Malware Analysis Report

2025-01-23 15:02

Sample ID 240831-1hrgmsxapr
Target Era Setup 1.0.80.exe
SHA256 73a375380f45cdf4e9d7db4a805c36875cddaccf1a3cda4c6fb8c2283b37cf81
Tags
execution discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

73a375380f45cdf4e9d7db4a805c36875cddaccf1a3cda4c6fb8c2283b37cf81

Threat Level: Shows suspicious behavior

The file Era Setup 1.0.80.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

execution discovery antivm

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Reads CPU attributes

Checks CPU configuration

System Location Discovery: System Language Discovery

Unsigned PE

Reads runtime system information

Enumerates physical storage devices

Enumerates kernel/hardware configuration

Command and Scripting Interpreter: JavaScript

Program crash

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-31 21:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Era.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\era\shell\open\command C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\era\shell C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\era\shell\open C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\era\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Era.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\era C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\era\URL Protocol C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\era\ = "URL:era" C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3664 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe
PID 3664 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe
PID 3664 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\Era.exe C:\Users\Admin\AppData\Local\Temp\Era.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe"

C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe

C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1804,i,9490424284312564623,15528142586102173796,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --mojo-platform-channel-handle=1968 --field-trial-handle=1804,i,9490424284312564623,15528142586102173796,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --app-user-model-id="Project Era" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2400 --field-trial-handle=1804,i,9490424284312564623,15528142586102173796,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed""

C:\Windows\system32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed"

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 --field-trial-handle=1804,i,9490424284312564623,15528142586102173796,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
GB 95.101.143.182:443 www.bing.com tcp
US 8.8.8.8:53 182.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 sentry.erafn.org udp
US 72.52.178.23:443 sentry.erafn.org tcp
US 8.8.8.8:53 api-v1-launcher-service.prod.erafn.app udp
US 8.8.8.8:53 api-v1-launcher-service.prod.erafn.app udp
US 104.21.31.253:443 api-v1-launcher-service.prod.erafn.app tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 253.31.21.104.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\821c23ef-b852-485c-878d-9d034267e8a1.tmp.node

MD5 dc5c055d0e2f4f567c31b179aa348571
SHA1 5bc1dcb1665e953e39967a01030bc735a1f9a406
SHA256 de469f82ac1f0c09fe7fbc84df34bd0ffaf6f8b22977e396d8cb4f5ce650ac71
SHA512 32e1eb2250d59f9512f31195121c55ff22e42de79b84d826bc08be409f2589267ad341c11e77778f0a27630e8db0e28e6a06bd1092f9f08b43994e466888b262

C:\Users\Admin\AppData\Local\Temp\3f2a7e3f-d49a-4346-9c24-41846acd0bdb.tmp.node

MD5 4a6acbaef4301d3fdcd1c56ba65bfb24
SHA1 40589bf8ebd0e65a53cd1bebbe170e9197dde646
SHA256 fb214c66c7955ae6737fe7ac0e9cc43e764067a4c8d22c62527f2962b3d341fa
SHA512 fff6347ffb2a966522297e73a1a570a6d74975d7037a9956412b5d78823e00555f2095774c190a447295ae3e3480072564a0e49e227ae552412c4afca1d6f316

memory/4776-58-0x00007FFD22A00000-0x00007FFD22A01000-memory.dmp

memory/4776-57-0x00007FFD24480000-0x00007FFD24481000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/3720-73-0x0000000000400000-0x0000000000412000-memory.dmp

C:\Users\Admin\AppData\Roaming\Era\Network\Network Persistent State

MD5 babb772ac1542c232736b40b0cded16b
SHA1 2c09941cdf1c41c80c66f31b52f8dadc299ca164
SHA256 11d36b09296dc51927551d7d91dd7519e071480d6ff9b80383661842212b0e52
SHA512 803669c950f23b3b43470107ddaa384c20200ebad97189f0270a85d2bd603e99eb6cad731cdf7fcab2a39944780d47758037e80c2dc925ba808cda4f45ed05f6

C:\Users\Admin\AppData\Roaming\Era\Network\Network Persistent State~RFe589b12.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/2276-98-0x000001BFC9F60000-0x000001BFC9F61000-memory.dmp

memory/2276-109-0x000001BFC9F60000-0x000001BFC9F61000-memory.dmp

memory/2276-108-0x000001BFC9F60000-0x000001BFC9F61000-memory.dmp

memory/2276-107-0x000001BFC9F60000-0x000001BFC9F61000-memory.dmp

memory/2276-106-0x000001BFC9F60000-0x000001BFC9F61000-memory.dmp

memory/2276-105-0x000001BFC9F60000-0x000001BFC9F61000-memory.dmp

memory/2276-104-0x000001BFC9F60000-0x000001BFC9F61000-memory.dmp

memory/2276-103-0x000001BFC9F60000-0x000001BFC9F61000-memory.dmp

memory/2276-99-0x000001BFC9F60000-0x000001BFC9F61000-memory.dmp

memory/2276-97-0x000001BFC9F60000-0x000001BFC9F61000-memory.dmp

Analysis: behavioral13

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

106s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli]

Network

Country Destination Domain Proto
US 151.101.129.91:443 tcp
GB 195.181.164.20:443 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 84.17.50.9:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

debian9-mipsbe-20240729-en

Max time kernel

0s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win10v2004-20240802-en

Max time kernel

136s

Max time network

148s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

133s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Network

Country Destination Domain Proto
US 151.101.129.91:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.129.91:443 tcp
GB 195.181.164.17:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation C:\Program Files\Era\Era.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation C:\Program Files\Era\Era.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Era\binaries\go_build_gemd_src.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\en-US.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\mr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\sv.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\tr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\Era.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\et.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\es.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\icudtl.dat C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\hi.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File opened for modification C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File opened for modification C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\bin C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File opened for modification C:\Program Files\Era\chrome_100_percent.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\kn.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app-update.yml C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\elevate.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\fr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\gu.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\ja.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File opened for modification C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\el.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\en-GB.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File opened for modification C:\Program Files\Era\binaries C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\ca.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\vulkan-1.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\he.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\ml.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\sk.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\zh-CN.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\ar.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\pt-PT.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\vk_swiftshader_icd.json C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\vi.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\de.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\it.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File opened for modification C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File opened for modification C:\Program Files\Era\resources\app.asar.unpacked C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\chrome_200_percent.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\binaries\FortniteLauncher.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\bg.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\lv.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\uk.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\libEGL.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\sl.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\Uninstall Era.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\sw.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File opened for modification C:\Program Files\Era\resources C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\vk_swiftshader.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\am.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\af.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\da.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\hr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\sr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Era\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Era\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Era\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\Era\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Program Files\Era\Era.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\Era\Era.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Program Files\Era\Era.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\era\shell\open\command\ = "\"C:\\Program Files\\Era\\Era.exe\" \"%1\"" C:\Program Files\Era\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\era C:\Program Files\Era\Era.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\era\URL Protocol C:\Program Files\Era\Era.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\era\ = "URL:era" C:\Program Files\Era\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\era\shell\open\command C:\Program Files\Era\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\era\shell C:\Program Files\Era\Era.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\era\shell\open C:\Program Files\Era\Era.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Era\Era.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Era\Era.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1044 wrote to memory of 1060 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\binaries\FortniteLauncher.exe
PID 1044 wrote to memory of 1060 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\binaries\FortniteLauncher.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2364 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2316 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 2316 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe
PID 1044 wrote to memory of 1040 N/A C:\Program Files\Era\Era.exe C:\Program Files\Era\Era.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe

"C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe"

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe"

C:\Program Files\Era\binaries\FortniteLauncher.exe

"C:\Program Files\Era\binaries\FortniteLauncher.exe"

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1720,i,7596606965917577687,13954830897025785223,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --mojo-platform-channel-handle=1956 --field-trial-handle=1720,i,7596606965917577687,13954830897025785223,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --app-user-model-id="Project Era" --app-path="C:\Program Files\Era\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2512 --field-trial-handle=1720,i,7596606965917577687,13954830897025785223,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed""

C:\Windows\system32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed"

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1720,i,7596606965917577687,13954830897025785223,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 sentry.erafn.org udp
US 72.52.178.23:443 sentry.erafn.org tcp
US 8.8.8.8:53 api-v1-launcher-service.prod.erafn.app udp
US 8.8.8.8:53 api-v1-launcher-service.prod.erafn.app udp
US 172.67.181.225:443 api-v1-launcher-service.prod.erafn.app tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.181.67.172.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 52.111.229.48:443 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 34.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Program Files\Era\chrome_100_percent.pak

MD5 8626e1d68e87f86c5b4dabdf66591913
SHA1 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c
SHA256 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59
SHA512 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\chrome_200_percent.pak

MD5 48515d600258d60019c6b9c6421f79f6
SHA1 0ef0b44641d38327a360aa6954b3b6e5aab2af16
SHA256 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce
SHA512 b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\ffmpeg.dll

MD5 d49e7a8f096ad4722bd0f6963e0efc08
SHA1 6835f12391023c0c7e3c8cc37b0496e3a93a5985
SHA256 f11576bf7ffbc3669d1a5364378f35a1ed0811b7831528b6c4c55b0cdc7dc014
SHA512 ca50c28d6aac75f749ed62eec8acbb53317f6bdcef8794759af3fad861446de5b7fa31622ce67a347949abb1098eccb32689b4f1c54458a125bc46574ad51575

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\icudtl.dat

MD5 adfd2a259608207f256aeadb48635645
SHA1 300bb0ae3d6b6514fb144788643d260b602ac6a4
SHA256 7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050
SHA512 8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\libEGL.dll

MD5 09134e6b407083baaedf9a8c0bce68f2
SHA1 8847344cceeab35c1cdf8637af9bd59671b4e97d
SHA256 d2107ba0f4e28e35b22837c3982e53784d15348795b399ad6292d0f727986577
SHA512 6ff3adcb8be48d0b505a3c44e6550d30a8feaf4aa108982a7992ed1820c06f49e0ad48d9bd92685fb82783dfd643629bd1fe4073300b61346b63320cbdb051ba

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\libGLESv2.dll

MD5 a5f1921e6dcde9eaf42e2ccc82b3d353
SHA1 1f6f4df99ae475acec4a7d3910badb26c15919d1
SHA256 50c4dc73d69b6c0189eab56d27470ee15f99bbbc12bfd87ebe9963a7f9ba404e
SHA512 0c24ae7d75404adf8682868d0ebf05f02bbf603f7ddd177cf2af5726802d0a5afcf539dc5d68e10dab3fcfba58903871c9c81054560cf08799af1cc88f33c702

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\LICENSES.chromium.html

MD5 180f8acc70405077badc751453d13625
SHA1 35dc54acad60a98aeec47c7ade3e6a8c81f06883
SHA256 0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c
SHA512 40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\snapshot_blob.bin

MD5 8fef5a96dbcc46887c3ff392cbdb1b48
SHA1 ed592d75222b7828b7b7aab97b83516f60772351
SHA256 4de0f720c416776423add7ada621da95d0d188d574f08e36e822ad10d85c3ece
SHA512 e52c7820c69863ecc1e3b552b7f20da2ad5492b52cac97502152ebff45e7a45b00e6925679fd7477cdc79c68b081d6572eeed7aed773416d42c9200accc7230e

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\v8_context_snapshot.bin

MD5 a373d83d4c43ba957693ad57172a251b
SHA1 8e0fdb714df2f4cb058beb46c06aa78f77e5ff86
SHA256 43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c
SHA512 07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\vk_swiftshader.dll

MD5 a0845e0774702da9550222ab1b4fded7
SHA1 65d5bd6c64090f0774fd0a4c9b215a868b48e19b
SHA256 6150a413ebe00f92f38737bdccf493d19921ef6329fcd48e53de9dbde4780810
SHA512 4be0cb1e3c942a1695bae7b45d21c5f70e407132ecc65efb5b085a50cdab3c33c26e90bd7c86198ec40fb2b18d026474b6c649776a3ca2ca5bff6f922de2319b

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources.pak

MD5 7971a016aed2fb453c87eb1b8e3f5eb2
SHA1 92b91e352be8209fadcf081134334dea147e23b8
SHA256 9cfd5d29cde3de2f042e5e1da629743a7c95c1211e1b0b001e4eebc0f0741e06
SHA512 42082ac0c033655f2edae876425a320d96cdaee6423b85449032c63fc0f7d30914aa3531e65428451c07912265b85f5fee2ed0bbdb362994d3a1fa7b14186013

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\vulkan-1.dll

MD5 0e4e0f481b261ea59f196e5076025f77
SHA1 c73c1f33b5b42e9d67d819226db69e60d2262d7b
SHA256 f681844896c084d2140ac210a974d8db099138fe75edb4df80e233d4b287196a
SHA512 e6127d778ec73acbeb182d42e5cf36c8da76448fbdab49971de88ec4eb13ce63140a2a83fc3a1b116e41f87508ff546c0d7c042b8f4cdd9e07963801f3156ba2

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\binaries\go_build_gemd_src.exe

MD5 1b63c2c1b0846c63730e747eea7842eb
SHA1 3f72c48db65891dfa656dc4842a76f912ddc7c83
SHA256 0c86799d4895e3fac3ee0b8746a3f2bc44f811191df9753bf3b12f95b15651b0
SHA512 96ae86c1deada543c0d2a0ea7e04d66a390c9b0f72b9361e25ded3eb598fda0d215ef516ddcbd7d508a90c09fa02d6db2ac531f537f4a8fcab76af885a7e8bae

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\binaries\FortniteLauncher.exe

MD5 aeaa6f47b71614437c0d47828da005ca
SHA1 f9d016d3817ebbc28556967b8b8c05d120acbc58
SHA256 31eb3c804c7a248fe505d948ad9b3891b6b6f9210bd84aaf0eb716478c490b66
SHA512 6785eb5ae5d6d78a9c2f004ba5c91dd6603fd8efb39cb50f4bc3ac16d7377fb1317ba12658b63d575c17de04696b88c09c8a812340c4c40394196dab99d41a60

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\af.pak

MD5 464e5eeaba5eff8bc93995ba2cb2d73f
SHA1 3b216e0c5246c874ad0ad7d3e1636384dad2255d
SHA256 0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1
SHA512 726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41

C:\Program Files\Era\locales\am.pak

MD5 2c933f084d960f8094e24bee73fa826c
SHA1 91dfddc2cff764275872149d454a8397a1a20ab1
SHA256 fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450
SHA512 3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\cs.pak

MD5 eeee212072ea6589660c9eb216855318
SHA1 d50f9e6ca528725ced8ac186072174b99b48ea05
SHA256 de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43
SHA512 ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\el.pak

MD5 e66a75680f21ce281995f37099045714
SHA1 d553e80658ee1eea5b0912db1ecc4e27b0ed4790
SHA256 21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f
SHA512 d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\es.pak

MD5 04a9ba7316dc81766098e238a667de87
SHA1 24d7eb4388ecdfecada59c6a791c754181d114de
SHA256 7fa148369c64bc59c2832d617357879b095357fe970bab9e0042175c9ba7cb03
SHA512 650856b6187df41a50f9bed29681c19b4502de6af8177b47bad0bf12e86a25e92aa728311310c28041a18e4d9f48ef66d5ad5d977b6662c44b49bfd1da84522b

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\es-419.pak

MD5 7da3e8aa47ba35d014e1d2a32982a5bb
SHA1 8e35320b16305ad9f16cb0f4c881a89818cd75bb
SHA256 7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c
SHA512 1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\en-US.pak

MD5 19d18f8181a4201d542c7195b1e9ff81
SHA1 7debd3cf27bbe200c6a90b34adacb7394cb5929c
SHA256 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb
SHA512 af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\en-GB.pak

MD5 825ed4c70c942939ffb94e77a4593903
SHA1 7a3faee9bf4c915b0f116cb90cec961dda770468
SHA256 e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16
SHA512 41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\de.pak

MD5 cf22ec11a33be744a61f7de1a1e4514f
SHA1 73e84848c6d9f1a2abe62020eb8c6797e4c49b36
SHA256 7cc213e2c9a2d2e2e463083dd030b86da6bba545d5cee4c04df8f80f9a01a641
SHA512 c10c8446e3041d7c0195da184a53cfbd58288c06eaf8885546d2d188b59667c270d647fa7259f5ce140ec6400031a7fc060d0f2348ab627485e2207569154495

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\da.pak

MD5 e7ba94c827c2b04e925a76cb5bdd262c
SHA1 abba6c7fcec8b6c396a6374331993c8502c80f91
SHA256 d8da7ab28992c8299484bc116641e19b448c20adf6a8b187383e2dba5cd29a0b
SHA512 1f44fce789cf41fd62f4d387b7b8c9d80f1e391edd2c8c901714dd0a6e3af32266e9d3c915c15ad47c95ece4c7d627aa7339f33eea838d1af9901e48edb0187e

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\fi.pak

MD5 21e534869b90411b4f9ea9120ffb71c8
SHA1 cc91ffbd19157189e44172392b2752c5f73984c5
SHA256 2d337924139ffe77804d2742eda8e58d4e548e65349f827840368e43d567810b
SHA512 3ca3c0adaf743f92277452b7bd82db4cf3f347de5568a20379d8c9364ff122713befd547fbd3096505ec293ae6771ada4cd3dadac93cc686129b9e5aacf363bd

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\fa.pak

MD5 2e37fd4e23a1707a1eccea3264508dff
SHA1 e00e58ed06584b19b18e9d28b1d52dbfc36d70f3
SHA256 b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e
SHA512 7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\et.pak

MD5 ccc71f88984a7788c8d01add2252d019
SHA1 6a87752eac3044792a93599428f31d25debea369
SHA256 d69489a723b304e305cb1767e6c8da5d5d1d237e50f6ddc76e941dcb01684944
SHA512 d35ccd639f2c199862e178a9fab768d7db10d5a654bc3bc1fab45d00ceb35a01119a5b4d199e2db3c3576f512b108f4a1df7faf6624d961c0fc4bca5af5f0e07

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ca.pak

MD5 4cd6b3a91669ddcfcc9eef9b679ab65c
SHA1 43c41cb00067de68d24f72e0f5c77d3b50b71f83
SHA256 56efff228ee3e112357d6121b2256a2c3acd718769c89413de82c9d4305459c6
SHA512 699be9962d8aae241abd1d1f35cd8468ffbd6157bcd6bdf2c599d902768351b247baad6145b9826d87271fd4a19744eb11bf7065db7fefb01d66d2f1f39015a9

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\bn.pak

MD5 9340520696e7cb3c2495a78893e50add
SHA1 eed5aeef46131e4c70cd578177c527b656d08586
SHA256 1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39
SHA512 62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\bg.pak

MD5 38bcabb6a0072b3a5f8b86b693eb545d
SHA1 d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89
SHA256 898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1
SHA512 002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ar.pak

MD5 fdbad4c84ac66ee78a5c8dd16d259c43
SHA1 3ce3cd751bb947b19d004bd6916b67e8db5017ac
SHA256 a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b
SHA512 376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\he.pak

MD5 fc84ea7dc7b9408d1eea11beeb72b296
SHA1 de9118194952c2d9f614f8e0868fb273ddfac255
SHA256 15951767dafa7bdbedac803d842686820de9c6df478416f34c476209b19d2d8c
SHA512 49d13976dddb6a58c6fdcd9588e243d705d99dc1325c1d9e411a1d68d8ee47314dfcb661d36e2c4963c249a1542f95715f658427810afcabdf9253aa27eb3b24

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\gu.pak

MD5 308619d65b677d99f48b74ccfe060567
SHA1 9f834df93fd48f4fb4ca30c4058e23288cf7d35e
SHA256 e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4
SHA512 3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\fr.pak

MD5 3ee48a860ecf45bafa63c9284dfd63e2
SHA1 1cb51d14964f4dced8dea883bf9c4b84a78f8eb6
SHA256 1923e0edf1ef6935a4a718e3e2fc9a0a541ea0b4f3b27553802308f9fd4fc807
SHA512 eb6105faca13c191fef0c51c651a406b1da66326bb5705615770135d834e58dee9bed82aa36f2dfb0fe020e695c192c224ec76bb5c21a1c716e5f26dfe02f763

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\fil.pak

MD5 d7df2ea381f37d6c92e4f18290c6ffe0
SHA1 7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4
SHA256 db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a
SHA512 96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\id.pak

MD5 b6fcd5160a3a1ae1f65b0540347a13f2
SHA1 4cf37346318efb67908bba7380dbad30229c4d3d
SHA256 7fd715914e3b0cf2048d4429f3236e0660d5bd5e61623c8fef9b8e474c2ac313
SHA512 a8b4a96e8f9a528b2df3bd1251b72ab14feccf491dd254a7c6ecba831dfaba328adb0fd0b4acddb89584f58f94b123e97caa420f9d7b34131cc51bdbdbf3ed73

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\hu.pak

MD5 2aa0a175df21583a68176742400c6508
SHA1 3c25ba31c2b698e0c88e7d01b2cc241f0916e79a
SHA256 b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72
SHA512 03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\hr.pak

MD5 255f808210dbf995446d10ff436e0946
SHA1 1785d3293595f0b13648fb28aec6936c48ea3111
SHA256 4df972b7f6d81aa7bdc39e2441310a37f746ae5015146b4e434a878d1244375b
SHA512 8b1a4d487b0782055717b718d58cd21e815b874e2686cdfd2087876b70ae75f9182f783c70bf747cf4ca17a3afc68517a9db4c99449fa09bef658b5e68087f2a

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\hi.pak

MD5 b5dfce8e3ba0aec2721cc1692b0ad698
SHA1 c5d6fa21a9ba3d526f3e998e3f627afb8d1eecf3
SHA256 b1c7fb6909c8a416b513d6de21eea0b5a6b13c7f0a94cabd0d9154b5834a5e8b
SHA512 facf0a9b81af6bb35d0fc5e69809d5c986a2c91a166e507784bdad115644b96697fe504b8d70d9bbb06f0c558f746c085d37e385eef41f0a1c29729d3d97980f

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\it.pak

MD5 745f16ca860ee751f70517c299c4ab0e
SHA1 54d933ad839c961dd63a47c92a5b935eef208119
SHA256 10e65f42ce01ba19ebf4b074e8b2456213234482eadf443dfad6105faf6cde4c
SHA512 238343d6c80b82ae900f5abf4347e542c9ea016d75fb787b93e41e3c9c471ab33f6b4584387e5ee76950424e25486dd74b9901e7f72876960c0916c8b9cee9a6

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\kn.pak

MD5 caab4deb1c40507848f9610d849834cf
SHA1 1bc87ff70817ba1e1fdd1b5cb961213418680cbe
SHA256 7a34483e6272f9b8881f0f5a725b477540166561c75b9e7ab627815d4be1a8a4
SHA512 dc4b63e5a037479bb831b0771aec0fe6eb016723bcd920b41ab87ef11505626632877073ce4e5e0755510fe19ba134a7b5899332ecef854008b15639f915860c

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ja.pak

MD5 38cd3ef9b7dff9efbbe086fa39541333
SHA1 321ef69a298d2f9830c14140b0b3b0b50bd95cb0
SHA256 d8fab5714dafecb89b3e5fce4c4d75d2b72893e685e148e9b60f7c096e5b3337
SHA512 40785871032b222a758f29e0c6ec696fbe0f6f5f3274cc80085961621bec68d7e0fb47c764649c4dd0c27c6ee02460407775fae9d3a2a8a59362d25a39266ce0

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\lt.pak

MD5 64b08ffc40a605fe74ecc24c3024ee3b
SHA1 516296e8a3114ddbf77601a11faf4326a47975ab
SHA256 8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e
SHA512 05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ml.pak

MD5 1c81104ac2cbf7f7739af62eb77d20d5
SHA1 0f0d564f1860302f171356ea35b3a6306c051c10
SHA256 66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108
SHA512 969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ro.pak

MD5 d2758f6adbaeea7cd5d95f4ad6dde954
SHA1 d7476db23d8b0e11bbabf6a59fde7609586bdc8a
SHA256 2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c
SHA512 8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\th.pak

MD5 a32ba63feeed9b91f6d6800b51e5aeae
SHA1 2fbf6783996e8315a4fb94b7d859564350ee5918
SHA256 e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6
SHA512 adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\vi.pak

MD5 db0eb3183007de5aae10f934fffacc59
SHA1 e9ea7aeffe2b3f5cf75ab78630da342c6f8b7fd9
SHA256 ddabb225b671b989789e9c2ccd1b5a8f22141a7d9364d4e6ee9b8648305e7897
SHA512 703efd12fcace8172c873006161712de1919572c58d98b11de7834c5628444229f5143d231c41da5b9cf729e32de58dee3603cb3d18c6cdd94aa9aa36fbf5de0

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ur.pak

MD5 1ca4fa13bd0089d65da7cd2376feb4c6
SHA1 b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c
SHA256 3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f
SHA512 d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\uk.pak

MD5 361a0e1f665b9082a457d36209b92a25
SHA1 3c89e1b70b51820bb6baa64365c64da6a9898e2f
SHA256 bd02966f6c6258b66eae7ff014710925e53fe26e8254d7db4e9147266025cc3a
SHA512 d4d25fc58053f8cce4c073846706dc1ecbc0dc19308ba35501e19676f3e7ed855d7b57ae22a5637f81cefc1aa032bf8770d0737df1924f3504813349387c08cf

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\tr.pak

MD5 5ff2e5c95067a339e3d6b8985156ec1f
SHA1 7525b25c7b07f54b63b6459a0d8c8c720bd8a398
SHA256 14a131ba318274cf10de533a19776db288f08a294cf7e564b7769fd41c7f2582
SHA512 2414386df8d7ab75dcbd6ca2b9ae62ba8e953ddb8cd8661a9f984eb5e573637740c7a79050b2b303af3d5b1d4d1bb21dc658283638718fdd04fc6e5891949d1b

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\te.pak

MD5 a17f16d7a038b0fa3a87d7b1b8095766
SHA1 b2f845e52b32c513e6565248f91901ab6874e117
SHA256 d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e
SHA512 371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ta.pak

MD5 18ec8ff3c0701a6a8c48f341d368bab5
SHA1 8bff8aee26b990cf739a29f83efdf883817e59d8
SHA256 052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9
SHA512 a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\sw.pak

MD5 67a443a5c2eaad32625edb5f8deb7852
SHA1 a6137841e8e7736c5ede1d0dc0ce3a44dc41013f
SHA256 41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd
SHA512 e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app-update.yml

MD5 041e86a1223437c8e992b0325360a258
SHA1 02ce2334540fcf6926c8e4e5df7dc97a89663e82
SHA256 806b74c32a3894f6f8581eca0aec51a7685e67af4b0e226d074a344cb08af391
SHA512 d87bb066cde286bc0dc1cbb7451b9d0863c0ff24cd6fa28e0c6c593d0c99dc3f08c4591b99278ea021692f7a910e087e331725b1e287ab610b3c31aacd8ba395

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\zh-TW.pak

MD5 2456bf42275f15e016689da166df9008
SHA1 70f7de47e585dfea3f5597b5bba1f436510decd7
SHA256 adf8df051b55507e5a79fa47ae88c7f38707d02dfac0cc4a3a7e8e17b58c6479
SHA512 7e622afa15c70785aaf7c19604d281efe0984f621d6599058c97c19d3c0379b2ee2e03b3a7ec597040a4eee250a782d7ec55c335274dd7db7c7ca97ddcfd378a

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\zh-CN.pak

MD5 82326e465e3015c64ca1db77dc6a56bc
SHA1 e8abe12a8dd2cc741b9637fa8f0e646043bbfe3d
SHA256 6655fd9dcdfaf2abf814ffb6c524d67495aed4d923a69924c65abeab30bc74fb
SHA512 4989789c0b2439666dda4c4f959dffc0ddcb77595b1f817c13a95ed97619c270151597160320b3f2327a7daffc8b521b68878f9e5e5fb3870eb0c43619060407

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\sv.pak

MD5 272f8a8b517c7283eab83ba6993eea63
SHA1 ad4175331b948bd4f1f323a4938863472d9b700c
SHA256 d15b46bc9b5e31449b11251df19cd2ba4920c759bd6d4fa8ca93fd3361fdd968
SHA512 3a0930b7f228a779f727ebfb6ae8820ab5cc2c9e04c986bce7b0f49f9bf124f349248ecdf108edf8870f96b06d58dea93a3e0e2f2da90537632f2109e1aa65f0

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\sr.pak

MD5 c68c235d8e696c098cf66191e648196b
SHA1 5c967fbbd90403a755d6c4b2411e359884dc8317
SHA256 ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b
SHA512 34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\sl.pak

MD5 ca763e801de642e4d68510900ff6fabb
SHA1 c32a871831ce486514f621b3ab09387548ee1cff
SHA256 340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de
SHA512 e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\sk.pak

MD5 b7e97cc98b104053e5f1d6a671c703b7
SHA1 0f7293f1744ae2cd858eb3431ee016641478ae7d
SHA256 b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f
SHA512 ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ru.pak

MD5 2885bde990ee3b30f2c54a4067421b68
SHA1 ae16c4d534b120fdd68d33c091a0ec89fd58793f
SHA256 9fcda0d1fab7fff7e2f27980de8d94ff31e14287f58bd5d35929de5dd9cbcdca
SHA512 f7781f5c07fbf128399b88245f35055964ff0cde1cc6b35563abc64f520971ce9916827097ca18855b46ec6397639f5416a6e8386a9390afba4332d47d21693f

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\pt-PT.pak

MD5 b4954b064e3f6a9ba546dda5fa625927
SHA1 584686c6026518932991f7de611e2266d8523f9d
SHA256 ee1e014550b85e3d18fb5128984a713d9f6de2258001b50ddd18391e7307b4a1
SHA512 cb3b465b311f83b972eca1c66862b2c5d6ea6ac15282e0094aea455123ddf32e85df24a94a0aedbe1b925ff3ed005ba1e00d5ee820676d7a5a366153ade90ef7

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\pt-BR.pak

MD5 8e931ffbded8933891fb27d2cca7f37d
SHA1 ab0a49b86079d3e0eb9b684ca36eb98d1d1fd473
SHA256 6632bd12f04a5385012b5cdebe8c0dad4a06750dc91c974264d8fe60e8b6951d
SHA512 cf0f6485a65c13cf5ddd6457d34cdea222708b0bb5ca57034ed2c4900fd22765385547af2e2391e78f02dcf00b7a2b3ac42a3509dd4237581cfb87b8f389e48d

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\pl.pak

MD5 f1d48a7dcd4880a27e39b7561b6eb0ab
SHA1 353c3ba213cd2e1f7423c6ba857a8d8be40d8302
SHA256 2593c8b59849fbc690cbd513f06685ea3292cd0187fcf6b9069cbf3c9b0e8a85
SHA512 132da2d3c1a4dad5ccb399b107d7b6d9203a4b264ef8a65add11c5e8c75859115443e1c65ece2e690c046a82687829f54ec855f99d4843f859ab1dd7c71f35a5

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\nl.pak

MD5 0f04bac280035fab018f634bcb5f53ae
SHA1 4cad76eaecd924b12013e98c3a0e99b192be8936
SHA256 be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b
SHA512 1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\nb.pak

MD5 55d5ad4eacb12824cfcd89470664c856
SHA1 f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673
SHA256 4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261
SHA512 555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ms.pak

MD5 aee105366a1870b9d10f0f897e9295db
SHA1 eee9d789a8eeafe593ce77a7c554f92a26a2296f
SHA256 c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939
SHA512 240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\mr.pak

MD5 2cf9f07ddf7a3a70a48e8b524a5aed43
SHA1 974c1a01f651092f78d2d20553c3462267ddf4e9
SHA256 23058c0f71d9e40f927775d980524d866f70322e0ef215aa5748c239707451e7
SHA512 0b21570deefa41defc3c25c57b3171635bcb5593761d48a8116888ce8be34c1499ff79c7a3ebbe13b5a565c90027d294c6835e92e6254d582a86750640fe90f2

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\lv.pak

MD5 a8cbd741a764f40b16afea275f240e7e
SHA1 317d30bbad8fd0c30de383998ea5be4eec0bb246
SHA256 a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086
SHA512 3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\locales\ko.pak

MD5 d6194fc52e962534b360558061de2a25
SHA1 98ed833f8c4beac685e55317c452249579610ff8
SHA256 1a5884bd6665b2f404b7328de013522ee7c41130e57a53038fc991ec38290d21
SHA512 5207a07426c6ceb78f0504613b6d2b8dadf9f31378e67a61091f16d72287adbc7768d1b7f2a923369197e732426d15a872c091cf88680686581d48a7f94988ab

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json

MD5 49f7deab5d526f6f79d8fd80be29c97e
SHA1 e6ef40032a68a979454d30e9a483a1043367a90e
SHA256 3fe1b2bd4e7ed12e73c5717dc162f9086a4b349528042c4313610573530c6992
SHA512 053d4996c3376aa0fbee16be84d0a7f86b043ee1928dfe81e5b8db1686ac5e42db26b13ecd168a86f7315e8c208549b68f1ee3b64df3c12426eeda73c4efcdbe

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli.exe

MD5 4c1bbccaec3f88e00c176e49b3ea9742
SHA1 eea00e776e5979ae8e650ee9ddf3d4d4e93ff2ef
SHA256 299e9f3632bd8278384e60f7384279ccb394ca532515448f44e089a3fb119f1c
SHA512 3c82f9f06be9bdbdb6fc94709d6c582641b2bd1ba1987c0b42a8d5c653fc32c006873c8f236b45c62970b3abe6a8b5f9faa1a57c0c85d52fdc94ecf1bd21abd6

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli

MD5 b7c89ec5dfb8b15555f32a3bef6c3103
SHA1 a92048052f5fc0af532cd97ebf82c1a9fbf12342
SHA256 7c5c97aaee075241bdc4fbc610b356445747e962ac3d986c5016acefd66a6ea0
SHA512 c47baa0e0896684403760a13cfa6dd5826152ec7ae83f783040d186eaca8af70bc97530bbb22b720d7482a4ad18c3959ab1af8ccfe3689b19a51955e777884e8

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

MD5 c29ad60a23d5406728a51afa4352b4c7
SHA1 2be817215890f5868717765570ce9f7422735c4e
SHA256 faa867204c92db252271c9d850962ae1ff5c9448444ca907af483a6c874a6eb0
SHA512 e1784b8bf7119bf3380b192f1597cb3179425ff7ab347b144011fd17b62794760e6e092a0a1dae99302eb6c333f1638440df4e4e0eaf64f26d4f3cc46a74d04a

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE

MD5 c2710cd00242ca7d7bef0fc98dbbc7f8
SHA1 ba49c34590b171487fd5e383ca28632f551865e5
SHA256 9503def7b54ceb6e3cd182fd59bc05d3a30d7eae481e65aaba4b495133c83c14
SHA512 1b8fed37b379cfaac4e67e4ae0d0ae1c7e8fdd5178f1e9a289b646c5adb016c68cdcd743266fca87bd37bffc0951e0b9ecba8a57f0600a7dcd5cb52cd783637f

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt

MD5 1dcfcfdd8cce3e3b0fa697af106e4075
SHA1 f9261519f777790f7cd50c91e389d0e6589bd92a
SHA256 1357dc0a2f6ae355ab59b409c94cf635b7ed849a3bcb60e95b7132cbfd297324
SHA512 751ac3545299650e783daf0a45823660ce0b3f6dd7d722d303b9a801b02db61f7bb3a5129f4481294f2201fb5ad4e7bb1b2ab9a2d993ebde8a0d985f08ce34a2

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js

MD5 1d26f69361e75ca5cd2eac5f99249c72
SHA1 787d51c708ce15b2c533a180a2bf639648bc40eb
SHA256 d7d63601d3347efc93425f4f93049cfb9ed2b9ead1dce662c9c1bed3cba302e0
SHA512 7350774074462d33ac9f2e130829306af08a6693fd597f40c39bfb194684f66d965cd23c10de5fc4389e4a2ffe84db727aad23dd683a805ae4825f10026cb040

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

MD5 d060ac623857ad5ca08e3a944768925a
SHA1 26fe78c92f55f9529ffa2b71da403873da29313f
SHA256 8d4bd4c779e177724aa7bf98e768e50ce8b2950ef5bf39fa08033057b400888b
SHA512 ae1b42d7e5c5d60f935bcd08417d4d9055d71bfb80653281e990a687353592731a7c4423655fbb988728152846aa56a5f180335d254885338bf6c96ef2a8357a

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

MD5 f42c24cde0162b93624df51f4e2abfab
SHA1 f819638944878ac4cb49438d8599d3fbd9081949
SHA256 3f2316e7fb20e82df9a8b08d6169a622a89808742806adee2e4d89885962357d
SHA512 67258cbaf9f46f1609cec9b87b7a577f855cde9c8efafa3d835a0d18fb3903fcc4733489bf81447cdf2c0a55701d569a75f11a81865dab8f624b722e76b7c674

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\wheels

MD5 6fec563925ecab8b6a98c3f38655236d
SHA1 9ad08eb80167574de6373d871cfff5511d2554cf
SHA256 6fa0613c1edb0c6b26baac0b759bf756f389a11e0ec0e64904cffb26ef8dc016
SHA512 850a5285519965fe26ab0da2ae62d380648acb723d879e2ab770124e4146ce0a6d03f089e28af20604dd3e00913169f82ac568a1741014e0bc5ee7b2c583888d

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js

MD5 c63a1659a645a5095524923081813d51
SHA1 1d97d7ccb0804b7a15f0593c87990ab0da4b6887
SHA256 644476fd66a507adc49582e7371c87e4cacc3c7840c23fe920da2a09f05db08a
SHA512 ae452613a1dc728428ed2e596d7fbb041e00a8aa300aaada289fd454f71267569fa548fa7c7217134572decab12e56f4aadd4853c96ef705ccba2dcb377018cb

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js

MD5 1ffedd383c8097dd628411836505787e
SHA1 969306e8127b354f35f4c870f2da7b4034d4197b
SHA256 df3b6ca3fff442454ffee98e8e4db5e3fe0d82ff19a49216cd238fa9282cb30a
SHA512 1392958e5a9c2e0c6df617c48547f5fdae32960bfb55953528ee345e06e1ae191ca4001a618233adeab27e16de5ecd203c405e8b4fa7f3a739cd3d2c4a1e9ed2

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh

MD5 2ff8e17ece2c70eff9efdb2b1a524555
SHA1 d61c93df38f70f2244817c688a140224c9a99af9
SHA256 f07b481f34e732e74abe6402023f8b84f61281626ad6e25062a20fa8fd80ece4
SHA512 0f847fd2b05bd4627a56b452f065e878005b6307bc101663297afb5f45c24d965ddc48ea4818c34ab35bde06f5a7711cf29fb9182c8ed9cf34e17d6434c487ee

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

MD5 e8282413c1895eaff49de6dd9b71ab13
SHA1 4e058f522a46e20bbd26f15a6922390ec2c1da36
SHA256 d6a28994173c1c36476121f8b0e3633e01ecd0589289901fba34fe218293443d
SHA512 301d2a6ae958e1ba936cae6f555a587ad87567055f4709d4676a3ef5b1a3112cb338b8a9e744c24cbfa784f00f13a1118ad48fd4f6bb060c5608e4ddc8779389

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\build-in-docker.sh

MD5 94b0fc212af523b8bfcd6c2aa5a5ab2a
SHA1 cc0cb35f7ce729f7affe6b2c463e57966515e476
SHA256 abaa92d196f6752f184b83b19aedd9b1e28d328e6817de213f61fbd108351e16
SHA512 af0a2174e0304fdaa56ddae249049c142450ad4a0a9c8975548f61aa2bc356837b1d7ed441108156af32c979da5647bd0233a49db700ff0bbf528f9fa2c862e6

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

MD5 50c3a734036b84685a15d56217207d67
SHA1 1893de2684072a3a2961337fa9a9b45a52c52c0a
SHA256 171990f108cd5582f83432c1569f2c3e1aebfbfb159599f4ff2ab693c20a8f78
SHA512 3aa037d12cee7cbf51826fb3e2aa87b4543dd62f5ff5f2f8915128061c07472304601766bddf949647c5ca92e8ee768a77139bbe91bdfaaae99dea4405168ea9

C:\Users\Admin\AppData\Local\Temp\nso9079.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\73834ff7-63d3-46a7-bc45-1e1fb133ba0d.tmp.node

MD5 dc5c055d0e2f4f567c31b179aa348571
SHA1 5bc1dcb1665e953e39967a01030bc735a1f9a406
SHA256 de469f82ac1f0c09fe7fbc84df34bd0ffaf6f8b22977e396d8cb4f5ce650ac71
SHA512 32e1eb2250d59f9512f31195121c55ff22e42de79b84d826bc08be409f2589267ad341c11e77778f0a27630e8db0e28e6a06bd1092f9f08b43994e466888b262

C:\Users\Admin\AppData\Local\Temp\e9d82353-75ea-4c00-a664-104c0f4615af.tmp.node

MD5 4a6acbaef4301d3fdcd1c56ba65bfb24
SHA1 40589bf8ebd0e65a53cd1bebbe170e9197dde646
SHA256 fb214c66c7955ae6737fe7ac0e9cc43e764067a4c8d22c62527f2962b3d341fa
SHA512 fff6347ffb2a966522297e73a1a570a6d74975d7037a9956412b5d78823e00555f2095774c190a447295ae3e3480072564a0e49e227ae552412c4afca1d6f316

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/1040-759-0x00007FFC1D070000-0x00007FFC1D071000-memory.dmp

memory/1040-758-0x00007FFC1E0A0000-0x00007FFC1E0A1000-memory.dmp

memory/1060-997-0x0000000000400000-0x0000000000412000-memory.dmp

C:\Users\Admin\AppData\Roaming\Era\Network\Network Persistent State

MD5 4d7031628e369de865f6a21436e8ec7e
SHA1 8e64f20433a98993ac64d87425aaebf7d5f78f2d
SHA256 da077985161391a3e1a11ce32226d755059dc01e0c74652542d37f070401543a
SHA512 0675107d5df6b2589aa441f50ae8c7ad97648d2969e2575463967c4e49b84277502c042907aa547916b7f52d39833a28d20b09fcb5cdaa8667dd0123ac219c6f

C:\Users\Admin\AppData\Roaming\Era\Network\Network Persistent State~RFe58cd4e.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/4524-1025-0x0000023FFE160000-0x0000023FFE161000-memory.dmp

memory/4524-1037-0x0000023FFE160000-0x0000023FFE161000-memory.dmp

memory/4524-1036-0x0000023FFE160000-0x0000023FFE161000-memory.dmp

memory/4524-1035-0x0000023FFE160000-0x0000023FFE161000-memory.dmp

memory/4524-1034-0x0000023FFE160000-0x0000023FFE161000-memory.dmp

memory/4524-1033-0x0000023FFE160000-0x0000023FFE161000-memory.dmp

memory/4524-1032-0x0000023FFE160000-0x0000023FFE161000-memory.dmp

memory/4524-1031-0x0000023FFE160000-0x0000023FFE161000-memory.dmp

memory/4524-1027-0x0000023FFE160000-0x0000023FFE161000-memory.dmp

memory/4524-1026-0x0000023FFE160000-0x0000023FFE161000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win7-20240708-en

Max time kernel

122s

Max time network

128s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 220

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win7-20240704-en

Max time kernel

122s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Era.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Era.exe

"C:\Users\Admin\AppData\Local\Temp\Era.exe"

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win7-20240705-en

Max time kernel

120s

Max time network

130s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win7-20240704-en

Max time kernel

122s

Max time network

133s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win10v2004-20240802-en

Max time kernel

135s

Max time network

109s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2044 wrote to memory of 3800 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2044 wrote to memory of 3800 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2044 wrote to memory of 3800 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3800 -ip 3800

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win7-20240705-en

Max time kernel

119s

Max time network

130s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:45

Platform

debian9-mipsel-20240418-en

Max time kernel

0s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win7-20240704-en

Max time kernel

119s

Max time network

129s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win7-20240708-en

Max time kernel

118s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win7-20240708-en

Max time kernel

118s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\Era\Era.exe N/A
N/A N/A C:\Program Files\Era\Era.exe N/A
N/A N/A C:\Program Files\Era\Era.exe N/A
N/A N/A C:\Program Files\Era\Era.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Era\locales\af.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\lv.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\zh-TW.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\elevate.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\snapshot_blob.bin C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\binaries\FortniteLauncher.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\vk_swiftshader_icd.json C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\binaries\go_build_gemd_src.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\ja.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\sl.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\uk.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\chrome_100_percent.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\ffmpeg.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\ar.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\et.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\fi.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\ko.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\sr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\vulkan-1.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\wheels C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\fr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\nl.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\sv.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\LICENSE.electron.txt C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\LICENSES.chromium.html C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app-update.yml C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\it.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\pl.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\sw.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\icudtl.dat C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\hu.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\lt.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\ml.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\tr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\ca.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\en-US.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\Uninstall Era.exe C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\gu.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\es-419.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\pt-PT.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\ru.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\sk.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\bg.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\da.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\de.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\mr.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\ro.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\zh-CN.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\libEGL.dll C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\hi.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A
File created C:\Program Files\Era\locales\ur.pak C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe

"C:\Users\Admin\AppData\Local\Temp\Era Setup 1.0.80.exe"

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe"

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe"

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe"

C:\Program Files\Era\Era.exe

"C:\Program Files\Era\Era.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\chrome_100_percent.pak

MD5 8626e1d68e87f86c5b4dabdf66591913
SHA1 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c
SHA256 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59
SHA512 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\chrome_200_percent.pak

MD5 48515d600258d60019c6b9c6421f79f6
SHA1 0ef0b44641d38327a360aa6954b3b6e5aab2af16
SHA256 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce
SHA512 b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\ffmpeg.dll

MD5 d49e7a8f096ad4722bd0f6963e0efc08
SHA1 6835f12391023c0c7e3c8cc37b0496e3a93a5985
SHA256 f11576bf7ffbc3669d1a5364378f35a1ed0811b7831528b6c4c55b0cdc7dc014
SHA512 ca50c28d6aac75f749ed62eec8acbb53317f6bdcef8794759af3fad861446de5b7fa31622ce67a347949abb1098eccb32689b4f1c54458a125bc46574ad51575

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\libEGL.dll

MD5 09134e6b407083baaedf9a8c0bce68f2
SHA1 8847344cceeab35c1cdf8637af9bd59671b4e97d
SHA256 d2107ba0f4e28e35b22837c3982e53784d15348795b399ad6292d0f727986577
SHA512 6ff3adcb8be48d0b505a3c44e6550d30a8feaf4aa108982a7992ed1820c06f49e0ad48d9bd92685fb82783dfd643629bd1fe4073300b61346b63320cbdb051ba

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\icudtl.dat

MD5 adfd2a259608207f256aeadb48635645
SHA1 300bb0ae3d6b6514fb144788643d260b602ac6a4
SHA256 7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050
SHA512 8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\libGLESv2.dll

MD5 a5f1921e6dcde9eaf42e2ccc82b3d353
SHA1 1f6f4df99ae475acec4a7d3910badb26c15919d1
SHA256 50c4dc73d69b6c0189eab56d27470ee15f99bbbc12bfd87ebe9963a7f9ba404e
SHA512 0c24ae7d75404adf8682868d0ebf05f02bbf603f7ddd177cf2af5726802d0a5afcf539dc5d68e10dab3fcfba58903871c9c81054560cf08799af1cc88f33c702

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\LICENSES.chromium.html

MD5 180f8acc70405077badc751453d13625
SHA1 35dc54acad60a98aeec47c7ade3e6a8c81f06883
SHA256 0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c
SHA512 40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\v8_context_snapshot.bin

MD5 a373d83d4c43ba957693ad57172a251b
SHA1 8e0fdb714df2f4cb058beb46c06aa78f77e5ff86
SHA256 43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c
SHA512 07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\snapshot_blob.bin

MD5 8fef5a96dbcc46887c3ff392cbdb1b48
SHA1 ed592d75222b7828b7b7aab97b83516f60772351
SHA256 4de0f720c416776423add7ada621da95d0d188d574f08e36e822ad10d85c3ece
SHA512 e52c7820c69863ecc1e3b552b7f20da2ad5492b52cac97502152ebff45e7a45b00e6925679fd7477cdc79c68b081d6572eeed7aed773416d42c9200accc7230e

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources.pak

MD5 7971a016aed2fb453c87eb1b8e3f5eb2
SHA1 92b91e352be8209fadcf081134334dea147e23b8
SHA256 9cfd5d29cde3de2f042e5e1da629743a7c95c1211e1b0b001e4eebc0f0741e06
SHA512 42082ac0c033655f2edae876425a320d96cdaee6423b85449032c63fc0f7d30914aa3531e65428451c07912265b85f5fee2ed0bbdb362994d3a1fa7b14186013

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\vk_swiftshader.dll

MD5 a0845e0774702da9550222ab1b4fded7
SHA1 65d5bd6c64090f0774fd0a4c9b215a868b48e19b
SHA256 6150a413ebe00f92f38737bdccf493d19921ef6329fcd48e53de9dbde4780810
SHA512 4be0cb1e3c942a1695bae7b45d21c5f70e407132ecc65efb5b085a50cdab3c33c26e90bd7c86198ec40fb2b18d026474b6c649776a3ca2ca5bff6f922de2319b

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\vulkan-1.dll

MD5 0e4e0f481b261ea59f196e5076025f77
SHA1 c73c1f33b5b42e9d67d819226db69e60d2262d7b
SHA256 f681844896c084d2140ac210a974d8db099138fe75edb4df80e233d4b287196a
SHA512 e6127d778ec73acbeb182d42e5cf36c8da76448fbdab49971de88ec4eb13ce63140a2a83fc3a1b116e41f87508ff546c0d7c042b8f4cdd9e07963801f3156ba2

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\binaries\FortniteLauncher.exe

MD5 aeaa6f47b71614437c0d47828da005ca
SHA1 f9d016d3817ebbc28556967b8b8c05d120acbc58
SHA256 31eb3c804c7a248fe505d948ad9b3891b6b6f9210bd84aaf0eb716478c490b66
SHA512 6785eb5ae5d6d78a9c2f004ba5c91dd6603fd8efb39cb50f4bc3ac16d7377fb1317ba12658b63d575c17de04696b88c09c8a812340c4c40394196dab99d41a60

C:\Program Files\Era\locales\af.pak

MD5 464e5eeaba5eff8bc93995ba2cb2d73f
SHA1 3b216e0c5246c874ad0ad7d3e1636384dad2255d
SHA256 0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1
SHA512 726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\ar.pak

MD5 fdbad4c84ac66ee78a5c8dd16d259c43
SHA1 3ce3cd751bb947b19d004bd6916b67e8db5017ac
SHA256 a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b
SHA512 376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\am.pak

MD5 2c933f084d960f8094e24bee73fa826c
SHA1 91dfddc2cff764275872149d454a8397a1a20ab1
SHA256 fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450
SHA512 3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\binaries\go_build_gemd_src.exe

MD5 1b63c2c1b0846c63730e747eea7842eb
SHA1 3f72c48db65891dfa656dc4842a76f912ddc7c83
SHA256 0c86799d4895e3fac3ee0b8746a3f2bc44f811191df9753bf3b12f95b15651b0
SHA512 96ae86c1deada543c0d2a0ea7e04d66a390c9b0f72b9361e25ded3eb598fda0d215ef516ddcbd7d508a90c09fa02d6db2ac531f537f4a8fcab76af885a7e8bae

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\de.pak

MD5 cf22ec11a33be744a61f7de1a1e4514f
SHA1 73e84848c6d9f1a2abe62020eb8c6797e4c49b36
SHA256 7cc213e2c9a2d2e2e463083dd030b86da6bba545d5cee4c04df8f80f9a01a641
SHA512 c10c8446e3041d7c0195da184a53cfbd58288c06eaf8885546d2d188b59667c270d647fa7259f5ce140ec6400031a7fc060d0f2348ab627485e2207569154495

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\da.pak

MD5 e7ba94c827c2b04e925a76cb5bdd262c
SHA1 abba6c7fcec8b6c396a6374331993c8502c80f91
SHA256 d8da7ab28992c8299484bc116641e19b448c20adf6a8b187383e2dba5cd29a0b
SHA512 1f44fce789cf41fd62f4d387b7b8c9d80f1e391edd2c8c901714dd0a6e3af32266e9d3c915c15ad47c95ece4c7d627aa7339f33eea838d1af9901e48edb0187e

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\cs.pak

MD5 eeee212072ea6589660c9eb216855318
SHA1 d50f9e6ca528725ced8ac186072174b99b48ea05
SHA256 de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43
SHA512 ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\ca.pak

MD5 4cd6b3a91669ddcfcc9eef9b679ab65c
SHA1 43c41cb00067de68d24f72e0f5c77d3b50b71f83
SHA256 56efff228ee3e112357d6121b2256a2c3acd718769c89413de82c9d4305459c6
SHA512 699be9962d8aae241abd1d1f35cd8468ffbd6157bcd6bdf2c599d902768351b247baad6145b9826d87271fd4a19744eb11bf7065db7fefb01d66d2f1f39015a9

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\bn.pak

MD5 9340520696e7cb3c2495a78893e50add
SHA1 eed5aeef46131e4c70cd578177c527b656d08586
SHA256 1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39
SHA512 62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\bg.pak

MD5 38bcabb6a0072b3a5f8b86b693eb545d
SHA1 d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89
SHA256 898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1
SHA512 002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\el.pak

MD5 e66a75680f21ce281995f37099045714
SHA1 d553e80658ee1eea5b0912db1ecc4e27b0ed4790
SHA256 21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f
SHA512 d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\es.pak

MD5 04a9ba7316dc81766098e238a667de87
SHA1 24d7eb4388ecdfecada59c6a791c754181d114de
SHA256 7fa148369c64bc59c2832d617357879b095357fe970bab9e0042175c9ba7cb03
SHA512 650856b6187df41a50f9bed29681c19b4502de6af8177b47bad0bf12e86a25e92aa728311310c28041a18e4d9f48ef66d5ad5d977b6662c44b49bfd1da84522b

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\es-419.pak

MD5 7da3e8aa47ba35d014e1d2a32982a5bb
SHA1 8e35320b16305ad9f16cb0f4c881a89818cd75bb
SHA256 7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c
SHA512 1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\en-US.pak

MD5 19d18f8181a4201d542c7195b1e9ff81
SHA1 7debd3cf27bbe200c6a90b34adacb7394cb5929c
SHA256 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb
SHA512 af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\en-GB.pak

MD5 825ed4c70c942939ffb94e77a4593903
SHA1 7a3faee9bf4c915b0f116cb90cec961dda770468
SHA256 e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16
SHA512 41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\et.pak

MD5 ccc71f88984a7788c8d01add2252d019
SHA1 6a87752eac3044792a93599428f31d25debea369
SHA256 d69489a723b304e305cb1767e6c8da5d5d1d237e50f6ddc76e941dcb01684944
SHA512 d35ccd639f2c199862e178a9fab768d7db10d5a654bc3bc1fab45d00ceb35a01119a5b4d199e2db3c3576f512b108f4a1df7faf6624d961c0fc4bca5af5f0e07

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\fi.pak

MD5 21e534869b90411b4f9ea9120ffb71c8
SHA1 cc91ffbd19157189e44172392b2752c5f73984c5
SHA256 2d337924139ffe77804d2742eda8e58d4e548e65349f827840368e43d567810b
SHA512 3ca3c0adaf743f92277452b7bd82db4cf3f347de5568a20379d8c9364ff122713befd547fbd3096505ec293ae6771ada4cd3dadac93cc686129b9e5aacf363bd

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\fa.pak

MD5 2e37fd4e23a1707a1eccea3264508dff
SHA1 e00e58ed06584b19b18e9d28b1d52dbfc36d70f3
SHA256 b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e
SHA512 7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\gu.pak

MD5 308619d65b677d99f48b74ccfe060567
SHA1 9f834df93fd48f4fb4ca30c4058e23288cf7d35e
SHA256 e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4
SHA512 3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\fr.pak

MD5 3ee48a860ecf45bafa63c9284dfd63e2
SHA1 1cb51d14964f4dced8dea883bf9c4b84a78f8eb6
SHA256 1923e0edf1ef6935a4a718e3e2fc9a0a541ea0b4f3b27553802308f9fd4fc807
SHA512 eb6105faca13c191fef0c51c651a406b1da66326bb5705615770135d834e58dee9bed82aa36f2dfb0fe020e695c192c224ec76bb5c21a1c716e5f26dfe02f763

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\fil.pak

MD5 d7df2ea381f37d6c92e4f18290c6ffe0
SHA1 7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4
SHA256 db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a
SHA512 96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\it.pak

MD5 745f16ca860ee751f70517c299c4ab0e
SHA1 54d933ad839c961dd63a47c92a5b935eef208119
SHA256 10e65f42ce01ba19ebf4b074e8b2456213234482eadf443dfad6105faf6cde4c
SHA512 238343d6c80b82ae900f5abf4347e542c9ea016d75fb787b93e41e3c9c471ab33f6b4584387e5ee76950424e25486dd74b9901e7f72876960c0916c8b9cee9a6

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\id.pak

MD5 b6fcd5160a3a1ae1f65b0540347a13f2
SHA1 4cf37346318efb67908bba7380dbad30229c4d3d
SHA256 7fd715914e3b0cf2048d4429f3236e0660d5bd5e61623c8fef9b8e474c2ac313
SHA512 a8b4a96e8f9a528b2df3bd1251b72ab14feccf491dd254a7c6ecba831dfaba328adb0fd0b4acddb89584f58f94b123e97caa420f9d7b34131cc51bdbdbf3ed73

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\hu.pak

MD5 2aa0a175df21583a68176742400c6508
SHA1 3c25ba31c2b698e0c88e7d01b2cc241f0916e79a
SHA256 b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72
SHA512 03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\hr.pak

MD5 255f808210dbf995446d10ff436e0946
SHA1 1785d3293595f0b13648fb28aec6936c48ea3111
SHA256 4df972b7f6d81aa7bdc39e2441310a37f746ae5015146b4e434a878d1244375b
SHA512 8b1a4d487b0782055717b718d58cd21e815b874e2686cdfd2087876b70ae75f9182f783c70bf747cf4ca17a3afc68517a9db4c99449fa09bef658b5e68087f2a

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\hi.pak

MD5 b5dfce8e3ba0aec2721cc1692b0ad698
SHA1 c5d6fa21a9ba3d526f3e998e3f627afb8d1eecf3
SHA256 b1c7fb6909c8a416b513d6de21eea0b5a6b13c7f0a94cabd0d9154b5834a5e8b
SHA512 facf0a9b81af6bb35d0fc5e69809d5c986a2c91a166e507784bdad115644b96697fe504b8d70d9bbb06f0c558f746c085d37e385eef41f0a1c29729d3d97980f

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\he.pak

MD5 fc84ea7dc7b9408d1eea11beeb72b296
SHA1 de9118194952c2d9f614f8e0868fb273ddfac255
SHA256 15951767dafa7bdbedac803d842686820de9c6df478416f34c476209b19d2d8c
SHA512 49d13976dddb6a58c6fdcd9588e243d705d99dc1325c1d9e411a1d68d8ee47314dfcb661d36e2c4963c249a1542f95715f658427810afcabdf9253aa27eb3b24

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\kn.pak

MD5 caab4deb1c40507848f9610d849834cf
SHA1 1bc87ff70817ba1e1fdd1b5cb961213418680cbe
SHA256 7a34483e6272f9b8881f0f5a725b477540166561c75b9e7ab627815d4be1a8a4
SHA512 dc4b63e5a037479bb831b0771aec0fe6eb016723bcd920b41ab87ef11505626632877073ce4e5e0755510fe19ba134a7b5899332ecef854008b15639f915860c

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\ja.pak

MD5 38cd3ef9b7dff9efbbe086fa39541333
SHA1 321ef69a298d2f9830c14140b0b3b0b50bd95cb0
SHA256 d8fab5714dafecb89b3e5fce4c4d75d2b72893e685e148e9b60f7c096e5b3337
SHA512 40785871032b222a758f29e0c6ec696fbe0f6f5f3274cc80085961621bec68d7e0fb47c764649c4dd0c27c6ee02460407775fae9d3a2a8a59362d25a39266ce0

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\ko.pak

MD5 d6194fc52e962534b360558061de2a25
SHA1 98ed833f8c4beac685e55317c452249579610ff8
SHA256 1a5884bd6665b2f404b7328de013522ee7c41130e57a53038fc991ec38290d21
SHA512 5207a07426c6ceb78f0504613b6d2b8dadf9f31378e67a61091f16d72287adbc7768d1b7f2a923369197e732426d15a872c091cf88680686581d48a7f94988ab

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\lv.pak

MD5 a8cbd741a764f40b16afea275f240e7e
SHA1 317d30bbad8fd0c30de383998ea5be4eec0bb246
SHA256 a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086
SHA512 3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\lt.pak

MD5 64b08ffc40a605fe74ecc24c3024ee3b
SHA1 516296e8a3114ddbf77601a11faf4326a47975ab
SHA256 8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e
SHA512 05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\mr.pak

MD5 2cf9f07ddf7a3a70a48e8b524a5aed43
SHA1 974c1a01f651092f78d2d20553c3462267ddf4e9
SHA256 23058c0f71d9e40f927775d980524d866f70322e0ef215aa5748c239707451e7
SHA512 0b21570deefa41defc3c25c57b3171635bcb5593761d48a8116888ce8be34c1499ff79c7a3ebbe13b5a565c90027d294c6835e92e6254d582a86750640fe90f2

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\ml.pak

MD5 1c81104ac2cbf7f7739af62eb77d20d5
SHA1 0f0d564f1860302f171356ea35b3a6306c051c10
SHA256 66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108
SHA512 969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\ms.pak

MD5 aee105366a1870b9d10f0f897e9295db
SHA1 eee9d789a8eeafe593ce77a7c554f92a26a2296f
SHA256 c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939
SHA512 240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\ro.pak

MD5 d2758f6adbaeea7cd5d95f4ad6dde954
SHA1 d7476db23d8b0e11bbabf6a59fde7609586bdc8a
SHA256 2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c
SHA512 8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\pt-PT.pak

MD5 b4954b064e3f6a9ba546dda5fa625927
SHA1 584686c6026518932991f7de611e2266d8523f9d
SHA256 ee1e014550b85e3d18fb5128984a713d9f6de2258001b50ddd18391e7307b4a1
SHA512 cb3b465b311f83b972eca1c66862b2c5d6ea6ac15282e0094aea455123ddf32e85df24a94a0aedbe1b925ff3ed005ba1e00d5ee820676d7a5a366153ade90ef7

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\pt-BR.pak

MD5 8e931ffbded8933891fb27d2cca7f37d
SHA1 ab0a49b86079d3e0eb9b684ca36eb98d1d1fd473
SHA256 6632bd12f04a5385012b5cdebe8c0dad4a06750dc91c974264d8fe60e8b6951d
SHA512 cf0f6485a65c13cf5ddd6457d34cdea222708b0bb5ca57034ed2c4900fd22765385547af2e2391e78f02dcf00b7a2b3ac42a3509dd4237581cfb87b8f389e48d

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\pl.pak

MD5 f1d48a7dcd4880a27e39b7561b6eb0ab
SHA1 353c3ba213cd2e1f7423c6ba857a8d8be40d8302
SHA256 2593c8b59849fbc690cbd513f06685ea3292cd0187fcf6b9069cbf3c9b0e8a85
SHA512 132da2d3c1a4dad5ccb399b107d7b6d9203a4b264ef8a65add11c5e8c75859115443e1c65ece2e690c046a82687829f54ec855f99d4843f859ab1dd7c71f35a5

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\nl.pak

MD5 0f04bac280035fab018f634bcb5f53ae
SHA1 4cad76eaecd924b12013e98c3a0e99b192be8936
SHA256 be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b
SHA512 1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\nb.pak

MD5 55d5ad4eacb12824cfcd89470664c856
SHA1 f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673
SHA256 4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261
SHA512 555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\sl.pak

MD5 ca763e801de642e4d68510900ff6fabb
SHA1 c32a871831ce486514f621b3ab09387548ee1cff
SHA256 340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de
SHA512 e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\sk.pak

MD5 b7e97cc98b104053e5f1d6a671c703b7
SHA1 0f7293f1744ae2cd858eb3431ee016641478ae7d
SHA256 b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f
SHA512 ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\ru.pak

MD5 2885bde990ee3b30f2c54a4067421b68
SHA1 ae16c4d534b120fdd68d33c091a0ec89fd58793f
SHA256 9fcda0d1fab7fff7e2f27980de8d94ff31e14287f58bd5d35929de5dd9cbcdca
SHA512 f7781f5c07fbf128399b88245f35055964ff0cde1cc6b35563abc64f520971ce9916827097ca18855b46ec6397639f5416a6e8386a9390afba4332d47d21693f

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\te.pak

MD5 a17f16d7a038b0fa3a87d7b1b8095766
SHA1 b2f845e52b32c513e6565248f91901ab6874e117
SHA256 d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e
SHA512 371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\ta.pak

MD5 18ec8ff3c0701a6a8c48f341d368bab5
SHA1 8bff8aee26b990cf739a29f83efdf883817e59d8
SHA256 052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9
SHA512 a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\sw.pak

MD5 67a443a5c2eaad32625edb5f8deb7852
SHA1 a6137841e8e7736c5ede1d0dc0ce3a44dc41013f
SHA256 41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd
SHA512 e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\sv.pak

MD5 272f8a8b517c7283eab83ba6993eea63
SHA1 ad4175331b948bd4f1f323a4938863472d9b700c
SHA256 d15b46bc9b5e31449b11251df19cd2ba4920c759bd6d4fa8ca93fd3361fdd968
SHA512 3a0930b7f228a779f727ebfb6ae8820ab5cc2c9e04c986bce7b0f49f9bf124f349248ecdf108edf8870f96b06d58dea93a3e0e2f2da90537632f2109e1aa65f0

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\sr.pak

MD5 c68c235d8e696c098cf66191e648196b
SHA1 5c967fbbd90403a755d6c4b2411e359884dc8317
SHA256 ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b
SHA512 34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\uk.pak

MD5 361a0e1f665b9082a457d36209b92a25
SHA1 3c89e1b70b51820bb6baa64365c64da6a9898e2f
SHA256 bd02966f6c6258b66eae7ff014710925e53fe26e8254d7db4e9147266025cc3a
SHA512 d4d25fc58053f8cce4c073846706dc1ecbc0dc19308ba35501e19676f3e7ed855d7b57ae22a5637f81cefc1aa032bf8770d0737df1924f3504813349387c08cf

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\tr.pak

MD5 5ff2e5c95067a339e3d6b8985156ec1f
SHA1 7525b25c7b07f54b63b6459a0d8c8c720bd8a398
SHA256 14a131ba318274cf10de533a19776db288f08a294cf7e564b7769fd41c7f2582
SHA512 2414386df8d7ab75dcbd6ca2b9ae62ba8e953ddb8cd8661a9f984eb5e573637740c7a79050b2b303af3d5b1d4d1bb21dc658283638718fdd04fc6e5891949d1b

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\th.pak

MD5 a32ba63feeed9b91f6d6800b51e5aeae
SHA1 2fbf6783996e8315a4fb94b7d859564350ee5918
SHA256 e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6
SHA512 adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app-update.yml

MD5 041e86a1223437c8e992b0325360a258
SHA1 02ce2334540fcf6926c8e4e5df7dc97a89663e82
SHA256 806b74c32a3894f6f8581eca0aec51a7685e67af4b0e226d074a344cb08af391
SHA512 d87bb066cde286bc0dc1cbb7451b9d0863c0ff24cd6fa28e0c6c593d0c99dc3f08c4591b99278ea021692f7a910e087e331725b1e287ab610b3c31aacd8ba395

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\zh-TW.pak

MD5 2456bf42275f15e016689da166df9008
SHA1 70f7de47e585dfea3f5597b5bba1f436510decd7
SHA256 adf8df051b55507e5a79fa47ae88c7f38707d02dfac0cc4a3a7e8e17b58c6479
SHA512 7e622afa15c70785aaf7c19604d281efe0984f621d6599058c97c19d3c0379b2ee2e03b3a7ec597040a4eee250a782d7ec55c335274dd7db7c7ca97ddcfd378a

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\zh-CN.pak

MD5 82326e465e3015c64ca1db77dc6a56bc
SHA1 e8abe12a8dd2cc741b9637fa8f0e646043bbfe3d
SHA256 6655fd9dcdfaf2abf814ffb6c524d67495aed4d923a69924c65abeab30bc74fb
SHA512 4989789c0b2439666dda4c4f959dffc0ddcb77595b1f817c13a95ed97619c270151597160320b3f2327a7daffc8b521b68878f9e5e5fb3870eb0c43619060407

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\vi.pak

MD5 db0eb3183007de5aae10f934fffacc59
SHA1 e9ea7aeffe2b3f5cf75ab78630da342c6f8b7fd9
SHA256 ddabb225b671b989789e9c2ccd1b5a8f22141a7d9364d4e6ee9b8648305e7897
SHA512 703efd12fcace8172c873006161712de1919572c58d98b11de7834c5628444229f5143d231c41da5b9cf729e32de58dee3603cb3d18c6cdd94aa9aa36fbf5de0

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\locales\ur.pak

MD5 1ca4fa13bd0089d65da7cd2376feb4c6
SHA1 b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c
SHA256 3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f
SHA512 d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

MD5 50c3a734036b84685a15d56217207d67
SHA1 1893de2684072a3a2961337fa9a9b45a52c52c0a
SHA256 171990f108cd5582f83432c1569f2c3e1aebfbfb159599f4ff2ab693c20a8f78
SHA512 3aa037d12cee7cbf51826fb3e2aa87b4543dd62f5ff5f2f8915128061c07472304601766bddf949647c5ca92e8ee768a77139bbe91bdfaaae99dea4405168ea9

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

MD5 c29ad60a23d5406728a51afa4352b4c7
SHA1 2be817215890f5868717765570ce9f7422735c4e
SHA256 faa867204c92db252271c9d850962ae1ff5c9448444ca907af483a6c874a6eb0
SHA512 e1784b8bf7119bf3380b192f1597cb3179425ff7ab347b144011fd17b62794760e6e092a0a1dae99302eb6c333f1638440df4e4e0eaf64f26d4f3cc46a74d04a

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli

MD5 b7c89ec5dfb8b15555f32a3bef6c3103
SHA1 a92048052f5fc0af532cd97ebf82c1a9fbf12342
SHA256 7c5c97aaee075241bdc4fbc610b356445747e962ac3d986c5016acefd66a6ea0
SHA512 c47baa0e0896684403760a13cfa6dd5826152ec7ae83f783040d186eaca8af70bc97530bbb22b720d7482a4ad18c3959ab1af8ccfe3689b19a51955e777884e8

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli.exe

MD5 4c1bbccaec3f88e00c176e49b3ea9742
SHA1 eea00e776e5979ae8e650ee9ddf3d4d4e93ff2ef
SHA256 299e9f3632bd8278384e60f7384279ccb394ca532515448f44e089a3fb119f1c
SHA512 3c82f9f06be9bdbdb6fc94709d6c582641b2bd1ba1987c0b42a8d5c653fc32c006873c8f236b45c62970b3abe6a8b5f9faa1a57c0c85d52fdc94ecf1bd21abd6

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json

MD5 49f7deab5d526f6f79d8fd80be29c97e
SHA1 e6ef40032a68a979454d30e9a483a1043367a90e
SHA256 3fe1b2bd4e7ed12e73c5717dc162f9086a4b349528042c4313610573530c6992
SHA512 053d4996c3376aa0fbee16be84d0a7f86b043ee1928dfe81e5b8db1686ac5e42db26b13ecd168a86f7315e8c208549b68f1ee3b64df3c12426eeda73c4efcdbe

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE

MD5 c2710cd00242ca7d7bef0fc98dbbc7f8
SHA1 ba49c34590b171487fd5e383ca28632f551865e5
SHA256 9503def7b54ceb6e3cd182fd59bc05d3a30d7eae481e65aaba4b495133c83c14
SHA512 1b8fed37b379cfaac4e67e4ae0d0ae1c7e8fdd5178f1e9a289b646c5adb016c68cdcd743266fca87bd37bffc0951e0b9ecba8a57f0600a7dcd5cb52cd783637f

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt

MD5 1dcfcfdd8cce3e3b0fa697af106e4075
SHA1 f9261519f777790f7cd50c91e389d0e6589bd92a
SHA256 1357dc0a2f6ae355ab59b409c94cf635b7ed849a3bcb60e95b7132cbfd297324
SHA512 751ac3545299650e783daf0a45823660ce0b3f6dd7d722d303b9a801b02db61f7bb3a5129f4481294f2201fb5ad4e7bb1b2ab9a2d993ebde8a0d985f08ce34a2

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\wheels

MD5 6fec563925ecab8b6a98c3f38655236d
SHA1 9ad08eb80167574de6373d871cfff5511d2554cf
SHA256 6fa0613c1edb0c6b26baac0b759bf756f389a11e0ec0e64904cffb26ef8dc016
SHA512 850a5285519965fe26ab0da2ae62d380648acb723d879e2ab770124e4146ce0a6d03f089e28af20604dd3e00913169f82ac568a1741014e0bc5ee7b2c583888d

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\test-vercel-nft.js

MD5 c63a1659a645a5095524923081813d51
SHA1 1d97d7ccb0804b7a15f0593c87990ab0da4b6887
SHA256 644476fd66a507adc49582e7371c87e4cacc3c7840c23fe920da2a09f05db08a
SHA512 ae452613a1dc728428ed2e596d7fbb041e00a8aa300aaada289fd454f71267569fa548fa7c7217134572decab12e56f4aadd4853c96ef705ccba2dcb377018cb

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js

MD5 1ffedd383c8097dd628411836505787e
SHA1 969306e8127b354f35f4c870f2da7b4034d4197b
SHA256 df3b6ca3fff442454ffee98e8e4db5e3fe0d82ff19a49216cd238fa9282cb30a
SHA512 1392958e5a9c2e0c6df617c48547f5fdae32960bfb55953528ee345e06e1ae191ca4001a618233adeab27e16de5ecd203c405e8b4fa7f3a739cd3d2c4a1e9ed2

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh

MD5 2ff8e17ece2c70eff9efdb2b1a524555
SHA1 d61c93df38f70f2244817c688a140224c9a99af9
SHA256 f07b481f34e732e74abe6402023f8b84f61281626ad6e25062a20fa8fd80ece4
SHA512 0f847fd2b05bd4627a56b452f065e878005b6307bc101663297afb5f45c24d965ddc48ea4818c34ab35bde06f5a7711cf29fb9182c8ed9cf34e17d6434c487ee

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\build-in-docker.sh

MD5 94b0fc212af523b8bfcd6c2aa5a5ab2a
SHA1 cc0cb35f7ce729f7affe6b2c463e57966515e476
SHA256 abaa92d196f6752f184b83b19aedd9b1e28d328e6817de213f61fbd108351e16
SHA512 af0a2174e0304fdaa56ddae249049c142450ad4a0a9c8975548f61aa2bc356837b1d7ed441108156af32c979da5647bd0233a49db700ff0bbf528f9fa2c862e6

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

MD5 d060ac623857ad5ca08e3a944768925a
SHA1 26fe78c92f55f9529ffa2b71da403873da29313f
SHA256 8d4bd4c779e177724aa7bf98e768e50ce8b2950ef5bf39fa08033057b400888b
SHA512 ae1b42d7e5c5d60f935bcd08417d4d9055d71bfb80653281e990a687353592731a7c4423655fbb988728152846aa56a5f180335d254885338bf6c96ef2a8357a

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

MD5 f42c24cde0162b93624df51f4e2abfab
SHA1 f819638944878ac4cb49438d8599d3fbd9081949
SHA256 3f2316e7fb20e82df9a8b08d6169a622a89808742806adee2e4d89885962357d
SHA512 67258cbaf9f46f1609cec9b87b7a577f855cde9c8efafa3d835a0d18fb3903fcc4733489bf81447cdf2c0a55701d569a75f11a81865dab8f624b722e76b7c674

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

MD5 e8282413c1895eaff49de6dd9b71ab13
SHA1 4e058f522a46e20bbd26f15a6922390ec2c1da36
SHA256 d6a28994173c1c36476121f8b0e3633e01ecd0589289901fba34fe218293443d
SHA512 301d2a6ae958e1ba936cae6f555a587ad87567055f4709d4676a3ef5b1a3112cb338b8a9e744c24cbfa784f00f13a1118ad48fd4f6bb060c5608e4ddc8779389

C:\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js

MD5 1d26f69361e75ca5cd2eac5f99249c72
SHA1 787d51c708ce15b2c533a180a2bf639648bc40eb
SHA256 d7d63601d3347efc93425f4f93049cfb9ed2b9ead1dce662c9c1bed3cba302e0
SHA512 7350774074462d33ac9f2e130829306af08a6693fd597f40c39bfb194684f66d965cd23c10de5fc4389e4a2ffe84db727aad23dd683a805ae4825f10026cb040

\Users\Admin\AppData\Local\Temp\nsyE3BB.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

memory/1880-701-0x0000000003F30000-0x0000000003F32000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win10v2004-20240802-en

Max time kernel

147s

Max time network

152s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1504 wrote to memory of 4856 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1504 wrote to memory of 4856 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1504 wrote to memory of 4856 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 35.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win10v2004-20240802-en

Max time kernel

134s

Max time network

145s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3184 wrote to memory of 4840 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3184 wrote to memory of 4840 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3184 wrote to memory of 4840 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4840 -ip 4840

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 34.56.20.217.in-addr.arpa udp
NL 52.111.243.31:443 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win7-20240704-en

Max time kernel

8s

Max time network

19s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 224

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:43

Platform

win10v2004-20240802-en

Max time kernel

146s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 752 wrote to memory of 2404 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 752 wrote to memory of 2404 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 752 wrote to memory of 2404 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win10v2004-20240802-en

Max time kernel

147s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win10v2004-20240802-en

Max time kernel

144s

Max time network

158s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 34.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win7-20240704-en

Max time kernel

117s

Max time network

121s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 220

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:45

Platform

debian9-armhf-20240611-en

Max time kernel

3s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/node N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli]

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:45

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win10v2004-20240802-en

Max time kernel

146s

Max time network

155s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win10v2004-20240802-en

Max time kernel

142s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\logger.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:45

Platform

debian9-mipsel-20240611-en

Max time kernel

1s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win7-20240705-en

Max time kernel

121s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2028 wrote to memory of 1956 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2028 wrote to memory of 1956 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2028 wrote to memory of 1956 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2028 wrote to memory of 1956 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2028 wrote to memory of 1956 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2028 wrote to memory of 1956 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2028 wrote to memory of 1956 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win7-20240729-en

Max time kernel

10s

Max time network

17s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

158s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 35.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
GB 88.221.135.27:443 www.bing.com tcp
US 8.8.8.8:53 27.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-08-31 21:39

Reported

2024-08-31 21:44

Platform

debian9-armhf-20240418-en

Max time kernel

0s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh]

Network

N/A

Files

N/A