Analysis Overview
SHA256
73a375380f45cdf4e9d7db4a805c36875cddaccf1a3cda4c6fb8c2283b37cf81
Threat Level: Shows suspicious behavior
The file Era Setup 1.0.80.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Checks CPU configuration
Reads CPU attributes
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Program crash
Enumerates kernel/hardware configuration
Command and Scripting Interpreter: JavaScript
Unsigned PE
Browser Information Discovery
Reads runtime system information
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-30 15:24
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win7-20240729-en
Max time kernel
13s
Max time network
16s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2732 wrote to memory of 2228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2732 wrote to memory of 2228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2732 wrote to memory of 2228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2732 wrote to memory of 2228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2732 wrote to memory of 2228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2732 wrote to memory of 2228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2732 wrote to memory of 2228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win10v2004-20240802-en
Max time kernel
139s
Max time network
138s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1252 wrote to memory of 2152 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1252 wrote to memory of 2152 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1252 wrote to memory of 2152 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2152 -ip 2152
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 556
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win10v2004-20240802-en
Max time kernel
133s
Max time network
140s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:29
Platform
win10v2004-20240802-en
Max time kernel
147s
Max time network
157s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
156s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3948 wrote to memory of 4008 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3948 wrote to memory of 4008 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3948 wrote to memory of 4008 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4008 -ip 4008
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 616
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| GB | 2.16.153.222:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.73.50.20.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win7-20240729-en
Max time kernel
13s
Max time network
18s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 220
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win7-20240708-en
Max time kernel
120s
Max time network
129s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2172 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2172 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2172 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2172 -s 88
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:29
Platform
debian9-armhf-20240418-en
Max time kernel
2s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/node | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/node | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli]
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win10v2004-20240802-en
Max time kernel
136s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| NL | 52.111.243.31:443 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:29
Platform
win7-20240704-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win10v2004-20240802-en
Max time kernel
146s
Max time network
157s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:30
Platform
debian9-armhf-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win10v2004-20240802-en
Max time kernel
136s
Max time network
125s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2900 wrote to memory of 4752 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2900 wrote to memory of 4752 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2900 wrote to memory of 4752 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:31
Platform
debian9-mipsbe-20240611-en
Max time kernel
2s
Command Line
Signatures
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win7-20240708-en
Max time kernel
117s
Max time network
129s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win10v2004-20240802-en
Max time kernel
143s
Max time network
159s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| GB | 2.16.153.224:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 224.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| NL | 52.111.243.31:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:29
Platform
win7-20240705-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:29
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
137s
Command Line
Signatures
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.1.91:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 195.181.164.15:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.39:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win7-20240729-en
Max time kernel
60s
Max time network
18s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win10v2004-20240802-en
Max time kernel
96s
Max time network
150s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2908 -ip 2908
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 612
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a4ee4dd-773f-4873-a1cf-9ee4221e5871} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dcc3cb0-d39b-4f1e-a1d1-2b067b0468d7} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2904 -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2860 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c9d9eb2-7a0f-4d4f-bce5-a261e3f84b4d} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3792 -childID 2 -isForBrowser -prefsHandle 3720 -prefMapHandle 3724 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3da03180-5fef-43be-8fe3-c075178e61d1} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4992 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4980 -prefMapHandle 4976 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {440f91bb-cd93-410f-ae98-f005aae14844} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3756 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f67f9077-be3f-431a-9e7e-b459ac6c06fa} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5580 -prefMapHandle 5576 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6319d8dc-dc09-4b67-982d-1c31169f413d} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 5 -isForBrowser -prefsHandle 5772 -prefMapHandle 5768 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66d5dd9f-49a1-46c2-ac50-6b9d359de2e3} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:55186 | tcp | |
| N/A | 127.0.0.1:55193 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.162.71.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\decfb8ca-d828-40f2-abd6-82faa79bdf9d
| MD5 | ae88f8adca865dc88b665f49c7e45cae |
| SHA1 | e452fc785009691926817184f7e3284d1ef942e4 |
| SHA256 | fa77b01ff84364cb7effbbbab3c987b17c16f1865dab75d0e5c70193bc90d5c1 |
| SHA512 | 94831f6b73bb3bc3a8894490be4ef82c6b4ed7f36202c42f46e1922c10c3f6d6416aec719c630c41bcfc5023cd39fa24f49b4169d241befbe37ae4d99c13701e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\8a9fc6ea-ee35-4ee4-84b2-e8a955767aaf
| MD5 | d9518f68c900b839bb9e30446fa5383c |
| SHA1 | 75b78b5ff566a250276b50c3e41cca57799baad6 |
| SHA256 | 24f27c8b33ad54c0c0898729ad04dd76083278b36cbfd8c640c79750ee8cb7c4 |
| SHA512 | bb02baa48bccea0a6d7bb1ca959bd3c122306a959f40591d0e937542a1f09a06417efead3074e50472045278647f23628053e03d73acdd0349dfd6bc03b2b5f5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\205b50c3-1ba5-42b7-a37d-4b83b2d0a9a2
| MD5 | 832a1642ec2e1b68a50230db55aedc7c |
| SHA1 | a7194ba78406a7d443a8bab1fd53f6dee0ca9f1f |
| SHA256 | f91a48f45e47341d8a2048fa61bfe3c8ef2444d769dc08ac047841b72d68fad7 |
| SHA512 | b135e492b4a0e80fed529a935ee65e7d5192fd4239990d27fa9a06cf606404b5c46df2d8dde0be2dc45e612dd111a45f6c0fa02948b3da8f36b4ad6b06750c03 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 8a7d9431bb410b515414f83fdad2760d |
| SHA1 | ada7adb5a0ded6f569b9418873e53ff58a4f5eec |
| SHA256 | 115aecd436e6a90a31eea4835312d0f8746f0b28ffb4ee9385b0f0c6b7a57395 |
| SHA512 | b28d7821bc83ba4c12580c1826f12d8a7d76818ef1071e4cd2ecfd154be0cb991778caad6c9cafebbfc6d55e9dd4590f80f856750b8af7209187ffa01361f4b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 3e27b879a180096d9f25f642549fc6b1 |
| SHA1 | 47e3566db0375aecf3b91372695cfbd610a01bfe |
| SHA256 | 4c28e878e07bb5af21c6e26c3265cf6e29ef10738d19921e3bbd233bb558cd47 |
| SHA512 | 056dcb98e54879fd539bc2b6422bb40a6d9a12b1d628a31fab638bb716161c4ec5d80e01ed094c340e8d1ab4d4e9a7a4297bf967f734fecc0473f4105d03419d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\activity-stream.discovery_stream.json
| MD5 | b80361e1c995acb516ad11ea13c50007 |
| SHA1 | 1b7076273f73c64544d12a1eda716bcc0ea7dfb6 |
| SHA256 | 1cfa6ba2ac884f0f45138d75e94238b3d67d9f087c0e446c4c2d70f81f982812 |
| SHA512 | 2cac567f6ffc6a5b0806b1a12f9ec06a67abd4b0e4abb2e63971c9c9e62739ad35769f0fe529b99c9b7214607f3f6f5f4a3d48f1865685baf03c0ab23ac73e3a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js
| MD5 | a0f3b5158d81b2fbd74906f2c8a28408 |
| SHA1 | 873b71782d6fefa44e83390c2e53dfee65679de8 |
| SHA256 | fe1134ded02e45289066899f8ee271051db6fcbbffa84ac9ec2b8f6b6a752760 |
| SHA512 | fe86d6d76bb24fd3d9f66b14f6ef2ce94e02beb67e9620431b339b2c5cc3a3be83fa2d9150dc896302a79544c1b12dad745610aa1525d0aa9196c836f44b3939 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js
| MD5 | d0cda7e9dbb12d9b1b25d7ca3678c415 |
| SHA1 | 388d140b3483147350ee67d3c4931b5cb6d42914 |
| SHA256 | 821d3d621eacb282de31fc9cff678c61c799f4b49fd5d6f610a44917cfce2c76 |
| SHA512 | e116245fff546490025cdd2da22afe22e60a6be6bf6412604cd503dce3805dda45e05b010d51eb4eceae333ce6f6531dc77d08a764cbe6a01bb3474f2b676f8e |
Analysis: behavioral31
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:30
Platform
debian9-mipsbe-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:29
Platform
debian9-mipsel-20240729-en
Max time kernel
4294946s
Command Line
Signatures
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:29
Platform
win7-20240704-en
Max time kernel
26s
Max time network
36s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Era\locales\de.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\kn.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\v8_context_snapshot.bin | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\ko.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\ru.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\cs.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\id.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\pt-PT.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\sk.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app-update.yml | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli.exe | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\icudtl.dat | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\hi.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\sl.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\th.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\uk.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\vk_swiftshader.dll | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\af.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\Era.exe | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\LICENSE.electron.txt | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\ro.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\sr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\te.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\d3dcompiler_47.dll | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\ffmpeg.dll | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\ar.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\es-419.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\fa.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\sw.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\zh-CN.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\vulkan-1.dll | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\fr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\gu.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\lv.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\vi.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\chrome_200_percent.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\snapshot_blob.bin | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\binaries\FortniteLauncher.exe | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\el.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\hu.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\pt-BR.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\bg.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\et.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\ml.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\nb.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\am.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\bn.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\tr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\chrome_100_percent.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\vk_swiftshader_icd.json | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\da.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\en-GB.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\en-US.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe
"C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe"
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\nstAD50.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nstAD50.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\nstAD50.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
\Users\Admin\AppData\Local\Temp\nstAD50.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
\Users\Admin\AppData\Local\Temp\nstAD50.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\chrome_100_percent.pak
| MD5 | 8626e1d68e87f86c5b4dabdf66591913 |
| SHA1 | 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c |
| SHA256 | 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59 |
| SHA512 | 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\chrome_200_percent.pak
| MD5 | 48515d600258d60019c6b9c6421f79f6 |
| SHA1 | 0ef0b44641d38327a360aa6954b3b6e5aab2af16 |
| SHA256 | 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce |
| SHA512 | b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\ffmpeg.dll
| MD5 | d49e7a8f096ad4722bd0f6963e0efc08 |
| SHA1 | 6835f12391023c0c7e3c8cc37b0496e3a93a5985 |
| SHA256 | f11576bf7ffbc3669d1a5364378f35a1ed0811b7831528b6c4c55b0cdc7dc014 |
| SHA512 | ca50c28d6aac75f749ed62eec8acbb53317f6bdcef8794759af3fad861446de5b7fa31622ce67a347949abb1098eccb32689b4f1c54458a125bc46574ad51575 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\icudtl.dat
| MD5 | adfd2a259608207f256aeadb48635645 |
| SHA1 | 300bb0ae3d6b6514fb144788643d260b602ac6a4 |
| SHA256 | 7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050 |
| SHA512 | 8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\libEGL.dll
| MD5 | 09134e6b407083baaedf9a8c0bce68f2 |
| SHA1 | 8847344cceeab35c1cdf8637af9bd59671b4e97d |
| SHA256 | d2107ba0f4e28e35b22837c3982e53784d15348795b399ad6292d0f727986577 |
| SHA512 | 6ff3adcb8be48d0b505a3c44e6550d30a8feaf4aa108982a7992ed1820c06f49e0ad48d9bd92685fb82783dfd643629bd1fe4073300b61346b63320cbdb051ba |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\libGLESv2.dll
| MD5 | a5f1921e6dcde9eaf42e2ccc82b3d353 |
| SHA1 | 1f6f4df99ae475acec4a7d3910badb26c15919d1 |
| SHA256 | 50c4dc73d69b6c0189eab56d27470ee15f99bbbc12bfd87ebe9963a7f9ba404e |
| SHA512 | 0c24ae7d75404adf8682868d0ebf05f02bbf603f7ddd177cf2af5726802d0a5afcf539dc5d68e10dab3fcfba58903871c9c81054560cf08799af1cc88f33c702 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\LICENSES.chromium.html
| MD5 | 180f8acc70405077badc751453d13625 |
| SHA1 | 35dc54acad60a98aeec47c7ade3e6a8c81f06883 |
| SHA256 | 0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c |
| SHA512 | 40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources.pak
| MD5 | 7971a016aed2fb453c87eb1b8e3f5eb2 |
| SHA1 | 92b91e352be8209fadcf081134334dea147e23b8 |
| SHA256 | 9cfd5d29cde3de2f042e5e1da629743a7c95c1211e1b0b001e4eebc0f0741e06 |
| SHA512 | 42082ac0c033655f2edae876425a320d96cdaee6423b85449032c63fc0f7d30914aa3531e65428451c07912265b85f5fee2ed0bbdb362994d3a1fa7b14186013 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\snapshot_blob.bin
| MD5 | 8fef5a96dbcc46887c3ff392cbdb1b48 |
| SHA1 | ed592d75222b7828b7b7aab97b83516f60772351 |
| SHA256 | 4de0f720c416776423add7ada621da95d0d188d574f08e36e822ad10d85c3ece |
| SHA512 | e52c7820c69863ecc1e3b552b7f20da2ad5492b52cac97502152ebff45e7a45b00e6925679fd7477cdc79c68b081d6572eeed7aed773416d42c9200accc7230e |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\vk_swiftshader.dll
| MD5 | a0845e0774702da9550222ab1b4fded7 |
| SHA1 | 65d5bd6c64090f0774fd0a4c9b215a868b48e19b |
| SHA256 | 6150a413ebe00f92f38737bdccf493d19921ef6329fcd48e53de9dbde4780810 |
| SHA512 | 4be0cb1e3c942a1695bae7b45d21c5f70e407132ecc65efb5b085a50cdab3c33c26e90bd7c86198ec40fb2b18d026474b6c649776a3ca2ca5bff6f922de2319b |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\v8_context_snapshot.bin
| MD5 | a373d83d4c43ba957693ad57172a251b |
| SHA1 | 8e0fdb714df2f4cb058beb46c06aa78f77e5ff86 |
| SHA256 | 43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c |
| SHA512 | 07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\vulkan-1.dll
| MD5 | 0e4e0f481b261ea59f196e5076025f77 |
| SHA1 | c73c1f33b5b42e9d67d819226db69e60d2262d7b |
| SHA256 | f681844896c084d2140ac210a974d8db099138fe75edb4df80e233d4b287196a |
| SHA512 | e6127d778ec73acbeb182d42e5cf36c8da76448fbdab49971de88ec4eb13ce63140a2a83fc3a1b116e41f87508ff546c0d7c042b8f4cdd9e07963801f3156ba2 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\binaries\FortniteLauncher.exe
| MD5 | aeaa6f47b71614437c0d47828da005ca |
| SHA1 | f9d016d3817ebbc28556967b8b8c05d120acbc58 |
| SHA256 | 31eb3c804c7a248fe505d948ad9b3891b6b6f9210bd84aaf0eb716478c490b66 |
| SHA512 | 6785eb5ae5d6d78a9c2f004ba5c91dd6603fd8efb39cb50f4bc3ac16d7377fb1317ba12658b63d575c17de04696b88c09c8a812340c4c40394196dab99d41a60 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\binaries\go_build_gemd_src.exe
| MD5 | 1b63c2c1b0846c63730e747eea7842eb |
| SHA1 | 3f72c48db65891dfa656dc4842a76f912ddc7c83 |
| SHA256 | 0c86799d4895e3fac3ee0b8746a3f2bc44f811191df9753bf3b12f95b15651b0 |
| SHA512 | 96ae86c1deada543c0d2a0ea7e04d66a390c9b0f72b9361e25ded3eb598fda0d215ef516ddcbd7d508a90c09fa02d6db2ac531f537f4a8fcab76af885a7e8bae |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\am.pak
| MD5 | 2c933f084d960f8094e24bee73fa826c |
| SHA1 | 91dfddc2cff764275872149d454a8397a1a20ab1 |
| SHA256 | fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450 |
| SHA512 | 3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\bg.pak
| MD5 | 38bcabb6a0072b3a5f8b86b693eb545d |
| SHA1 | d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89 |
| SHA256 | 898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1 |
| SHA512 | 002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\cs.pak
| MD5 | eeee212072ea6589660c9eb216855318 |
| SHA1 | d50f9e6ca528725ced8ac186072174b99b48ea05 |
| SHA256 | de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43 |
| SHA512 | ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\da.pak
| MD5 | e7ba94c827c2b04e925a76cb5bdd262c |
| SHA1 | abba6c7fcec8b6c396a6374331993c8502c80f91 |
| SHA256 | d8da7ab28992c8299484bc116641e19b448c20adf6a8b187383e2dba5cd29a0b |
| SHA512 | 1f44fce789cf41fd62f4d387b7b8c9d80f1e391edd2c8c901714dd0a6e3af32266e9d3c915c15ad47c95ece4c7d627aa7339f33eea838d1af9901e48edb0187e |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\en-GB.pak
| MD5 | 825ed4c70c942939ffb94e77a4593903 |
| SHA1 | 7a3faee9bf4c915b0f116cb90cec961dda770468 |
| SHA256 | e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16 |
| SHA512 | 41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\es.pak
| MD5 | 04a9ba7316dc81766098e238a667de87 |
| SHA1 | 24d7eb4388ecdfecada59c6a791c754181d114de |
| SHA256 | 7fa148369c64bc59c2832d617357879b095357fe970bab9e0042175c9ba7cb03 |
| SHA512 | 650856b6187df41a50f9bed29681c19b4502de6af8177b47bad0bf12e86a25e92aa728311310c28041a18e4d9f48ef66d5ad5d977b6662c44b49bfd1da84522b |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\fil.pak
| MD5 | d7df2ea381f37d6c92e4f18290c6ffe0 |
| SHA1 | 7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4 |
| SHA256 | db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a |
| SHA512 | 96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\hr.pak
| MD5 | 255f808210dbf995446d10ff436e0946 |
| SHA1 | 1785d3293595f0b13648fb28aec6936c48ea3111 |
| SHA256 | 4df972b7f6d81aa7bdc39e2441310a37f746ae5015146b4e434a878d1244375b |
| SHA512 | 8b1a4d487b0782055717b718d58cd21e815b874e2686cdfd2087876b70ae75f9182f783c70bf747cf4ca17a3afc68517a9db4c99449fa09bef658b5e68087f2a |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\lv.pak
| MD5 | a8cbd741a764f40b16afea275f240e7e |
| SHA1 | 317d30bbad8fd0c30de383998ea5be4eec0bb246 |
| SHA256 | a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086 |
| SHA512 | 3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\pt-BR.pak
| MD5 | 8e931ffbded8933891fb27d2cca7f37d |
| SHA1 | ab0a49b86079d3e0eb9b684ca36eb98d1d1fd473 |
| SHA256 | 6632bd12f04a5385012b5cdebe8c0dad4a06750dc91c974264d8fe60e8b6951d |
| SHA512 | cf0f6485a65c13cf5ddd6457d34cdea222708b0bb5ca57034ed2c4900fd22765385547af2e2391e78f02dcf00b7a2b3ac42a3509dd4237581cfb87b8f389e48d |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\ru.pak
| MD5 | 2885bde990ee3b30f2c54a4067421b68 |
| SHA1 | ae16c4d534b120fdd68d33c091a0ec89fd58793f |
| SHA256 | 9fcda0d1fab7fff7e2f27980de8d94ff31e14287f58bd5d35929de5dd9cbcdca |
| SHA512 | f7781f5c07fbf128399b88245f35055964ff0cde1cc6b35563abc64f520971ce9916827097ca18855b46ec6397639f5416a6e8386a9390afba4332d47d21693f |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\zh-TW.pak
| MD5 | 2456bf42275f15e016689da166df9008 |
| SHA1 | 70f7de47e585dfea3f5597b5bba1f436510decd7 |
| SHA256 | adf8df051b55507e5a79fa47ae88c7f38707d02dfac0cc4a3a7e8e17b58c6479 |
| SHA512 | 7e622afa15c70785aaf7c19604d281efe0984f621d6599058c97c19d3c0379b2ee2e03b3a7ec597040a4eee250a782d7ec55c335274dd7db7c7ca97ddcfd378a |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app-update.yml
| MD5 | 041e86a1223437c8e992b0325360a258 |
| SHA1 | 02ce2334540fcf6926c8e4e5df7dc97a89663e82 |
| SHA256 | 806b74c32a3894f6f8581eca0aec51a7685e67af4b0e226d074a344cb08af391 |
| SHA512 | d87bb066cde286bc0dc1cbb7451b9d0863c0ff24cd6fa28e0c6c593d0c99dc3f08c4591b99278ea021692f7a910e087e331725b1e287ab610b3c31aacd8ba395 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\zh-CN.pak
| MD5 | 82326e465e3015c64ca1db77dc6a56bc |
| SHA1 | e8abe12a8dd2cc741b9637fa8f0e646043bbfe3d |
| SHA256 | 6655fd9dcdfaf2abf814ffb6c524d67495aed4d923a69924c65abeab30bc74fb |
| SHA512 | 4989789c0b2439666dda4c4f959dffc0ddcb77595b1f817c13a95ed97619c270151597160320b3f2327a7daffc8b521b68878f9e5e5fb3870eb0c43619060407 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\vi.pak
| MD5 | db0eb3183007de5aae10f934fffacc59 |
| SHA1 | e9ea7aeffe2b3f5cf75ab78630da342c6f8b7fd9 |
| SHA256 | ddabb225b671b989789e9c2ccd1b5a8f22141a7d9364d4e6ee9b8648305e7897 |
| SHA512 | 703efd12fcace8172c873006161712de1919572c58d98b11de7834c5628444229f5143d231c41da5b9cf729e32de58dee3603cb3d18c6cdd94aa9aa36fbf5de0 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli.exe
| MD5 | 4c1bbccaec3f88e00c176e49b3ea9742 |
| SHA1 | eea00e776e5979ae8e650ee9ddf3d4d4e93ff2ef |
| SHA256 | 299e9f3632bd8278384e60f7384279ccb394ca532515448f44e089a3fb119f1c |
| SHA512 | 3c82f9f06be9bdbdb6fc94709d6c582641b2bd1ba1987c0b42a8d5c653fc32c006873c8f236b45c62970b3abe6a8b5f9faa1a57c0c85d52fdc94ecf1bd21abd6 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\build-in-docker.sh
| MD5 | 94b0fc212af523b8bfcd6c2aa5a5ab2a |
| SHA1 | cc0cb35f7ce729f7affe6b2c463e57966515e476 |
| SHA256 | abaa92d196f6752f184b83b19aedd9b1e28d328e6817de213f61fbd108351e16 |
| SHA512 | af0a2174e0304fdaa56ddae249049c142450ad4a0a9c8975548f61aa2bc356837b1d7ed441108156af32c979da5647bd0233a49db700ff0bbf528f9fa2c862e6 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js
| MD5 | d060ac623857ad5ca08e3a944768925a |
| SHA1 | 26fe78c92f55f9529ffa2b71da403873da29313f |
| SHA256 | 8d4bd4c779e177724aa7bf98e768e50ce8b2950ef5bf39fa08033057b400888b |
| SHA512 | ae1b42d7e5c5d60f935bcd08417d4d9055d71bfb80653281e990a687353592731a7c4423655fbb988728152846aa56a5f180335d254885338bf6c96ef2a8357a |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\wheels
| MD5 | 6fec563925ecab8b6a98c3f38655236d |
| SHA1 | 9ad08eb80167574de6373d871cfff5511d2554cf |
| SHA256 | 6fa0613c1edb0c6b26baac0b759bf756f389a11e0ec0e64904cffb26ef8dc016 |
| SHA512 | 850a5285519965fe26ab0da2ae62d380648acb723d879e2ab770124e4146ce0a6d03f089e28af20604dd3e00913169f82ac568a1741014e0bc5ee7b2c583888d |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js
| MD5 | c63a1659a645a5095524923081813d51 |
| SHA1 | 1d97d7ccb0804b7a15f0593c87990ab0da4b6887 |
| SHA256 | 644476fd66a507adc49582e7371c87e4cacc3c7840c23fe920da2a09f05db08a |
| SHA512 | ae452613a1dc728428ed2e596d7fbb041e00a8aa300aaada289fd454f71267569fa548fa7c7217134572decab12e56f4aadd4853c96ef705ccba2dcb377018cb |
memory/2344-701-0x0000000002950000-0x0000000002952000-memory.dmp
\Users\Admin\AppData\Local\Temp\nstAD50.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js
| MD5 | 1ffedd383c8097dd628411836505787e |
| SHA1 | 969306e8127b354f35f4c870f2da7b4034d4197b |
| SHA256 | df3b6ca3fff442454ffee98e8e4db5e3fe0d82ff19a49216cd238fa9282cb30a |
| SHA512 | 1392958e5a9c2e0c6df617c48547f5fdae32960bfb55953528ee345e06e1ae191ca4001a618233adeab27e16de5ecd203c405e8b4fa7f3a739cd3d2c4a1e9ed2 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh
| MD5 | 2ff8e17ece2c70eff9efdb2b1a524555 |
| SHA1 | d61c93df38f70f2244817c688a140224c9a99af9 |
| SHA256 | f07b481f34e732e74abe6402023f8b84f61281626ad6e25062a20fa8fd80ece4 |
| SHA512 | 0f847fd2b05bd4627a56b452f065e878005b6307bc101663297afb5f45c24d965ddc48ea4818c34ab35bde06f5a7711cf29fb9182c8ed9cf34e17d6434c487ee |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js
| MD5 | f42c24cde0162b93624df51f4e2abfab |
| SHA1 | f819638944878ac4cb49438d8599d3fbd9081949 |
| SHA256 | 3f2316e7fb20e82df9a8b08d6169a622a89808742806adee2e4d89885962357d |
| SHA512 | 67258cbaf9f46f1609cec9b87b7a577f855cde9c8efafa3d835a0d18fb3903fcc4733489bf81447cdf2c0a55701d569a75f11a81865dab8f624b722e76b7c674 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js
| MD5 | e8282413c1895eaff49de6dd9b71ab13 |
| SHA1 | 4e058f522a46e20bbd26f15a6922390ec2c1da36 |
| SHA256 | d6a28994173c1c36476121f8b0e3633e01ecd0589289901fba34fe218293443d |
| SHA512 | 301d2a6ae958e1ba936cae6f555a587ad87567055f4709d4676a3ef5b1a3112cb338b8a9e744c24cbfa784f00f13a1118ad48fd4f6bb060c5608e4ddc8779389 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js
| MD5 | 1d26f69361e75ca5cd2eac5f99249c72 |
| SHA1 | 787d51c708ce15b2c533a180a2bf639648bc40eb |
| SHA256 | d7d63601d3347efc93425f4f93049cfb9ed2b9ead1dce662c9c1bed3cba302e0 |
| SHA512 | 7350774074462d33ac9f2e130829306af08a6693fd597f40c39bfb194684f66d965cd23c10de5fc4389e4a2ffe84db727aad23dd683a805ae4825f10026cb040 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js
| MD5 | 50c3a734036b84685a15d56217207d67 |
| SHA1 | 1893de2684072a3a2961337fa9a9b45a52c52c0a |
| SHA256 | 171990f108cd5582f83432c1569f2c3e1aebfbfb159599f4ff2ab693c20a8f78 |
| SHA512 | 3aa037d12cee7cbf51826fb3e2aa87b4543dd62f5ff5f2f8915128061c07472304601766bddf949647c5ca92e8ee768a77139bbe91bdfaaae99dea4405168ea9 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js
| MD5 | c29ad60a23d5406728a51afa4352b4c7 |
| SHA1 | 2be817215890f5868717765570ce9f7422735c4e |
| SHA256 | faa867204c92db252271c9d850962ae1ff5c9448444ca907af483a6c874a6eb0 |
| SHA512 | e1784b8bf7119bf3380b192f1597cb3179425ff7ab347b144011fd17b62794760e6e092a0a1dae99302eb6c333f1638440df4e4e0eaf64f26d4f3cc46a74d04a |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli
| MD5 | b7c89ec5dfb8b15555f32a3bef6c3103 |
| SHA1 | a92048052f5fc0af532cd97ebf82c1a9fbf12342 |
| SHA256 | 7c5c97aaee075241bdc4fbc610b356445747e962ac3d986c5016acefd66a6ea0 |
| SHA512 | c47baa0e0896684403760a13cfa6dd5826152ec7ae83f783040d186eaca8af70bc97530bbb22b720d7482a4ad18c3959ab1af8ccfe3689b19a51955e777884e8 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json
| MD5 | 49f7deab5d526f6f79d8fd80be29c97e |
| SHA1 | e6ef40032a68a979454d30e9a483a1043367a90e |
| SHA256 | 3fe1b2bd4e7ed12e73c5717dc162f9086a4b349528042c4313610573530c6992 |
| SHA512 | 053d4996c3376aa0fbee16be84d0a7f86b043ee1928dfe81e5b8db1686ac5e42db26b13ecd168a86f7315e8c208549b68f1ee3b64df3c12426eeda73c4efcdbe |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE
| MD5 | c2710cd00242ca7d7bef0fc98dbbc7f8 |
| SHA1 | ba49c34590b171487fd5e383ca28632f551865e5 |
| SHA256 | 9503def7b54ceb6e3cd182fd59bc05d3a30d7eae481e65aaba4b495133c83c14 |
| SHA512 | 1b8fed37b379cfaac4e67e4ae0d0ae1c7e8fdd5178f1e9a289b646c5adb016c68cdcd743266fca87bd37bffc0951e0b9ecba8a57f0600a7dcd5cb52cd783637f |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt
| MD5 | 1dcfcfdd8cce3e3b0fa697af106e4075 |
| SHA1 | f9261519f777790f7cd50c91e389d0e6589bd92a |
| SHA256 | 1357dc0a2f6ae355ab59b409c94cf635b7ed849a3bcb60e95b7132cbfd297324 |
| SHA512 | 751ac3545299650e783daf0a45823660ce0b3f6dd7d722d303b9a801b02db61f7bb3a5129f4481294f2201fb5ad4e7bb1b2ab9a2d993ebde8a0d985f08ce34a2 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\ur.pak
| MD5 | 1ca4fa13bd0089d65da7cd2376feb4c6 |
| SHA1 | b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c |
| SHA256 | 3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f |
| SHA512 | d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\uk.pak
| MD5 | 361a0e1f665b9082a457d36209b92a25 |
| SHA1 | 3c89e1b70b51820bb6baa64365c64da6a9898e2f |
| SHA256 | bd02966f6c6258b66eae7ff014710925e53fe26e8254d7db4e9147266025cc3a |
| SHA512 | d4d25fc58053f8cce4c073846706dc1ecbc0dc19308ba35501e19676f3e7ed855d7b57ae22a5637f81cefc1aa032bf8770d0737df1924f3504813349387c08cf |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\tr.pak
| MD5 | 5ff2e5c95067a339e3d6b8985156ec1f |
| SHA1 | 7525b25c7b07f54b63b6459a0d8c8c720bd8a398 |
| SHA256 | 14a131ba318274cf10de533a19776db288f08a294cf7e564b7769fd41c7f2582 |
| SHA512 | 2414386df8d7ab75dcbd6ca2b9ae62ba8e953ddb8cd8661a9f984eb5e573637740c7a79050b2b303af3d5b1d4d1bb21dc658283638718fdd04fc6e5891949d1b |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\th.pak
| MD5 | a32ba63feeed9b91f6d6800b51e5aeae |
| SHA1 | 2fbf6783996e8315a4fb94b7d859564350ee5918 |
| SHA256 | e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6 |
| SHA512 | adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\te.pak
| MD5 | a17f16d7a038b0fa3a87d7b1b8095766 |
| SHA1 | b2f845e52b32c513e6565248f91901ab6874e117 |
| SHA256 | d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e |
| SHA512 | 371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\ta.pak
| MD5 | 18ec8ff3c0701a6a8c48f341d368bab5 |
| SHA1 | 8bff8aee26b990cf739a29f83efdf883817e59d8 |
| SHA256 | 052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9 |
| SHA512 | a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\sw.pak
| MD5 | 67a443a5c2eaad32625edb5f8deb7852 |
| SHA1 | a6137841e8e7736c5ede1d0dc0ce3a44dc41013f |
| SHA256 | 41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd |
| SHA512 | e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\sv.pak
| MD5 | 272f8a8b517c7283eab83ba6993eea63 |
| SHA1 | ad4175331b948bd4f1f323a4938863472d9b700c |
| SHA256 | d15b46bc9b5e31449b11251df19cd2ba4920c759bd6d4fa8ca93fd3361fdd968 |
| SHA512 | 3a0930b7f228a779f727ebfb6ae8820ab5cc2c9e04c986bce7b0f49f9bf124f349248ecdf108edf8870f96b06d58dea93a3e0e2f2da90537632f2109e1aa65f0 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\sr.pak
| MD5 | c68c235d8e696c098cf66191e648196b |
| SHA1 | 5c967fbbd90403a755d6c4b2411e359884dc8317 |
| SHA256 | ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b |
| SHA512 | 34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\sl.pak
| MD5 | ca763e801de642e4d68510900ff6fabb |
| SHA1 | c32a871831ce486514f621b3ab09387548ee1cff |
| SHA256 | 340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de |
| SHA512 | e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\sk.pak
| MD5 | b7e97cc98b104053e5f1d6a671c703b7 |
| SHA1 | 0f7293f1744ae2cd858eb3431ee016641478ae7d |
| SHA256 | b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f |
| SHA512 | ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\ro.pak
| MD5 | d2758f6adbaeea7cd5d95f4ad6dde954 |
| SHA1 | d7476db23d8b0e11bbabf6a59fde7609586bdc8a |
| SHA256 | 2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c |
| SHA512 | 8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\pt-PT.pak
| MD5 | b4954b064e3f6a9ba546dda5fa625927 |
| SHA1 | 584686c6026518932991f7de611e2266d8523f9d |
| SHA256 | ee1e014550b85e3d18fb5128984a713d9f6de2258001b50ddd18391e7307b4a1 |
| SHA512 | cb3b465b311f83b972eca1c66862b2c5d6ea6ac15282e0094aea455123ddf32e85df24a94a0aedbe1b925ff3ed005ba1e00d5ee820676d7a5a366153ade90ef7 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\pl.pak
| MD5 | f1d48a7dcd4880a27e39b7561b6eb0ab |
| SHA1 | 353c3ba213cd2e1f7423c6ba857a8d8be40d8302 |
| SHA256 | 2593c8b59849fbc690cbd513f06685ea3292cd0187fcf6b9069cbf3c9b0e8a85 |
| SHA512 | 132da2d3c1a4dad5ccb399b107d7b6d9203a4b264ef8a65add11c5e8c75859115443e1c65ece2e690c046a82687829f54ec855f99d4843f859ab1dd7c71f35a5 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\nl.pak
| MD5 | 0f04bac280035fab018f634bcb5f53ae |
| SHA1 | 4cad76eaecd924b12013e98c3a0e99b192be8936 |
| SHA256 | be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b |
| SHA512 | 1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\nb.pak
| MD5 | 55d5ad4eacb12824cfcd89470664c856 |
| SHA1 | f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673 |
| SHA256 | 4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261 |
| SHA512 | 555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\ms.pak
| MD5 | aee105366a1870b9d10f0f897e9295db |
| SHA1 | eee9d789a8eeafe593ce77a7c554f92a26a2296f |
| SHA256 | c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939 |
| SHA512 | 240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\mr.pak
| MD5 | 2cf9f07ddf7a3a70a48e8b524a5aed43 |
| SHA1 | 974c1a01f651092f78d2d20553c3462267ddf4e9 |
| SHA256 | 23058c0f71d9e40f927775d980524d866f70322e0ef215aa5748c239707451e7 |
| SHA512 | 0b21570deefa41defc3c25c57b3171635bcb5593761d48a8116888ce8be34c1499ff79c7a3ebbe13b5a565c90027d294c6835e92e6254d582a86750640fe90f2 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\ml.pak
| MD5 | 1c81104ac2cbf7f7739af62eb77d20d5 |
| SHA1 | 0f0d564f1860302f171356ea35b3a6306c051c10 |
| SHA256 | 66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108 |
| SHA512 | 969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\lt.pak
| MD5 | 64b08ffc40a605fe74ecc24c3024ee3b |
| SHA1 | 516296e8a3114ddbf77601a11faf4326a47975ab |
| SHA256 | 8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e |
| SHA512 | 05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\ko.pak
| MD5 | d6194fc52e962534b360558061de2a25 |
| SHA1 | 98ed833f8c4beac685e55317c452249579610ff8 |
| SHA256 | 1a5884bd6665b2f404b7328de013522ee7c41130e57a53038fc991ec38290d21 |
| SHA512 | 5207a07426c6ceb78f0504613b6d2b8dadf9f31378e67a61091f16d72287adbc7768d1b7f2a923369197e732426d15a872c091cf88680686581d48a7f94988ab |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\kn.pak
| MD5 | caab4deb1c40507848f9610d849834cf |
| SHA1 | 1bc87ff70817ba1e1fdd1b5cb961213418680cbe |
| SHA256 | 7a34483e6272f9b8881f0f5a725b477540166561c75b9e7ab627815d4be1a8a4 |
| SHA512 | dc4b63e5a037479bb831b0771aec0fe6eb016723bcd920b41ab87ef11505626632877073ce4e5e0755510fe19ba134a7b5899332ecef854008b15639f915860c |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\ja.pak
| MD5 | 38cd3ef9b7dff9efbbe086fa39541333 |
| SHA1 | 321ef69a298d2f9830c14140b0b3b0b50bd95cb0 |
| SHA256 | d8fab5714dafecb89b3e5fce4c4d75d2b72893e685e148e9b60f7c096e5b3337 |
| SHA512 | 40785871032b222a758f29e0c6ec696fbe0f6f5f3274cc80085961621bec68d7e0fb47c764649c4dd0c27c6ee02460407775fae9d3a2a8a59362d25a39266ce0 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\it.pak
| MD5 | 745f16ca860ee751f70517c299c4ab0e |
| SHA1 | 54d933ad839c961dd63a47c92a5b935eef208119 |
| SHA256 | 10e65f42ce01ba19ebf4b074e8b2456213234482eadf443dfad6105faf6cde4c |
| SHA512 | 238343d6c80b82ae900f5abf4347e542c9ea016d75fb787b93e41e3c9c471ab33f6b4584387e5ee76950424e25486dd74b9901e7f72876960c0916c8b9cee9a6 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\id.pak
| MD5 | b6fcd5160a3a1ae1f65b0540347a13f2 |
| SHA1 | 4cf37346318efb67908bba7380dbad30229c4d3d |
| SHA256 | 7fd715914e3b0cf2048d4429f3236e0660d5bd5e61623c8fef9b8e474c2ac313 |
| SHA512 | a8b4a96e8f9a528b2df3bd1251b72ab14feccf491dd254a7c6ecba831dfaba328adb0fd0b4acddb89584f58f94b123e97caa420f9d7b34131cc51bdbdbf3ed73 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\hu.pak
| MD5 | 2aa0a175df21583a68176742400c6508 |
| SHA1 | 3c25ba31c2b698e0c88e7d01b2cc241f0916e79a |
| SHA256 | b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72 |
| SHA512 | 03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\hi.pak
| MD5 | b5dfce8e3ba0aec2721cc1692b0ad698 |
| SHA1 | c5d6fa21a9ba3d526f3e998e3f627afb8d1eecf3 |
| SHA256 | b1c7fb6909c8a416b513d6de21eea0b5a6b13c7f0a94cabd0d9154b5834a5e8b |
| SHA512 | facf0a9b81af6bb35d0fc5e69809d5c986a2c91a166e507784bdad115644b96697fe504b8d70d9bbb06f0c558f746c085d37e385eef41f0a1c29729d3d97980f |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\he.pak
| MD5 | fc84ea7dc7b9408d1eea11beeb72b296 |
| SHA1 | de9118194952c2d9f614f8e0868fb273ddfac255 |
| SHA256 | 15951767dafa7bdbedac803d842686820de9c6df478416f34c476209b19d2d8c |
| SHA512 | 49d13976dddb6a58c6fdcd9588e243d705d99dc1325c1d9e411a1d68d8ee47314dfcb661d36e2c4963c249a1542f95715f658427810afcabdf9253aa27eb3b24 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\gu.pak
| MD5 | 308619d65b677d99f48b74ccfe060567 |
| SHA1 | 9f834df93fd48f4fb4ca30c4058e23288cf7d35e |
| SHA256 | e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4 |
| SHA512 | 3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\fr.pak
| MD5 | 3ee48a860ecf45bafa63c9284dfd63e2 |
| SHA1 | 1cb51d14964f4dced8dea883bf9c4b84a78f8eb6 |
| SHA256 | 1923e0edf1ef6935a4a718e3e2fc9a0a541ea0b4f3b27553802308f9fd4fc807 |
| SHA512 | eb6105faca13c191fef0c51c651a406b1da66326bb5705615770135d834e58dee9bed82aa36f2dfb0fe020e695c192c224ec76bb5c21a1c716e5f26dfe02f763 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\fi.pak
| MD5 | 21e534869b90411b4f9ea9120ffb71c8 |
| SHA1 | cc91ffbd19157189e44172392b2752c5f73984c5 |
| SHA256 | 2d337924139ffe77804d2742eda8e58d4e548e65349f827840368e43d567810b |
| SHA512 | 3ca3c0adaf743f92277452b7bd82db4cf3f347de5568a20379d8c9364ff122713befd547fbd3096505ec293ae6771ada4cd3dadac93cc686129b9e5aacf363bd |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\fa.pak
| MD5 | 2e37fd4e23a1707a1eccea3264508dff |
| SHA1 | e00e58ed06584b19b18e9d28b1d52dbfc36d70f3 |
| SHA256 | b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e |
| SHA512 | 7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\et.pak
| MD5 | ccc71f88984a7788c8d01add2252d019 |
| SHA1 | 6a87752eac3044792a93599428f31d25debea369 |
| SHA256 | d69489a723b304e305cb1767e6c8da5d5d1d237e50f6ddc76e941dcb01684944 |
| SHA512 | d35ccd639f2c199862e178a9fab768d7db10d5a654bc3bc1fab45d00ceb35a01119a5b4d199e2db3c3576f512b108f4a1df7faf6624d961c0fc4bca5af5f0e07 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\es-419.pak
| MD5 | 7da3e8aa47ba35d014e1d2a32982a5bb |
| SHA1 | 8e35320b16305ad9f16cb0f4c881a89818cd75bb |
| SHA256 | 7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c |
| SHA512 | 1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\en-US.pak
| MD5 | 19d18f8181a4201d542c7195b1e9ff81 |
| SHA1 | 7debd3cf27bbe200c6a90b34adacb7394cb5929c |
| SHA256 | 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb |
| SHA512 | af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\el.pak
| MD5 | e66a75680f21ce281995f37099045714 |
| SHA1 | d553e80658ee1eea5b0912db1ecc4e27b0ed4790 |
| SHA256 | 21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f |
| SHA512 | d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\de.pak
| MD5 | cf22ec11a33be744a61f7de1a1e4514f |
| SHA1 | 73e84848c6d9f1a2abe62020eb8c6797e4c49b36 |
| SHA256 | 7cc213e2c9a2d2e2e463083dd030b86da6bba545d5cee4c04df8f80f9a01a641 |
| SHA512 | c10c8446e3041d7c0195da184a53cfbd58288c06eaf8885546d2d188b59667c270d647fa7259f5ce140ec6400031a7fc060d0f2348ab627485e2207569154495 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\ca.pak
| MD5 | 4cd6b3a91669ddcfcc9eef9b679ab65c |
| SHA1 | 43c41cb00067de68d24f72e0f5c77d3b50b71f83 |
| SHA256 | 56efff228ee3e112357d6121b2256a2c3acd718769c89413de82c9d4305459c6 |
| SHA512 | 699be9962d8aae241abd1d1f35cd8468ffbd6157bcd6bdf2c599d902768351b247baad6145b9826d87271fd4a19744eb11bf7065db7fefb01d66d2f1f39015a9 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\bn.pak
| MD5 | 9340520696e7cb3c2495a78893e50add |
| SHA1 | eed5aeef46131e4c70cd578177c527b656d08586 |
| SHA256 | 1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39 |
| SHA512 | 62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\ar.pak
| MD5 | fdbad4c84ac66ee78a5c8dd16d259c43 |
| SHA1 | 3ce3cd751bb947b19d004bd6916b67e8db5017ac |
| SHA256 | a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b |
| SHA512 | 376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13 |
C:\Users\Admin\AppData\Local\Temp\nstAD50.tmp\7z-out\locales\af.pak
| MD5 | 464e5eeaba5eff8bc93995ba2cb2d73f |
| SHA1 | 3b216e0c5246c874ad0ad7d3e1636384dad2255d |
| SHA256 | 0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1 |
| SHA512 | 726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Program Files\Era\Era.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Program Files\Era\Era.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
| N/A | N/A | C:\Program Files\Era\binaries\FortniteLauncher.exe | N/A |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
| N/A | N/A | C:\Program Files\Era\Era.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Era\locales\ms.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\chrome_100_percent.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\icudtl.dat | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\hu.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File opened for modification | C:\Program Files\Era\binaries | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\pl.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\ja.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\pt-BR.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app-update.yml | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\hi.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\libEGL.dll | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\snapshot_blob.bin | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\ru.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\uk.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\vi.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\chrome_200_percent.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\v8_context_snapshot.bin | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\es.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\ro.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\sl.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\wheels | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\vk_swiftshader_icd.json | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\nb.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\bin | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\sr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\ur.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\el.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\et.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\zh-CN.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\ca.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\kn.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\LICENSE.electron.txt | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File opened for modification | C:\Program Files\Era\locales | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\da.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\fa.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli.exe | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\binaries\FortniteLauncher.exe | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\binaries\go_build_gemd_src.exe | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\hr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\LICENSES.chromium.html | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\ar.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\elevate.exe | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\pt-PT.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\sv.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\tr.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File opened for modification | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\es-419.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| File created | C:\Program Files\Era\locales\it.pak | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Era\Era.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Program Files\Era\Era.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Program Files\Era\Era.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Program Files\Era\Era.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Program Files\Era\Era.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Era\Era.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Era\Era.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\era\shell | C:\Program Files\Era\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\era\shell\open | C:\Program Files\Era\Era.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\era\shell\open\command\ = "\"C:\\Program Files\\Era\\Era.exe\" \"%1\"" | C:\Program Files\Era\Era.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{15F2A3B0-C868-44E5-B413-084453973F66} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\era | C:\Program Files\Era\Era.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\era\URL Protocol | C:\Program Files\Era\Era.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\era\ = "URL:era" | C:\Program Files\Era\Era.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\era\shell\open\command | C:\Program Files\Era\Era.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Era\Era.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe
"C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe"
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe"
C:\Program Files\Era\binaries\FortniteLauncher.exe
"C:\Program Files\Era\binaries\FortniteLauncher.exe"
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1752,i,18296519942719687057,5872262987254245603,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --mojo-platform-channel-handle=1984 --field-trial-handle=1752,i,18296519942719687057,5872262987254245603,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --app-user-model-id="Project Era" --app-path="C:\Program Files\Era\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2416 --field-trial-handle=1752,i,18296519942719687057,5872262987254245603,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed""
C:\Windows\system32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://api-v1-external-service.prod.erafn.app/api/external/auth/discord?client=eyJ2ZXJzaW9uIjoiMS4wLjgwIiwiY2hhbm5lbCI6InN0YWJsZSJ9
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff12a846f8,0x7fff12a84708,0x7fff12a84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9206600141094970032,8175304022560600738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files\Era\Era.exe
"C:\Program Files\Era\Era.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2516 --field-trial-handle=1752,i,18296519942719687057,5872262987254245603,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.erafn.org | udp |
| US | 72.52.178.23:443 | sentry.erafn.org | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api-v1-launcher-service.prod.erafn.app | udp |
| US | 8.8.8.8:53 | api-v1-launcher-service.prod.erafn.app | udp |
| US | 172.67.181.225:443 | api-v1-launcher-service.prod.erafn.app | tcp |
| US | 8.8.8.8:53 | 225.181.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api-v1-external-service.prod.erafn.app | udp |
| US | 104.21.31.253:443 | api-v1-external-service.prod.erafn.app | tcp |
| US | 104.21.31.253:443 | api-v1-external-service.prod.erafn.app | tcp |
| US | 104.21.31.253:443 | api-v1-external-service.prod.erafn.app | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 253.31.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | remote-auth-gateway.discord.gg | udp |
| US | 162.159.130.234:443 | remote-auth-gateway.discord.gg | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Program Files\Era\chrome_100_percent.pak
| MD5 | 8626e1d68e87f86c5b4dabdf66591913 |
| SHA1 | 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c |
| SHA256 | 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59 |
| SHA512 | 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\chrome_200_percent.pak
| MD5 | 48515d600258d60019c6b9c6421f79f6 |
| SHA1 | 0ef0b44641d38327a360aa6954b3b6e5aab2af16 |
| SHA256 | 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce |
| SHA512 | b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\ffmpeg.dll
| MD5 | d49e7a8f096ad4722bd0f6963e0efc08 |
| SHA1 | 6835f12391023c0c7e3c8cc37b0496e3a93a5985 |
| SHA256 | f11576bf7ffbc3669d1a5364378f35a1ed0811b7831528b6c4c55b0cdc7dc014 |
| SHA512 | ca50c28d6aac75f749ed62eec8acbb53317f6bdcef8794759af3fad861446de5b7fa31622ce67a347949abb1098eccb32689b4f1c54458a125bc46574ad51575 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\libGLESv2.dll
| MD5 | a5f1921e6dcde9eaf42e2ccc82b3d353 |
| SHA1 | 1f6f4df99ae475acec4a7d3910badb26c15919d1 |
| SHA256 | 50c4dc73d69b6c0189eab56d27470ee15f99bbbc12bfd87ebe9963a7f9ba404e |
| SHA512 | 0c24ae7d75404adf8682868d0ebf05f02bbf603f7ddd177cf2af5726802d0a5afcf539dc5d68e10dab3fcfba58903871c9c81054560cf08799af1cc88f33c702 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\libEGL.dll
| MD5 | 09134e6b407083baaedf9a8c0bce68f2 |
| SHA1 | 8847344cceeab35c1cdf8637af9bd59671b4e97d |
| SHA256 | d2107ba0f4e28e35b22837c3982e53784d15348795b399ad6292d0f727986577 |
| SHA512 | 6ff3adcb8be48d0b505a3c44e6550d30a8feaf4aa108982a7992ed1820c06f49e0ad48d9bd92685fb82783dfd643629bd1fe4073300b61346b63320cbdb051ba |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\icudtl.dat
| MD5 | adfd2a259608207f256aeadb48635645 |
| SHA1 | 300bb0ae3d6b6514fb144788643d260b602ac6a4 |
| SHA256 | 7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050 |
| SHA512 | 8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\LICENSES.chromium.html
| MD5 | 180f8acc70405077badc751453d13625 |
| SHA1 | 35dc54acad60a98aeec47c7ade3e6a8c81f06883 |
| SHA256 | 0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c |
| SHA512 | 40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources.pak
| MD5 | 7971a016aed2fb453c87eb1b8e3f5eb2 |
| SHA1 | 92b91e352be8209fadcf081134334dea147e23b8 |
| SHA256 | 9cfd5d29cde3de2f042e5e1da629743a7c95c1211e1b0b001e4eebc0f0741e06 |
| SHA512 | 42082ac0c033655f2edae876425a320d96cdaee6423b85449032c63fc0f7d30914aa3531e65428451c07912265b85f5fee2ed0bbdb362994d3a1fa7b14186013 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\snapshot_blob.bin
| MD5 | 8fef5a96dbcc46887c3ff392cbdb1b48 |
| SHA1 | ed592d75222b7828b7b7aab97b83516f60772351 |
| SHA256 | 4de0f720c416776423add7ada621da95d0d188d574f08e36e822ad10d85c3ece |
| SHA512 | e52c7820c69863ecc1e3b552b7f20da2ad5492b52cac97502152ebff45e7a45b00e6925679fd7477cdc79c68b081d6572eeed7aed773416d42c9200accc7230e |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\v8_context_snapshot.bin
| MD5 | a373d83d4c43ba957693ad57172a251b |
| SHA1 | 8e0fdb714df2f4cb058beb46c06aa78f77e5ff86 |
| SHA256 | 43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c |
| SHA512 | 07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\vk_swiftshader.dll
| MD5 | a0845e0774702da9550222ab1b4fded7 |
| SHA1 | 65d5bd6c64090f0774fd0a4c9b215a868b48e19b |
| SHA256 | 6150a413ebe00f92f38737bdccf493d19921ef6329fcd48e53de9dbde4780810 |
| SHA512 | 4be0cb1e3c942a1695bae7b45d21c5f70e407132ecc65efb5b085a50cdab3c33c26e90bd7c86198ec40fb2b18d026474b6c649776a3ca2ca5bff6f922de2319b |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\vulkan-1.dll
| MD5 | 0e4e0f481b261ea59f196e5076025f77 |
| SHA1 | c73c1f33b5b42e9d67d819226db69e60d2262d7b |
| SHA256 | f681844896c084d2140ac210a974d8db099138fe75edb4df80e233d4b287196a |
| SHA512 | e6127d778ec73acbeb182d42e5cf36c8da76448fbdab49971de88ec4eb13ce63140a2a83fc3a1b116e41f87508ff546c0d7c042b8f4cdd9e07963801f3156ba2 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\binaries\FortniteLauncher.exe
| MD5 | aeaa6f47b71614437c0d47828da005ca |
| SHA1 | f9d016d3817ebbc28556967b8b8c05d120acbc58 |
| SHA256 | 31eb3c804c7a248fe505d948ad9b3891b6b6f9210bd84aaf0eb716478c490b66 |
| SHA512 | 6785eb5ae5d6d78a9c2f004ba5c91dd6603fd8efb39cb50f4bc3ac16d7377fb1317ba12658b63d575c17de04696b88c09c8a812340c4c40394196dab99d41a60 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\binaries\go_build_gemd_src.exe
| MD5 | 1b63c2c1b0846c63730e747eea7842eb |
| SHA1 | 3f72c48db65891dfa656dc4842a76f912ddc7c83 |
| SHA256 | 0c86799d4895e3fac3ee0b8746a3f2bc44f811191df9753bf3b12f95b15651b0 |
| SHA512 | 96ae86c1deada543c0d2a0ea7e04d66a390c9b0f72b9361e25ded3eb598fda0d215ef516ddcbd7d508a90c09fa02d6db2ac531f537f4a8fcab76af885a7e8bae |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\af.pak
| MD5 | 464e5eeaba5eff8bc93995ba2cb2d73f |
| SHA1 | 3b216e0c5246c874ad0ad7d3e1636384dad2255d |
| SHA256 | 0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1 |
| SHA512 | 726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\ar.pak
| MD5 | fdbad4c84ac66ee78a5c8dd16d259c43 |
| SHA1 | 3ce3cd751bb947b19d004bd6916b67e8db5017ac |
| SHA256 | a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b |
| SHA512 | 376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\am.pak
| MD5 | 2c933f084d960f8094e24bee73fa826c |
| SHA1 | 91dfddc2cff764275872149d454a8397a1a20ab1 |
| SHA256 | fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450 |
| SHA512 | 3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\cs.pak
| MD5 | eeee212072ea6589660c9eb216855318 |
| SHA1 | d50f9e6ca528725ced8ac186072174b99b48ea05 |
| SHA256 | de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43 |
| SHA512 | ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\da.pak
| MD5 | e7ba94c827c2b04e925a76cb5bdd262c |
| SHA1 | abba6c7fcec8b6c396a6374331993c8502c80f91 |
| SHA256 | d8da7ab28992c8299484bc116641e19b448c20adf6a8b187383e2dba5cd29a0b |
| SHA512 | 1f44fce789cf41fd62f4d387b7b8c9d80f1e391edd2c8c901714dd0a6e3af32266e9d3c915c15ad47c95ece4c7d627aa7339f33eea838d1af9901e48edb0187e |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\en-US.pak
| MD5 | 19d18f8181a4201d542c7195b1e9ff81 |
| SHA1 | 7debd3cf27bbe200c6a90b34adacb7394cb5929c |
| SHA256 | 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb |
| SHA512 | af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\et.pak
| MD5 | ccc71f88984a7788c8d01add2252d019 |
| SHA1 | 6a87752eac3044792a93599428f31d25debea369 |
| SHA256 | d69489a723b304e305cb1767e6c8da5d5d1d237e50f6ddc76e941dcb01684944 |
| SHA512 | d35ccd639f2c199862e178a9fab768d7db10d5a654bc3bc1fab45d00ceb35a01119a5b4d199e2db3c3576f512b108f4a1df7faf6624d961c0fc4bca5af5f0e07 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\es.pak
| MD5 | 04a9ba7316dc81766098e238a667de87 |
| SHA1 | 24d7eb4388ecdfecada59c6a791c754181d114de |
| SHA256 | 7fa148369c64bc59c2832d617357879b095357fe970bab9e0042175c9ba7cb03 |
| SHA512 | 650856b6187df41a50f9bed29681c19b4502de6af8177b47bad0bf12e86a25e92aa728311310c28041a18e4d9f48ef66d5ad5d977b6662c44b49bfd1da84522b |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\fil.pak
| MD5 | d7df2ea381f37d6c92e4f18290c6ffe0 |
| SHA1 | 7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4 |
| SHA256 | db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a |
| SHA512 | 96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\lt.pak
| MD5 | 64b08ffc40a605fe74ecc24c3024ee3b |
| SHA1 | 516296e8a3114ddbf77601a11faf4326a47975ab |
| SHA256 | 8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e |
| SHA512 | 05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\ro.pak
| MD5 | d2758f6adbaeea7cd5d95f4ad6dde954 |
| SHA1 | d7476db23d8b0e11bbabf6a59fde7609586bdc8a |
| SHA256 | 2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c |
| SHA512 | 8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\pt-PT.pak
| MD5 | b4954b064e3f6a9ba546dda5fa625927 |
| SHA1 | 584686c6026518932991f7de611e2266d8523f9d |
| SHA256 | ee1e014550b85e3d18fb5128984a713d9f6de2258001b50ddd18391e7307b4a1 |
| SHA512 | cb3b465b311f83b972eca1c66862b2c5d6ea6ac15282e0094aea455123ddf32e85df24a94a0aedbe1b925ff3ed005ba1e00d5ee820676d7a5a366153ade90ef7 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\pt-BR.pak
| MD5 | 8e931ffbded8933891fb27d2cca7f37d |
| SHA1 | ab0a49b86079d3e0eb9b684ca36eb98d1d1fd473 |
| SHA256 | 6632bd12f04a5385012b5cdebe8c0dad4a06750dc91c974264d8fe60e8b6951d |
| SHA512 | cf0f6485a65c13cf5ddd6457d34cdea222708b0bb5ca57034ed2c4900fd22765385547af2e2391e78f02dcf00b7a2b3ac42a3509dd4237581cfb87b8f389e48d |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\pl.pak
| MD5 | f1d48a7dcd4880a27e39b7561b6eb0ab |
| SHA1 | 353c3ba213cd2e1f7423c6ba857a8d8be40d8302 |
| SHA256 | 2593c8b59849fbc690cbd513f06685ea3292cd0187fcf6b9069cbf3c9b0e8a85 |
| SHA512 | 132da2d3c1a4dad5ccb399b107d7b6d9203a4b264ef8a65add11c5e8c75859115443e1c65ece2e690c046a82687829f54ec855f99d4843f859ab1dd7c71f35a5 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\nl.pak
| MD5 | 0f04bac280035fab018f634bcb5f53ae |
| SHA1 | 4cad76eaecd924b12013e98c3a0e99b192be8936 |
| SHA256 | be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b |
| SHA512 | 1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\nb.pak
| MD5 | 55d5ad4eacb12824cfcd89470664c856 |
| SHA1 | f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673 |
| SHA256 | 4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261 |
| SHA512 | 555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\ms.pak
| MD5 | aee105366a1870b9d10f0f897e9295db |
| SHA1 | eee9d789a8eeafe593ce77a7c554f92a26a2296f |
| SHA256 | c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939 |
| SHA512 | 240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\mr.pak
| MD5 | 2cf9f07ddf7a3a70a48e8b524a5aed43 |
| SHA1 | 974c1a01f651092f78d2d20553c3462267ddf4e9 |
| SHA256 | 23058c0f71d9e40f927775d980524d866f70322e0ef215aa5748c239707451e7 |
| SHA512 | 0b21570deefa41defc3c25c57b3171635bcb5593761d48a8116888ce8be34c1499ff79c7a3ebbe13b5a565c90027d294c6835e92e6254d582a86750640fe90f2 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\ml.pak
| MD5 | 1c81104ac2cbf7f7739af62eb77d20d5 |
| SHA1 | 0f0d564f1860302f171356ea35b3a6306c051c10 |
| SHA256 | 66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108 |
| SHA512 | 969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\lv.pak
| MD5 | a8cbd741a764f40b16afea275f240e7e |
| SHA1 | 317d30bbad8fd0c30de383998ea5be4eec0bb246 |
| SHA256 | a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086 |
| SHA512 | 3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\ko.pak
| MD5 | d6194fc52e962534b360558061de2a25 |
| SHA1 | 98ed833f8c4beac685e55317c452249579610ff8 |
| SHA256 | 1a5884bd6665b2f404b7328de013522ee7c41130e57a53038fc991ec38290d21 |
| SHA512 | 5207a07426c6ceb78f0504613b6d2b8dadf9f31378e67a61091f16d72287adbc7768d1b7f2a923369197e732426d15a872c091cf88680686581d48a7f94988ab |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\kn.pak
| MD5 | caab4deb1c40507848f9610d849834cf |
| SHA1 | 1bc87ff70817ba1e1fdd1b5cb961213418680cbe |
| SHA256 | 7a34483e6272f9b8881f0f5a725b477540166561c75b9e7ab627815d4be1a8a4 |
| SHA512 | dc4b63e5a037479bb831b0771aec0fe6eb016723bcd920b41ab87ef11505626632877073ce4e5e0755510fe19ba134a7b5899332ecef854008b15639f915860c |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\ja.pak
| MD5 | 38cd3ef9b7dff9efbbe086fa39541333 |
| SHA1 | 321ef69a298d2f9830c14140b0b3b0b50bd95cb0 |
| SHA256 | d8fab5714dafecb89b3e5fce4c4d75d2b72893e685e148e9b60f7c096e5b3337 |
| SHA512 | 40785871032b222a758f29e0c6ec696fbe0f6f5f3274cc80085961621bec68d7e0fb47c764649c4dd0c27c6ee02460407775fae9d3a2a8a59362d25a39266ce0 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\it.pak
| MD5 | 745f16ca860ee751f70517c299c4ab0e |
| SHA1 | 54d933ad839c961dd63a47c92a5b935eef208119 |
| SHA256 | 10e65f42ce01ba19ebf4b074e8b2456213234482eadf443dfad6105faf6cde4c |
| SHA512 | 238343d6c80b82ae900f5abf4347e542c9ea016d75fb787b93e41e3c9c471ab33f6b4584387e5ee76950424e25486dd74b9901e7f72876960c0916c8b9cee9a6 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\id.pak
| MD5 | b6fcd5160a3a1ae1f65b0540347a13f2 |
| SHA1 | 4cf37346318efb67908bba7380dbad30229c4d3d |
| SHA256 | 7fd715914e3b0cf2048d4429f3236e0660d5bd5e61623c8fef9b8e474c2ac313 |
| SHA512 | a8b4a96e8f9a528b2df3bd1251b72ab14feccf491dd254a7c6ecba831dfaba328adb0fd0b4acddb89584f58f94b123e97caa420f9d7b34131cc51bdbdbf3ed73 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\hu.pak
| MD5 | 2aa0a175df21583a68176742400c6508 |
| SHA1 | 3c25ba31c2b698e0c88e7d01b2cc241f0916e79a |
| SHA256 | b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72 |
| SHA512 | 03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\hr.pak
| MD5 | 255f808210dbf995446d10ff436e0946 |
| SHA1 | 1785d3293595f0b13648fb28aec6936c48ea3111 |
| SHA256 | 4df972b7f6d81aa7bdc39e2441310a37f746ae5015146b4e434a878d1244375b |
| SHA512 | 8b1a4d487b0782055717b718d58cd21e815b874e2686cdfd2087876b70ae75f9182f783c70bf747cf4ca17a3afc68517a9db4c99449fa09bef658b5e68087f2a |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\hi.pak
| MD5 | b5dfce8e3ba0aec2721cc1692b0ad698 |
| SHA1 | c5d6fa21a9ba3d526f3e998e3f627afb8d1eecf3 |
| SHA256 | b1c7fb6909c8a416b513d6de21eea0b5a6b13c7f0a94cabd0d9154b5834a5e8b |
| SHA512 | facf0a9b81af6bb35d0fc5e69809d5c986a2c91a166e507784bdad115644b96697fe504b8d70d9bbb06f0c558f746c085d37e385eef41f0a1c29729d3d97980f |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\he.pak
| MD5 | fc84ea7dc7b9408d1eea11beeb72b296 |
| SHA1 | de9118194952c2d9f614f8e0868fb273ddfac255 |
| SHA256 | 15951767dafa7bdbedac803d842686820de9c6df478416f34c476209b19d2d8c |
| SHA512 | 49d13976dddb6a58c6fdcd9588e243d705d99dc1325c1d9e411a1d68d8ee47314dfcb661d36e2c4963c249a1542f95715f658427810afcabdf9253aa27eb3b24 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\gu.pak
| MD5 | 308619d65b677d99f48b74ccfe060567 |
| SHA1 | 9f834df93fd48f4fb4ca30c4058e23288cf7d35e |
| SHA256 | e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4 |
| SHA512 | 3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\fr.pak
| MD5 | 3ee48a860ecf45bafa63c9284dfd63e2 |
| SHA1 | 1cb51d14964f4dced8dea883bf9c4b84a78f8eb6 |
| SHA256 | 1923e0edf1ef6935a4a718e3e2fc9a0a541ea0b4f3b27553802308f9fd4fc807 |
| SHA512 | eb6105faca13c191fef0c51c651a406b1da66326bb5705615770135d834e58dee9bed82aa36f2dfb0fe020e695c192c224ec76bb5c21a1c716e5f26dfe02f763 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\fi.pak
| MD5 | 21e534869b90411b4f9ea9120ffb71c8 |
| SHA1 | cc91ffbd19157189e44172392b2752c5f73984c5 |
| SHA256 | 2d337924139ffe77804d2742eda8e58d4e548e65349f827840368e43d567810b |
| SHA512 | 3ca3c0adaf743f92277452b7bd82db4cf3f347de5568a20379d8c9364ff122713befd547fbd3096505ec293ae6771ada4cd3dadac93cc686129b9e5aacf363bd |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\fa.pak
| MD5 | 2e37fd4e23a1707a1eccea3264508dff |
| SHA1 | e00e58ed06584b19b18e9d28b1d52dbfc36d70f3 |
| SHA256 | b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e |
| SHA512 | 7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\es-419.pak
| MD5 | 7da3e8aa47ba35d014e1d2a32982a5bb |
| SHA1 | 8e35320b16305ad9f16cb0f4c881a89818cd75bb |
| SHA256 | 7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c |
| SHA512 | 1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\en-GB.pak
| MD5 | 825ed4c70c942939ffb94e77a4593903 |
| SHA1 | 7a3faee9bf4c915b0f116cb90cec961dda770468 |
| SHA256 | e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16 |
| SHA512 | 41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\el.pak
| MD5 | e66a75680f21ce281995f37099045714 |
| SHA1 | d553e80658ee1eea5b0912db1ecc4e27b0ed4790 |
| SHA256 | 21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f |
| SHA512 | d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\de.pak
| MD5 | cf22ec11a33be744a61f7de1a1e4514f |
| SHA1 | 73e84848c6d9f1a2abe62020eb8c6797e4c49b36 |
| SHA256 | 7cc213e2c9a2d2e2e463083dd030b86da6bba545d5cee4c04df8f80f9a01a641 |
| SHA512 | c10c8446e3041d7c0195da184a53cfbd58288c06eaf8885546d2d188b59667c270d647fa7259f5ce140ec6400031a7fc060d0f2348ab627485e2207569154495 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\ca.pak
| MD5 | 4cd6b3a91669ddcfcc9eef9b679ab65c |
| SHA1 | 43c41cb00067de68d24f72e0f5c77d3b50b71f83 |
| SHA256 | 56efff228ee3e112357d6121b2256a2c3acd718769c89413de82c9d4305459c6 |
| SHA512 | 699be9962d8aae241abd1d1f35cd8468ffbd6157bcd6bdf2c599d902768351b247baad6145b9826d87271fd4a19744eb11bf7065db7fefb01d66d2f1f39015a9 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\ru.pak
| MD5 | 2885bde990ee3b30f2c54a4067421b68 |
| SHA1 | ae16c4d534b120fdd68d33c091a0ec89fd58793f |
| SHA256 | 9fcda0d1fab7fff7e2f27980de8d94ff31e14287f58bd5d35929de5dd9cbcdca |
| SHA512 | f7781f5c07fbf128399b88245f35055964ff0cde1cc6b35563abc64f520971ce9916827097ca18855b46ec6397639f5416a6e8386a9390afba4332d47d21693f |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\sr.pak
| MD5 | c68c235d8e696c098cf66191e648196b |
| SHA1 | 5c967fbbd90403a755d6c4b2411e359884dc8317 |
| SHA256 | ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b |
| SHA512 | 34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\sw.pak
| MD5 | 67a443a5c2eaad32625edb5f8deb7852 |
| SHA1 | a6137841e8e7736c5ede1d0dc0ce3a44dc41013f |
| SHA256 | 41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd |
| SHA512 | e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\ta.pak
| MD5 | 18ec8ff3c0701a6a8c48f341d368bab5 |
| SHA1 | 8bff8aee26b990cf739a29f83efdf883817e59d8 |
| SHA256 | 052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9 |
| SHA512 | a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\sv.pak
| MD5 | 272f8a8b517c7283eab83ba6993eea63 |
| SHA1 | ad4175331b948bd4f1f323a4938863472d9b700c |
| SHA256 | d15b46bc9b5e31449b11251df19cd2ba4920c759bd6d4fa8ca93fd3361fdd968 |
| SHA512 | 3a0930b7f228a779f727ebfb6ae8820ab5cc2c9e04c986bce7b0f49f9bf124f349248ecdf108edf8870f96b06d58dea93a3e0e2f2da90537632f2109e1aa65f0 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\sl.pak
| MD5 | ca763e801de642e4d68510900ff6fabb |
| SHA1 | c32a871831ce486514f621b3ab09387548ee1cff |
| SHA256 | 340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de |
| SHA512 | e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\sk.pak
| MD5 | b7e97cc98b104053e5f1d6a671c703b7 |
| SHA1 | 0f7293f1744ae2cd858eb3431ee016641478ae7d |
| SHA256 | b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f |
| SHA512 | ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\bn.pak
| MD5 | 9340520696e7cb3c2495a78893e50add |
| SHA1 | eed5aeef46131e4c70cd578177c527b656d08586 |
| SHA256 | 1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39 |
| SHA512 | 62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\bg.pak
| MD5 | 38bcabb6a0072b3a5f8b86b693eb545d |
| SHA1 | d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89 |
| SHA256 | 898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1 |
| SHA512 | 002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\th.pak
| MD5 | a32ba63feeed9b91f6d6800b51e5aeae |
| SHA1 | 2fbf6783996e8315a4fb94b7d859564350ee5918 |
| SHA256 | e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6 |
| SHA512 | adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\te.pak
| MD5 | a17f16d7a038b0fa3a87d7b1b8095766 |
| SHA1 | b2f845e52b32c513e6565248f91901ab6874e117 |
| SHA256 | d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e |
| SHA512 | 371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\zh-TW.pak
| MD5 | 2456bf42275f15e016689da166df9008 |
| SHA1 | 70f7de47e585dfea3f5597b5bba1f436510decd7 |
| SHA256 | adf8df051b55507e5a79fa47ae88c7f38707d02dfac0cc4a3a7e8e17b58c6479 |
| SHA512 | 7e622afa15c70785aaf7c19604d281efe0984f621d6599058c97c19d3c0379b2ee2e03b3a7ec597040a4eee250a782d7ec55c335274dd7db7c7ca97ddcfd378a |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app-update.yml
| MD5 | 041e86a1223437c8e992b0325360a258 |
| SHA1 | 02ce2334540fcf6926c8e4e5df7dc97a89663e82 |
| SHA256 | 806b74c32a3894f6f8581eca0aec51a7685e67af4b0e226d074a344cb08af391 |
| SHA512 | d87bb066cde286bc0dc1cbb7451b9d0863c0ff24cd6fa28e0c6c593d0c99dc3f08c4591b99278ea021692f7a910e087e331725b1e287ab610b3c31aacd8ba395 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\zh-CN.pak
| MD5 | 82326e465e3015c64ca1db77dc6a56bc |
| SHA1 | e8abe12a8dd2cc741b9637fa8f0e646043bbfe3d |
| SHA256 | 6655fd9dcdfaf2abf814ffb6c524d67495aed4d923a69924c65abeab30bc74fb |
| SHA512 | 4989789c0b2439666dda4c4f959dffc0ddcb77595b1f817c13a95ed97619c270151597160320b3f2327a7daffc8b521b68878f9e5e5fb3870eb0c43619060407 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\vi.pak
| MD5 | db0eb3183007de5aae10f934fffacc59 |
| SHA1 | e9ea7aeffe2b3f5cf75ab78630da342c6f8b7fd9 |
| SHA256 | ddabb225b671b989789e9c2ccd1b5a8f22141a7d9364d4e6ee9b8648305e7897 |
| SHA512 | 703efd12fcace8172c873006161712de1919572c58d98b11de7834c5628444229f5143d231c41da5b9cf729e32de58dee3603cb3d18c6cdd94aa9aa36fbf5de0 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\ur.pak
| MD5 | 1ca4fa13bd0089d65da7cd2376feb4c6 |
| SHA1 | b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c |
| SHA256 | 3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f |
| SHA512 | d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\uk.pak
| MD5 | 361a0e1f665b9082a457d36209b92a25 |
| SHA1 | 3c89e1b70b51820bb6baa64365c64da6a9898e2f |
| SHA256 | bd02966f6c6258b66eae7ff014710925e53fe26e8254d7db4e9147266025cc3a |
| SHA512 | d4d25fc58053f8cce4c073846706dc1ecbc0dc19308ba35501e19676f3e7ed855d7b57ae22a5637f81cefc1aa032bf8770d0737df1924f3504813349387c08cf |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\locales\tr.pak
| MD5 | 5ff2e5c95067a339e3d6b8985156ec1f |
| SHA1 | 7525b25c7b07f54b63b6459a0d8c8c720bd8a398 |
| SHA256 | 14a131ba318274cf10de533a19776db288f08a294cf7e564b7769fd41c7f2582 |
| SHA512 | 2414386df8d7ab75dcbd6ca2b9ae62ba8e953ddb8cd8661a9f984eb5e573637740c7a79050b2b303af3d5b1d4d1bb21dc658283638718fdd04fc6e5891949d1b |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt
| MD5 | 1dcfcfdd8cce3e3b0fa697af106e4075 |
| SHA1 | f9261519f777790f7cd50c91e389d0e6589bd92a |
| SHA256 | 1357dc0a2f6ae355ab59b409c94cf635b7ed849a3bcb60e95b7132cbfd297324 |
| SHA512 | 751ac3545299650e783daf0a45823660ce0b3f6dd7d722d303b9a801b02db61f7bb3a5129f4481294f2201fb5ad4e7bb1b2ab9a2d993ebde8a0d985f08ce34a2 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE
| MD5 | c2710cd00242ca7d7bef0fc98dbbc7f8 |
| SHA1 | ba49c34590b171487fd5e383ca28632f551865e5 |
| SHA256 | 9503def7b54ceb6e3cd182fd59bc05d3a30d7eae481e65aaba4b495133c83c14 |
| SHA512 | 1b8fed37b379cfaac4e67e4ae0d0ae1c7e8fdd5178f1e9a289b646c5adb016c68cdcd743266fca87bd37bffc0951e0b9ecba8a57f0600a7dcd5cb52cd783637f |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json
| MD5 | 49f7deab5d526f6f79d8fd80be29c97e |
| SHA1 | e6ef40032a68a979454d30e9a483a1043367a90e |
| SHA256 | 3fe1b2bd4e7ed12e73c5717dc162f9086a4b349528042c4313610573530c6992 |
| SHA512 | 053d4996c3376aa0fbee16be84d0a7f86b043ee1928dfe81e5b8db1686ac5e42db26b13ecd168a86f7315e8c208549b68f1ee3b64df3c12426eeda73c4efcdbe |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli.exe
| MD5 | 4c1bbccaec3f88e00c176e49b3ea9742 |
| SHA1 | eea00e776e5979ae8e650ee9ddf3d4d4e93ff2ef |
| SHA256 | 299e9f3632bd8278384e60f7384279ccb394ca532515448f44e089a3fb119f1c |
| SHA512 | 3c82f9f06be9bdbdb6fc94709d6c582641b2bd1ba1987c0b42a8d5c653fc32c006873c8f236b45c62970b3abe6a8b5f9faa1a57c0c85d52fdc94ecf1bd21abd6 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli
| MD5 | b7c89ec5dfb8b15555f32a3bef6c3103 |
| SHA1 | a92048052f5fc0af532cd97ebf82c1a9fbf12342 |
| SHA256 | 7c5c97aaee075241bdc4fbc610b356445747e962ac3d986c5016acefd66a6ea0 |
| SHA512 | c47baa0e0896684403760a13cfa6dd5826152ec7ae83f783040d186eaca8af70bc97530bbb22b720d7482a4ad18c3959ab1af8ccfe3689b19a51955e777884e8 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js
| MD5 | 1d26f69361e75ca5cd2eac5f99249c72 |
| SHA1 | 787d51c708ce15b2c533a180a2bf639648bc40eb |
| SHA256 | d7d63601d3347efc93425f4f93049cfb9ed2b9ead1dce662c9c1bed3cba302e0 |
| SHA512 | 7350774074462d33ac9f2e130829306af08a6693fd597f40c39bfb194684f66d965cd23c10de5fc4389e4a2ffe84db727aad23dd683a805ae4825f10026cb040 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js
| MD5 | 50c3a734036b84685a15d56217207d67 |
| SHA1 | 1893de2684072a3a2961337fa9a9b45a52c52c0a |
| SHA256 | 171990f108cd5582f83432c1569f2c3e1aebfbfb159599f4ff2ab693c20a8f78 |
| SHA512 | 3aa037d12cee7cbf51826fb3e2aa87b4543dd62f5ff5f2f8915128061c07472304601766bddf949647c5ca92e8ee768a77139bbe91bdfaaae99dea4405168ea9 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js
| MD5 | c29ad60a23d5406728a51afa4352b4c7 |
| SHA1 | 2be817215890f5868717765570ce9f7422735c4e |
| SHA256 | faa867204c92db252271c9d850962ae1ff5c9448444ca907af483a6c874a6eb0 |
| SHA512 | e1784b8bf7119bf3380b192f1597cb3179425ff7ab347b144011fd17b62794760e6e092a0a1dae99302eb6c333f1638440df4e4e0eaf64f26d4f3cc46a74d04a |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js
| MD5 | e8282413c1895eaff49de6dd9b71ab13 |
| SHA1 | 4e058f522a46e20bbd26f15a6922390ec2c1da36 |
| SHA256 | d6a28994173c1c36476121f8b0e3633e01ecd0589289901fba34fe218293443d |
| SHA512 | 301d2a6ae958e1ba936cae6f555a587ad87567055f4709d4676a3ef5b1a3112cb338b8a9e744c24cbfa784f00f13a1118ad48fd4f6bb060c5608e4ddc8779389 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js
| MD5 | d060ac623857ad5ca08e3a944768925a |
| SHA1 | 26fe78c92f55f9529ffa2b71da403873da29313f |
| SHA256 | 8d4bd4c779e177724aa7bf98e768e50ce8b2950ef5bf39fa08033057b400888b |
| SHA512 | ae1b42d7e5c5d60f935bcd08417d4d9055d71bfb80653281e990a687353592731a7c4423655fbb988728152846aa56a5f180335d254885338bf6c96ef2a8357a |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js
| MD5 | f42c24cde0162b93624df51f4e2abfab |
| SHA1 | f819638944878ac4cb49438d8599d3fbd9081949 |
| SHA256 | 3f2316e7fb20e82df9a8b08d6169a622a89808742806adee2e4d89885962357d |
| SHA512 | 67258cbaf9f46f1609cec9b87b7a577f855cde9c8efafa3d835a0d18fb3903fcc4733489bf81447cdf2c0a55701d569a75f11a81865dab8f624b722e76b7c674 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\build-in-docker.sh
| MD5 | 94b0fc212af523b8bfcd6c2aa5a5ab2a |
| SHA1 | cc0cb35f7ce729f7affe6b2c463e57966515e476 |
| SHA256 | abaa92d196f6752f184b83b19aedd9b1e28d328e6817de213f61fbd108351e16 |
| SHA512 | af0a2174e0304fdaa56ddae249049c142450ad4a0a9c8975548f61aa2bc356837b1d7ed441108156af32c979da5647bd0233a49db700ff0bbf528f9fa2c862e6 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh
| MD5 | 2ff8e17ece2c70eff9efdb2b1a524555 |
| SHA1 | d61c93df38f70f2244817c688a140224c9a99af9 |
| SHA256 | f07b481f34e732e74abe6402023f8b84f61281626ad6e25062a20fa8fd80ece4 |
| SHA512 | 0f847fd2b05bd4627a56b452f065e878005b6307bc101663297afb5f45c24d965ddc48ea4818c34ab35bde06f5a7711cf29fb9182c8ed9cf34e17d6434c487ee |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\wheels
| MD5 | 6fec563925ecab8b6a98c3f38655236d |
| SHA1 | 9ad08eb80167574de6373d871cfff5511d2554cf |
| SHA256 | 6fa0613c1edb0c6b26baac0b759bf756f389a11e0ec0e64904cffb26ef8dc016 |
| SHA512 | 850a5285519965fe26ab0da2ae62d380648acb723d879e2ab770124e4146ce0a6d03f089e28af20604dd3e00913169f82ac568a1741014e0bc5ee7b2c583888d |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js
| MD5 | c63a1659a645a5095524923081813d51 |
| SHA1 | 1d97d7ccb0804b7a15f0593c87990ab0da4b6887 |
| SHA256 | 644476fd66a507adc49582e7371c87e4cacc3c7840c23fe920da2a09f05db08a |
| SHA512 | ae452613a1dc728428ed2e596d7fbb041e00a8aa300aaada289fd454f71267569fa548fa7c7217134572decab12e56f4aadd4853c96ef705ccba2dcb377018cb |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js
| MD5 | 1ffedd383c8097dd628411836505787e |
| SHA1 | 969306e8127b354f35f4c870f2da7b4034d4197b |
| SHA256 | df3b6ca3fff442454ffee98e8e4db5e3fe0d82ff19a49216cd238fa9282cb30a |
| SHA512 | 1392958e5a9c2e0c6df617c48547f5fdae32960bfb55953528ee345e06e1ae191ca4001a618233adeab27e16de5ecd203c405e8b4fa7f3a739cd3d2c4a1e9ed2 |
C:\Users\Admin\AppData\Local\Temp\nsfACAC.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\d0e9f29a-e0c8-4141-9acf-a7ad83b36c02.tmp.node
| MD5 | dc5c055d0e2f4f567c31b179aa348571 |
| SHA1 | 5bc1dcb1665e953e39967a01030bc735a1f9a406 |
| SHA256 | de469f82ac1f0c09fe7fbc84df34bd0ffaf6f8b22977e396d8cb4f5ce650ac71 |
| SHA512 | 32e1eb2250d59f9512f31195121c55ff22e42de79b84d826bc08be409f2589267ad341c11e77778f0a27630e8db0e28e6a06bd1092f9f08b43994e466888b262 |
C:\Users\Admin\AppData\Local\Temp\e97090c8-75a5-412e-b559-452e0d67edf6.tmp.node
| MD5 | 4a6acbaef4301d3fdcd1c56ba65bfb24 |
| SHA1 | 40589bf8ebd0e65a53cd1bebbe170e9197dde646 |
| SHA256 | fb214c66c7955ae6737fe7ac0e9cc43e764067a4c8d22c62527f2962b3d341fa |
| SHA512 | fff6347ffb2a966522297e73a1a570a6d74975d7037a9956412b5d78823e00555f2095774c190a447295ae3e3480072564a0e49e227ae552412c4afca1d6f316 |
memory/4860-864-0x00007FFF2FC50000-0x00007FFF2FC51000-memory.dmp
memory/4860-863-0x00007FFF2FC40000-0x00007FFF2FC41000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/2752-997-0x0000000000400000-0x0000000000412000-memory.dmp
memory/4860-998-0x000002395B490000-0x000002395BBCF000-memory.dmp
C:\Users\Admin\AppData\Roaming\Era\Network\Network Persistent State
| MD5 | 75fee95346ad2e35370321a5614b0990 |
| SHA1 | d4ee6df87411bdeb26d6042120f70692735f82e2 |
| SHA256 | 3602e0a52191e62ab1349ffbd1629a94dfe951b9cedfe24895f7b55e0a1e1e06 |
| SHA512 | 064c63cd66ce529759f84b82b456aec1ead3571c79a633e328a8a0b9e91aa85879956a4135d58db2e88086b79cb38431cec6ed8244c86c27778ba227826fbcc9 |
C:\Users\Admin\AppData\Roaming\Era\Network\Network Persistent State~RFe58f23b.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
\??\pipe\LOCAL\crashpad_4564_TROQYTCCKYTFDDTY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1d50906642120e9e27facfadc8e12e20 |
| SHA1 | dabbe160cf4047603e994f780d40f16add45c53b |
| SHA256 | 31909158ba3c1e30bb60dd34aa108443e854e44e245bddba6066c13adfa28b12 |
| SHA512 | 2af2bd3e1596ed025df67390b85b18d01d281763c51c9b771bfd47d0abc009e486b6f972fd332fe80b17dce1e32300a92d539ba6d3e189562c5e11c5bbcccbf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 235cb748af3c240572dc08a5a0aac29d |
| SHA1 | 489f14cd0af7685b243543e867715a0c307aafa1 |
| SHA256 | 47dc32f2e506d28b06ffe375197d055acdc25dde1c24cf8259851f87cb1848af |
| SHA512 | ab10717882b7a7c788ca2cd7a19e01da9f6e626c15827a10d169a26bfa151b484a78f8dd2fed303457cb6e05ec9e3fa5d72fe588f765919bfa721885041428be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8facd2b3610ed384df124319bb7648eb |
| SHA1 | 45f3042c8e1cdf7fc1ff391db65c9b70e0d21d95 |
| SHA256 | 2bad6a3ba802d31d6863164640a5fd0b5419474bae68ea38887bdf127e5671eb |
| SHA512 | 73d6e4344118673de145f62078a39a21f154d2e54e8564abcfc15b0c96be60701f148a9d3f5414fd2e181d7f8216d38889edf81147cdc6e4c692030bc7adab44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7a35f3e9c72487fdbad16aa0ed9d4c1f |
| SHA1 | 6ea640630123669fba52dfa20dbd76a6e0f860c0 |
| SHA256 | d33de30755088fc2228fce4e8e3fd652a238c6e2142fbbe19a40aa4a3b36be70 |
| SHA512 | dc8c970a597a9cd6caa633c95e23f7ca8824524a9bc46cbd6e229924b69b2096d71f02b98df15078cab029aef7fb1d8bee4084bfee8ca2f4b356370c2a74dd02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 56cee93347e9f4c838d6258747c68f2f |
| SHA1 | 7b533ec752a7d8be38ed1617d1bd96f914418a9f |
| SHA256 | 8f8f63f397fbb7fd626cff3613b235164c7c109f5a55c33327784949ba3363d6 |
| SHA512 | 3885a36a004cd8dd6ec32e1f1bad2f6e4bbef73117dd10e74ae56fe8445927fbd0da43bf9752f9d6cc3878c8dbee42c33b965043395da16c650e44312283a974 |
memory/5248-1202-0x000001A212680000-0x000001A212681000-memory.dmp
memory/5248-1203-0x000001A212680000-0x000001A212681000-memory.dmp
memory/5248-1204-0x000001A212680000-0x000001A212681000-memory.dmp
memory/5248-1215-0x000001A212680000-0x000001A212681000-memory.dmp
memory/5248-1214-0x000001A212680000-0x000001A212681000-memory.dmp
memory/5248-1213-0x000001A212680000-0x000001A212681000-memory.dmp
memory/5248-1212-0x000001A212680000-0x000001A212681000-memory.dmp
memory/5248-1211-0x000001A212680000-0x000001A212681000-memory.dmp
memory/5248-1210-0x000001A212680000-0x000001A212681000-memory.dmp
memory/5248-1209-0x000001A212680000-0x000001A212681000-memory.dmp
Analysis: behavioral13
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
0s
Max time network
130s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.193.91:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 84.17.50.8:443 | tcp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:29
Platform
debian9-mipsel-20240729-en
Max time kernel
1s
Command Line
Signatures
Processes
/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/local/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/usr/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win7-20240708-en
Max time kernel
118s
Max time network
130s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win7-20240704-en
Max time kernel
119s
Max time network
131s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 224
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:29
Platform
win7-20240705-en
Max time kernel
121s
Max time network
132s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:28
Platform
win10v2004-20240802-en
Max time kernel
135s
Max time network
157s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-08-30 15:23
Reported
2024-08-30 15:29
Platform
win7-20240704-en
Max time kernel
117s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js