Malware Analysis Report

2024-11-30 03:40

Sample ID 240915-xnw3jaydpq
Target WindowsBootManager.exe
SHA256 3a3e3f8bb3ea348375c6afad7f6f28a90040c178ac29b378b60e6798cbf8c3ac
Tags
epsilon credential_access discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3a3e3f8bb3ea348375c6afad7f6f28a90040c178ac29b378b60e6798cbf8c3ac

Threat Level: Known bad

The file WindowsBootManager.exe was found to be: Known bad.

Malicious Activity Summary

epsilon credential_access discovery spyware stealer

Epsilon Stealer

Detects EpsilonStealer ASAR

Credentials from Password Stores: Credentials from Web Browsers

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-15 19:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-15 19:00

Reported

2024-09-15 19:02

Platform

win10v2004-20240802-en

Max time kernel

39s

Max time network

35s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe"

Signatures

Detects EpsilonStealer ASAR

Description Indicator Process Target
N/A N/A N/A N/A

Epsilon Stealer

stealer epsilon

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A

Reads user/profile data of web browsers

spyware stealer

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 556 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 556 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4188 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 552 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

Processes

C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe

"C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe"

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

"C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WindowsBootManager" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1892,i,1696993557545930602,13186328566490362170,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

"C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\WindowsBootManager" --mojo-platform-channel-handle=2152 --field-trial-handle=1892,i,1696993557545930602,13186328566490362170,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

"C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WindowsBootManager" --app-path="C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2428 --field-trial-handle=1892,i,1696993557545930602,13186328566490362170,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 rentry.co udp
US 104.26.2.16:443 rentry.co tcp
US 8.8.8.8:53 ipinfo.io udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 34.117.59.81:443 ipinfo.io tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 16.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 34.56.20.217.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\chrome_200_percent.pak

MD5 7059af03603f93898f66981feb737064
SHA1 668e41a728d2295a455e5e0f0a8d2fee1781c538
SHA256 04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6
SHA512 435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\chrome_100_percent.pak

MD5 237ca1be894f5e09fd1ccb934229c33b
SHA1 f0dfcf6db1481315054efb690df282ffe53e9fa1
SHA256 f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2
SHA512 1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\ffmpeg.dll

MD5 21647425561f9dfa567139d2c505f585
SHA1 efd5b3d6a21886c6467d28c73d20be0acb4591e9
SHA256 b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6
SHA512 c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\libGLESv2.dll

MD5 16deb84c2dd1d55ed938a112b6ce92d4
SHA1 15ed353f418030e2a3d94c2c77d45605ea9cb3c2
SHA256 b49922f98946952e96c03c468a4812e0b1e7a090f4e1f96489f48acc07eba1f8
SHA512 bb9ea90e01ac7e633d3e27054206c6070b352cce196b7b70b989af2b718dec3506d3aaf62e3074fdc93e7e23839ed15ccb8a508305170e7ba38920ca21f4047b

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\libEGL.dll

MD5 91f11a9181583f75e2b29fcd9050c7f5
SHA1 fd90abc3048f3347435dfbd1075b8051ac6ffabc
SHA256 43a549ff51ce4ee20074999527b19fbf280a8caa7db0bde957704033b6f5b330
SHA512 925ac2a87e436219e22a924f615669cb166e8183d6e4dd0f00ed68c16faa3ffa10ab410106a7f81320f10205415bff9d10976f1dc0bb695b9293b80101e4ce8a

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\icudtl.dat

MD5 d866d68e4a3eae8cdbfd5fc7a9967d20
SHA1 42a5033597e4be36ccfa16d19890049ba0e25a56
SHA256 c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d
SHA512 4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\vk_swiftshader.dll

MD5 6b40ce4af617399536d0ea6edc84baad
SHA1 55c91309fe49af121dd3de9c24f60b8cfea680f1
SHA256 c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59
SHA512 9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\vulkan-1.dll

MD5 4783d34314ef4feb241f4fdf36499521
SHA1 89296d6ac36cd005045db7307bf31005d0cf29a7
SHA256 6e8beb4e9da77313f40e75c4ffaeeaa522b6f054fd792631ec1efcf8248ca63b
SHA512 7ef1b0e89590b4af20f182bed9d82d5175d1c8c675fc3d05dc0eb2f834052124c877135fc68b2988683cf35e8b25870e45f7c126349d28125c021c8eeb4998ac

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\v8_context_snapshot.bin

MD5 dd0d4997dfab65b96aad66d035f6029c
SHA1 65faa1dbb7ccd902f1f1af544f6941234ff679d3
SHA256 f033fb86fa92df1be464de590aa312cc016bc5d6bea26672c896bf4d3f1261cd
SHA512 86b06bd0f91f50bd13b3af179f3f498f10a225d25ba5ca32258f75567e601c3f48f7a3fb436c3b0d2ba53cc9eaaa8f74c95b44458628b0ea716563694a3c7002

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\snapshot_blob.bin

MD5 f14a9115edbcc4697515db49cdaf5b08
SHA1 9c43d69ba11a03278885dc7f285584278de9ca11
SHA256 f25ddf52f68de295bf1cdbd4f7fc6aa9d8f882a16a2f97b4e08e322b6b90546e
SHA512 3c646b258a2ba7cd3e1d878d3009d181302d790f324c4c2b10a9eeebbeab9c49ab43b15b3154ae99749410debb2f3ad8d121979ec11e44ad074e1f675cf05dc0

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources.pak

MD5 a1e5aafe5a1509ef461d584c98484ff7
SHA1 455a36fff7a12989d0d1fc944a3c8840141d865a
SHA256 dd0cdd9201c5966dcc8b3ac3f587fdb05cad09547e267e0d16b8b1a3cff14772
SHA512 f98e33fe7e89a7798c6c274b4220c7c5262a2cedd0c0a04c7821634679f71145eca78c7a36a9f576712a00ffbabfabf58c958483d2d69fa9960178a7c3581946

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\LICENSES.chromium.html

MD5 dfa12f4edccb902d7d3b07fae219f176
SHA1 c2073440a5add265b4143de05e6864fed2c3b840
SHA256 501f0b7ebf0be7ed8702d317332a0f8820af837c0a2a1d7645ba04352270e2b8
SHA512 eee3a8e0eeae139ddd9369d0869c29c91007bf6c5b0d7982918d5a013214a9e80b9233e7c1ccb43124152f684f0b782831b0a6b3d126558261dd161230004e50

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\am.pak

MD5 c0490d3c4ff1ee8614225043654aaf0c
SHA1 b044484ced372b5817285b67eba59f0af40cb639
SHA256 e98f3437f6d451fb9fec33473abc9f07abf0794cd45d02ae1de48ccb9fc5c8b6
SHA512 3d66b9a2aa4b08b19c635d350342a162879042e926fa41e059e3c62fc68bdd73a91d6a9a41e409eeee7338daf0a931f178e9d151b4b9ee9ef6545f8957ccefb4

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\ar.pak

MD5 9b610c0107724603b19893c4ccc551a0
SHA1 37d987196c640861b336628d67e22ef283115e7d
SHA256 f9d96af7d5ef9e0b4f4ef133a98a64b4398c7aef04e20688b523e6ea27c61f15
SHA512 e99c07e474278990027e560d0f0464ed0d59c485226b56c8318470c41b5976602b1d52659996ebeececc3d59927577202ab6312e07f40f71eb39972ae5296bc6

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\bg.pak

MD5 7f3fe009d84dddf6a509ae33d95a7e7b
SHA1 667d804c714feab9d104db211a981357b2b8124f
SHA256 58bec94801d09157c852cfbc3ccd9916fafd1947fdc61c1453456bce5b054c4e
SHA512 92151d7589682c7078d9f9915eb6d14d350a13a126a000e4da29228649926282caf03cd996e68704f9e5dd0faf11750f7c4ee105e1655f9becbe0e267f7fc614

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\da.pak

MD5 9fb8a421caf18588b494c3f34d8764c6
SHA1 201ac33074c76830893197ab9382ec84553f1794
SHA256 0997be868557f97f013242c066b192e574b4fa553d13f37f97a1de714b95a858
SHA512 59b2fd820f9bd45015444c85fcb55e04027836e62c6a9187e8ce0c2a9aea6e5e626b76627c9601f69e769d4ddd09f6a8ccc2dfdda6835e261b94a5af91d8bbf9

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\fa.pak

MD5 993ffa47d0354c2a9b9b4d378026e653
SHA1 416ef059058fae7e91d79e94c0ae4cc56d604f3b
SHA256 309cec5292ee0361d45796c2234cf40a064249da09108b1da75bf570963941a2
SHA512 d1ed53f52858090641058ad924e42bad29610e8e7546279325335c4d8eb9f5830ffe32fa35dacb18040090078a4466199a586d3ea4e82247b73bab02eceb17c7

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\et.pak

MD5 9eb930ed036c2828877bbeaed94071b2
SHA1 b410f1cbd1774fd2036c5e8424022554b1fc61f9
SHA256 502ab41d852c69ea961df20b79480fd9d38f99bbad07a4d1b5e7143ba1f7bdc3
SHA512 86a0c8c6ed19c801705d0cd07a5634c6d234329d4a3afc10f2e221abe6a21dea0f3cb808e2daf94bdf113b64b7acde6ac836ba238d9f8b5f7bb355da1346e402

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\es.pak

MD5 460ed6807d7a0e5dde909d706b4f267c
SHA1 d4948b217b8a2e620e7aac7a04c2e8483aa84b3c
SHA256 665e93ca25de6050a4fbc1f343d67496d6e1e296dbbcc9edf3dab7bbcf1035db
SHA512 fa6c57dcfdb6e53fa13fbb353c3c581c3dfbd4d34ae7612b1f780f4da944da253767fe86ab3c5a3eae918a339649828643fd50b9f66bb943f29924e713891d98

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\es-419.pak

MD5 10b1d1097987ea050a5791eceb5eabda
SHA1 c0812fbc16592a39cd1600196e62d0000b22bd73
SHA256 04b24396cc017e1dbb0bca7371d7cae10cad2350da661a8a035b572aa76cbd49
SHA512 f2a6767eae2d5eebff35f6b7d3a932ffd797fdfb48023c75b3c98b1ced5b3695ec12e642d68582da1aacac1c59b0d3a2f029c702d0df02d7b08430384d40e178

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\en-US.pak

MD5 5cc884bf0ec1c702240173b35a421d1b
SHA1 19bdfb0b31dc4a75e7c135d1a8ef76f5f6cc3a31
SHA256 9f0c75c84381360677055d6197812c7a6c42dbfc6134eb8212d8a60ed1ca1601
SHA512 48772f50f6b0d846084a0cfb0d6433f2fbf73677b557b022d0d73d04790636c0c40ed873c32fd037013e943fb7c24816efdcde38429520895c00c2d85a17ea5c

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\en-GB.pak

MD5 998947b55a25776181cc11110902f6d7
SHA1 a93272eb26eb9977833fb809df593759f2533570
SHA256 fcbcdfb71363750a9e404a365a00f196c9ed4fe149532580f149811475b45636
SHA512 a58b9b8bf6c2c2b14f870fdd3557b18aa002f5cc8c270eb0d35a1aab3cb864cf472328f0515039515879c9b355569b7d049ca1a1569304cf347b40b5815b726f

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\el.pak

MD5 dc334c39fa35f04d554fd6bf4d6301be
SHA1 8f83f39b41447e479e1de761721fc35b22a1f227
SHA256 168fdc777570fa85c16ee7a701bef28fe6d7eb943a674ad8681a2f9fcedd2635
SHA512 e4f0fe4ac83df9f106d60de2d4563519512d1b088abb0fd52d4d459ccf093397c5f56e41958111ad67ab9a19dc2a9dd6870356be2e344559deaf757d3b96b7a1

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\de.pak

MD5 a4d8eecec2747ffb12551ab8e93fafdf
SHA1 59aa4c3a7179c46c7699d0d918dd92722a614def
SHA256 d67f95e2982e7debf67741b88ce054f5bb8356021a280e092227b77ec82e298f
SHA512 1de20fa8798d050966c99aa0590c7460a40b6ff41afc36645c1f4655a09f6070530adbd1d6fb5937d1fc9965c7aac932dbb06a0ff47f31bcb6d4717eaa81613e

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\cs.pak

MD5 c64366988f8d46b6912f2d6be0120b1a
SHA1 3a33fe58ca30f41ea341cc9b9413a6cbdd6a1e4b
SHA256 30fd14794ee1088d37387f42e5d366f962fa9273eba8ccdd9b950646d2dd6172
SHA512 8990d212aff170a547733b0cd54055ecf6d30319189a7d88cda149b8994986c9ccc899d203fa4cedcdacb3217b2b72e2a9e69aa195b285aa388bf2af125158fe

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\ca.pak

MD5 65c1f1faee2edbe7d7b6709d7e6b6ef7
SHA1 a81848018bc9978edb9e764474cf9c9b297bb91c
SHA256 d8a83a19f8c66742226538af9489b70c1439f6133591e29a353addd9089f67c6
SHA512 590587a66bf03c2cc61c49cb9452220b3697ad4a00abc0056017fd0203ebc2980ec8f59337fcd1ff90eedfa8f8171acef5818b1da856ec78c352498002679fbd

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\bn.pak

MD5 ecff6f8dc301b6b435df5e44c2ae8a2a
SHA1 6fdfa4136f3bb5ccd9e4e7b4706db98f17f85c1b
SHA256 3250adece302934b9a78569d72ca70e596d91865455d5274ccf8d651ccac5350
SHA512 c9e22ff9fef3c2eef6b25886e32a27fd19d56c1085c993aea1d5a1528d65735b0628b825a2834a1b8b2512d8abf59cabb3b35044484f566057826eaa3cfa682d

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\fi.pak

MD5 dd7e21b02bdced910a171d592fae0b18
SHA1 cc28f1b8f0b06e71dac3802ee26f644837982fa5
SHA256 9e1c20ecdbe9d15386ed493d0ac839612cc91a2284d5a97d9dc38ea2c90a3dc1
SHA512 12b3fd4ba110087074d5bef6237eeba96edefbcc31bb701142da058034af591a627b7b07550670689733a32c747991ae4555884796d29631b7865d06b13e90f7

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\fil.pak

MD5 9f3a970c8fed49ac50bddbf09dd9a950
SHA1 e8b986d42d4a79c513bf2da3d3314fbf55a2a960
SHA256 7a4c4822516f47cdbabc4b9ef45b710b057a056bc29d3a4a270a22e963e257d3
SHA512 4533a05b38e45f8cedffdecefb77ed9af44aba799f030a770b616ec7867fd0d7893de67528a611d1002d18e3ee7f8799944804e008ec8217cbf59e03a19139b5

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\fr.pak

MD5 b7ad524464a61cfe4a5be1d41c069d4b
SHA1 9eb5c98999d5ea3b0be56ddec39baf58ba5eb078
SHA256 5b9951426b8783b203b8ed44ebab916ca8af020b9e0a32f7249ed9021cce1c3c
SHA512 9b6b3274a98097e79da946b90da8b0a50575d202a8d76a07868ce03bcac69c1b848a9a28a55814683e44c8760e5d7a0f25cff18c974349fb393b9bdaaaada8e4

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\gu.pak

MD5 45943ae45049d9b7d76068d3721d6c8f
SHA1 0bc3f9b24f0c8ca0078ac7780a21f623b8d7f9e6
SHA256 aa885cbbf8a13fb95405cc3dca6677545fd51e303a65897d14ed019955c040da
SHA512 7cd2bec685ce103dcb0900be832c472bcd1619f549ffc2864a2ae61b60b06565acc95dc25222521e192362f8d3c4f8816bd1c3438af7bad826561247326cba99

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\he.pak

MD5 3716c23fa0d68b698f5fd41153757622
SHA1 800cc99237fd8c2151c90e01d6c78978617c0f27
SHA256 45e428fe527bcc746039a9822db7f5df12fd651452209a8746182383c2c004ec
SHA512 d738da7fbb6bda597f2c381c533ba70b8e0a8417e943a17fc91af455492b04e7607cdd89eb3cb6d2d70f0b87bf89bfbd6fd96df18603f0fae485fee9c7fffd70

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\hi.pak

MD5 0ce87d6655517dcb4d74e5130f235c89
SHA1 0a61c0e385523bc55b3ab2435e7d1231548d3bd2
SHA256 79fc8a24c93e19ed052ddc0f158e516198a10df7280265ccb769ee196a438cd7
SHA512 18ed9d0d354cd8de96a54a6f793e6c59ff476f02106f7c3ca309175dfbdb00271aa3290ba9805f1b9484e7faf2cc44e3ac93aa69b7d30c8e99ee31e29d7e4808

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\kn.pak

MD5 33bc5ac34a95379d58f9c42cb21a92e4
SHA1 0f4ef0a9a40e9042f3b744b5b87fcf00c08fd7e1
SHA256 99c8c57a808c63088d3e7b83dcf7cf80fb2a648d678a7c9473f2b5cc0bef8152
SHA512 62db9b5781b6c218e39bf7d4e47614faf2edb496a51e0b4e802047d57639890f13a4b4f84b6326fbdf6218b8991a0456dc5bb1473436cc74af4e54283bb3bf13

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\ko.pak

MD5 7ff011ae4e5ffd05736f99888ae9a8cb
SHA1 544bf65ab5fe462faadcda88e2e5db0009169123
SHA256 5ba83651d941cb9f87b961f735d5bfb0e249878255129be1d8e8d6ba5d903d76
SHA512 baa72f1a5561fd67a047309255ca799a55365d6d755324313e86e26ae9f3a8209af7af24c1a9ba83faa441cf49fb843d9ad1fab4b76354b0800edfd9a2ae21f7

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\ja.pak

MD5 0553c4d65c38a5afb98a0ee8f420a207
SHA1 c6011ab07bc0b1e036bf564be6f4d65c24e7d3e4
SHA256 c2bad3c397cc41210e1d5d1d04a7185f9287c670e285d30c66235f5807b39fcf
SHA512 f3b9636a93ba77c1bd00d491710adb221f570a30d1b5adc50b8e263165b81a17c062aca1cb656314140a512cd7e69f583da781ee4c8929a1305e743361a3b030

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\it.pak

MD5 a2e2d2b990cffd395772d2f146084775
SHA1 30eb2b67223104e72fd4cbd3448b01442928fc56
SHA256 27c74ece0aa92e15d2f26628c4e132af03a6db5384e24504932c45912aba7268
SHA512 8d874a43dc7fd2933ce4b81c8cb8d17c709e1947cca8867614f726a34600f8b59689fb7df50c7502fc21cc99785074723e4502622c677e5239d598cac8962e00

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\id.pak

MD5 e61a4d062cd61972a534a5e86e49c34d
SHA1 c19be8f744b956753ce40d91a34f0da02f699ffa
SHA256 d00c7ee5edeb1bd1493c49cf2d124ffdf47405d21d8d43c1a41c8749ce5c86a3
SHA512 7de4453b0793dde96503e762d4e9a77835ddbb1d75d35f012d24e8453a90ac85f87b0a62d95ad68393901a8ac3fcb147cf2b7bd468dffa62d959133528af15f9

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\hu.pak

MD5 873ca729bbfeab336795e1696289b191
SHA1 bef9cc201bca2d433e2dc183c96425a542bc3f01
SHA256 d7c29c66d265129ede1019c708bd0a358d6b820366509845834752ec2ef705da
SHA512 2973c94779893c1f4d8725677355d71edea2599077eefe7dad6d4e4392ab036c0633440d2578a2d51947007adf9dfe859f9b50e39ce7d7482992d5a3790cfdc4

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\hr.pak

MD5 b8a77fdfdf62a844c90fe62de0b6858a
SHA1 b601ab105fcb328af4b17b3e1dbebf94ecddab33
SHA256 ad13bab195d7619c58494d592cb11c22dddcf3b2735804be60f951f87ddd734b
SHA512 164122955b11eaf5e88bc61366c473b7a67c12b858bdab407c189dc74aca75c406075bfc0bd5877fa0b3857ba5dad81c9795eb55d3dbe7eada67b03d1bfaa442

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\lt.pak

MD5 90847dc4f0387c80dd00bad7b001a879
SHA1 b7543fa3a3185201eacb2cbeb1f6ef667cca10b1
SHA256 fb5bb8aa591d3d8d7557fb296317c30db3c4d5c9f438fe0a43a94b974b9286a1
SHA512 19ed2f2b9d71f00a81ee93c776ee9b2d4d6283cb5adb280a30eb8adb9be53a2d007d267dd8143fe7eb98ab909dbc88b16bc7e4167717d3f4eec3b1c7dceb8b1b

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\lv.pak

MD5 61ee8d708739fb4bb33f37bffba745ae
SHA1 7173073dddd29e4688b922297eec471ae8b0fdf9
SHA256 f944e3dbbe9694ef7c111e1a0bf91f5b0229b7c3ca221f54c253276242c281f8
SHA512 25fdfc2ebbf7d408d9570da3d55d9722c912b2995de9e73449b8cde8c0ebb3c25b38e70f66681cbf39d791f151194c85146d95ef59a7b43e7e64b0169b49e2a7

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\ml.pak

MD5 6183544a4f554d40a211c8e0376c95aa
SHA1 a9e855bbd03cfeb96dae4c52e6a577b9f0374184
SHA256 2b5c12d6628b1835d5658085c04f9dcf0d792db603a034264e70d86f8d43e044
SHA512 7c517702f24c92b708dd4ee1d6d5a911213062cfa5ae05c12da9b2cd4dec06ed9b218ce88a75ae9a7c9177af100169f61056b1eccb9ab3f10811b6e6c99cc86e

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\mr.pak

MD5 80b49d820f83133b9efb9ac2ca102c83
SHA1 6e2d370c74891bef70768f051e4ba0483d6b5c1e
SHA256 df72eacf4938f4912f5bae563dbe7e81a758a7e8ffd49f14502f6d0b5dab6f27
SHA512 afd58a2ada72e96423ca1f9e1869c8e1621c22e72a13b90fec5fd2dbe662d2d9280e3277018d426196ad63cd74ce7406975bd134f577b6b3e5864da7f0831936

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\ms.pak

MD5 0cda98188ccc97e932408bed970e2ce1
SHA1 91595881665cc51fbc013ec0a1d212dea9f70cb5
SHA256 18c1cd2f95f5c029f308c53774f49e4b718bc94b78fc3029f95457bcc58281d7
SHA512 4cf8a939adf3b79537051016d52a0e2c3c10135dc2a652b68d5ea7bb338dac422d3ad814dda1902c393083db55168e12822dd51151302d5770fe599c0b395ab4

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\nl.pak

MD5 2d4bbbf2e9459992252d62ab1a152d30
SHA1 78e696c8b30f2b4a113b72a92c0a011aa7d777be
SHA256 4d450b5659ea7bb907728e2b8f48d77a43dc18024e2a15e749f5a760d4144571
SHA512 3325dbcf891a55e06d2d106046d0e0589dae5e437b4437b929672150735b38dcf39afccf0fadb2c43dd1484f3726ecf9b0ee1641bde7bb31a84b88790e9cad55

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\nb.pak

MD5 00f1a382f8f5e0950cb9ba4a4f3fd478
SHA1 bba2de6051bdd9b596f66312f2e2296c370e2d93
SHA256 e42e748f28e944f9a3a7fad19e686b856bc60b3e0128de94e6cd7619a7d24071
SHA512 2d8f502f51fcf066bf8c420ca2c86fe4ec6274ab0da5a5266293225910c9a0dfb6d5c529a9fd0da6ff4952bac385fce2885757de81a4db2d7f5c10cddd539c0e

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\pl.pak

MD5 999ed3f4123a1479d43ab2dc9028ede9
SHA1 346a3c515d01929a4fe3b33c42a3aad5fe731843
SHA256 4174b220824334d04bad161309d342a647433fae7c353432e34eaf49ec8787cb
SHA512 abfb66f0826e88ad2e1c5850c14ad03a9daf96239e1b675c7442659b9851f202f73b4ba98ff494719683e5c4eea5ce8756533af609218e83a47d61730f28e9a6

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\pt-BR.pak

MD5 31556d02ba0ee812ebda678e3b70b1f7
SHA1 a2468245936dce8b2944a66c7562ef4745f64ff7
SHA256 9d93fdb7f9d0d7833ebef8ea7016f952301075e714a4918c6a3d5338fec08ffe
SHA512 3b6ef3ad2d0115e9694a879e127ecf067d8df03f0875ebed4427bc674c0c9cc0deb591feda9df120062c3a59d65fe952727b2a59f352a096887449a0745c8fe5

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\pt-PT.pak

MD5 b7456478ab25da7a037689ecf9fc39b1
SHA1 6cacb9e84af6adb490b92caa6a24def7114266ad
SHA256 f07d58c568707c6de882a19e260c9f97751bf750237fc0bf3556ba95995f5442
SHA512 9f71ac8f21c64e4b8c93ecda70c47cc697395e0e67d8b4a8ab4d2c1f95f4d5644aec87df2e058526534bd4d65130d600443d3baaf6ad32bcce5bb994c506159b

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\ro.pak

MD5 b665411d1b5570903f8e4c2501f977d5
SHA1 cb8d98cf3e053c278f8b93d734fd2b1a42b6f322
SHA256 8da674abe460d1e2824a13338d29344bae2f092fd94082d71ee91389f8822d69
SHA512 bdcb8e626db816c1db5c60489064d4ba4720381889a36e3d80d00e9988332ec6529107d9b3ef062b9bcc2afdfe75ec55c8f08ba06d908b07d772d2547c7b4cf1

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\sk.pak

MD5 0b9599388dec973ffec68a5738a848f4
SHA1 0a0aaf4f9618cf867a1bf1e5bc6b8b21b46c4870
SHA256 e7038a23be62e4a476960b935a6c528aaefb781b28fdb7e24b3d830b5c02f10e
SHA512 5ee7aeaaf1be25ddc86694a16ca595872f2a9dcf1e48d0189d3a1eef425629abdc814ff32a8b288b468ab4f263953618c4363d033ef7aec2bae0072129dd1f9a

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\ru.pak

MD5 848ed63d29215f8b7d002f8d731db13c
SHA1 1a33d0abfc5f4237e63440ab04a698ac4f230ec6
SHA256 cf4d6fa2c4a8f828fb11d464f504ddbbff5abab9cc78cba326bb8eafcfcdf812
SHA512 2a1f75d2aac4075dd43f816fa0b5d7949b1591e53bc711a69dd5540a3a6ad502648f7c6681db7632b869553ff24ea43ab7cb4ce4b646c022fb88f0ace97a3c7f

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\sl.pak

MD5 3bf6c4aa2129b4b535637aa6727fb1e9
SHA1 569bcfab7176bb9833a02b5853bbbeb3165538cc
SHA256 cbff2dbb38d4d95fe7c811e0abdb0b92aad621e5c2c1eeda3c394dce5cf1d34f
SHA512 779ced23adc89af08f43531056b7195d253b7ea021439f73f0c9f9b49969153a2044e90acc0bda3c14d3b3e68f772f5cf8611f954b5b9cb0370d252a484ca36e

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\sv.pak

MD5 c0eb9dc359ead97302591d09a4d80c81
SHA1 5569c326861e80dd05aa49a74d77815364915af1
SHA256 b34e855f518a2041e4bbd7b5c269e35e7dfaa431fdd876fc0aac38b887e65aff
SHA512 b488831aa6219a246d0cdc370dc7b95fc07754702447964737eb53b9d5f64092e8873032bc40e8af9270388bb1b655b4f06d6de304b85b32fdd297959534d06d

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\sr.pak

MD5 9f9570670d844a1b14b256a7584665e8
SHA1 5b5cf46415662cc1ce4d93b876f4c45389aedfc2
SHA256 abcee52deb7382d84de334c3228711a62a7d21d9a2ce506385805eea0ed716f4
SHA512 d38fca2d639e32f5ef90dfaac04aef0ccfbcc409619acec6535b5401502b7141f6eb24f574db97a7abc550b8e35e93cbc62a4a0f7494c56537fb670f19e02f8e

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\ta.pak

MD5 afbb6f8a11ecb993e73a530e2682848c
SHA1 950d0fa6cd4338084b5ffa72eb49f79b07830466
SHA256 3d16a99568173ad5760bf195b047c8850e39ec8d308a94f6c81cf7ba733f6f5f
SHA512 74ee545cdce2e263bc33279325e0c72336575b36de7dfe145897964cde7eb57429cdff082ec5a06e7f46f75e9bc6d5c4cc3dca395745e990092cdac27e56f129

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\th.pak

MD5 f0a3ce8609d1cea58d4d0dfc47d433f9
SHA1 9f0497e31ac881960c2b9ce3f75fac98d6ee300b
SHA256 31f31b2985c2ab430d373dd3d79821db0674edee163b4ae74dc362051ccc1491
SHA512 0a722fe6373f0f64a844a8bd79cff66707e158a908292db8f5ee883e4732fc55864b06554988836a07039befc4020cb837883851da0455f070bcb63df390d919

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\uk.pak

MD5 6027526062e6f51a7c99feebc9ae1947
SHA1 10d7346a8d6a4dadb48bf7720303ef39f76a564a
SHA256 5ddf9212cbc6696941547b2e57b02092517bff6e70529f2ee14d0f593610e14f
SHA512 52178a648747f3247e32183cdb36ecc9a6314b2befa91cae28d5110c479f5d1ff59ad2c802a75288c17650de5a2ebcf369e04e760259015ff855ff8299dd9f3d

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\tr.pak

MD5 fe23b2095b245ae359c449cf3ae2d4c4
SHA1 56af0705886551389dedb9ba1d9becc682321977
SHA256 48b76d081b4398c7af10be207751ef3bf67720700c35b17196a4aa0c94526208
SHA512 94b81f5469620bb7545f3ccda35845861e92ff7d29351a7f562ac861f718454d3d8dff324cfc904e484f5551d952bc338f24e284f585a714fffff5f3a5445f64

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\sw.pak

MD5 9cd6230b42f2f99d9580f7ef84508f9c
SHA1 4f9d82e3c39f2b0d3b0cc32733254aaf38e811b2
SHA256 fe18b3e9e275d7330706dd19f4af603a8ad899138374bfcba8e2c6764f94c190
SHA512 46a07a61ee7a70b4d261c16d2fef6f0e8a35caf371e33e05ca1dc3bdc7f3d304c1dbdb34ddba7b6bc573a6a58e170d9250cb1b6a4ad8ae6e255704416c022607

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\te.pak

MD5 5f441de15ced6697594e8bc066297348
SHA1 33c64379ec7297404e8aa4a4ba5a7155cd69dc90
SHA256 4ab6fbf03177bd7ad0908318d5affd0cad142ec5e9ed560043e6b76e590ba995
SHA512 dac2982dd5e9337fc3443a87d5dcbbff46f0fefdf9e163624bba1acd1528f543c84e2a088a83a749543e7b764607c16f1ab1c6c4f9504eff48180a30681570f3

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\vi.pak

MD5 8d1de53ff78406c42fe554acc82b5983
SHA1 1b80f071914c9a2f071355973da7ff3d9508298b
SHA256 314ff8e069d132d43566143ffe0f5cebc990a015ac32ed550ac687a4ff78d56f
SHA512 d027a534f8ddac3c953d81ba635a8a3fe452e7295fb2aa7d8b9d5a718fff7cd619323e3914dd6a17eacecb0c6d6f5129c9e793b2925f65dabec83b9389db295d

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\zh-CN.pak

MD5 b2e2087f9c688dc3ec45a55742bedb6a
SHA1 8efd0726b46fc67cda9fdc9989c707c23c7b031c
SHA256 2b255293f6c85abb09162c825aea120c3e695156eb952d26d1e5f505ba324b37
SHA512 2382b2b4d56831bd25d5a3535936d8a1039e00a287bd5af05628c1a6fc54715fc8ad68ad3f207d6e073a588a66d5fa181e124125e7d1f00a5de54ed658e5c33e

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\locales\zh-TW.pak

MD5 32f600c44c8a26fdf518faffbce56b71
SHA1 7481922abb60ee20f6faff9ae4dc4a55f6e6224e
SHA256 1710cea2eb84e4feed749e9e497d01e16b1b244d1a621d380226b8ae7cce07c6
SHA512 da145697ac8d7ce6e8cdf3f6e190c23f9791f4fdc2c1eed2dbc10e8c6377298c4d02df464752277cd7ec429297860ffe50e7b9de79632699dd2202b7324f55fe

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar

MD5 4b2f3c2a979721edaa7e8141cd9ed59b
SHA1 5a8441a0e7292cfacf776185c5bb0ff64c763005
SHA256 b46ffd5eaa28f8b42970d4b9ac5b5dfab5306e8393676fe6a29ed1e23ab36e80
SHA512 2cfd1000147c005ae0b8412682b78ee6b7220635bc491bab757e1db565060a27eff42c7a12b67585439d34424e41c274f494ae0dfa24a1ff5819ee3eb2bb98db

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\license

MD5 915042b5df33c31a6db2b37eadaa00e3
SHA1 5aaf48196ddd4d007a3067aa7f30303ca8e4b29c
SHA256 48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0
SHA512 9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\index.js

MD5 76ddee29be6d109fb8bfd6c0f387ada6
SHA1 99d6f7e30c631c246e63f0bd48cf7faaf078a02b
SHA256 66880b0d3ec39ba64b224a34a5ef0352032ee95862e1f4e6b2951df85cbc9399
SHA512 555b1d9dbae2b39a0d06b1f8f2ca73ee5faee759deb6e76064047b82aa63e7ea16f69b18856660e9811110a2590696fb8f967182878dfce1e342c391e0d0541a

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\browser.js

MD5 a63d5f869a1791828dd0c9d02e06a12b
SHA1 3c04f6e935f935c83fb301b7184b8d2b11844540
SHA256 52d2d37ec6200d3d44e6eece937d19d09ec60b3525ae90155390171621597dbf
SHA512 5cd182aab1f5c7eee82c1e7476ad1cad574f570a31e6a274ad4f20fa245236c67987c33c4f69cac71cc224d7ca4b72e922a31b74efb955a2761140a7f2aff332

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\package.json

MD5 6dcf210526904a7678858cf77afe862b
SHA1 9f8724cad326edcf256106581e41831e5dbc186f
SHA256 10bac01de1f6cd92affed90c16888c0e81e557a6426f266862723196712c1779
SHA512 5114adbd62189df69dbbefd095ef3041719d4bcd6ea985dcd61477f4aed3a8ff43bc1b41eec9f5add4562610cf6d9b51b3b3ac773a59b2a36e70ab49796fe366

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\fallbacks\linux\xsel

MD5 5275ac35c8b2ff59b14f3616f397532f
SHA1 33d13cb10f0aa9504442493354d2916ae2d4821f
SHA256 6ee2c0e4736d4e7c21fa7082e1edc1591b00c1ce947df3be49e63c76418668bd
SHA512 515a9aa3e926c8685d605128ac226dd8934a99502369f38ab191aab4f60bfd0f514063f608fd86951a19cdec8f26b5fe3dfb771b18f522d304cf6b865b80e562

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\fallbacks\windows\clipboard_i686.exe

MD5 bdf7d4ccd2ce8cc7ab6ae80914496799
SHA1 b6ca8f7a5191ba431fe118a37863a32edfba9578
SHA256 fdaf49d7802993ee6c95e32fc488a4c78a0e69be3d1060749208e84428ab1a79
SHA512 2ea6c05eebeca5ff1561f32287de090a6f8f9dd8fe8eab5d320a310d646f76cb6a1885240069d2b1202f194e1f324682aa91eb2b24fc896ac3c14eb99309eb60

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\fallbacks\windows\clipboard_x86_64.exe

MD5 77710f6649e7c01c1123622d7d74e51e
SHA1 abb3c22d6e2946aa6962493c087aa329e479d6b3
SHA256 2f6ba528842c0bbaac9844eee746013dc11fd51fdde0d5632482ccf5d3cc8d98
SHA512 d4f44a8313243f44694c43d6fb18f5e4a6476fe11710d09adc74ac411ee9f8146b5f7d259699ff454ea9f96e47065a76e105071c707fde28d8474d98615cef04

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib\windows.js

MD5 f912cda66cb6fc434824a5aa3ffcb717
SHA1 95a9e0e407db544a16745af494aaefe3e8693231
SHA256 a56136479ba0522e8138839c4453571bb28fa9e1ac009f103e251cc75e8066d6
SHA512 5466dfca3b5ce776cb34fec8ff48e82ac22ef759f2d62ac2462c184b5e629487e10a07d7fc1b7babee2abbda97f0250103b65c307acdd516ad5c713b70c19e5d

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib\termux.js

MD5 42964227cd4d18db36d54abb31751ad3
SHA1 3194be24a98f6a8493eb1cf96081c592c5986320
SHA256 20177609ef84109cbd8e76f554d622ec14587297c1d2a98100a42cfb0f181535
SHA512 e523b1a1edad998294f7a3c4feb10bb8946bd8284f09457ac56dd721970c792d3dc8d58bdbf3dca8e24d8a109b13aac461019d6c47a5acbe0b2db013af2deaa7

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib\macos.js

MD5 4814022b2ae67df02bc84afd6e218ef3
SHA1 a4a6a3280110acd5f8c15f51fb98030a7d9e1f03
SHA256 e50f203ab3894301fd7e3ec2d2581739d5f39f395df34b754964927cfca6aeda
SHA512 415d98b8825d8b95c3c6931a0e42bacc3a7ab4b67fe2dd4f09b2319cf52fb516696229dc7c5ccdf5218ac4effe76b361dc455e1f58eea5a87b2a52704ea3a597

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib\linux.js

MD5 56d77986c00c7c8bc6000f4068578295
SHA1 657e0769181d7d0f1c36036117763b41c342566d
SHA256 0b364961d2374291c79cf8556f065b7bc272f117fcef6b9b67aefa2b9d762109
SHA512 16f2b7c4fe77d38df07c0b05a72329d5c820b5d727390dc9780b2f9962a766d3cc65decea01a6d7caad32f6127bd280c55e38a07bccd5dba6307e6b8f8728777

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\index.js

MD5 394a6022c9e7aa401b3c992c4b92ea94
SHA1 cae58c8959c078b24484148a0d09da816d350699
SHA256 125c1a517628169f4e66e0e237d201be226afb5c704a684aee5155de69281685
SHA512 cbd75168e3054a8412eec7fc1415ad1906d8a3228a16a486674909bec0f3a8b177f02e4c9c3419598e13fb0676d87132e82ee1182549c69c6bcf59fb59aaf0ce

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\renovate.json

MD5 63823bf8be61361cbd13bf183e201bf1
SHA1 4658400152c61edee1555bb86cb6da13e2fe4401
SHA256 cba2cbd76811a1b8e808000d073d04f657aaf0551c73a805ca3a4b492f21bd47
SHA512 8703cca6f04da47e5376730cf993665f7db1fb854f8509c0b831f189bf4a4c396808eca7949123e334e42a407a6aa84cdad34e5bd1b00d0a4c30f07a80cc9a68

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\package.json

MD5 e5df4e3b7058c914e5048223a6c79f1d
SHA1 ab75ebfcf8d669da6c0b54ad2e5f5d73a466cb1e
SHA256 101c15c05c78832bc02635e6e2252f1ed23367d22411b51518a1775ff6e972fc
SHA512 a316798409c568e5cdd07a34a838d0b9842f65c03ded19853678a30ea3024e9f649afa8b5d4093f5c0c811a33bf513ff1fe4aa33f60bad7553fbfa6584327b29

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\ISSUE_TEMPLATE\feature_request.md

MD5 174545e1d9daff8020525fdd1e020411
SHA1 f6867a2f0417fe89a0f2008730ee19dd38422021
SHA256 1f48c52f209a971b8e7eae4120144d28fcf8ee38a7778a7b4d8cf1ab356617d2
SHA512 b18005cfe7409fde541b934131c32c2eecdc4a8fd62cd558f274a25262c0e6b0b8fd27674ee55d6d4e4c435d49d580a077181fe8b15b095c39736b01ff4ee537

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\ISSUE_TEMPLATE\bug_report.md

MD5 d1d38ecc8b3a869312b3eedc6a376201
SHA1 4aa1d47ab0558e86f5a86629d0a1d99ba1af336d
SHA256 a25704529f0d5d89309743f5ca52189fdb16a770885c0dbe8edb3ea9d54a6a90
SHA512 cb77aea773f82e95fc593ae67b31caab164e101205eb68f6bce0103df9eaadc7c1d9dc6d0083ae6420e82027b21925c55593a7033ae9b4203e9970fff732c84f

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\workflows\release.yml

MD5 f6d0e9b28417057e6685b1789d91e225
SHA1 27f0d718d3557a12b925e23cb0b14b93b8a6ae6f
SHA256 c893be9e533bc188f9039a9e24623c620dab2bd863b419a44f93cd397a10af1f
SHA512 d298dffb5b5539e20ec4540bf96184f5e8f90a68b2b17127844cd5f02dcba48bb62a8ee68711416a2730c155dcce00b1fcea9211f73e0ac61d0cd562e547f2bd

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\workflows\lint.yml

MD5 2659061b249572af5e432f2c070fac7f
SHA1 437c3a1f784bd2e4b403d8cb71e177e9f4d07015
SHA256 7cd6d0c254b0b431d1842ad1b12a9b633ab41d378073b935996de5c1aee79a6e
SHA512 f054b3e7e97d6cd07a533878ff9e0fe1a8ac08295ed0962c0d41bbafe30703a18be1a3723094c4cd22625857704b479a7232c3007656c297081e7a014e28bf7d

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\workflows\ci.yml

MD5 d1f842c537b6b450fcdded865831bca9
SHA1 6a95e32f6a599be8d03b33cac14f9dc776dbd44f
SHA256 72c6bf0a7a66c94d54e5792bdc808a6ba2107e692230cbcebf6decd46bbe11ca
SHA512 89caf43140242ffbad2d808eac44095a3f072a0441def37adf32e55209df27498b800d57028e51be4319de1a0ce3bb26dafc0ce0b218175605c91a107d1e6cff

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\darwin\index.js

MD5 78c9024198b8933ba47fd22220ccd12c
SHA1 ae8e968a89e954dd31b5c1827d8bc1ea632cbe83
SHA256 e364425fec6fb780c1fb00615014a0d5e39f65517848a12371b8934c5bb35e8d
SHA512 0e06a3b4684b7275491691329150fede20b253aeafeb3307fb19f88d1477533ac20b028a73f61d32deb41592414d95ac73c703ac016c8ceaea4739f2a008cc36

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\linux\index.js

MD5 3b9999e65606270a0fe405aa1bb32fd1
SHA1 b090ad8054a7384c01203962e94776b9134f42e2
SHA256 f0cf780d0dea403121f30fcf11096c48a4a0dc2b0393d41ebbb664ff7c89ec3a
SHA512 0a09384372a32c723ac8e8324dd2f93d57467d2e8b53dbe3231ee37ccae9aaa5c91363be4366e8c2a5495f607ea96782c11363dab7097fcf27fe3645c403f141

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\utils.js

MD5 a2f2486efffaa9be30b2ef58e24d49a1
SHA1 8ac5c529c227adaafbf43abd917a44b87c92ce46
SHA256 f1065090ce89b14c76d533d11040556759c58679c0eb89a1e59337d318e16a6c
SHA512 d1283a5663aa62b2262283b1a611e002602f869dcf006dd336d742272f14d98791c35a5c32af92884692a62fef0942e6c99d0646aadbd6582e418eb4497a4c66

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

MD5 ab2229f48309619a42e98f617f5d26ee
SHA1 81671593ff9c5c85a09f23e5a7cce3a4c80c3a2f
SHA256 ed1a0f3e590bd553451ed06fd24a4d34407dd5fc63eb93787a53ea51d20827cc
SHA512 520f5f82100f2cf70d5f2c8406d83be30b8104197aa0a4dd1b45a9b6c1c15f2f3eab4e578db1c2fb41d2e2bbbe70a0f937cd6e8e3b6cd177f2444140df35db89

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

MD5 1f7ac522163b40420c5ef90e9754e7cc
SHA1 ed44e8fbe73bb7365053903c5a9fad8901fc4dc9
SHA256 d6b552a1349b098b8b0e0f301b2575d0dfbcf28c550840a502f65dafdb20394c
SHA512 e36ed4a5322b06c1c8cedda3daefd5d61bfeea460a971315ddd9b6bf8adf1bf081493e987a63128eddfe56d05e8cc80cd34ad4e6c06ac1c69b6d9f9eae012b12

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\swiftshader\libEGL.dll

MD5 29ae8bef0cf8b6a26f4bebc5a20900da
SHA1 515abe76943288d531b35c1b4c764d1dbdb281db
SHA256 711cf342b3a008c9116f6138358a67007a29d281d09cf23d20a5e17aa503ee9b
SHA512 99981e7074b580ace154c36d0aa1542dcdb979f36476b680ef19c3fd8a9126b5a808e6e1cf2224d20ba22c328b9a621c280c4ffa74638e358297809001d737ad

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 dc060f0be506dc5b48402c2ffd62c3a1
SHA1 3988bb810d92b2e317767f8e25d3d1e43f0a6f68
SHA256 a97834a44a1e28b574c967f1cb93b97cd19e26616439133c11c9dda4b26d605b
SHA512 04cf84033462a521c45b71f31ab007f712c6b2f5cfbfc97ce7dbf60074d525933af6388d9ede366a00a0983ba4e34a1b318a759cfbbb520ed621df9979bb315b

C:\Users\Admin\AppData\Local\Temp\nstA8C4.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\4d7ea35d-7f26-48dd-b671-eacf9191242d.tmp.node

MD5 5ecb9303024b5e5a960bc37e4be31773
SHA1 235705541c5d347a4e236af604d44e332c3976b4
SHA256 a90f84a584806ac02a3a405aa605eb6e98f9b7cee5f526ca47300e73eb1c0b0e
SHA512 094a8ab08d5112575543e3b44f7bfe4ac6a77e5ab7dc5de8b2ecb7d2f833100f3f00297c13591ab77e934457f7ae325048d21b001ba8717e621d1155e77dfa49

memory/4188-735-0x00007FFFBC470000-0x00007FFFBC471000-memory.dmp

memory/4600-761-0x00007FFFBC0A0000-0x00007FFFBC0A1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/4600-760-0x00007FFFBBE70000-0x00007FFFBBE71000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3d76a41d-88a4-4f98-b07d-5b41f5c52629.tmp.node

MD5 083fd9f2e3e93e1f2c599a2b609c9e5e
SHA1 6db2b6ce3e60d828ca32a6000c270c09224f3139
SHA256 5800c926c34c7ef38a45840c30e8855c1b3a6ec1ec8f37ffc6ce2d402728eabd
SHA512 08206b13d7e91f36d65de545b483d5fa446c2a1d8baab4c2fb19aa711af10cbfd98da3811d34a16033b5c09eb297fdcfaf09a186b4dcf69e84bb4dfcc11d96b2

C:\Users\Admin\AppData\Local\Temp\Web Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Passwords.txt

MD5 cf77d252cb51adbebbe15fa3c632dddc
SHA1 66bd11e57d5617cb9691daf0ea16d65b79666895
SHA256 e9de116bb7d2a7986d299425e6fb8c400e1c663fed6576deab0751bca7b95f05
SHA512 f81b88c5084c3373a8c932c59ec098868cda04c873edcf31777c432900abacbd273629b45e73bb7aef9baa202c3e5a1dc9141a3644604080934444aa32893ef7

memory/4600-865-0x0000028E21D80000-0x0000028E21E2C000-memory.dmp