Analysis Overview
SHA256
aaadde357ea6370de7aba70069d6ad28c1132553ebbf3faf71553341b46e4690
Threat Level: Shows suspicious behavior
The file StarsVaders Setup 2.0.0.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Checks computer location settings
Reads user/profile data of web browsers
Loads dropped DLL
Checks installed software on the system
Command and Scripting Interpreter: PowerShell
Enumerates processes with tasklist
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Browser Information Discovery
NSIS installer
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-21 13:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-21 13:35
Reported
2024-10-21 13:49
Platform
win10v2004-20241007-en
Max time kernel
433s
Max time network
436s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Command and Scripting Interpreter: PowerShell
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe
"C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq StarsVaders.exe" /FO csv | "C:\Windows\system32\find.exe" "StarsVaders.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq StarsVaders.exe" /FO csv
C:\Windows\SysWOW64\find.exe
"C:\Windows\system32\find.exe" "StarsVaders.exe"
C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe
"C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe"
C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe
"C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\StarsVaders" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1812,i,12468001856926280720,13979213367117637997,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1804 /prefetch:2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe
"C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\StarsVaders" --field-trial-handle=1900,i,12468001856926280720,13979213367117637997,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2016 /prefetch:3
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe
"C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe
"C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\StarsVaders" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1780,i,12112113177256556666,6860546747002035341,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1772 /prefetch:2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe
"C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\StarsVaders" --field-trial-handle=2036,i,12112113177256556666,6860546747002035341,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | unity-api.net | udp |
| US | 104.21.1.221:443 | unity-api.net | tcp |
| US | 8.8.8.8:53 | 221.1.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.209.201.84.in-addr.arpa | udp |
| US | 104.21.1.221:443 | unity-api.net | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\System.dll
| MD5 | fbe295e5a1acfbd0a6271898f885fe6a |
| SHA1 | d6d205922e61635472efb13c2bb92c9ac6cb96da |
| SHA256 | a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1 |
| SHA512 | 2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\StdUtils.dll
| MD5 | 21d805663834f61cb443545b8883faf2 |
| SHA1 | b222c5ca1e4cb8a7bff7eb7b78d46b8d99bf71e1 |
| SHA256 | c18b46a68436d164c964ba9b208e5c27ccc50e6a5a2db115e8fb086663b5308f |
| SHA512 | 37836150ef2837f69b82399024d0b93dbdac992971c7fe7b50959107c0520f5874d45f4230f08554514e3bd6a76d6e35c55c8afd53f993aba18f77475ef02001 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\SpiderBanner.dll
| MD5 | 4287dbf2ad9e000d8653137470528fb7 |
| SHA1 | d488ea09a1c35f9d773195b3cbdbb20e4878c0a4 |
| SHA256 | 35a523fe649201442c9fa00d875cf9acf8ced7c11347726cc0c6df5b0eda9f95 |
| SHA512 | e5dafa93600e9c1e994b4e0131b841b2e14f76d874875926f90f1f1c2cfd9e2caa374a1f584594f41e4feb0c06e93115e9fa23237dbc31d3e1c208ad8d0cf58a |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\nsExec.dll
| MD5 | 50ba20cad29399e2db9fa75a1324bd1d |
| SHA1 | 3850634bb15a112623222972ef554c8d1eca16f4 |
| SHA256 | e7b145abc7c519e6bd91dc06b7b83d1e73735ac1ac37d30a7889840a6eed38fc |
| SHA512 | 893e053fcb0a2d3742e2b13b869941a3a485b2bda3a92567f84190cb1be170b67d20cc71c6a2cb92f4202140c8afd9c40a358496947d709e0c4b68d43a368754 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\nsis7z.dll
| MD5 | d7778720208a94e2049972fb7a1e0637 |
| SHA1 | 080d607b10f93c839ec3f07faec3548bb78ac4dc |
| SHA256 | 98f425f30e42e85f57e039356e30d929e878fdb551e67abfb9f71c31eeb5d44e |
| SHA512 | 98493ea271738ed6ba3a02de774deef267bfa3c16f3736f1a1a3856b9fecc07f0ea8670827e7eb4ed05c907e96425a0c762e7010cb55a09302ca3cfb3fe44b2b |
C:\Users\Admin\AppData\Local\Programs\StarsVaders\chrome_100_percent.pak
| MD5 | 3c72d78266a90ed10dc0b0da7fdc6790 |
| SHA1 | 6690eb15b179c8790e13956527ebbf3d274eef9b |
| SHA256 | 14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7 |
| SHA512 | b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\chrome_200_percent.pak
| MD5 | 3969308aae1dc1c2105bbd25901bcd01 |
| SHA1 | a32f3c8341944da75e3eed5ef30602a98ec75b48 |
| SHA256 | 20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6 |
| SHA512 | f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\d3dcompiler_47.dll
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\ffmpeg.dll
| MD5 | ebf0485fbf546b010c2b10c5c8e7d5ed |
| SHA1 | a4a546f6be93bae535aa724ce2832f428cc91f89 |
| SHA256 | 46a20d91861f6e966959635dd5f1adfd7f33449dd814a9aecf207b0cd53117ba |
| SHA512 | 9e6011c0269556376907850fddac8fdf50e132434da7daf4d87be83c1b89b7aef847b25b6216686915225a82374fac6ff987f22efc01d5b1c2cc81d53d7facc9 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\icudtl.dat
| MD5 | ffd67c1e24cb35dc109a24024b1ba7ec |
| SHA1 | 99f545bc396878c7a53e98a79017d9531af7c1f5 |
| SHA256 | 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92 |
| SHA512 | e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\libGLESv2.dll
| MD5 | 9bbeb7b27646442c8bc2d202a73516d5 |
| SHA1 | a7f7a52dc45bf130581953e07ce9b9851cbce90a |
| SHA256 | 2b80817443265e7979b9a77075492e8e29be3ba775d20f646cdda391efbab21c |
| SHA512 | f9826e43f53bb9b906b5c62ff2502d4e8dc3ff99b72420cf313a5811061cb146651cba3b8f864f34dfcfd51c6e3b39a0a640719ef94d7696bdc4fab7e9d16785 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\libEGL.dll
| MD5 | 4c01b3614be1f38a6d594443a547c257 |
| SHA1 | 7eaa456b164613577d0965ab5a57ba2b681a6ffa |
| SHA256 | e36da1a4228899bebe50cc5da1fcbbc590cdcb3ddee0b2a19defd99a805b6ed4 |
| SHA512 | b72fc071dc791c63978465a68c9a4904d5f1c458d302bb710e83576f20ef928d73c487248a305bb455990c2d8a6b894ee47d88bca6bc92360f286849ae1a1257 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\snapshot_blob.bin
| MD5 | 0406a232eb55e516dc38b4967671846a |
| SHA1 | aade7c03b1ecc81027c98a79285687bc19276fc5 |
| SHA256 | 4f944691b7066ef5653cfbf6b016488f6e5f0afd2d6bc03b90de5485514f83f5 |
| SHA512 | c608095510f88348e1e412ef573e4aeb4a7d328dec2892bada688a06baa023fcea1cc0dfbba6f6c41de303f3b6d5e1c4335a2610f3ec47a690e4f309f8782359 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources.pak
| MD5 | 7398d5aee46689f03c278c8954f68f2b |
| SHA1 | 62e10057cfb2dc53c62d088d4fde3252d1216d86 |
| SHA256 | 9590361aa74c43818881e622f2e3b7992c978397f7ac269f37accb435b134fc8 |
| SHA512 | 1d6ae4cadd302fd683be66016cc4aa092bfe9689b81e1a764512327983f558a7ad9a10aadb7f8e13b73949d648d0e14ea0eb7c2de2420353a46e44c6b647c652 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\LICENSES.chromium.html
| MD5 | f017c462d59fd22271a2c5e7f38327f9 |
| SHA1 | 7e1bbeea6ac2599bd0f08877aa5811d32f1aceb9 |
| SHA256 | 40f314c778851106918aae749d75b2d913984327602a1bfb7ef0cc6443ff2a37 |
| SHA512 | 72177281486f6ec26ccc743b43481c31470c7dd53f17b0a67ac087dded190c2e3dde5570260150c2e9650186a515740af7f81e31965c95bb762340f9ac100c07 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 3eef488e8b9d35f710634c4d404c7e1a |
| SHA1 | 971c730ccfba2db0fee379683f4e310df5c9f1df |
| SHA256 | 3a189b50da4b31b5af6cdfdb6398fa039ccac9e13898e4851b27c4d91f4dff6c |
| SHA512 | f787b7633edf75905674c467f7c291a2b3791a8475b11e1d4fb1769ebe872c6b70d778124c22a55b96efe2ac443c82750371421ac9fe8f2cc8bb47ce0e3648d6 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\vk_swiftshader.dll
| MD5 | abd993f23ed3c75fb80320a10451dd66 |
| SHA1 | 95b13400418512870a37a4e59ecc7dd9c467df2b |
| SHA256 | 52c64e3bd5f852f7c2628bca773bb5a270ad40f5e31bcf8429323cb9fd1bd4da |
| SHA512 | fe98cabf2e3500d52b09f9869f3ceab6c7ed8fefb7fba56eb62a5319053ea997881112abf139f2e642210eb4b61d5a726b8dc41d4565b81faaeb5d64a00e6267 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\vulkan-1.dll
| MD5 | 0b95f0a5905c4075a3fbef0ddb71e915 |
| SHA1 | 72a4536da15d5d9e1617331d8e4a5c5a579c75b3 |
| SHA256 | 03b808d8045ebefebf2e2847be039358f7ec1db63e1c601847b8cd304c3db448 |
| SHA512 | 9e57eeaafdaf0b5516822d1ca7ef1995442a03677f856828d49ccc01ab8492245d8659eec7675822fc8610ba250e49a6f3c8569aad2a324cec83e0d6b5201187 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\bg.pak
| MD5 | e1322b5cdbb96d2cf4a5fa5993c2acc6 |
| SHA1 | e813a5685b1885c2788c4826a8f8659493febbf5 |
| SHA256 | 39707fb80e38e9404accac5f12ff1f3745589bd80b1586e2208b27c0c8eafcc2 |
| SHA512 | 2c6e766d671bc4ac772196e40b818039fc88f02eeaa59f78c78558e5e2670c1fb7fed9391684160c0af5a92acf8991533b298b5aabc3919c706f23f094f2ac15 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\ar.pak
| MD5 | 513e6bea67200feef37fb2e8c7fcec36 |
| SHA1 | b0edbb5846b8ddfd95ad74905e890892192279d3 |
| SHA256 | 00a9c88b644807369637ddb78d9832d7137b5f1c64ca9720a36bfccea8c38d98 |
| SHA512 | fbc184640fc419b50f6b1a78168a9efb63f8ac4c151baed17b5e9b9d333a360dce109351654ebf1c71c97471917c922456cf9c816118c6c781efdee14d8360fb |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\am.pak
| MD5 | 1c47cbc228940f5c645f2fd77602253e |
| SHA1 | 474a5006ae9ae774b5d420c2f1fb0d0f2ff36afb |
| SHA256 | 5245154c986ca89ef53a24a4246345e3db01ebe47219f1d0772935b03e81e37b |
| SHA512 | dd4e7c1e26759001ab1ef63f93e847e2908c78d943c7546c88e1988d96a6625f9de9e0ab8b38af4c7b07202e1a5488023cc3429075de6c9b9394307c88442673 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\af.pak
| MD5 | 09455048c30cecbb17d6e0e95e4c01da |
| SHA1 | 6572850b07df45933ed57754f72c44895a7ef662 |
| SHA256 | e973763dcc0ffd7a5afe0a62ec9651c4c3db7fe29a23797fafc34b83512d03aa |
| SHA512 | f59b68c213815ad81379c964abe6597b900b9fac5fe17e2cb378d015c4803f96b598ef70333d594599b3283a88a9ca9cb2475afc2590eda2ddf7b041ba2368e3 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\ca.pak
| MD5 | 84b1e5be23e838708773d4e022f99986 |
| SHA1 | 53e411d571605a0a86a1040bff32a5e951ce9ee8 |
| SHA256 | faff0931e9479b76d2b6247739d4f934023a64bbe8578be08e2dd0eb053231f6 |
| SHA512 | 8afc396b859fbd0c03d1b7604f5cd80d41fd8e3df52ab88ba22a31a6a0df447671377f2ad0f6797682da6aa32d7c779defa1097ee140af207adc94575957fca8 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\cs.pak
| MD5 | 709ed2e9426081c9e86d9abdc74b44a3 |
| SHA1 | f55fc17c8b9bc5f09a539ecb8b995c1b43fc4d25 |
| SHA256 | 6597d0dadf724999741e0f24953ce9be02c8b98ecb8a382115b205edde87c160 |
| SHA512 | 992ba983cb8b24bf0ff190715c5845f34b13f17227486350fc736c872ac8f0b21347f5f6d13e2e204e928ec664e283ca65b65f72d9910725f55d737b6c5fda40 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\bn.pak
| MD5 | 880e325d5643051ad7e29c2280fab954 |
| SHA1 | cc46cff349031f9036cafafd3c091d1a5ab93f2f |
| SHA256 | 2fbcb9524eba04637e3f6c2874f7fce917326ba90877e1715eae4b35f141dd3d |
| SHA512 | d16d085bd51ad267738c649f6bbfb15b8ce5ac73b838cfb7e2ab0f4c135317c358b83a7b5d3506c492f75b97edb8d1eeee9733d12c9eca1bc51012d660b9e912 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\de.pak
| MD5 | 3a9f06d1708b7620e2639851024ed0b8 |
| SHA1 | 51c0d824bf38250ec0aae58e63141489931f02ec |
| SHA256 | 91da97794994f6544707299fee6b775745dc3891fc879d8e8a05844c6383eb53 |
| SHA512 | 08e80783de403651af208387a3191db30d1353cc25f310c917a1133b2622e4b6809bc2bd881517678e9229e6492705c5f45be3e849c0512c4a651c5b7026c926 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\da.pak
| MD5 | 96bbef1eee0b0a197ec834839c00e11c |
| SHA1 | 35adba0aafbb4d19015e11dde1f37de87292252d |
| SHA256 | 600e02877374dc083b21deb3cc3bf6a4e3e2b2c581a631955494b0591c56289c |
| SHA512 | e1ae7ad30735b6c42f81d30d50162330603753b0ce7705506918d0bf3bf9a52ac60f8fca570cdfe87f0d6dd46cfa3064d5a1526d39d81a053571b434b1cbffe1 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\en-GB.pak
| MD5 | ceba44242f8b24b70c9b59b5094d8da8 |
| SHA1 | 84e16c522ad397289a923e5cd4b012e2d323af4e |
| SHA256 | b0fd61679565a7649c90214efecdf6e1231a8e7895dad93452bfa1425417d5b7 |
| SHA512 | 31cd936157a7408a43dcba597f6e098499dd4c5fc011ef818ce93eb7a05c9d354229c3b2295dbc290a6d3f3600373f18f75b334ba9013a5dc0be44c82f2e51bd |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\es.pak
| MD5 | 070cbd6f42db1cb9b6a2f74e03d6b124 |
| SHA1 | f8830e1c8a601123d85fd75188ed01833f910691 |
| SHA256 | 91de93a4dc9c9276b9ee3ae498bdafaa55fd464c1f20fdaca84c4b79842327d4 |
| SHA512 | 2ebee4e289eb2a19a97c86d1abdc1ad53c6a76b8c1dc28fc89cfde236c4abfbb823bf52573cc0848fd76ed9e0ab2d49def542837bc5c474ca1593fb5ed10a390 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\es-419.pak
| MD5 | ae62374bc2e71d9abed6e0c1d4bfe309 |
| SHA1 | 624a8210376e11814485fe90a8825bb6ca883188 |
| SHA256 | 48bd8f17823ce0f0a6f1c9fda020d5b5655e2419634f92725ab263339d9a321a |
| SHA512 | 345794d617dd3aa200ca248566e9ba36dc846af9afe259545b5a61e787b1b52e112c7eb68bc025b0d2076790a4b77a82a724bc213fad9f0f38db6054332bfced |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\en-US.pak
| MD5 | d47cded365a28d27906414035c1cb3ca |
| SHA1 | 429123c86f6ca48a89bedc9a26027e01508e6db9 |
| SHA256 | 46958caf9847e33a11593ad024d5a95cc696edcd4620cf07e7b2b78c72b9c00c |
| SHA512 | 1a16d784913fead116460c9ff42e21ae482865cfe2d6ed1b1296496e46a05e513f8d048fa4d245e7a82ef61de4c4130696d5b1c647c918995f6877a888bd0853 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\el.pak
| MD5 | 4009c890acb9b81928e6e1a4b593dd62 |
| SHA1 | 83083e9c948ebba18fa990e230ee33fceae43cbc |
| SHA256 | 897b6fae230e6a3cd14e16eb537f96d820950f5a4537fe146a732ab028b7124d |
| SHA512 | b4c87024d3cd612b8af6f73b31853936614f4315ba9a48b4687120dc64e1794c568c4e074e41ae6f8dedeab61484e145dc0ca3bdb95482fd85492fddc26ab6ce |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\fi.pak
| MD5 | 925f45e80be419aa0125096ebb81a23f |
| SHA1 | e73a32362952dc0aea997ee408da090f1886a438 |
| SHA256 | bf20054eb68d3d67d17d2a8c594d896c9c33fbbd562535d0c7e6cf6c940a8732 |
| SHA512 | 8510e2e9749b4342eb8d79bbfb983c43293f7f37d138464c96053a79685c578a148dd54013d211b02115256f174f51a74ca9155883055801bbe146053de52eb0 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\fa.pak
| MD5 | e5d53b9d5756871d684d018fb0c745b5 |
| SHA1 | b00a40704c91b33c2aa0f6829ae3dd886ba7177d |
| SHA256 | 8b93023af6428322b9b13aca5da9bd395a9c4775c72b758df8eb564d35d15cbd |
| SHA512 | e722f114485cbbb5284d23f1ad1061213f40083c5da2ac9753e1416f75f7cee9d8315e6f4582322d992beb9a8cacefb607ee0b1737e3a6da775fc059a17c3fb1 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\et.pak
| MD5 | 294c830b9e6667c8d5e7287cabd6a4b6 |
| SHA1 | 52f44b97b71624bee6360301e8f6f34cfa428e72 |
| SHA256 | 198674c98f10c36205161e382cc31560a4bf0de5f597a0c65f7f95777dc9bb24 |
| SHA512 | ade98fa9cc25148979f325660ed3f0f649a38709ea34b759796c4e202b3c30e76da3b8c17ecf2e1948db4a5be26af23c3a6e6b28f9445ceff68d251a5645db5b |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\gu.pak
| MD5 | cd212ed25482d2b5a246440b62c4fbbf |
| SHA1 | 197f3616dec4fb308e0ec5a17458ef8a2d027cd1 |
| SHA256 | 0e8762ac08963088c33b74ee790df95370bbfc298bae8abfb87eb1307ef46d37 |
| SHA512 | 207d3e9a6bfbd3eb19cf53a0a300eb0172ecb872496d627ac5b55b9ea11d52f24f01393893450fefaa3c42bb481129d54e552679f2f67a2af0e117d12464601d |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\fr.pak
| MD5 | fe0ea306a7b48ee2750af3a263d9f3d1 |
| SHA1 | 877968909cfbbe499911b4d8b807a593c4be52c7 |
| SHA256 | 955de4737419c06609227c63c2fbba7c8abf497fb976c99a4dc9f5d5105afbd1 |
| SHA512 | 07978311caa9be82bd398100d1d8367c5ca840ffcc166b73aeea0bc7c86b53db13bf648decfb3f54a43b9d199e0d98fcd29fdfb291a703502369b025eccdf872 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\fil.pak
| MD5 | a96f6f164897e62c984e9a61f6c3f7cb |
| SHA1 | 3ab2a714eb8e9b57e8a39792d152606ba0ef6a3a |
| SHA256 | ff21df22f24c92a06f6bbda2c70b57e098d7bb6754988a5ada087aed9bc8b8af |
| SHA512 | cd522884b66c940d64eb1377f9dd60143ae984fa7d144aa9d83b82a006b5da2ee9eabdcf046d362b2096d8a6b8486f36a10ac9f0642bb8cfb1e7903fda4c41f9 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\hi.pak
| MD5 | e3b31e519b925414176ef2d9546c356c |
| SHA1 | 7cebb1c5fd9c78f704bb9e5c463f67c5426d0171 |
| SHA256 | 82fbb97e7d9634df3c806439e144cf8d153d840bad98f6e790726841a91acd13 |
| SHA512 | fc3e735f010776cbdaba1592e6f685a1fb4773ab5062f5ba9ed95d9bcab2f0ce9ab024ed95158263450fc58c3197b84e38883262a588d6d92c4e623c61b4d200 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\he.pak
| MD5 | 06e89cfa4c6f4bfb7aaead492c4f08f2 |
| SHA1 | 39d943e0eb1637cd3f5a7b66ebcd28e76c89aaeb |
| SHA256 | 6b7937f16ae53457ac9a0c18fbac68b2076200b0fc98cb781415fdaf18c49301 |
| SHA512 | 8b6d33657eda8a3f1d1bfd55135de88953d21916e72df646fec2b5f5b17e9e15849f428b0fd83143f375ada174aa953be8f07fa8ba90ca4d07dd1b859d034b4c |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\hr.pak
| MD5 | 92e6ef5db4c0191282ce2dd3645461ea |
| SHA1 | 045d3ed58a625516af741c9e2f85680fc1561ed4 |
| SHA256 | f8d6694f1c05ca259a31e0427ba7cef5b57f0c4b33493fda21003911a5da6f07 |
| SHA512 | 08b09857f173ef2a3067d60120167223b4ec7414ff6117d206bb12213ce9563c8d7923fc0ce6e7df0ea5d8ae2b3ded2a23993ab43bc46bea3c08df1bf59e16ea |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\id.pak
| MD5 | a20c777901a144622f8a5520583af79b |
| SHA1 | 3506f8e07ee301bb195eb185032ebdc7fd231272 |
| SHA256 | fd44af213520242ba41f4c9003ddeedc71f923cb37e25b14e595f3e652ae18dd |
| SHA512 | 6a53bc2f5d0e4660767d21070d19f0c407fe676b9e9cbdc20e6016e333b2ad33da225bfc2833a0c0724e1b6245ca6ee3cc0e782ac955d6aebac3dc468db79a1d |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\hu.pak
| MD5 | 40807c6b0eefd2a2f16cf0ac2c28ed53 |
| SHA1 | 1b416b29e59ef41e1f18b168947e42b7fa969d2e |
| SHA256 | 533ae7e865898b61ecfdec68c581b3c4858f2c3ec1fe496ab02c61db0362d941 |
| SHA512 | 487cf71df0f2e59ce1151c146651f567b624ac0e48f770a2f1da76b27933aa2bdc30990788e2dba4543a11b9e5d3da6f31badb26d7f3a5c87088c5b4e1bd7756 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\lt.pak
| MD5 | b02bf54687716b5d5f18aee02411a980 |
| SHA1 | 4cf766077382c49fb89d59d861de0f482f989798 |
| SHA256 | 0b0e3fcb82ddca52f9eb1ff9e1ee224639ff81f1c0af6ded4e21944811babc0b |
| SHA512 | aea879ac96a5719e8988011a7b82726bf51a24e170e260182146191f43914cd50991928d2283277d173ad650f7cfb1246fad9445260e9ca0769052079d431f25 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\ko.pak
| MD5 | 626e172ad9b55ba0a1e2802ce5e10d0d |
| SHA1 | ecd855a47448609e8e9d7bdd80f92edd494ca77c |
| SHA256 | 7111342770c33aaaffdd6fd9ef15095a6d89e48d2468c19172c0eb9b6f26ebdf |
| SHA512 | d42594259929e35b763e71cb7022d34a11bf75a4b9bb058e251cbbe8e80bccdfb284eed1c6367f98e3023134c24d50542c64673d80e29230fdd057de70a10d5c |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\kn.pak
| MD5 | f4c1e83eabd580c0b4c63b2dc510ce6a |
| SHA1 | fc1d9fed0f073504b022606e424e7cc9796648b2 |
| SHA256 | 79fd72e764a1d8ad623892e563e174463f29d6ce61a2ae29af102d71da4b8e25 |
| SHA512 | 927e6ff4c7d1c28c89afdf44c62643740a94b01e9f6e927e543834c833e1b4abf97de1489c6717f9054243c180474fc695a70c4ea8852d95c690f38c785705e1 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\ja.pak
| MD5 | 63cbeb056020b6ee8cfad26c7c6abb79 |
| SHA1 | 99bf018555eec56aae4b19d10c85ac506f4164a7 |
| SHA256 | aad9e17b2170b76248d61a3bac9b1bebc44b94885403ec2cc21a31397bf029b4 |
| SHA512 | 5aa4e764f06f0e8490dab89a8b3754cccdd41739b4654ac8e30de160cad335f681fa5dd7782482aaf66ff1d827ce0c34df85c23c334a35035a3a4e3d0f305343 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\it.pak
| MD5 | acfd6f4b73b87455acb703e59303db33 |
| SHA1 | 70eabbca61eb365191cd1256f3be40ea9223b2d5 |
| SHA256 | cae7bd535284f5f156c1466820aae2bcc0b0c0ba378ad0f04eef3a145deed9b9 |
| SHA512 | bfd52bc383f1f5a7d559968bdd779198c81286796564499174c3b5b9bbc7112f427e8316f78fb09ebc668c5cbf94c89c37e97abb00c9b87b5c5c108028fc549d |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\nb.pak
| MD5 | cf18f58e8e4e37b2e5fa7ef8269a294f |
| SHA1 | c60d6e84f5cfe4cadbf4efed9b5998307b20fb9f |
| SHA256 | 3f1ed8ff0207c678b6a0a98e82fefd6340e35b7d16689672dfa90d9ee63921c6 |
| SHA512 | 8f336fc50943d693ee80475250d2dbfc1401c615da571115f2c02551959028125b91ea6ffe22171dd12241688703e1869402146ef4e85a46059fe022759da953 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\ms.pak
| MD5 | 06f24bba6fa8e9a009b3062227d4c259 |
| SHA1 | f50b0da2a86a138d16022f5642d96ff1a3ce7568 |
| SHA256 | cdfcbd86ddf584621bb2966c2d43f18096f974edb795cac0d1db43a60f3bc24c |
| SHA512 | 02239741f103c8b63072abab475ac313cb48612cac36890b7946fd816028fcba9be7ecc17ba5b934016d8817c52855ef208bffe5191d0eed35aa5243527e2150 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\mr.pak
| MD5 | af7c7d72a968e1936f26a3c755157f6b |
| SHA1 | 2ec71950847f5fb4b85697b6acd05224c28bb092 |
| SHA256 | e5702b9578435abbbcc922f1d4ff8c5a345856926c2174c329e228987c3ac7d5 |
| SHA512 | d265eeee96adafc3ced76901c9263bc1cb349caf925a02d5deb010c02843fb653a17e1e8a4e942c9912f654316c4a7a1776e6a7eda56ab82ae9d4d077a58a929 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\ml.pak
| MD5 | 265d7fbee9a021895d51209dc0181f90 |
| SHA1 | 30e37013971bacd3ee93ad2fca01cb59a26d6a87 |
| SHA256 | 682463d4a0221711e565ecf409893536d727650efd2ed0563c722cceab66b1ad |
| SHA512 | 028e1ad499b20ff7cda822b91f9b8d1cbb1efe108b7236d817b73a6f8e518b5f4a8ae77d653ae5c9d799842eaee3915250ef56f634f847fc5fc8a3b36eea176c |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\lv.pak
| MD5 | df9985ecfc958f343ab7e56e71149d71 |
| SHA1 | fc0d2c4a194d500a1f4cfafcd9102186016ba5a3 |
| SHA256 | 7e17246e23ca2d0241d56d91b5d5e6bfb3ff4e08f1a3734f9d032b4191282fa2 |
| SHA512 | 0dd65eed7a5bccee0ac5e2826f0cceed848dff0d0d41904e00d35cec9d96fc0b91a4eb54fbcf0bbba61f89848562a606f9f7aa827cb180abe7e97a2e77a29309 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\pl.pak
| MD5 | 4003c253ef85ec0ff8a65204955994b0 |
| SHA1 | af3074fb622445f6429899cb33a33bbcc60e5e5a |
| SHA256 | 4db10dace60cc56b610a7f92caebf4e7e98ddcaf8dac4f5a87db8f750f51ef8e |
| SHA512 | 5624c8f6268c8a8dbf1a69a032ebb89e670685cb736a3cb42a65e2dca118a85e076818b58ba2e392991eff7921495167616107f402c841a8456b5b5888b70ca1 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\nl.pak
| MD5 | d7048d029ab3ff807dff790113328574 |
| SHA1 | 07872f608062aa482532edda0dd2e1de31669380 |
| SHA256 | 0e9c114529b9ec20118bb96ffeea05d1a408e4eb621e3fc65f49353195d1af96 |
| SHA512 | 050b0eacf5b4da024d1a2af54f3511c4671756b0dab3f961d8acee5d1695eb29fba7768246dd5b3bcc253136df97e49a305832c37943380dc337776cb1fb1549 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\pt-BR.pak
| MD5 | 0711b3f59ac95761899b013b3b242c93 |
| SHA1 | 73fe7a4f60a6b92a966f1177c71bf85c6f95004f |
| SHA256 | be445bfcd9429570e5006063b1c8299a41e762e8e0c2b63551bcf16cb6fb868b |
| SHA512 | aad5ff84d1833db418a46961a5e3abd040e19e5a87bd6763039f8db7dda19c3cd9d7ea862585080636c2888ab1a50f2ba579cbc0ca0df8135537f1cc7543882b |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\ru.pak
| MD5 | 4ec91cdba9839e214ef7c008775e9e6e |
| SHA1 | ea9f0f22ee1bca09ac38c01300cc91e2fc8aee51 |
| SHA256 | 64f069a34be4966a9c28361e1c4914ce23bf96faa3bb5533fc3d233bfeac5cc1 |
| SHA512 | 8c49ca910bfff175a4d88778ea34437a5acb0d52e349160f31091bd33d8ed76524950fe3e0f508c243ed76b289a550291ec68a7e0c1c426a64fbff0579c94d14 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\sk.pak
| MD5 | b7d16d6702d4b4b5d3a9e4c3e0e13eb2 |
| SHA1 | 6b2f1591ec51c4a7cf1435fbec7b5af94e0b5d4b |
| SHA256 | e93580dffc1715edb37965c5787048e3e282d0477f277668ca7f49cfda7142c0 |
| SHA512 | a09950a9bb3f9814d946857e32901a9b6d73b4862a85f00b7f1f035ce0cab5af4ebf3aa003731ffa8ccea88d71866ec01d9ce578fc0b13b3cfdd3df332a0c40c |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\ro.pak
| MD5 | 5d5a27c52ae905fd85f5d50cb793e7ca |
| SHA1 | b858bba1ef66c4d3943be19a4bf8a508c23e6671 |
| SHA256 | 9ff47f6890b3f543bc51015f263e791d8a3bc332098f8cd8199852fa131fa579 |
| SHA512 | f4754951ff0dd3f1ec2c0859a93422330145f9e4e3407bb7f95863c85227b96d3f8af449c0a051b60f333df3695eea5df70fd5f7fe4916e60eb6f7c4c21aa5e2 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\pt-PT.pak
| MD5 | fbff8ba7e31acc6c26c0e4b7277cbbd0 |
| SHA1 | b9acdcbe2f0f429474acc4dd883d668cde9d3165 |
| SHA256 | 477d6666bed083b27335a479c71279ad41a674f7b6a412ada1bba18be542ddc7 |
| SHA512 | ffdbb2773f18038f5d4cf145f3311feae25110ceb8efd9c895267f98acef7e901dd7d843f7c5291cd333fc81b80da301d0c92e5c0d6857da7e4eb68a5a0c540b |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\sl.pak
| MD5 | 48ead6e0160cbc6cbacb247cd3643110 |
| SHA1 | b39a91bb90f26c74dbc9fa28b257b705b54f2b81 |
| SHA256 | fc4cc46ff82cb8a41181e825a3d4e4508753fb68ff01a60486b7df4a4e11e89b |
| SHA512 | c037d352d315805a18796a121e47c73d37d68e735c9334e11b393235ae75b803cbc03cf7cf8480683bc68c9b98fba9f5a7b045b650598e5d9367ab58a24e75f1 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\sv.pak
| MD5 | b75471d16a5b4cfbb43ea86d3077e63a |
| SHA1 | 302958743c97218d13a72ade3a22e4181922531f |
| SHA256 | ec0f43dae8e52169396f289dfeb5d49b7f9258bafb0ed3060dd652fa744e5264 |
| SHA512 | 63556f738df1527ad96cca95f3e37934b054df83cfacd4e120745ceeb0536d4bc1919c66acff3e5253a62824c032ae7e8f9496df13b9ccb6fe00f67920a63cb1 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\sr.pak
| MD5 | 5c811e0c9b775886bc11b46703cb67a0 |
| SHA1 | e9a777cc72263c7e7c4bfaa36e41b29e405a2a18 |
| SHA256 | 4c524e149c02c37034ec92dd90f20f463413f2650ac9f32d52ef7260f9a34f1b |
| SHA512 | d7db44fbfff3e3204b92aff44dc02c184344853d85fd79cd962bcad8efe85a13d1aaf9ed69a6e81fcc6e690afa4b1ba7cf1764225916f398c0f960d56e5bc57c |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\sw.pak
| MD5 | 912db9e797ea3e277f18e72173f26ad5 |
| SHA1 | a83461503becad16ea0d33fd5501603688a65ed5 |
| SHA256 | 89d1245c645cc26d67ac0f556734ebeb99b436cf19edd3cb3b220e78a87796e0 |
| SHA512 | b5c334b528ba6d26dde9b4b1100c01bd1675cfcc7167a9bab4d9fb95584ae629e9567ab3a4729776fbee22ca927d42e04fa016cf3f9fe510edfdc340309110ca |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\ta.pak
| MD5 | 22949a4acb6639bc4fea591bde3f6cec |
| SHA1 | 672163723e294a5242e9654470e1efbb3e8aa0a4 |
| SHA256 | 84776412fd7f2cff26713781be937bdb30352f9c7eb297ca811241e6cf4284d3 |
| SHA512 | 5e3ee2d29eabfc4398b0f9784064eb03b3c3e13c59f4fb1b857c612727eebe1a4a1bcd76503b1356cf4b4d407431a643503d9068f61f1ed05041f3aad325262e |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\tr.pak
| MD5 | 41bc209ee64f56f04836fca3e2de362d |
| SHA1 | c019805b555d4c24c347112a583ac9f9bf2ef142 |
| SHA256 | 71356710c485d7db228a866789ce9d253276725d94a4e4622e7b82037beb9825 |
| SHA512 | a65c4f9147c5796567e61b0661b4766c199f156541a252ec442fe5b5e3e1156c80e8fc7cfb6d9e55db4c5f60732b55cfa74a65e7dc46fbd5a4e5dfc8f3891add |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\vi.pak
| MD5 | e6db9a8c61dc84aff75efc00b486a8d1 |
| SHA1 | 6d1f0329f9a44b64fa3474313c7bf207bfd78557 |
| SHA256 | 8ff2d05730915c1b15a97a3915c03d83239c34771ed661ccac745fb308901f14 |
| SHA512 | 89cf188b5d21528166353b29986f5afb9aad9a51a57864951f7945124b157e0129125caeed58c70568e38f7ba3a34a17d10056902b58ba48ee2e4e10a4649f75 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\ur.pak
| MD5 | 157117641502b63c89110363dc7083b2 |
| SHA1 | fc86039a03b2e48fafc70e1cadc096fd46389af2 |
| SHA256 | fb7cd2f4beeceaf445f4d299a3db26cce49a7950a37e5a9b48fae7f5a8e09f99 |
| SHA512 | 422d92c5f0b2b2f9f35dbb7c11cd1b463085201912948c61222bb4f43f8dfd777fce678f04371df53ab6d07ec14cfbc9e4b1b084a72a0f2aa80ca7a4728e6359 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\uk.pak
| MD5 | 7e2cbb9d3591278a76dd08364d3dad4d |
| SHA1 | a760a029070bfe57d4ef273b705650cef0a92f61 |
| SHA256 | 38616b5f7f939a84d5205e758a8d3fed024a8e3fbcc8159c90666ce650ae1d30 |
| SHA512 | 81e5ebada5990d79363e2583efdd3ccb19d8a10291cf6680d77d7c399816fe273a4fea5a7cb5e55e11f445df46a7ccad2942dc04f4fb8b6f66d2f2b151374de2 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\th.pak
| MD5 | 77721a07831a7aef49934706398559cc |
| SHA1 | 240ac6e472ac7312f02b99a8d588813d3dfeb468 |
| SHA256 | e8cdabe4557192a6ad7040de396d807f96f50d6ef256dd04972211b9c898bc1d |
| SHA512 | f73be17166c7a94c216d13d837146c3c72a5e205688479ce8199c8cf468eb1bf780f2569d42e908684f0059e6ded370428d9b123389ad2cf1553a0aecd1ef06f |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\te.pak
| MD5 | f0a8ccf00882e83751fd666876c937bd |
| SHA1 | 6fd5045a20bdb912f61dd38f4d046b333bfb03c9 |
| SHA256 | 65ce3f1fe059a8d8b67cd47485233c6ab3870cfbb313241fe0f24e948bb0f158 |
| SHA512 | 8ea9f2215ac8354378aff1717ef6f1ba97ba8bcc1c660290d8a070c9a7cb9b0e1a87b8e37e68cd71d7bd429adba8b17c6cda68508b7389e42841fbe2f9c79528 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\zh-CN.pak
| MD5 | 5356bf9ddeb7ffad20e27ef092dac528 |
| SHA1 | 3514ded7211ff71297c87275ef0805588da2d47d |
| SHA256 | 0b6f0a9ded5734b260c1c02d7c717305d139bded5ec7ea80de40b641f13bfe0a |
| SHA512 | 887be5ed95b40d73e0f61f4b3e85f8a77d4bf4a222197b9d1c60711ae8481efbf9c183ba902dcbf437fdf70381bd232fe9c27cf0ce87c0f45b283b75b6d19962 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\locales\zh-TW.pak
| MD5 | 9c51b828271263d574382077abd2e2f3 |
| SHA1 | 4de07caed06477855e4f4bba1d0d1178c5757171 |
| SHA256 | 21550464b12c7f9b23380acf7ca2b42c1b578581613c342196da95908f14c8af |
| SHA512 | 0e6921dbc4be8d5d98bf80e9b0f8c7fc31cb4e7553ca76b9c697a3f1428f855e59ee0dee99903a5215dddee9375532226af81128f066656d98db28a8d9738604 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar
| MD5 | 8d62c1a65eab151dfb8bf2f42b10b6ac |
| SHA1 | a0b94dc95e87d3b7ad481f0cbcb8e746e3cb03b6 |
| SHA256 | 42658376688f016012b9dcdbda86eaca14c2bd04e0439d445a83b68da19c84bc |
| SHA512 | 4ba807271c886ef6560daf3e9c82bb6c062f7c9b18871d2fdca9a19fc792ba7017282db616fa4a4c2f6d3d1883f868a956a298355aa04345d300795465a56621 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\package.json
| MD5 | 83a6b767cd4ade2116654eb0a90fec3c |
| SHA1 | 07a0f29ddb1c8a48947ee05bb4d6ec3d2abe1df9 |
| SHA256 | 59f4704391d2247b2a8d029d7338566d47d2ff0cd7477c49343efe93475f7a12 |
| SHA512 | 404ed15686b7d611ba8aeac12e706af75a876502c51e40e48a598d05a9ac89f88902b2830a5c679f9bb7931f5c33bb10da3a32753fdb8c71a9d7b4346a1be8d0 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\LICENSE
| MD5 | 7bd114b023fa6209fb7b02150a202ccc |
| SHA1 | 4451515f9d7b16ce8983abb4e85609fe4162c4d4 |
| SHA256 | 455dda47a3fc2f58ab06d8e526f490ec43d0fc23a5ea80dd0942644397316d9b |
| SHA512 | 87ee4dc1da13937055eade250f1f8a357f549c709b9659258c137009060080aca5cfd979890a7b2d662083f4c646cce9af6e20774b58541af9e712fb5f4f1c60 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js
| MD5 | 0b33e83d33b01a51625a0fdcbef42ce3 |
| SHA1 | 1c29d999ff7da39426b97f2eb31a3d83db8f5fc7 |
| SHA256 | a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2 |
| SHA512 | 1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.node
| MD5 | 04bfbfec8db966420fe4c7b85ebb506a |
| SHA1 | 939bb742a354a92e1dcd3661a62d69e48030a335 |
| SHA256 | da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd |
| SHA512 | 4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_addon.h
| MD5 | ea1e5899ec0210d7de4ce325d1d94022 |
| SHA1 | 464da48d40547cb08a67a1ed38cb0ae8369f2f42 |
| SHA256 | 18280b1135123aff82fbf4188a5aadfc9a5d6fffad9309f72f347f380f2da550 |
| SHA512 | 6dae672ea822a7dc5e42914def21c019c0fa8aeaf1c27c155b78312d8a33a63ae9a1910dd32b72760578671780b8c37b91ff5e1f6588f08c7fbaaff80d8fb6fd |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_win.cpp
| MD5 | 4a55597a2c7466278439452bb708b822 |
| SHA1 | eaadcda8f410f2dd1fd9522fd7a2221624dd1713 |
| SHA256 | da37b02fb0babb651244479ea019d229fff1c41ecde74bc06335b5e603d9b30e |
| SHA512 | b20efe8026de41dd8c13c6f844455cacc13fa80bc3dd41fef422fb178054a7c8d6f14af8b1d6928e52648ab95a793aee1f996dc2aceead3aa8d317a99aad23bb |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_not_supported.cpp
| MD5 | c510e65ebcb2fa7c00712e770ec8c692 |
| SHA1 | ca1ea3c8340dcf69f344d5eaa884631eef37472b |
| SHA256 | 7c03cec11c438b6d2512239477d9f1b45d6e16763122a3a36458ab339f50d3c4 |
| SHA512 | b0b312426b4409c80b45a0f3337069be9870e050dc8b55184fb2bc63532c247089c8d35cbd1f12f0bd2bd38d581566faa74a6469b548a1ad7d837285ad37c178 |
C:\Users\Admin\AppData\Local\Programs\StarsVaders\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\main.cpp
| MD5 | 88934cc736b505ada3d07afe22083568 |
| SHA1 | 6d1d112f4e7fc943dc5c9ce5ad2f32154aeb2f3a |
| SHA256 | 1ada21451bab629832372d519e366bfb08c80facfefe5a40c76a4f10a697c905 |
| SHA512 | 9f45386cba32d13a50360916b0c2f240e43cba5983a86ad80f85c75cd8e6ac2c6b931992842a736e84e234b91fc46a7a66824a3a2748f474cf1bbd22ec138a99 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE
| MD5 | 79558839a9db3e807e4ae6f8cd100c1c |
| SHA1 | ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2 |
| SHA256 | 7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c |
| SHA512 | b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json
| MD5 | f9560f0fb25f1dc014682359373146c4 |
| SHA1 | b19c6321292cc63d26a18bef5d80787c5e57e746 |
| SHA256 | b145c00c63dde4da0eb3736b0d25fe79fa252a02daa9c3fdbb2d3a5783e98cf6 |
| SHA512 | dd51dcca43554f27b2718f87661cdfc86e6a51b36c15574870d793fa358f76816423c0ebcef34dd9a7fd7ce42e6be18f834100a327cdb3e6eb8dbd9d65792262 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi
| MD5 | 92c4c5168a6a883f2a69ea4a1a37b7b5 |
| SHA1 | 6dedc03d603631c1f70c626f5ef9d8ee6f342efa |
| SHA256 | 7b557c097c162c9ba04985ab822f92a176bf848c34ca38e54f061057ad0d8bd0 |
| SHA512 | 904e605fe5bf1134031edcadc91ed55bf72d7fb1c862f99f25a672d29fdb34af22d4114cae389a853d703bc35bfc2c8429f86608fed5eec897c115ac3dea8de5 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js
| MD5 | f0a82a6a6043bf87899114337c67df6c |
| SHA1 | a906c146eb0a359742ff85c1d96a095bd0dd95fd |
| SHA256 | 5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74 |
| SHA512 | d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3410100.tar.gz
| MD5 | c6d5034cf39232299ccfdf8e3ddc5781 |
| SHA1 | e77599a2df4c5b114c942ddba4483550d8982bf2 |
| SHA256 | 4dadfbeab9f8e16c695d4fbbc51c16b2f77fb97ff4c1c3d139919dfc038c9e33 |
| SHA512 | 6e6dafc35b8b11df3cd3bea48aaf84a102893242cffbe18eb7b111791563095111a2a8a5632636b8f46523d98d16e2b48dab79ee6707a141b22c2e6fde3002a2 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp
| MD5 | 0e4d1d898d697ec33a9ad8a27f0483bf |
| SHA1 | 1505f707a17f35723cd268744c189d8df47bb3a3 |
| SHA256 | 8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd |
| SHA512 | c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js
| MD5 | ff6a0462767c6bf185a566f4aef65ba5 |
| SHA1 | 7a3c3ee6748d00fac6e51e366518bb48a41794bb |
| SHA256 | 049b7b1b10417274be6c3e6a9518ac364729354435298d70abf834c35e8f3bf3 |
| SHA512 | 088d706f5a18323128547b0f126564fb7fa7a36dc8365ee8287663b2cb63da2d02a991bc5cda19af24da2aa063357c25f21347835f9a8aaef341b33bd21127df |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js
| MD5 | 275019a4199a84cfd18abd0f1ae497aa |
| SHA1 | 8601683f9b6206e525e4a087a7cca40d07828fd8 |
| SHA256 | 8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973 |
| SHA512 | 6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js
| MD5 | e5c2de3c74bc66d4906bb34591859a5f |
| SHA1 | 37ec527d9798d43898108080506126b4146334e7 |
| SHA256 | d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f |
| SHA512 | e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node
| MD5 | 3072b68e3c226aff39e6782d025f25a8 |
| SHA1 | cf559196d74fa490ac8ce192db222c9f5c5a006a |
| SHA256 | 7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01 |
| SHA512 | 61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h
| MD5 | 7fcbaffdc03bb5164fbb27f8552dcf5d |
| SHA1 | 590e3430c1dfa30f241d56ea01f364d5b9e7e991 |
| SHA256 | b6e86bf43d74c8ee2c2f57eb1947be6ce5d8c258c4866609571ed6c97b58b53c |
| SHA512 | e44d4850651e0e070d3f686db3d3797632121e32dc65b869739c0b45cfa13c055fc42d650f04c41915264b8772fcfeb2a38148b9fbe21a001af5a455854336b5 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h
| MD5 | 55a9165c6720727b6ec6cb815b026deb |
| SHA1 | e737e117bdefa5838834f342d2c51e8009011008 |
| SHA256 | 9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f |
| SHA512 | 79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h
| MD5 | f023c6c0baf0411cb6eef0a7b2baad13 |
| SHA1 | 748b78bf3ed5adc11e83f705033d8338d7eef2b5 |
| SHA256 | 8c5bcd084dddab2f2994b6cddc9b69a8f78a1034588b765e7bd859f27868fe43 |
| SHA512 | 08648cb37c0284799bb98fa2eb1abb508c8b992b43425203839e1e7f4092b7d2d7c83f6419417281ae278d3d61ade0b65959cf12f0c449a9688ee97749593dad |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h
| MD5 | 283f3987e0e65dca1b029bdbb625ccc2 |
| SHA1 | 285d7995459c11a47e13834ae3ec0167eacf7d01 |
| SHA256 | d3956cdbb650e1ecff8c94fe4e8645f80e10088156d409703c19f186a9c41aa8 |
| SHA512 | ff5c21bd53bf75b33a5430d1abdc8a8649af1535ec02aa5fceb91ed1189e44f0818e25556946d3ad8032b077fa30e73503464aff219b42cbace1ea3f97acb605 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h
| MD5 | 592ca8ac280135c059c9ed651ac738c3 |
| SHA1 | ac8e8b5e835ea2810a443df2a57f3bdc3c60b2c6 |
| SHA256 | 8d1afb5d27eab8302de08aca87eb6edc1b99ae963a854d3bd652a4fc61cbe3c6 |
| SHA512 | b4e317200e3cab4dfac93e684150d21f7dd89a656f8a9f576b9cfb22090e8db6c458008a4a1406121fabdac034cfb80200a740d0caf6ec63fbf71ad2fde41029 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h
| MD5 | 13d7bf3557e57ef3036bad68cfa8faae |
| SHA1 | 94c1af952f38e9f1ad2d722ec3a063fbe666e66b |
| SHA256 | 2c99d9cef21876db64b610dd9baba8de1f7c94028d6d1c463eb3db213745b3bf |
| SHA512 | 63e4543833d602b0c6ad9c21438e61782c252a5e30b776a9c942e1ecc34c1a7c471a39195caa20aefb072add66c83d99af902d620857d18ddad196f4f207a161 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h
| MD5 | f2a075d3101c2bf109d94f8c65b4ecb5 |
| SHA1 | d48294aec0b7aeb03cf5d56a9912e704b9e90bf6 |
| SHA256 | e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36 |
| SHA512 | d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13 |
C:\Users\Admin\AppData\Local\Temp\nsw8917.tmp\WinShell.dll
| MD5 | 5c6b12fefc626a0594f4412b5be04b22 |
| SHA1 | b7e8af03e3f264fa066224687547de7e62318db3 |
| SHA256 | 83d8c52c47d81dd019c8986deb1108166518248ed0d0c691906f8cf9de57a672 |
| SHA512 | b4306c41b1f60e9aaaf55867340dbb3648c792b48cee770202f9274e7fa94c144e1b619ece631f769e9bc3d6a2e96181bcf43bdaa5f19a68beef4996c3211b7d |
memory/5480-982-0x000001B1A3F70000-0x000001B1A3F92000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nsdj5j2r.b15.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5480-987-0x000001B1A40D0000-0x000001B1A40FA000-memory.dmp
memory/5480-988-0x000001B1A40D0000-0x000001B1A40F4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 3bfc414667e1ebc31e9259fa1db290fa |
| SHA1 | 9bff989429779efef334e5524a362e7b6ff266cb |
| SHA256 | b58f994c644f7b4a831e889630bfd7ca0860aeb1e0920dc0f5d4928585a9dbab |
| SHA512 | e6cb000e8f900132f7dc661f943b8e91e945d171157ff3289b91e9d79f70230e363ed65b7ec97f451b376cf4706a14de9a86193e72dcea8fe3aa8c86c6117d13 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7d62a8b4882bcae55db635f5173a97d9 |
| SHA1 | c780200e6e77abadbf872d9493d362ad1ff9342a |
| SHA256 | 03a9c1ee1610ac667757db120dfb496c1dfe93fb3fe6e25a3805092d19c3349e |
| SHA512 | bf3b4cfec8ecf7010ff261bc5eb5d1ab27be5f4cafd73e9fcf6b65dfb340afb27ff77dd26ddb94f7183cd69ac43281bbb3a4afef34ccc306fdd0ca1950fd61eb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 2e537aef94f3bb925dc9af0b3f8cda7b |
| SHA1 | 0ef9dacfd41d8a0e5ecffac30fdf8d3e3e5e77af |
| SHA256 | a4e86c74280264d25ce792d822029b358ce8aa1071c979b46376f72d3e5103cd |
| SHA512 | 100cf114bbcca4d04017c9eccbf129ca0f75edd6e7dba0569af0c288c3781d66be24fa6d4a09819b3faf6349b17741bd74cbe92c1dafac41f6518712d55e9250 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 70f5b6d8eba88f3c4a859aacfd024ae8 |
| SHA1 | c366df5a7d6bb073d03a0360c3e8bac7d3735be4 |
| SHA256 | f5252a96e5e9c65ebf1db7ead8d3154a3b28ed338f72c19db8e62f629218c39d |
| SHA512 | a67a871685e9dc3b5b7f44f2ce5fd75dbfcb0c944882a82e108fc4b253fa901f7d5cc0bf80eb7b796d3750dde2c5f4434c52d490eba22a77d37bf33cf4623d00 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 371e7ee6c059cbe909fb920a5fbdc79b |
| SHA1 | 748b6dd17f5fe32b309ff9910e84c77a3f6a8092 |
| SHA256 | 31bd5a28190599cf85382a7a9a438e8cf8dd7897181d9fd270827ea4fb4545ba |
| SHA512 | 036e660355198776e712c6159c378abb32a2b8fb7335c43bbd80124affc35caa6caabec6f83c9cb7901983efcbf2d658aa68526e62c67ec7eb1460d87ef97f9c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 33d9648e4975f07ebcf4a3176d7486f8 |
| SHA1 | f1376eabe24360c19ea387c604708ef5d3baf74f |
| SHA256 | 125f70eaff332e7abafccb6a35c6e87b029143918e74bf9045b207410e4f697c |
| SHA512 | 81f07b63ef2e8b2af81272cde8bfba7353fd89c82c3ac5d5ecb4004b943578c2dc1bf88b79b0df6157f9286c31601e693bababbdf294c4079c267c9611a523af |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d0c87c3fd9c48208d8c78c55928fb242 |
| SHA1 | 9183bd4a0974e1b801b3c13920cf8e403d0a2310 |
| SHA256 | 4a8045b05a7e5632e1d2f446577d4de6a5d1c08be0a518a82336d48f0696f3fb |
| SHA512 | 8d1ee68eaa34ff11b84f611bf4699ece78b4797324cd86581430e5f90286b58e323fa7259b0b76ce0a9eafbf09ea9029e7e361ad704cc87c5d75736fc45e240f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3f81481f0251165ee8051799d5487156 |
| SHA1 | dadc07e6eff95dd6fde0f3fb3eca0a4aa1941434 |
| SHA256 | 020c968aedf44573c2dc9945010abb1109638dffdd9a627c503321068b79d845 |
| SHA512 | c93f39f6f41ad4256c1c6e6fb5afd4a44477372c8459d369ef962b42ddcfb3b7c84ac8b93f128fac8e9e8405c84c62c8891ca05ce97a84a0e6a411fe50371efe |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 740951544b69d9a5a00aa693bf1e2d73 |
| SHA1 | c46fdae6979a08b5e9db05046686f0d1edf38caa |
| SHA256 | dd63d617a9607de67ecf702ea93f02e805d11eafbd2c6e9f705c620b1e685a22 |
| SHA512 | e5fbfb1346aa56c358b6970e0caddb424ef416daba7ed3a2014dc18dabd2d0d5ec42f4a10518ca1453e7dc4da1893ee23b0cd18d4e91887637ce5ae9577db398 |
C:\Users\Admin\AppData\Local\Temp\d52e9507-caa3-4cab-8064-f5fe7f79e8a1\Cookies\Chrome_Default.txt
| MD5 | d96c9d002e6de1382c32672816a9ad4d |
| SHA1 | 390d6ce31b13b26eb38f1d564ab0caa7519051f0 |
| SHA256 | 093a18fbcd91bec8932250cdb83eafaf79310154ecf73d0b0ca1ed68d76fa710 |
| SHA512 | bb332c44a0bdf4b7253888ccf14a86e8fa8e461162f5874cb4cd5af2fb59c48897c681494aa2e4ab5d16699d4c4e606677890817b6442a9859e37507b9e242e0 |
C:\Users\Admin\AppData\Roaming\StarsVaders\Local State
| MD5 | 7cffb8c2dc68da0dc352be038ea92729 |
| SHA1 | e0855a444970717a4c61e65cf1863b25aeab5bff |
| SHA256 | 59c95b7c0a4db79fde11efe864e959da56723a7e811b358d84394bfe533820f3 |
| SHA512 | d016035f8487deaa585b7ef6389de41a70ae5127f7a0be0d04ec0b75fa5f2aff0da09c29e4b08b96ec31db62d5035304d6772773f70dbdfbf5b542ac4043fe77 |
C:\Users\Admin\AppData\Local\Temp\d52e9507-caa3-4cab-8064-f5fe7f79e8a1.zip
| MD5 | 93430d3b594fe633a0043ae8215e6e38 |
| SHA1 | 32f109dc4acddf5eacb93419b88d72b49c2d90ea |
| SHA256 | f3736151ff461d2f079e7043821f7e054eef810c18695bd142cd403c37ae7593 |
| SHA512 | 4e5b682d36835a5b8af869640a9030db9b1b349c7c3e8aacce160042a3c7b3e73959bd9915fb10f81af8ae3ca86509d1dd17eab66d01cb547ad1c0214f3c8a23 |
C:\Users\Admin\AppData\Local\Temp\c4e4cf97-f620-4e11-94eb-7c26356df3ae.zip
| MD5 | 399b1cb106580a9b38b8ff783f5e805f |
| SHA1 | 5be86c04a7460142197f0561cb825002f1b3d2fa |
| SHA256 | 0fcbc0ed5b6369cc8fd353e5df51b83c1e59f3f6a91279c8b110896f272d90cf |
| SHA512 | 38effb026041b28bb0783008cb3dfa6d77cd4bf3f095bf2dcd81eed31cd0c55a61afb71ac75a8dca69d4b4efeb4ffc08a6aced79129c38b15aa117d6684670ac |
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-21 13:35
Reported
2024-10-21 13:50
Platform
win10v2004-20241007-en
Max time kernel
430s
Max time network
436s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\StarsVaders.exe | N/A |
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\StarsVaders.exe
"C:\Users\Admin\AppData\Local\Temp\StarsVaders.exe"
C:\Users\Admin\AppData\Local\Temp\StarsVaders.exe
"C:\Users\Admin\AppData\Local\Temp\StarsVaders.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\StarsVaders" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1736,i,13596593642687369767,1540847115950175215,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1728 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\StarsVaders.exe
"C:\Users\Admin\AppData\Local\Temp\StarsVaders.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\StarsVaders" --field-trial-handle=1932,i,13596593642687369767,1540847115950175215,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1928 /prefetch:3
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | unity-api.net | udp |
| US | 104.21.1.221:443 | unity-api.net | tcp |
| US | 8.8.8.8:53 | 221.1.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.64.52.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tdc0je3t.xqg.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2644-9-0x0000021538D50000-0x0000021538D72000-memory.dmp
memory/2644-13-0x00000215514E0000-0x000002155150A000-memory.dmp
memory/2644-14-0x00000215514E0000-0x0000021551504000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 3bfc414667e1ebc31e9259fa1db290fa |
| SHA1 | 9bff989429779efef334e5524a362e7b6ff266cb |
| SHA256 | b58f994c644f7b4a831e889630bfd7ca0860aeb1e0920dc0f5d4928585a9dbab |
| SHA512 | e6cb000e8f900132f7dc661f943b8e91e945d171157ff3289b91e9d79f70230e363ed65b7ec97f451b376cf4706a14de9a86193e72dcea8fe3aa8c86c6117d13 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7d62a8b4882bcae55db635f5173a97d9 |
| SHA1 | c780200e6e77abadbf872d9493d362ad1ff9342a |
| SHA256 | 03a9c1ee1610ac667757db120dfb496c1dfe93fb3fe6e25a3805092d19c3349e |
| SHA512 | bf3b4cfec8ecf7010ff261bc5eb5d1ab27be5f4cafd73e9fcf6b65dfb340afb27ff77dd26ddb94f7183cd69ac43281bbb3a4afef34ccc306fdd0ca1950fd61eb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 139370695d63f7f487e7a412839ec6d5 |
| SHA1 | b0a640dce5d3fab13e722e02d6d8c1e82abf2ac1 |
| SHA256 | a1ea1dab0972db3a1b9806ec90036ec0c3a68eac135b2b33db0873cdc5668557 |
| SHA512 | e04e7c617d17e7ae4814cbf6d6072130aa7e2ca5b434fdcc4efc4e64e28d77960c5be2fbe790a0332cf7522ba26550467a6ad3ea8dde0d689204044007830e9a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7d6cc7aee08a5073cb2c3e98ad23b26c |
| SHA1 | 3c6451bd5b1b5d3ab4f7249017957e7fe546ea2f |
| SHA256 | ec78f7b03043cb62799bc71a691dd0c0c3bc8813459e958c78e337d6a8199ba1 |
| SHA512 | 879e41ce1ac86564217cbff02e0a8e4a155a35b04123d2c7beb51f884cab92b412e0def8f1c06518308fe5e9d37200764b6611ae74a7bf0870cd655264a339a1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 5b4980ac71f441d18fca9204eb4c0aa5 |
| SHA1 | 4fb88932d50e644129cd135f994a3e13d8f15610 |
| SHA256 | b09bc204c360ac6db8fc2098492fe7f7f8df7baa0e8591d2f9a51a3778d05ae0 |
| SHA512 | c479d4a72a997df97d7dd45c3da825f83c7b148e242669b9fcb6e68a1fd59aee38e06ca83f71ca38762fc84518ac09a0b73f578a3b0709e61bc9f3bda0d523c6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a3f876345166554eed8fbee8a51a8961 |
| SHA1 | e87b3b36fd85fe3ec934d2f75f7a923c770aacbc |
| SHA256 | d7847d40ff580150d1a7fc13f7102c63bf38e964c78ff13e3f916e22cb3fb398 |
| SHA512 | 9fcedf13969adcb1a94ac4295ace78f5157496cc9789431e28f9e3ae8b58d5b1143a1ef8c31ed71b3a1e4e3ff50bf631c8467336cee3f4405eec08362de9253b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 371e7ee6c059cbe909fb920a5fbdc79b |
| SHA1 | 748b6dd17f5fe32b309ff9910e84c77a3f6a8092 |
| SHA256 | 31bd5a28190599cf85382a7a9a438e8cf8dd7897181d9fd270827ea4fb4545ba |
| SHA512 | 036e660355198776e712c6159c378abb32a2b8fb7335c43bbd80124affc35caa6caabec6f83c9cb7901983efcbf2d658aa68526e62c67ec7eb1460d87ef97f9c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6f93ba2bf86c51621ed901d5066fb2c8 |
| SHA1 | c476f6080fb1db89c755757e9a2586206ff33491 |
| SHA256 | c9730d10fd39a556bc3134350c8e06e4126abe61ee41cc5cd6927eab4037143f |
| SHA512 | ce6a78e697ef8510e39eb113df1dfaf68f714c2d2278e346e58a779e7861287a229ea26b433611db26aa12614405af0c2c13b4ab5041db76f8a5673564512401 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3d1eddf3cb40acf2f5e1be5c25e1b51f |
| SHA1 | 1dc89bcd99396f93e57f84309fba29947556c392 |
| SHA256 | 376fb90a48e5e18ff1aa366166d2b2f1a778d5a2dbb210edb1d00165bb9dd1b1 |
| SHA512 | 7037ee98b5d3e2dc288640e63d97bff0eb2ae3114fb03a0e4731249b28245b81b1d3e13245c74b12b3463eef98b188d721c1738ad1a2781148819b22202878bf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7b1683dbdd3c27f396bfe818a92697a2 |
| SHA1 | edc7f55af593daa0b96a9ceb5991b730e8098a7b |
| SHA256 | 7b704b5f34be517553f3548f7faa1d70b82912a7c6e33ffb8ac50951cee614c8 |
| SHA512 | 4c28554f9e87eb0deb154ba849083b92ba29b07e01fc87f7fff4848c9df05882f14e66b0712b1d513da6c502df379ea25b5573f2e579e823fb62f2debc9dca76 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e106d8a9672b7f06024151a6f900d910 |
| SHA1 | 2bb94303682c470e93cc4e8cf56f2ac002f622de |
| SHA256 | 143f69cf71c638efe881379dc6810c4bd97492a49cbd93dca38562deceb3b7f5 |
| SHA512 | 8cf484bd5c0a96db32163bdbc747206de490e03ec988363548197c5cfaade28e3193bbc253123a860c9ed4852fa7f3709716def1718339c0fdd3bfe40fef5f2a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3a33adfdca63969d9b3a626213a17e29 |
| SHA1 | 50e68a0edefad493e31c3a8fa1aad5b40677aea2 |
| SHA256 | 4b0606ec204fe2b6fc5ec9e334bfadb9caf3174f9aad8a680538675e5f48a02f |
| SHA512 | b8af33fd87e3093d5c097a03f13a448ed2ba7aeb56cf53d3784e92ef600444a41182ed064a59849eb43417249acdbb7ca16592a86d57db76807ecaa7a9785186 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4a1ecdb31d7a3d9699351208166883cb |
| SHA1 | b62a03b1a9e94f731427b5e19bd57bbc4a53e742 |
| SHA256 | 6fa9e2383011bb63b475b42dbc83c1e1db57135ac2590bec0a9003e7f036eeb7 |
| SHA512 | ec94fd098e3c3674eb2fd6704414d179f1ac118c566f0b57be40050f3688e5b60bd6fd528631e827058b49f25d74d1f6f939a9c4c1ad9e0256534a83d8b491b6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d576edc3ba971ac7fd8898dfac4c22ea |
| SHA1 | 7e14adf3e579216711951a51414ac8a36efc46c4 |
| SHA256 | e7f68c798d5a3992b404a3b800df98b23ceb63054dbd3d049d48bb9c29400d06 |
| SHA512 | af314bf572c62d2bb7f0041d4adba8697903359384a25d6b08e01aee6bd63e9abb331ee9655471c6966ac621ba377b2c59274b5d6fcbbd7fcdc7487c77e86c86 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d3b339b76f0d340549370646476aeffd |
| SHA1 | 306c50dedb99ac3c42cce60d2a082749c782d3ca |
| SHA256 | 7c57d57a1956afbfb557a4a7014c3bcd776f4fcf7e29a2def7c4c6396c887bae |
| SHA512 | f8b49fb771aa5104c4aa8b779df80425bd7b8e875db8b53b34968f1d5dc500e0679df5833e5a396d172ba098afbbb15297fdd00ea1468db98302fe6a718aa370 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 740951544b69d9a5a00aa693bf1e2d73 |
| SHA1 | c46fdae6979a08b5e9db05046686f0d1edf38caa |
| SHA256 | dd63d617a9607de67ecf702ea93f02e805d11eafbd2c6e9f705c620b1e685a22 |
| SHA512 | e5fbfb1346aa56c358b6970e0caddb424ef416daba7ed3a2014dc18dabd2d0d5ec42f4a10518ca1453e7dc4da1893ee23b0cd18d4e91887637ce5ae9577db398 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 94ee0ce1b0324062983339c924e9c53c |
| SHA1 | a63877ef0ff29db87365b97c3d100d920e49da4c |
| SHA256 | 14388ad4ba462c786086cc3987c77fd8c78e86f88775691868209ccd53d98446 |
| SHA512 | 4e9168e89fa4b72c9a72dd2f974113bd477e9bc3de72133e89121675ecd54a66135dea71675166e2f637d8d5c7db36ef8c6ef5c795663bf04ec2034acdc462e5 |
C:\Users\Admin\AppData\Local\Temp\9a568e33-7129-4c3d-882a-2dafcbcbcf85\Cookies\Chrome_Default.txt
| MD5 | 2808a256318fa3d1975d089ac08f7de6 |
| SHA1 | 338b3d96af9dec9d2666ec709c3d587095a260b2 |
| SHA256 | 9dddf07b06d425ba3368d8889a8c519fee8ef8320d25b11f9c03144d96a5e732 |
| SHA512 | 1bad303517077bcda30d5fa5bf541edfdb54d41ef315af7e3056b29f43f97614b93fc881b63bea783445a9a7419c56ce355590157ac7371d5ef7248ceb4ef2f9 |
C:\Users\Admin\AppData\Local\Temp\9a568e33-7129-4c3d-882a-2dafcbcbcf85.zip
| MD5 | 401df9fb6786041c7a94fd26d88a8e85 |
| SHA1 | 10b7cfd7113f569af3e4a054a909d889927b35b9 |
| SHA256 | 4bc456b62f9767b47957123b961cd831bb5e4b5f090efaf5f5bd1abcfcede363 |
| SHA512 | f01ad556912c818347bdb9a641ae6bbf5cfe865d30a1cd6e19c37d58feb7ef0fd3cd7b9757a47c14010f9e0fe4c9ecc66216244670585429105ba6d086ec5a54 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-21 13:35
Reported
2024-10-21 13:47
Platform
win7-20240903-en
Max time kernel
360s
Max time network
363s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe
"C:\Users\Admin\AppData\Local\Temp\StarsVaders Setup 2.0.0.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq StarsVaders.exe" /FO csv | "C:\Windows\system32\find.exe" "StarsVaders.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq StarsVaders.exe" /FO csv
C:\Windows\SysWOW64\find.exe
"C:\Windows\system32\find.exe" "StarsVaders.exe"
C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe
"C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe"
C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe
"C:\Users\Admin\AppData\Local\Programs\StarsVaders\StarsVaders.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\System.dll
| MD5 | fbe295e5a1acfbd0a6271898f885fe6a |
| SHA1 | d6d205922e61635472efb13c2bb92c9ac6cb96da |
| SHA256 | a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1 |
| SHA512 | 2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06 |
\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\StdUtils.dll
| MD5 | 21d805663834f61cb443545b8883faf2 |
| SHA1 | b222c5ca1e4cb8a7bff7eb7b78d46b8d99bf71e1 |
| SHA256 | c18b46a68436d164c964ba9b208e5c27ccc50e6a5a2db115e8fb086663b5308f |
| SHA512 | 37836150ef2837f69b82399024d0b93dbdac992971c7fe7b50959107c0520f5874d45f4230f08554514e3bd6a76d6e35c55c8afd53f993aba18f77475ef02001 |
\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\SpiderBanner.dll
| MD5 | 4287dbf2ad9e000d8653137470528fb7 |
| SHA1 | d488ea09a1c35f9d773195b3cbdbb20e4878c0a4 |
| SHA256 | 35a523fe649201442c9fa00d875cf9acf8ced7c11347726cc0c6df5b0eda9f95 |
| SHA512 | e5dafa93600e9c1e994b4e0131b841b2e14f76d874875926f90f1f1c2cfd9e2caa374a1f584594f41e4feb0c06e93115e9fa23237dbc31d3e1c208ad8d0cf58a |
\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\nsExec.dll
| MD5 | 50ba20cad29399e2db9fa75a1324bd1d |
| SHA1 | 3850634bb15a112623222972ef554c8d1eca16f4 |
| SHA256 | e7b145abc7c519e6bd91dc06b7b83d1e73735ac1ac37d30a7889840a6eed38fc |
| SHA512 | 893e053fcb0a2d3742e2b13b869941a3a485b2bda3a92567f84190cb1be170b67d20cc71c6a2cb92f4202140c8afd9c40a358496947d709e0c4b68d43a368754 |
\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\nsis7z.dll
| MD5 | d7778720208a94e2049972fb7a1e0637 |
| SHA1 | 080d607b10f93c839ec3f07faec3548bb78ac4dc |
| SHA256 | 98f425f30e42e85f57e039356e30d929e878fdb551e67abfb9f71c31eeb5d44e |
| SHA512 | 98493ea271738ed6ba3a02de774deef267bfa3c16f3736f1a1a3856b9fecc07f0ea8670827e7eb4ed05c907e96425a0c762e7010cb55a09302ca3cfb3fe44b2b |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\chrome_100_percent.pak
| MD5 | 3c72d78266a90ed10dc0b0da7fdc6790 |
| SHA1 | 6690eb15b179c8790e13956527ebbf3d274eef9b |
| SHA256 | 14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7 |
| SHA512 | b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\chrome_200_percent.pak
| MD5 | 3969308aae1dc1c2105bbd25901bcd01 |
| SHA1 | a32f3c8341944da75e3eed5ef30602a98ec75b48 |
| SHA256 | 20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6 |
| SHA512 | f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\d3dcompiler_47.dll
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\ffmpeg.dll
| MD5 | ebf0485fbf546b010c2b10c5c8e7d5ed |
| SHA1 | a4a546f6be93bae535aa724ce2832f428cc91f89 |
| SHA256 | 46a20d91861f6e966959635dd5f1adfd7f33449dd814a9aecf207b0cd53117ba |
| SHA512 | 9e6011c0269556376907850fddac8fdf50e132434da7daf4d87be83c1b89b7aef847b25b6216686915225a82374fac6ff987f22efc01d5b1c2cc81d53d7facc9 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\icudtl.dat
| MD5 | ffd67c1e24cb35dc109a24024b1ba7ec |
| SHA1 | 99f545bc396878c7a53e98a79017d9531af7c1f5 |
| SHA256 | 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92 |
| SHA512 | e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\libEGL.dll
| MD5 | 4c01b3614be1f38a6d594443a547c257 |
| SHA1 | 7eaa456b164613577d0965ab5a57ba2b681a6ffa |
| SHA256 | e36da1a4228899bebe50cc5da1fcbbc590cdcb3ddee0b2a19defd99a805b6ed4 |
| SHA512 | b72fc071dc791c63978465a68c9a4904d5f1c458d302bb710e83576f20ef928d73c487248a305bb455990c2d8a6b894ee47d88bca6bc92360f286849ae1a1257 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\libGLESv2.dll
| MD5 | 9bbeb7b27646442c8bc2d202a73516d5 |
| SHA1 | a7f7a52dc45bf130581953e07ce9b9851cbce90a |
| SHA256 | 2b80817443265e7979b9a77075492e8e29be3ba775d20f646cdda391efbab21c |
| SHA512 | f9826e43f53bb9b906b5c62ff2502d4e8dc3ff99b72420cf313a5811061cb146651cba3b8f864f34dfcfd51c6e3b39a0a640719ef94d7696bdc4fab7e9d16785 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\LICENSES.chromium.html
| MD5 | f017c462d59fd22271a2c5e7f38327f9 |
| SHA1 | 7e1bbeea6ac2599bd0f08877aa5811d32f1aceb9 |
| SHA256 | 40f314c778851106918aae749d75b2d913984327602a1bfb7ef0cc6443ff2a37 |
| SHA512 | 72177281486f6ec26ccc743b43481c31470c7dd53f17b0a67ac087dded190c2e3dde5570260150c2e9650186a515740af7f81e31965c95bb762340f9ac100c07 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources.pak
| MD5 | 7398d5aee46689f03c278c8954f68f2b |
| SHA1 | 62e10057cfb2dc53c62d088d4fde3252d1216d86 |
| SHA256 | 9590361aa74c43818881e622f2e3b7992c978397f7ac269f37accb435b134fc8 |
| SHA512 | 1d6ae4cadd302fd683be66016cc4aa092bfe9689b81e1a764512327983f558a7ad9a10aadb7f8e13b73949d648d0e14ea0eb7c2de2420353a46e44c6b647c652 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\snapshot_blob.bin
| MD5 | 0406a232eb55e516dc38b4967671846a |
| SHA1 | aade7c03b1ecc81027c98a79285687bc19276fc5 |
| SHA256 | 4f944691b7066ef5653cfbf6b016488f6e5f0afd2d6bc03b90de5485514f83f5 |
| SHA512 | c608095510f88348e1e412ef573e4aeb4a7d328dec2892bada688a06baa023fcea1cc0dfbba6f6c41de303f3b6d5e1c4335a2610f3ec47a690e4f309f8782359 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 3eef488e8b9d35f710634c4d404c7e1a |
| SHA1 | 971c730ccfba2db0fee379683f4e310df5c9f1df |
| SHA256 | 3a189b50da4b31b5af6cdfdb6398fa039ccac9e13898e4851b27c4d91f4dff6c |
| SHA512 | f787b7633edf75905674c467f7c291a2b3791a8475b11e1d4fb1769ebe872c6b70d778124c22a55b96efe2ac443c82750371421ac9fe8f2cc8bb47ce0e3648d6 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\vk_swiftshader.dll
| MD5 | abd993f23ed3c75fb80320a10451dd66 |
| SHA1 | 95b13400418512870a37a4e59ecc7dd9c467df2b |
| SHA256 | 52c64e3bd5f852f7c2628bca773bb5a270ad40f5e31bcf8429323cb9fd1bd4da |
| SHA512 | fe98cabf2e3500d52b09f9869f3ceab6c7ed8fefb7fba56eb62a5319053ea997881112abf139f2e642210eb4b61d5a726b8dc41d4565b81faaeb5d64a00e6267 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\vulkan-1.dll
| MD5 | 0b95f0a5905c4075a3fbef0ddb71e915 |
| SHA1 | 72a4536da15d5d9e1617331d8e4a5c5a579c75b3 |
| SHA256 | 03b808d8045ebefebf2e2847be039358f7ec1db63e1c601847b8cd304c3db448 |
| SHA512 | 9e57eeaafdaf0b5516822d1ca7ef1995442a03677f856828d49ccc01ab8492245d8659eec7675822fc8610ba250e49a6f3c8569aad2a324cec83e0d6b5201187 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\am.pak
| MD5 | 1c47cbc228940f5c645f2fd77602253e |
| SHA1 | 474a5006ae9ae774b5d420c2f1fb0d0f2ff36afb |
| SHA256 | 5245154c986ca89ef53a24a4246345e3db01ebe47219f1d0772935b03e81e37b |
| SHA512 | dd4e7c1e26759001ab1ef63f93e847e2908c78d943c7546c88e1988d96a6625f9de9e0ab8b38af4c7b07202e1a5488023cc3429075de6c9b9394307c88442673 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\af.pak
| MD5 | 09455048c30cecbb17d6e0e95e4c01da |
| SHA1 | 6572850b07df45933ed57754f72c44895a7ef662 |
| SHA256 | e973763dcc0ffd7a5afe0a62ec9651c4c3db7fe29a23797fafc34b83512d03aa |
| SHA512 | f59b68c213815ad81379c964abe6597b900b9fac5fe17e2cb378d015c4803f96b598ef70333d594599b3283a88a9ca9cb2475afc2590eda2ddf7b041ba2368e3 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\ca.pak
| MD5 | 84b1e5be23e838708773d4e022f99986 |
| SHA1 | 53e411d571605a0a86a1040bff32a5e951ce9ee8 |
| SHA256 | faff0931e9479b76d2b6247739d4f934023a64bbe8578be08e2dd0eb053231f6 |
| SHA512 | 8afc396b859fbd0c03d1b7604f5cd80d41fd8e3df52ab88ba22a31a6a0df447671377f2ad0f6797682da6aa32d7c779defa1097ee140af207adc94575957fca8 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\bn.pak
| MD5 | 880e325d5643051ad7e29c2280fab954 |
| SHA1 | cc46cff349031f9036cafafd3c091d1a5ab93f2f |
| SHA256 | 2fbcb9524eba04637e3f6c2874f7fce917326ba90877e1715eae4b35f141dd3d |
| SHA512 | d16d085bd51ad267738c649f6bbfb15b8ce5ac73b838cfb7e2ab0f4c135317c358b83a7b5d3506c492f75b97edb8d1eeee9733d12c9eca1bc51012d660b9e912 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\bg.pak
| MD5 | e1322b5cdbb96d2cf4a5fa5993c2acc6 |
| SHA1 | e813a5685b1885c2788c4826a8f8659493febbf5 |
| SHA256 | 39707fb80e38e9404accac5f12ff1f3745589bd80b1586e2208b27c0c8eafcc2 |
| SHA512 | 2c6e766d671bc4ac772196e40b818039fc88f02eeaa59f78c78558e5e2670c1fb7fed9391684160c0af5a92acf8991533b298b5aabc3919c706f23f094f2ac15 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\ar.pak
| MD5 | 513e6bea67200feef37fb2e8c7fcec36 |
| SHA1 | b0edbb5846b8ddfd95ad74905e890892192279d3 |
| SHA256 | 00a9c88b644807369637ddb78d9832d7137b5f1c64ca9720a36bfccea8c38d98 |
| SHA512 | fbc184640fc419b50f6b1a78168a9efb63f8ac4c151baed17b5e9b9d333a360dce109351654ebf1c71c97471917c922456cf9c816118c6c781efdee14d8360fb |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\cs.pak
| MD5 | 709ed2e9426081c9e86d9abdc74b44a3 |
| SHA1 | f55fc17c8b9bc5f09a539ecb8b995c1b43fc4d25 |
| SHA256 | 6597d0dadf724999741e0f24953ce9be02c8b98ecb8a382115b205edde87c160 |
| SHA512 | 992ba983cb8b24bf0ff190715c5845f34b13f17227486350fc736c872ac8f0b21347f5f6d13e2e204e928ec664e283ca65b65f72d9910725f55d737b6c5fda40 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\et.pak
| MD5 | 294c830b9e6667c8d5e7287cabd6a4b6 |
| SHA1 | 52f44b97b71624bee6360301e8f6f34cfa428e72 |
| SHA256 | 198674c98f10c36205161e382cc31560a4bf0de5f597a0c65f7f95777dc9bb24 |
| SHA512 | ade98fa9cc25148979f325660ed3f0f649a38709ea34b759796c4e202b3c30e76da3b8c17ecf2e1948db4a5be26af23c3a6e6b28f9445ceff68d251a5645db5b |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\es.pak
| MD5 | 070cbd6f42db1cb9b6a2f74e03d6b124 |
| SHA1 | f8830e1c8a601123d85fd75188ed01833f910691 |
| SHA256 | 91de93a4dc9c9276b9ee3ae498bdafaa55fd464c1f20fdaca84c4b79842327d4 |
| SHA512 | 2ebee4e289eb2a19a97c86d1abdc1ad53c6a76b8c1dc28fc89cfde236c4abfbb823bf52573cc0848fd76ed9e0ab2d49def542837bc5c474ca1593fb5ed10a390 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\es-419.pak
| MD5 | ae62374bc2e71d9abed6e0c1d4bfe309 |
| SHA1 | 624a8210376e11814485fe90a8825bb6ca883188 |
| SHA256 | 48bd8f17823ce0f0a6f1c9fda020d5b5655e2419634f92725ab263339d9a321a |
| SHA512 | 345794d617dd3aa200ca248566e9ba36dc846af9afe259545b5a61e787b1b52e112c7eb68bc025b0d2076790a4b77a82a724bc213fad9f0f38db6054332bfced |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\en-US.pak
| MD5 | d47cded365a28d27906414035c1cb3ca |
| SHA1 | 429123c86f6ca48a89bedc9a26027e01508e6db9 |
| SHA256 | 46958caf9847e33a11593ad024d5a95cc696edcd4620cf07e7b2b78c72b9c00c |
| SHA512 | 1a16d784913fead116460c9ff42e21ae482865cfe2d6ed1b1296496e46a05e513f8d048fa4d245e7a82ef61de4c4130696d5b1c647c918995f6877a888bd0853 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\en-GB.pak
| MD5 | ceba44242f8b24b70c9b59b5094d8da8 |
| SHA1 | 84e16c522ad397289a923e5cd4b012e2d323af4e |
| SHA256 | b0fd61679565a7649c90214efecdf6e1231a8e7895dad93452bfa1425417d5b7 |
| SHA512 | 31cd936157a7408a43dcba597f6e098499dd4c5fc011ef818ce93eb7a05c9d354229c3b2295dbc290a6d3f3600373f18f75b334ba9013a5dc0be44c82f2e51bd |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\el.pak
| MD5 | 4009c890acb9b81928e6e1a4b593dd62 |
| SHA1 | 83083e9c948ebba18fa990e230ee33fceae43cbc |
| SHA256 | 897b6fae230e6a3cd14e16eb537f96d820950f5a4537fe146a732ab028b7124d |
| SHA512 | b4c87024d3cd612b8af6f73b31853936614f4315ba9a48b4687120dc64e1794c568c4e074e41ae6f8dedeab61484e145dc0ca3bdb95482fd85492fddc26ab6ce |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\de.pak
| MD5 | 3a9f06d1708b7620e2639851024ed0b8 |
| SHA1 | 51c0d824bf38250ec0aae58e63141489931f02ec |
| SHA256 | 91da97794994f6544707299fee6b775745dc3891fc879d8e8a05844c6383eb53 |
| SHA512 | 08e80783de403651af208387a3191db30d1353cc25f310c917a1133b2622e4b6809bc2bd881517678e9229e6492705c5f45be3e849c0512c4a651c5b7026c926 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\da.pak
| MD5 | 96bbef1eee0b0a197ec834839c00e11c |
| SHA1 | 35adba0aafbb4d19015e11dde1f37de87292252d |
| SHA256 | 600e02877374dc083b21deb3cc3bf6a4e3e2b2c581a631955494b0591c56289c |
| SHA512 | e1ae7ad30735b6c42f81d30d50162330603753b0ce7705506918d0bf3bf9a52ac60f8fca570cdfe87f0d6dd46cfa3064d5a1526d39d81a053571b434b1cbffe1 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\fa.pak
| MD5 | e5d53b9d5756871d684d018fb0c745b5 |
| SHA1 | b00a40704c91b33c2aa0f6829ae3dd886ba7177d |
| SHA256 | 8b93023af6428322b9b13aca5da9bd395a9c4775c72b758df8eb564d35d15cbd |
| SHA512 | e722f114485cbbb5284d23f1ad1061213f40083c5da2ac9753e1416f75f7cee9d8315e6f4582322d992beb9a8cacefb607ee0b1737e3a6da775fc059a17c3fb1 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\fr.pak
| MD5 | fe0ea306a7b48ee2750af3a263d9f3d1 |
| SHA1 | 877968909cfbbe499911b4d8b807a593c4be52c7 |
| SHA256 | 955de4737419c06609227c63c2fbba7c8abf497fb976c99a4dc9f5d5105afbd1 |
| SHA512 | 07978311caa9be82bd398100d1d8367c5ca840ffcc166b73aeea0bc7c86b53db13bf648decfb3f54a43b9d199e0d98fcd29fdfb291a703502369b025eccdf872 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\fil.pak
| MD5 | a96f6f164897e62c984e9a61f6c3f7cb |
| SHA1 | 3ab2a714eb8e9b57e8a39792d152606ba0ef6a3a |
| SHA256 | ff21df22f24c92a06f6bbda2c70b57e098d7bb6754988a5ada087aed9bc8b8af |
| SHA512 | cd522884b66c940d64eb1377f9dd60143ae984fa7d144aa9d83b82a006b5da2ee9eabdcf046d362b2096d8a6b8486f36a10ac9f0642bb8cfb1e7903fda4c41f9 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\fi.pak
| MD5 | 925f45e80be419aa0125096ebb81a23f |
| SHA1 | e73a32362952dc0aea997ee408da090f1886a438 |
| SHA256 | bf20054eb68d3d67d17d2a8c594d896c9c33fbbd562535d0c7e6cf6c940a8732 |
| SHA512 | 8510e2e9749b4342eb8d79bbfb983c43293f7f37d138464c96053a79685c578a148dd54013d211b02115256f174f51a74ca9155883055801bbe146053de52eb0 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\hr.pak
| MD5 | 92e6ef5db4c0191282ce2dd3645461ea |
| SHA1 | 045d3ed58a625516af741c9e2f85680fc1561ed4 |
| SHA256 | f8d6694f1c05ca259a31e0427ba7cef5b57f0c4b33493fda21003911a5da6f07 |
| SHA512 | 08b09857f173ef2a3067d60120167223b4ec7414ff6117d206bb12213ce9563c8d7923fc0ce6e7df0ea5d8ae2b3ded2a23993ab43bc46bea3c08df1bf59e16ea |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\hi.pak
| MD5 | e3b31e519b925414176ef2d9546c356c |
| SHA1 | 7cebb1c5fd9c78f704bb9e5c463f67c5426d0171 |
| SHA256 | 82fbb97e7d9634df3c806439e144cf8d153d840bad98f6e790726841a91acd13 |
| SHA512 | fc3e735f010776cbdaba1592e6f685a1fb4773ab5062f5ba9ed95d9bcab2f0ce9ab024ed95158263450fc58c3197b84e38883262a588d6d92c4e623c61b4d200 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\he.pak
| MD5 | 06e89cfa4c6f4bfb7aaead492c4f08f2 |
| SHA1 | 39d943e0eb1637cd3f5a7b66ebcd28e76c89aaeb |
| SHA256 | 6b7937f16ae53457ac9a0c18fbac68b2076200b0fc98cb781415fdaf18c49301 |
| SHA512 | 8b6d33657eda8a3f1d1bfd55135de88953d21916e72df646fec2b5f5b17e9e15849f428b0fd83143f375ada174aa953be8f07fa8ba90ca4d07dd1b859d034b4c |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\gu.pak
| MD5 | cd212ed25482d2b5a246440b62c4fbbf |
| SHA1 | 197f3616dec4fb308e0ec5a17458ef8a2d027cd1 |
| SHA256 | 0e8762ac08963088c33b74ee790df95370bbfc298bae8abfb87eb1307ef46d37 |
| SHA512 | 207d3e9a6bfbd3eb19cf53a0a300eb0172ecb872496d627ac5b55b9ea11d52f24f01393893450fefaa3c42bb481129d54e552679f2f67a2af0e117d12464601d |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\lt.pak
| MD5 | b02bf54687716b5d5f18aee02411a980 |
| SHA1 | 4cf766077382c49fb89d59d861de0f482f989798 |
| SHA256 | 0b0e3fcb82ddca52f9eb1ff9e1ee224639ff81f1c0af6ded4e21944811babc0b |
| SHA512 | aea879ac96a5719e8988011a7b82726bf51a24e170e260182146191f43914cd50991928d2283277d173ad650f7cfb1246fad9445260e9ca0769052079d431f25 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\ko.pak
| MD5 | 626e172ad9b55ba0a1e2802ce5e10d0d |
| SHA1 | ecd855a47448609e8e9d7bdd80f92edd494ca77c |
| SHA256 | 7111342770c33aaaffdd6fd9ef15095a6d89e48d2468c19172c0eb9b6f26ebdf |
| SHA512 | d42594259929e35b763e71cb7022d34a11bf75a4b9bb058e251cbbe8e80bccdfb284eed1c6367f98e3023134c24d50542c64673d80e29230fdd057de70a10d5c |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\kn.pak
| MD5 | f4c1e83eabd580c0b4c63b2dc510ce6a |
| SHA1 | fc1d9fed0f073504b022606e424e7cc9796648b2 |
| SHA256 | 79fd72e764a1d8ad623892e563e174463f29d6ce61a2ae29af102d71da4b8e25 |
| SHA512 | 927e6ff4c7d1c28c89afdf44c62643740a94b01e9f6e927e543834c833e1b4abf97de1489c6717f9054243c180474fc695a70c4ea8852d95c690f38c785705e1 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\ja.pak
| MD5 | 63cbeb056020b6ee8cfad26c7c6abb79 |
| SHA1 | 99bf018555eec56aae4b19d10c85ac506f4164a7 |
| SHA256 | aad9e17b2170b76248d61a3bac9b1bebc44b94885403ec2cc21a31397bf029b4 |
| SHA512 | 5aa4e764f06f0e8490dab89a8b3754cccdd41739b4654ac8e30de160cad335f681fa5dd7782482aaf66ff1d827ce0c34df85c23c334a35035a3a4e3d0f305343 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\it.pak
| MD5 | acfd6f4b73b87455acb703e59303db33 |
| SHA1 | 70eabbca61eb365191cd1256f3be40ea9223b2d5 |
| SHA256 | cae7bd535284f5f156c1466820aae2bcc0b0c0ba378ad0f04eef3a145deed9b9 |
| SHA512 | bfd52bc383f1f5a7d559968bdd779198c81286796564499174c3b5b9bbc7112f427e8316f78fb09ebc668c5cbf94c89c37e97abb00c9b87b5c5c108028fc549d |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\id.pak
| MD5 | a20c777901a144622f8a5520583af79b |
| SHA1 | 3506f8e07ee301bb195eb185032ebdc7fd231272 |
| SHA256 | fd44af213520242ba41f4c9003ddeedc71f923cb37e25b14e595f3e652ae18dd |
| SHA512 | 6a53bc2f5d0e4660767d21070d19f0c407fe676b9e9cbdc20e6016e333b2ad33da225bfc2833a0c0724e1b6245ca6ee3cc0e782ac955d6aebac3dc468db79a1d |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\hu.pak
| MD5 | 40807c6b0eefd2a2f16cf0ac2c28ed53 |
| SHA1 | 1b416b29e59ef41e1f18b168947e42b7fa969d2e |
| SHA256 | 533ae7e865898b61ecfdec68c581b3c4858f2c3ec1fe496ab02c61db0362d941 |
| SHA512 | 487cf71df0f2e59ce1151c146651f567b624ac0e48f770a2f1da76b27933aa2bdc30990788e2dba4543a11b9e5d3da6f31badb26d7f3a5c87088c5b4e1bd7756 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\lv.pak
| MD5 | df9985ecfc958f343ab7e56e71149d71 |
| SHA1 | fc0d2c4a194d500a1f4cfafcd9102186016ba5a3 |
| SHA256 | 7e17246e23ca2d0241d56d91b5d5e6bfb3ff4e08f1a3734f9d032b4191282fa2 |
| SHA512 | 0dd65eed7a5bccee0ac5e2826f0cceed848dff0d0d41904e00d35cec9d96fc0b91a4eb54fbcf0bbba61f89848562a606f9f7aa827cb180abe7e97a2e77a29309 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\nl.pak
| MD5 | d7048d029ab3ff807dff790113328574 |
| SHA1 | 07872f608062aa482532edda0dd2e1de31669380 |
| SHA256 | 0e9c114529b9ec20118bb96ffeea05d1a408e4eb621e3fc65f49353195d1af96 |
| SHA512 | 050b0eacf5b4da024d1a2af54f3511c4671756b0dab3f961d8acee5d1695eb29fba7768246dd5b3bcc253136df97e49a305832c37943380dc337776cb1fb1549 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\nb.pak
| MD5 | cf18f58e8e4e37b2e5fa7ef8269a294f |
| SHA1 | c60d6e84f5cfe4cadbf4efed9b5998307b20fb9f |
| SHA256 | 3f1ed8ff0207c678b6a0a98e82fefd6340e35b7d16689672dfa90d9ee63921c6 |
| SHA512 | 8f336fc50943d693ee80475250d2dbfc1401c615da571115f2c02551959028125b91ea6ffe22171dd12241688703e1869402146ef4e85a46059fe022759da953 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\ms.pak
| MD5 | 06f24bba6fa8e9a009b3062227d4c259 |
| SHA1 | f50b0da2a86a138d16022f5642d96ff1a3ce7568 |
| SHA256 | cdfcbd86ddf584621bb2966c2d43f18096f974edb795cac0d1db43a60f3bc24c |
| SHA512 | 02239741f103c8b63072abab475ac313cb48612cac36890b7946fd816028fcba9be7ecc17ba5b934016d8817c52855ef208bffe5191d0eed35aa5243527e2150 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\mr.pak
| MD5 | af7c7d72a968e1936f26a3c755157f6b |
| SHA1 | 2ec71950847f5fb4b85697b6acd05224c28bb092 |
| SHA256 | e5702b9578435abbbcc922f1d4ff8c5a345856926c2174c329e228987c3ac7d5 |
| SHA512 | d265eeee96adafc3ced76901c9263bc1cb349caf925a02d5deb010c02843fb653a17e1e8a4e942c9912f654316c4a7a1776e6a7eda56ab82ae9d4d077a58a929 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\ml.pak
| MD5 | 265d7fbee9a021895d51209dc0181f90 |
| SHA1 | 30e37013971bacd3ee93ad2fca01cb59a26d6a87 |
| SHA256 | 682463d4a0221711e565ecf409893536d727650efd2ed0563c722cceab66b1ad |
| SHA512 | 028e1ad499b20ff7cda822b91f9b8d1cbb1efe108b7236d817b73a6f8e518b5f4a8ae77d653ae5c9d799842eaee3915250ef56f634f847fc5fc8a3b36eea176c |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\pl.pak
| MD5 | 4003c253ef85ec0ff8a65204955994b0 |
| SHA1 | af3074fb622445f6429899cb33a33bbcc60e5e5a |
| SHA256 | 4db10dace60cc56b610a7f92caebf4e7e98ddcaf8dac4f5a87db8f750f51ef8e |
| SHA512 | 5624c8f6268c8a8dbf1a69a032ebb89e670685cb736a3cb42a65e2dca118a85e076818b58ba2e392991eff7921495167616107f402c841a8456b5b5888b70ca1 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\pt-BR.pak
| MD5 | 0711b3f59ac95761899b013b3b242c93 |
| SHA1 | 73fe7a4f60a6b92a966f1177c71bf85c6f95004f |
| SHA256 | be445bfcd9429570e5006063b1c8299a41e762e8e0c2b63551bcf16cb6fb868b |
| SHA512 | aad5ff84d1833db418a46961a5e3abd040e19e5a87bd6763039f8db7dda19c3cd9d7ea862585080636c2888ab1a50f2ba579cbc0ca0df8135537f1cc7543882b |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\sv.pak
| MD5 | b75471d16a5b4cfbb43ea86d3077e63a |
| SHA1 | 302958743c97218d13a72ade3a22e4181922531f |
| SHA256 | ec0f43dae8e52169396f289dfeb5d49b7f9258bafb0ed3060dd652fa744e5264 |
| SHA512 | 63556f738df1527ad96cca95f3e37934b054df83cfacd4e120745ceeb0536d4bc1919c66acff3e5253a62824c032ae7e8f9496df13b9ccb6fe00f67920a63cb1 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\sr.pak
| MD5 | 5c811e0c9b775886bc11b46703cb67a0 |
| SHA1 | e9a777cc72263c7e7c4bfaa36e41b29e405a2a18 |
| SHA256 | 4c524e149c02c37034ec92dd90f20f463413f2650ac9f32d52ef7260f9a34f1b |
| SHA512 | d7db44fbfff3e3204b92aff44dc02c184344853d85fd79cd962bcad8efe85a13d1aaf9ed69a6e81fcc6e690afa4b1ba7cf1764225916f398c0f960d56e5bc57c |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\sl.pak
| MD5 | 48ead6e0160cbc6cbacb247cd3643110 |
| SHA1 | b39a91bb90f26c74dbc9fa28b257b705b54f2b81 |
| SHA256 | fc4cc46ff82cb8a41181e825a3d4e4508753fb68ff01a60486b7df4a4e11e89b |
| SHA512 | c037d352d315805a18796a121e47c73d37d68e735c9334e11b393235ae75b803cbc03cf7cf8480683bc68c9b98fba9f5a7b045b650598e5d9367ab58a24e75f1 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\sk.pak
| MD5 | b7d16d6702d4b4b5d3a9e4c3e0e13eb2 |
| SHA1 | 6b2f1591ec51c4a7cf1435fbec7b5af94e0b5d4b |
| SHA256 | e93580dffc1715edb37965c5787048e3e282d0477f277668ca7f49cfda7142c0 |
| SHA512 | a09950a9bb3f9814d946857e32901a9b6d73b4862a85f00b7f1f035ce0cab5af4ebf3aa003731ffa8ccea88d71866ec01d9ce578fc0b13b3cfdd3df332a0c40c |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\ru.pak
| MD5 | 4ec91cdba9839e214ef7c008775e9e6e |
| SHA1 | ea9f0f22ee1bca09ac38c01300cc91e2fc8aee51 |
| SHA256 | 64f069a34be4966a9c28361e1c4914ce23bf96faa3bb5533fc3d233bfeac5cc1 |
| SHA512 | 8c49ca910bfff175a4d88778ea34437a5acb0d52e349160f31091bd33d8ed76524950fe3e0f508c243ed76b289a550291ec68a7e0c1c426a64fbff0579c94d14 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\ro.pak
| MD5 | 5d5a27c52ae905fd85f5d50cb793e7ca |
| SHA1 | b858bba1ef66c4d3943be19a4bf8a508c23e6671 |
| SHA256 | 9ff47f6890b3f543bc51015f263e791d8a3bc332098f8cd8199852fa131fa579 |
| SHA512 | f4754951ff0dd3f1ec2c0859a93422330145f9e4e3407bb7f95863c85227b96d3f8af449c0a051b60f333df3695eea5df70fd5f7fe4916e60eb6f7c4c21aa5e2 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\pt-PT.pak
| MD5 | fbff8ba7e31acc6c26c0e4b7277cbbd0 |
| SHA1 | b9acdcbe2f0f429474acc4dd883d668cde9d3165 |
| SHA256 | 477d6666bed083b27335a479c71279ad41a674f7b6a412ada1bba18be542ddc7 |
| SHA512 | ffdbb2773f18038f5d4cf145f3311feae25110ceb8efd9c895267f98acef7e901dd7d843f7c5291cd333fc81b80da301d0c92e5c0d6857da7e4eb68a5a0c540b |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\sw.pak
| MD5 | 912db9e797ea3e277f18e72173f26ad5 |
| SHA1 | a83461503becad16ea0d33fd5501603688a65ed5 |
| SHA256 | 89d1245c645cc26d67ac0f556734ebeb99b436cf19edd3cb3b220e78a87796e0 |
| SHA512 | b5c334b528ba6d26dde9b4b1100c01bd1675cfcc7167a9bab4d9fb95584ae629e9567ab3a4729776fbee22ca927d42e04fa016cf3f9fe510edfdc340309110ca |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\te.pak
| MD5 | f0a8ccf00882e83751fd666876c937bd |
| SHA1 | 6fd5045a20bdb912f61dd38f4d046b333bfb03c9 |
| SHA256 | 65ce3f1fe059a8d8b67cd47485233c6ab3870cfbb313241fe0f24e948bb0f158 |
| SHA512 | 8ea9f2215ac8354378aff1717ef6f1ba97ba8bcc1c660290d8a070c9a7cb9b0e1a87b8e37e68cd71d7bd429adba8b17c6cda68508b7389e42841fbe2f9c79528 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\ta.pak
| MD5 | 22949a4acb6639bc4fea591bde3f6cec |
| SHA1 | 672163723e294a5242e9654470e1efbb3e8aa0a4 |
| SHA256 | 84776412fd7f2cff26713781be937bdb30352f9c7eb297ca811241e6cf4284d3 |
| SHA512 | 5e3ee2d29eabfc4398b0f9784064eb03b3c3e13c59f4fb1b857c612727eebe1a4a1bcd76503b1356cf4b4d407431a643503d9068f61f1ed05041f3aad325262e |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\uk.pak
| MD5 | 7e2cbb9d3591278a76dd08364d3dad4d |
| SHA1 | a760a029070bfe57d4ef273b705650cef0a92f61 |
| SHA256 | 38616b5f7f939a84d5205e758a8d3fed024a8e3fbcc8159c90666ce650ae1d30 |
| SHA512 | 81e5ebada5990d79363e2583efdd3ccb19d8a10291cf6680d77d7c399816fe273a4fea5a7cb5e55e11f445df46a7ccad2942dc04f4fb8b6f66d2f2b151374de2 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\tr.pak
| MD5 | 41bc209ee64f56f04836fca3e2de362d |
| SHA1 | c019805b555d4c24c347112a583ac9f9bf2ef142 |
| SHA256 | 71356710c485d7db228a866789ce9d253276725d94a4e4622e7b82037beb9825 |
| SHA512 | a65c4f9147c5796567e61b0661b4766c199f156541a252ec442fe5b5e3e1156c80e8fc7cfb6d9e55db4c5f60732b55cfa74a65e7dc46fbd5a4e5dfc8f3891add |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\th.pak
| MD5 | 77721a07831a7aef49934706398559cc |
| SHA1 | 240ac6e472ac7312f02b99a8d588813d3dfeb468 |
| SHA256 | e8cdabe4557192a6ad7040de396d807f96f50d6ef256dd04972211b9c898bc1d |
| SHA512 | f73be17166c7a94c216d13d837146c3c72a5e205688479ce8199c8cf468eb1bf780f2569d42e908684f0059e6ded370428d9b123389ad2cf1553a0aecd1ef06f |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\ur.pak
| MD5 | 157117641502b63c89110363dc7083b2 |
| SHA1 | fc86039a03b2e48fafc70e1cadc096fd46389af2 |
| SHA256 | fb7cd2f4beeceaf445f4d299a3db26cce49a7950a37e5a9b48fae7f5a8e09f99 |
| SHA512 | 422d92c5f0b2b2f9f35dbb7c11cd1b463085201912948c61222bb4f43f8dfd777fce678f04371df53ab6d07ec14cfbc9e4b1b084a72a0f2aa80ca7a4728e6359 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\zh-CN.pak
| MD5 | 5356bf9ddeb7ffad20e27ef092dac528 |
| SHA1 | 3514ded7211ff71297c87275ef0805588da2d47d |
| SHA256 | 0b6f0a9ded5734b260c1c02d7c717305d139bded5ec7ea80de40b641f13bfe0a |
| SHA512 | 887be5ed95b40d73e0f61f4b3e85f8a77d4bf4a222197b9d1c60711ae8481efbf9c183ba902dcbf437fdf70381bd232fe9c27cf0ce87c0f45b283b75b6d19962 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\vi.pak
| MD5 | e6db9a8c61dc84aff75efc00b486a8d1 |
| SHA1 | 6d1f0329f9a44b64fa3474313c7bf207bfd78557 |
| SHA256 | 8ff2d05730915c1b15a97a3915c03d83239c34771ed661ccac745fb308901f14 |
| SHA512 | 89cf188b5d21528166353b29986f5afb9aad9a51a57864951f7945124b157e0129125caeed58c70568e38f7ba3a34a17d10056902b58ba48ee2e4e10a4649f75 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\locales\zh-TW.pak
| MD5 | 9c51b828271263d574382077abd2e2f3 |
| SHA1 | 4de07caed06477855e4f4bba1d0d1178c5757171 |
| SHA256 | 21550464b12c7f9b23380acf7ca2b42c1b578581613c342196da95908f14c8af |
| SHA512 | 0e6921dbc4be8d5d98bf80e9b0f8c7fc31cb4e7553ca76b9c697a3f1428f855e59ee0dee99903a5215dddee9375532226af81128f066656d98db28a8d9738604 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.node
| MD5 | 04bfbfec8db966420fe4c7b85ebb506a |
| SHA1 | 939bb742a354a92e1dcd3661a62d69e48030a335 |
| SHA256 | da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd |
| SHA512 | 4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js
| MD5 | 0b33e83d33b01a51625a0fdcbef42ce3 |
| SHA1 | 1c29d999ff7da39426b97f2eb31a3d83db8f5fc7 |
| SHA256 | a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2 |
| SHA512 | 1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\package.json
| MD5 | 83a6b767cd4ade2116654eb0a90fec3c |
| SHA1 | 07a0f29ddb1c8a48947ee05bb4d6ec3d2abe1df9 |
| SHA256 | 59f4704391d2247b2a8d029d7338566d47d2ff0cd7477c49343efe93475f7a12 |
| SHA512 | 404ed15686b7d611ba8aeac12e706af75a876502c51e40e48a598d05a9ac89f88902b2830a5c679f9bb7931f5c33bb10da3a32753fdb8c71a9d7b4346a1be8d0 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\LICENSE
| MD5 | 7bd114b023fa6209fb7b02150a202ccc |
| SHA1 | 4451515f9d7b16ce8983abb4e85609fe4162c4d4 |
| SHA256 | 455dda47a3fc2f58ab06d8e526f490ec43d0fc23a5ea80dd0942644397316d9b |
| SHA512 | 87ee4dc1da13937055eade250f1f8a357f549c709b9659258c137009060080aca5cfd979890a7b2d662083f4c646cce9af6e20774b58541af9e712fb5f4f1c60 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar
| MD5 | 8d62c1a65eab151dfb8bf2f42b10b6ac |
| SHA1 | a0b94dc95e87d3b7ad481f0cbcb8e746e3cb03b6 |
| SHA256 | 42658376688f016012b9dcdbda86eaca14c2bd04e0439d445a83b68da19c84bc |
| SHA512 | 4ba807271c886ef6560daf3e9c82bb6c062f7c9b18871d2fdca9a19fc792ba7017282db616fa4a4c2f6d3d1883f868a956a298355aa04345d300795465a56621 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3410100.tar.gz
| MD5 | c6d5034cf39232299ccfdf8e3ddc5781 |
| SHA1 | e77599a2df4c5b114c942ddba4483550d8982bf2 |
| SHA256 | 4dadfbeab9f8e16c695d4fbbc51c16b2f77fb97ff4c1c3d139919dfc038c9e33 |
| SHA512 | 6e6dafc35b8b11df3cd3bea48aaf84a102893242cffbe18eb7b111791563095111a2a8a5632636b8f46523d98d16e2b48dab79ee6707a141b22c2e6fde3002a2 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js
| MD5 | f0a82a6a6043bf87899114337c67df6c |
| SHA1 | a906c146eb0a359742ff85c1d96a095bd0dd95fd |
| SHA256 | 5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74 |
| SHA512 | d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi
| MD5 | 92c4c5168a6a883f2a69ea4a1a37b7b5 |
| SHA1 | 6dedc03d603631c1f70c626f5ef9d8ee6f342efa |
| SHA256 | 7b557c097c162c9ba04985ab822f92a176bf848c34ca38e54f061057ad0d8bd0 |
| SHA512 | 904e605fe5bf1134031edcadc91ed55bf72d7fb1c862f99f25a672d29fdb34af22d4114cae389a853d703bc35bfc2c8429f86608fed5eec897c115ac3dea8de5 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json
| MD5 | f9560f0fb25f1dc014682359373146c4 |
| SHA1 | b19c6321292cc63d26a18bef5d80787c5e57e746 |
| SHA256 | b145c00c63dde4da0eb3736b0d25fe79fa252a02daa9c3fdbb2d3a5783e98cf6 |
| SHA512 | dd51dcca43554f27b2718f87661cdfc86e6a51b36c15574870d793fa358f76816423c0ebcef34dd9a7fd7ce42e6be18f834100a327cdb3e6eb8dbd9d65792262 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE
| MD5 | 79558839a9db3e807e4ae6f8cd100c1c |
| SHA1 | ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2 |
| SHA256 | 7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c |
| SHA512 | b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\main.cpp
| MD5 | 88934cc736b505ada3d07afe22083568 |
| SHA1 | 6d1d112f4e7fc943dc5c9ce5ad2f32154aeb2f3a |
| SHA256 | 1ada21451bab629832372d519e366bfb08c80facfefe5a40c76a4f10a697c905 |
| SHA512 | 9f45386cba32d13a50360916b0c2f240e43cba5983a86ad80f85c75cd8e6ac2c6b931992842a736e84e234b91fc46a7a66824a3a2748f474cf1bbd22ec138a99 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_win.cpp
| MD5 | 4a55597a2c7466278439452bb708b822 |
| SHA1 | eaadcda8f410f2dd1fd9522fd7a2221624dd1713 |
| SHA256 | da37b02fb0babb651244479ea019d229fff1c41ecde74bc06335b5e603d9b30e |
| SHA512 | b20efe8026de41dd8c13c6f844455cacc13fa80bc3dd41fef422fb178054a7c8d6f14af8b1d6928e52648ab95a793aee1f996dc2aceead3aa8d317a99aad23bb |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_not_supported.cpp
| MD5 | c510e65ebcb2fa7c00712e770ec8c692 |
| SHA1 | ca1ea3c8340dcf69f344d5eaa884631eef37472b |
| SHA256 | 7c03cec11c438b6d2512239477d9f1b45d6e16763122a3a36458ab339f50d3c4 |
| SHA512 | b0b312426b4409c80b45a0f3337069be9870e050dc8b55184fb2bc63532c247089c8d35cbd1f12f0bd2bd38d581566faa74a6469b548a1ad7d837285ad37c178 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_addon.h
| MD5 | ea1e5899ec0210d7de4ce325d1d94022 |
| SHA1 | 464da48d40547cb08a67a1ed38cb0ae8369f2f42 |
| SHA256 | 18280b1135123aff82fbf4188a5aadfc9a5d6fffad9309f72f347f380f2da550 |
| SHA512 | 6dae672ea822a7dc5e42914def21c019c0fa8aeaf1c27c155b78312d8a33a63ae9a1910dd32b72760578671780b8c37b91ff5e1f6588f08c7fbaaff80d8fb6fd |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp
| MD5 | 0e4d1d898d697ec33a9ad8a27f0483bf |
| SHA1 | 1505f707a17f35723cd268744c189d8df47bb3a3 |
| SHA256 | 8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd |
| SHA512 | c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js
| MD5 | e5c2de3c74bc66d4906bb34591859a5f |
| SHA1 | 37ec527d9798d43898108080506126b4146334e7 |
| SHA256 | d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f |
| SHA512 | e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js
| MD5 | 275019a4199a84cfd18abd0f1ae497aa |
| SHA1 | 8601683f9b6206e525e4a087a7cca40d07828fd8 |
| SHA256 | 8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973 |
| SHA512 | 6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js
| MD5 | ff6a0462767c6bf185a566f4aef65ba5 |
| SHA1 | 7a3c3ee6748d00fac6e51e366518bb48a41794bb |
| SHA256 | 049b7b1b10417274be6c3e6a9518ac364729354435298d70abf834c35e8f3bf3 |
| SHA512 | 088d706f5a18323128547b0f126564fb7fa7a36dc8365ee8287663b2cb63da2d02a991bc5cda19af24da2aa063357c25f21347835f9a8aaef341b33bd21127df |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h
| MD5 | f2a075d3101c2bf109d94f8c65b4ecb5 |
| SHA1 | d48294aec0b7aeb03cf5d56a9912e704b9e90bf6 |
| SHA256 | e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36 |
| SHA512 | d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h
| MD5 | 13d7bf3557e57ef3036bad68cfa8faae |
| SHA1 | 94c1af952f38e9f1ad2d722ec3a063fbe666e66b |
| SHA256 | 2c99d9cef21876db64b610dd9baba8de1f7c94028d6d1c463eb3db213745b3bf |
| SHA512 | 63e4543833d602b0c6ad9c21438e61782c252a5e30b776a9c942e1ecc34c1a7c471a39195caa20aefb072add66c83d99af902d620857d18ddad196f4f207a161 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h
| MD5 | 592ca8ac280135c059c9ed651ac738c3 |
| SHA1 | ac8e8b5e835ea2810a443df2a57f3bdc3c60b2c6 |
| SHA256 | 8d1afb5d27eab8302de08aca87eb6edc1b99ae963a854d3bd652a4fc61cbe3c6 |
| SHA512 | b4e317200e3cab4dfac93e684150d21f7dd89a656f8a9f576b9cfb22090e8db6c458008a4a1406121fabdac034cfb80200a740d0caf6ec63fbf71ad2fde41029 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h
| MD5 | 55a9165c6720727b6ec6cb815b026deb |
| SHA1 | e737e117bdefa5838834f342d2c51e8009011008 |
| SHA256 | 9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f |
| SHA512 | 79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h
| MD5 | f023c6c0baf0411cb6eef0a7b2baad13 |
| SHA1 | 748b78bf3ed5adc11e83f705033d8338d7eef2b5 |
| SHA256 | 8c5bcd084dddab2f2994b6cddc9b69a8f78a1034588b765e7bd859f27868fe43 |
| SHA512 | 08648cb37c0284799bb98fa2eb1abb508c8b992b43425203839e1e7f4092b7d2d7c83f6419417281ae278d3d61ade0b65959cf12f0c449a9688ee97749593dad |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h
| MD5 | 283f3987e0e65dca1b029bdbb625ccc2 |
| SHA1 | 285d7995459c11a47e13834ae3ec0167eacf7d01 |
| SHA256 | d3956cdbb650e1ecff8c94fe4e8645f80e10088156d409703c19f186a9c41aa8 |
| SHA512 | ff5c21bd53bf75b33a5430d1abdc8a8649af1535ec02aa5fceb91ed1189e44f0818e25556946d3ad8032b077fa30e73503464aff219b42cbace1ea3f97acb605 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h
| MD5 | 7fcbaffdc03bb5164fbb27f8552dcf5d |
| SHA1 | 590e3430c1dfa30f241d56ea01f364d5b9e7e991 |
| SHA256 | b6e86bf43d74c8ee2c2f57eb1947be6ce5d8c258c4866609571ed6c97b58b53c |
| SHA512 | e44d4850651e0e070d3f686db3d3797632121e32dc65b869739c0b45cfa13c055fc42d650f04c41915264b8772fcfeb2a38148b9fbe21a001af5a455854336b5 |
C:\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node
| MD5 | 3072b68e3c226aff39e6782d025f25a8 |
| SHA1 | cf559196d74fa490ac8ce192db222c9f5c5a006a |
| SHA256 | 7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01 |
| SHA512 | 61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61 |
memory/2120-742-0x0000000002AA0000-0x0000000002AA2000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsyEB0B.tmp\WinShell.dll
| MD5 | 5c6b12fefc626a0594f4412b5be04b22 |
| SHA1 | b7e8af03e3f264fa066224687547de7e62318db3 |
| SHA256 | 83d8c52c47d81dd019c8986deb1108166518248ed0d0c691906f8cf9de57a672 |
| SHA512 | b4306c41b1f60e9aaaf55867340dbb3648c792b48cee770202f9274e7fa94c144e1b619ece631f769e9bc3d6a2e96181bcf43bdaa5f19a68beef4996c3211b7d |