9f9cd

SHA256
5d63acd4034f7771ca346d138d7478014abf1f3f4386d07fc025dbc2c2bc0bff

SHA512
fd213d59ebc625f6f8b20cc8fde1a22132ce827b81deaddb9ca7993fe0d9616de17e089def338d23c4b6bbd7d3a931ee73aa329325eaa17f8145a58fe11d8c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\resources\app-update.yml

Filesize
106B

MD5
b0e31c54422860c9390a2e456d8f4624

SHA1
1b73cc7e00cbcae94a3ed921fbd055a393dedc0c

SHA256
897dac554968a2c49044a5e601cfcaf7c24d41599a58c03e91c62bd664b60ecf

SHA512
561cff0a281e073b0b2e3bc139a18b44ee1e2ab147d99ff007d5deae48c0c4c847bee4e14ad2e36abb27f7d9240f95aee7fcc9987246c717ba48666f550cc121

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\resources\app.asar

Filesize
7.7MB

MD5
b9726ab9ae7ff67137a925f054603567

SHA1
eb4d82d0da5af98b95e310a5448ce187fdcd80cd

SHA256
2a335493fd8692c86137ec32777d2a610c9f4fbffa1beaa19ec84252f069059d

SHA512
f73e92da99443f779bdf99927c4a67e0a7904343a29bee56577bb0f7207acd4a115a4440b6a59c8607fc007d3fb79f45d14738d22595416029618f0866252858

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\snapshot_blob.bin

Filesize
298KB

MD5
cadef56f5fb216b1fbf7ada1f894ea6d

SHA1
373d2a4266be5c8fbf61d4363ec47ddeb2d79253

SHA256
0976145cc8c02f3e64ddbf51dc983bdbb456be7fcf3ce54608e218981671ac12

SHA512
9c90e8943f9ef6d644fe0fbe55ab25ed371739d17da8cf973893a2e41ebfa0a92bcf1761e72da032f9f3d1c6f1080c62f856aa07a3cbb609c9e8c186f92216b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\v8_context_snapshot.bin

Filesize
663KB

MD5
81870fb2f641c8b845e9c6d1a632f0b7

SHA1
fcd47d8d1232c189a1c4087bb03a015ce14c25ba

SHA256
875515af4e7254458c17a98bed087fc609d45fbc8ebf60663e112c37204f6840

SHA512
7748c8fb6f356aa45023a56245c43c5171d0413617fb1ac6c75650be75bbe94bd5528e9aa83cd9df9a08af65540a76ab59bc866e5dcf0fa7284122f290bd45d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\vk_swiftshader.dll

Filesize
5.1MB

MD5
0a071201e4dd76996e273c81533bfa74

SHA1
5c92c634027692c344a8e74eab8b4d5c3e049497

SHA256
08e34bc25653f9357a4ccf62966d698b7cc6265dc668046a28403ae5786132ee

SHA512
b5de6548c5c743b6f119183fa06aaf67dcd4cdbc3542378ff87916b670ace1e2f4270f6dcaa4caabd01460c638bd02b565267e7bd9617ca92d72187d374bb7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\7z-out\vulkan-1.dll

Filesize
932KB

MD5
a6588e66186ccf486eede8e9223f0d41

SHA1
777a5c4028c7675ee1fc4e265a825b35d5099577

SHA256
419488597ea255ec61f028aeecd36572d072dfe49b7ab716cd2c0a8e186f24e6

SHA512
ba8b9577f47ac5b9503aab8d4cca6059c7208bf0eb37999f4fbef0c2cf03032a9359559a0221f332c6cd66c38366fb0e1f1d32173f282afd639fabea8fc9400e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8F28.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\Network Persistent State

Filesize
966B

MD5
2200b35941f8de03ac480d57c5b365c3

SHA1
5d5d572f5b4133578c3c38e705e33ed9b535fd4b

SHA256
e58e0b588b5948349064a0e4e7a9efe6de33fa359ee13779fafbbc7a1b7573f7

SHA512
6d27b74bbece10a08cdb91d9c12311f920c54522b5abdb728074d9fcb2e52a77e1a08170658159da405448d426581094e60a87b9cbc5e70580d7c3f8482c3ca0

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\Network Persistent State~RFe58a40b.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Preferences~RFe57b72a.TMP

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\logs\main.log

Filesize
4KB

MD5
53a742097bbd580b77738de9e261c945

SHA1
6be0621b648ea0fa29d947e22d5b65f3011e0cd0

SHA256
ec4539b497ddc8c312b2b44391a83dafff75e0f3c6e47e5a6baf274d2b802db0

SHA512
54fc5462db25168a95281673e81e59d10d7ab47eb7b01d128be096f9400849852a2bdca547c195abfc939522113c2f723775898fd15b002e5a71853d4e0426af

Download Submit
memory/536-68-0x00000215564D0000-0x00000215564F2000-memory.dmp

Filesize
136KB

Download
memory/1312-1056-0x000001C2DBFD0000-0x000001C2DBFD1000-memory.dmp

Filesize
4KB

Download
memory/1312-1046-0x000001C2DBFD0000-0x000001C2DBFD1000-memory.dmp

Filesize
4KB

Download
memory/1312-1047-0x000001C2DBFD0000-0x000001C2DBFD1000-memory.dmp

Filesize
4KB

Download
memory/1312-1045-0x000001C2DBFD0000-0x000001C2DBFD1000-memory.dmp

Filesize
4KB

Download
memory/1312-1057-0x000001C2DBFD0000-0x000001C2DBFD1000-memory.dmp

Filesize
4KB

Download
memory/1312-1051-0x000001C2DBFD0000-0x000001C2DBFD1000-memory.dmp

Filesize
4KB

Download
memory/1312-1055-0x000001C2DBFD0000-0x000001C2DBFD1000-memory.dmp

Filesize
4KB

Download
memory/1312-1054-0x000001C2DBFD0000-0x000001C2DBFD1000-memory.dmp

Filesize
4KB

Download
memory/1312-1053-0x000001C2DBFD0000-0x000001C2DBFD1000-memory.dmp

Filesize
4KB

Download
memory/1312-1052-0x000001C2DBFD0000-0x000001C2DBFD1000-memory.dmp

Filesize
4KB

Download
memory/2608-90-0x000002416AD90000-0x000002416ADBA000-memory.dmp

Filesize
168KB

Download
memory/2608-91-0x000002416AD90000-0x000002416ADB4000-memory.dmp

Filesize
144KB

Download
memory/2608-85-0x000002416AD10000-0x000002416AD56000-memory.dmp

Filesize
280KB

Download