Analysis Overview
SHA256
141d262be2dcdc37113baad3a6282e6efa33d2d259006bb5094d8803fb45701b
Threat Level: Likely malicious
The file Wave-Setup.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Checks for any installed AV software in registry
Checks installed software on the system
Enumerates processes with tasklist
Reads CPU attributes
Checks CPU configuration
Subvert Trust Controls: Mark-of-the-Web Bypass
Reads runtime system information
Enumerates physical storage devices
Program crash
Enumerates kernel/hardware configuration
Command and Scripting Interpreter: JavaScript
Command and Scripting Interpreter: JavaScript
Unsigned PE
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Modifies registry class
NTFS ADS
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-27 22:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win10v2004-20241007-en
Max time kernel
134s
Max time network
154s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3688 wrote to memory of 3552 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3688 wrote to memory of 3552 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3688 wrote to memory of 3552 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win7-20241010-en
Max time kernel
7s
Max time network
20s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 224
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Wave-Setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Wave-Setup.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Wave-Setup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Wave-Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Wave-Setup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Wave-Setup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Wave-Setup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\Downloads\Wave-Setup.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4612 -ip 4612
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 612
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e6dfcf3-c0cc-45d9-855c-183e29fa8d83} 4800 "\\.\pipe\gecko-crash-server-pipe.4800" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a397f5b-4380-446c-a047-c79febc92e00} 4800 "\\.\pipe\gecko-crash-server-pipe.4800" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2848 -childID 1 -isForBrowser -prefsHandle 3164 -prefMapHandle 2756 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f694f25f-a1fb-4302-848d-bd43076dbf32} 4800 "\\.\pipe\gecko-crash-server-pipe.4800" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3960 -childID 2 -isForBrowser -prefsHandle 3956 -prefMapHandle 3952 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {810e154d-15bb-489b-917d-3bcdf3a3fc30} 4800 "\\.\pipe\gecko-crash-server-pipe.4800" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4880 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4832 -prefMapHandle 4824 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f5bf739-3613-43dc-8bb0-21426e810eda} 4800 "\\.\pipe\gecko-crash-server-pipe.4800" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4484 -childID 3 -isForBrowser -prefsHandle 5388 -prefMapHandle 3224 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7d1c09d-4a61-4773-8cf4-97bc022db62f} 4800 "\\.\pipe\gecko-crash-server-pipe.4800" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 4 -isForBrowser -prefsHandle 5604 -prefMapHandle 5600 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3b5e4ae-d615-4b7a-af2f-c5ca560100ae} 4800 "\\.\pipe\gecko-crash-server-pipe.4800" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef7e6654-8ea4-4752-aa0e-508cfcd0d6fa} 4800 "\\.\pipe\gecko-crash-server-pipe.4800" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 6 -isForBrowser -prefsHandle 5920 -prefMapHandle 6032 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28c9512a-8071-4e7d-87f2-928a1c0d6b2a} 4800 "\\.\pipe\gecko-crash-server-pipe.4800" tab
C:\Users\Admin\Downloads\Wave-Setup.exe
"C:\Users\Admin\Downloads\Wave-Setup.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv
C:\Windows\SysWOW64\find.exe
"C:\Windows\system32\find.exe" "Wave.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:60626 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 44.129.237.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:60634 | tcp | |
| US | 8.8.8.8:53 | getwave.gg | udp |
| US | 104.26.3.170:80 | getwave.gg | tcp |
| US | 8.8.8.8:53 | getwave.gg | udp |
| US | 8.8.8.8:53 | getwave.gg | udp |
| US | 104.26.3.170:80 | getwave.gg | tcp |
| US | 104.26.3.170:80 | getwave.gg | tcp |
| US | 104.26.3.170:80 | getwave.gg | tcp |
| US | 104.26.3.170:80 | getwave.gg | tcp |
| US | 104.26.3.170:80 | getwave.gg | tcp |
| US | 8.8.8.8:53 | 170.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | duckys-playground.gitbook.io | udp |
| US | 8.8.8.8:53 | discord.getwave.gg | udp |
| US | 8.8.8.8:53 | duckys-playground.gitbook.io | udp |
| US | 8.8.8.8:53 | discord.getwave.gg | udp |
| US | 8.8.8.8:53 | duckys-playground.gitbook.io | udp |
| US | 8.8.8.8:53 | discord.getwave.gg | udp |
| US | 8.8.8.8:53 | cdn.getwave.gg | udp |
| US | 104.26.3.170:443 | cdn.getwave.gg | tcp |
| US | 8.8.8.8:53 | cdn.getwave.gg | udp |
| US | 8.8.8.8:53 | cdn.getwave.gg | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\c27a50de-fb7d-4a61-b570-9063c6cbfe92
| MD5 | df62f5f944b499dea4ef8f05ff6c2890 |
| SHA1 | 3bb4b973cd735165df0d8b835272d8dc726fba3a |
| SHA256 | 5c0964189c9ddc0656363b8337a48c50fc100acaef6593244f4ecc34a852bf3e |
| SHA512 | 71d0bc8e862cba3e85d1c85e48b1c55d7ae1adcc17025ed9b5211cc95a8971252d3b64b2e20d8e20f046aa1a8e868b98f5aa9e5adcd674cc8b360a4c508e2b57 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\261e81a9-6a71-45b9-b4c2-375e474fdb42
| MD5 | a304e1888e2ae3a4ff78bf87ad4150dc |
| SHA1 | fe003ce092844d8cdf0da1986957de080f2f6ae7 |
| SHA256 | 6dbbaaa3ee5cd06eca001c6fade4e7d9cf34625c00054ed24b858314a5d5222a |
| SHA512 | ac3e980df29b2589b3631565c5c3275f28f25d9098d208c204984ab1ea63f4675d0caec98e625804ee6c262b8a5d6d0c9f989a1ad2a432e794feb46035a318fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\77bf0ff6-09aa-4bd5-af5b-5a0cddf0a7ca
| MD5 | f35121f042badded108f71302e7ce5f1 |
| SHA1 | 863d41294648246d5224a3f515fb30a942076911 |
| SHA256 | 2467726c50a05c0dba062303d905ee543a1ff37b7ea1e901dc3f70d759658fe9 |
| SHA512 | 182f317ffb31f3d056332c5f806e96a2d3372f1e30d4d3f423a405390c9b27bb83cd71d5dc34e5fc1875623b23331fe78132cda95cdb5abe4218ead987cfc749 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 4b0fe2843a20fda264d45ee4b7153aad |
| SHA1 | 880f3641da26b284463c2a75d72fac07bcaaa43d |
| SHA256 | c007c9f3cf4654e4f4cd89c46262ee8d6e41392da13e4844abc069d5964ff1eb |
| SHA512 | 01b8734d68fbe49c31bfe30be0b7a1e4264e3c8580f3a5991b0a27efbc00fc7da265bb4a183c160d3ca7605cfc65c2d261bfac24d424272ccbd84c8a07df7f68 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | b321c1b17c69871b752e7dca12bc53f0 |
| SHA1 | 7edd40a5dacc60e819cf659058f217248a3410f4 |
| SHA256 | 7cf88aaf219712e7ef33d417b045e6c0086730998b5aca7d6acddb9a3f79c332 |
| SHA512 | 5872928d9b952629005280b11a5c0586068babe79b6f53f8c4efe55db9646e08da76857cff0c89227b8fd1265930fe43be2bb1e7212fb07bf1fdeb41298f178d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\activity-stream.discovery_stream.json
| MD5 | 34c7cb79628b6c17392bb5f2bd87e08c |
| SHA1 | 3f959984acb6ae7e50b738c98e7f0a1808ed8e25 |
| SHA256 | 92c3d10a51f0016e385301555a6a0c03bf352f294490884ef8a448ccab301684 |
| SHA512 | 4af9e82dcb8d215e651de1d6fbd667bf6dd93d7efdc4863dab3b5b6d2f8bb3ffd367c4deb57e2f2ae1f3d7b944d613dc637f2a882116917da7f207643504669f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js
| MD5 | 442cbd9ad7c4729803957f58e34d7315 |
| SHA1 | 1f02bec44f5d23fa77b8052796f4f189c044e5ef |
| SHA256 | 8463a87716542469a24addd8a982a316eb8ad51d456b4fe871fddf2016916745 |
| SHA512 | 892fbf57bae69186ec97e3511fdaef6d9eae6eaa0b001da77c207e9762716e4f84e574f0c91cf97c07a7e77946338395cb034befce2b760b0f3154d0a81542c5 |
C:\Users\Admin\AppData\Local\Temp\nsaC25D.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsaC25D.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsaC25D.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nsaC25D.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nsaC25D.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsaC25D.tmp\7z-out\chrome_200_percent.pak
| MD5 | 944d458f30889193e09e6d781caffb72 |
| SHA1 | 6c4922c1b44b43e4c9938c5501f8d0e805ea85a1 |
| SHA256 | 3fb2f86a4d2a1b85ebb72fb02b2dd2de62e8a4ff9ca9db5d402fcb86354bc88f |
| SHA512 | b94c2ee27c1e5b09df87e0d5fd3423b83ffc0da2f73c8f67b133246bec47dffb54cdc72ab7ef0ead4ce194a3c66f06c41b17dbe22fff6e5355ba66d73309608f |
C:\Users\Admin\AppData\Local\Programs\Wave\chrome_100_percent.pak
| MD5 | cb4f128469cd84711ed1c9c02212c7a8 |
| SHA1 | 8ae60303be80b74163d5c4132de4a465a1eafc52 |
| SHA256 | 7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3 |
| SHA512 | 0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277 |
C:\Users\Admin\AppData\Local\Temp\nsaC25D.tmp\7z-out\ffmpeg.dll
| MD5 | bdb741dc08d62245aa22c439fc2e7fd9 |
| SHA1 | ba33e163f29107bdb0fd85924331855de796c7e7 |
| SHA256 | 01f27d644bd64d82112004accba8ca783be337da37a76a7c0f3e60bde64cee68 |
| SHA512 | c8e36cb168f91275335799dc65c735cdd5b1174fb03449a29fa649c2331c1e74b9af936ac6d740609d5e30eff0d0fac3c8fe4d05c57f38e5c57e4dde248e948c |
C:\Users\Admin\AppData\Local\Temp\nsaC25D.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 894f7e73d730566bd6daf5d2d1e350f3 |
| SHA1 | ea46265630af7cd1414ac880e2392bbd17247072 |
| SHA256 | 111e20449e119c5c1cce69f4669dd2ddab8f1b1937afe05b9fda568867cbcf08 |
| SHA512 | af49adcbe6807c1bc137a4041e94198dbae73613da92e0159931785eeddf4532bc8da0703b820915518a41b24826e512eacd6d3a3dae112a7b5f6f58223b724e |
C:\Users\Admin\AppData\Local\Temp\nsaC25D.tmp\7z-out\libEGL.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral17
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win7-20240903-en
Max time kernel
121s
Max time network
134s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe
"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win7-20240903-en
Max time kernel
122s
Max time network
129s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 220
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win10v2004-20241007-en
Max time kernel
133s
Max time network
152s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1968 wrote to memory of 4232 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1968 wrote to memory of 4232 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1968 wrote to memory of 4232 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4232 -ip 4232
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 636
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:53
Platform
win7-20240903-en
Max time kernel
122s
Max time network
138s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win7-20240708-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv
C:\Windows\SysWOW64\find.exe
"C:\Windows\system32\find.exe" "Wave.exe"
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe" SYSTEM
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
Network
Files
\Users\Admin\AppData\Local\Temp\nsoC469.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsoC469.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\nsoC469.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
\Users\Admin\AppData\Local\Temp\nsoC469.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
\Users\Admin\AppData\Local\Temp\nsoC469.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\chrome_100_percent.pak
| MD5 | cb4f128469cd84711ed1c9c02212c7a8 |
| SHA1 | 8ae60303be80b74163d5c4132de4a465a1eafc52 |
| SHA256 | 7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3 |
| SHA512 | 0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\chrome_200_percent.pak
| MD5 | e9c1423fe5d139a4c88ba8b107573536 |
| SHA1 | 46d3efe892044761f19844c4c4b8f9576f9ca43e |
| SHA256 | 2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa |
| SHA512 | abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\d3dcompiler_47.dll
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\ffmpeg.dll
| MD5 | 9691e33909895bfb5bb0355b6f439c81 |
| SHA1 | 7fca2dfcb9aca4ed92c644e8f7ceb98f87116a52 |
| SHA256 | 223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7 |
| SHA512 | 9ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\icudtl.dat
| MD5 | ffd67c1e24cb35dc109a24024b1ba7ec |
| SHA1 | 99f545bc396878c7a53e98a79017d9531af7c1f5 |
| SHA256 | 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92 |
| SHA512 | e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\libEGL.dll
| MD5 | 09d3bc8a5c6104d78566cd6e51c5a6a8 |
| SHA1 | d1db4f83bad27dc0caf75f77d510f2eb62dd84c4 |
| SHA256 | 1307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85 |
| SHA512 | 198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\libGLESv2.dll
| MD5 | 02374701c3dc3b26088763fd3cc11bc9 |
| SHA1 | 84e582496c53ce139d9efd219b762ad38a50d011 |
| SHA256 | 8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41 |
| SHA512 | 09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\LICENSES.chromium.html
| MD5 | ae174699b663bd90d8d06c68c6952477 |
| SHA1 | 8c76eda61d320779909adc541593b8e26b24815a |
| SHA256 | c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18 |
| SHA512 | 3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources.pak
| MD5 | 3a87e8d6dc2d7dab0c3c37fe4a74308d |
| SHA1 | 5ddd587a6541e034203f24ee329796dfa316656f |
| SHA256 | 61216fee0360053988d5be52ab626c89173c86da1cf0b5a697bc32944282fe14 |
| SHA512 | 7ba1bc093f25cec2539fb462084cb1fc32b17841f79be95679c90f4c735772d1dbe652471e52f4be254b10e650d31e3460ebebc82d89efa6a9ef801e5d98ea6b |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\v8_context_snapshot.bin
| MD5 | a62fbbb671bf975ed46b42d9cf437bcd |
| SHA1 | 408b595b1dc6658533e0db1d35f509ab9ee70525 |
| SHA256 | a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae |
| SHA512 | 87c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\vk_swiftshader.dll
| MD5 | 337b0322f328251f01bd0fda8948217f |
| SHA1 | 6e59fb5df7773c8668e8f18755e62b532a9071c3 |
| SHA256 | 11f24457eb9af084eb845780f3fdc1989605766c2749fce6fb003dd988d5ff65 |
| SHA512 | 3540b2f5df1f20b5cbb6e61caa005fe7da5d1cfbe58f639ae0c40f6a4e7a9d8786f3db4691dfee9a001a2a87ac7b0bf39b7f308c14f809874a89f86b18ff8fbc |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\snapshot_blob.bin
| MD5 | 62b9e00c46ed829e06d0c2494aa994af |
| SHA1 | 988882632b95bb78d80db60e4787c576e48338e4 |
| SHA256 | 22a46de643045805a3e588f9a18ebaa377f9fba3dee46b2d60f3ae300a09cc4e |
| SHA512 | 03b7c57782923ca3a011fcb85f74e865bb7ff9976c89152758770be3bd3d40684ebd216fe34f0d0050936b536c8bab5eafcaa35fc26e893d30a108e36687876f |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\vulkan-1.dll
| MD5 | 6db4abe9370ef778e93cfc6bd6dbd292 |
| SHA1 | 0d7bd9d21524780b6f8904a82c3ce09ae5d03f97 |
| SHA256 | 52bf439424759a84cdcb6d379ed88582a6d6ba58127c44adf1b8379f0e88e5ec |
| SHA512 | 1ec07916d82d78243d9a144db3e947c95ca92fce1350708484c45fca2f953bb76728889b8d9a02c041849bcf005f998804d7066a90359fa180d94c237d014317 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\af.pak
| MD5 | e48860fe82ef022ffab38cbc4c96dffc |
| SHA1 | a832fa66bfddabf3ae7f219cf379f66d2903162a |
| SHA256 | e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13 |
| SHA512 | e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\am.pak
| MD5 | d6e8c344b2b40a9c671304f6f252d51b |
| SHA1 | c59ddcaad921b6d2d3f70b7ab07026c35e5d1e08 |
| SHA256 | 4e15946e86a578eeff41feda808bb291d81e240fbdfc96cbe2efe692ad35eef5 |
| SHA512 | 018ce2bf4beb4ce066703b2ac7413c6517759be68f889f27990de5d6694e9f84b4027f9861901ea4b15abdd1bb570e5a16651c935713feafc4d16cd57be0b911 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\ar.pak
| MD5 | f6ca56d15814dd5afd5e7ff985257880 |
| SHA1 | ef236d7027cb50a188c1e771527e6628702311ea |
| SHA256 | 5cc02570e5f61cbca791309985df3a29584e41583b3344f1d9fb6b04ce423e6f |
| SHA512 | 46c0436c110d6f1a8f3ebe962226c51af525228262cd56744e4d89aeb05d1eda614801a294bbfd2e08598e355750d7a2d200b3e7b594da03dd26ece4cdd31e3d |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\bg.pak
| MD5 | e6608ecc589e87a6f78f9ce553ec2609 |
| SHA1 | 9fdb2ff6291549df773ba243b3a92b984b15bdf6 |
| SHA256 | 97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768 |
| SHA512 | 25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\bn.pak
| MD5 | 57eab375114893a5ed0de36a516e8252 |
| SHA1 | 16f23ab3eb62bc7a2525a7a5d86139fa88670b89 |
| SHA256 | 1aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587 |
| SHA512 | 895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\ca.pak
| MD5 | 7474c8e0c3285b97f1f12792964b6824 |
| SHA1 | 8b9381be0754fc3df2f4f13f8575bd4abab90e9d |
| SHA256 | b3d5dfae25427596b1f14a8e13d6bcb58532c82554229c2367779ff5c42b28bb |
| SHA512 | 4ad524fd530bfc72d72edf04ba4890e06ca0a20cc1d5c2c3d95cda746b1d884a62ec2d4463ad7be9cd01c7529b41bef65f9e669c62719808a83d3c70f9475d43 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\cs.pak
| MD5 | 582fde87aac61961e4f7955f16d31769 |
| SHA1 | 3a8eb832317dd7e07efaaeeb5885c32b9d381622 |
| SHA256 | 7d7b701ce510b2e4a18e957e500086db590aad8bf5acd37f82263a676f0b556c |
| SHA512 | adb04ccce5471d80182f7ca73bf1a2e4ce63a4980d455837fb378bf679a0022d4ee6f9fbe148d6932fad83f458c76ac229229542092e0cb9b271c8d44639b11b |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\el.pak
| MD5 | 34c6150acccd20c7f260b269bce06930 |
| SHA1 | 277b6d2387f600c84263847d6fb2342fd4746cfb |
| SHA256 | 162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840 |
| SHA512 | 58308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\de.pak
| MD5 | d1a513308f9de55b6c7bbeef7c4fe90b |
| SHA1 | a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d |
| SHA256 | 662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b |
| SHA512 | 9756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\en-GB.pak
| MD5 | 56bdf77ab3487e28d354a8b0f9ba8d2e |
| SHA1 | b10ee918320a50a417b1ee6a28cd4b05a5f77238 |
| SHA256 | 7df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb |
| SHA512 | 8d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\es-419.pak
| MD5 | 15d1e262602e54d76de8bac02dada000 |
| SHA1 | 54e93995675bcebc595befaed6b73c9ff5e6e735 |
| SHA256 | ec922f8ca16b7e7642fc73369ba7b75ec950cafb1dcadc6c88426c034382d483 |
| SHA512 | a232eb97021f17fde322697db2c00423cd70e9741772912c5f7a41849b35dcf3e2fe84001ff0a7902b2b54305d1f805f53988e421e192be0d5abd157bf8b5f1f |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\fa.pak
| MD5 | 7851efacda8438c041c9a511f4097de2 |
| SHA1 | 64cba381a17ef0ffae2dff5135d57fd1f9300ab1 |
| SHA256 | f1a7351bf0d8cad475d2761b9edf970c3098836e38aa98106a5e04a41002b7c8 |
| SHA512 | d94fb1d04630cc292296ad6033c6beed1a00dcd4c11eaca04a7eacb50c238269b21e4d2a4002836f4d41e0f6d951624beefc95beaae23530eccded4569ff1869 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\fil.pak
| MD5 | c744b92c8feff1c026034f214da59aca |
| SHA1 | 95780d3374841efdbc0d8a46cddc46bb860a26e0 |
| SHA256 | d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745 |
| SHA512 | eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\hi.pak
| MD5 | 66ab509000cac52c805d6871ca6c1f25 |
| SHA1 | e3d3e7bacbcfaa7538ca89d9d26218eca06c01f1 |
| SHA256 | 9c6d8d93278a6e375405142df9829adefbcc8ae9797a4f589591b9784b2b71c8 |
| SHA512 | 356642a19f044c6e192f658ca2bf8764431129cdf7c9891b5b5bf4e99f6b990a1428c1e483487b619865e7f2d31cb5c9bbb3b49ed25fa81c4374de3e8e65519b |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\id.pak
| MD5 | 91bad2312491410c7f0393be512b895f |
| SHA1 | 6e4e9cc985c5b96eaaad91787f8bb7f72cddb604 |
| SHA256 | a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059 |
| SHA512 | 5c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\ko.pak
| MD5 | 965ac0d213ccdfd83ac4970de23a8f11 |
| SHA1 | 8326841ab80c40a7ca8b13589a3f5ff54fc15827 |
| SHA256 | 3fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07 |
| SHA512 | 5eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\nb.pak
| MD5 | de04250ff403e9af66a1351598d2a64d |
| SHA1 | 4b7a5a2bf48d988f95aac6e85b11a8c2b2fd007e |
| SHA256 | 887a0278971d6ba61e2f24c62029a3087a46c4962c4357412c28ede12ed6da15 |
| SHA512 | 71527c025205bbcd63351283b7b123d8807c05bc68f2f7555f10386e330e052d031b9986ae2c1f0398bd174e67962657e0b8d4a57a07d167c233390a4e6c5556 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\ru.pak
| MD5 | 46fb61aa9515e97293969683fc330764 |
| SHA1 | 5bcc41716976eefb65870ba2a2b230238f7e53d3 |
| SHA256 | 4babe5f20caafca33867ee263aa9dd55ed271704a062e4372fdd133eb359a558 |
| SHA512 | c3acfc1c902c651e5fc0501a7a77358cbb99daa020597f7f6be9fc81ee53509dcb0d63c6bbc5ae308c88d95dace7099f024d698b6f364dc7db4ae2a7660e5b31 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\te.pak
| MD5 | 3a71904057869c23d1bc108f1e8d0d31 |
| SHA1 | 6fb6e60c80bc332a2bb66d02a1e3db69961a9c41 |
| SHA256 | 8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e |
| SHA512 | 7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\zh-TW.pak
| MD5 | e302e1102f3f5a21860f38f41b3c30f8 |
| SHA1 | 78b5d1c451cf674a7641dfcc815f966fc920cf57 |
| SHA256 | d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b |
| SHA512 | 1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\zh-CN.pak
| MD5 | 3fe312d9859b299c3a332373172c33f8 |
| SHA1 | ce6a99d79dcfc363bcf68bdb1ddd4e6862236020 |
| SHA256 | f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b |
| SHA512 | 488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\vi.pak
| MD5 | 565abf3f9b296fcff95fa5b169a7d598 |
| SHA1 | 24de1221b2adec13b5bcc23c4a54b8e987e9f12e |
| SHA256 | fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257 |
| SHA512 | 53bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\ur.pak
| MD5 | fb978b7d211112a0774ce09ca54ca96f |
| SHA1 | fb0c69801230437dcd20e3803db81ee60fc042b0 |
| SHA256 | 60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a |
| SHA512 | abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\uk.pak
| MD5 | 241fc33569b22647e7d2c4189a8ee7bf |
| SHA1 | f56a73cc81b1e96560b74ee5e73d7af792720ada |
| SHA256 | 13e40208e2c9f4f4b83dcf422610dc82314a8f99ba50acdbd286c508f92eb232 |
| SHA512 | ad16f84482f0c7c3d3c3fb98caa3dbd0048138f361aa6eba2b6338ff6e25da4c3ab39450354f2a86a53d655cad99e92fab2c030b5771d7e6a25190617f1a9385 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\tr.pak
| MD5 | 414b557adfe76e3564d43cb93f513c5a |
| SHA1 | f775095f7c55e834a777c7f25fdfb81f1e63ca08 |
| SHA256 | f58ed19be62706fb4fd797a6bfd3af5c6ad4b39aef994a577cd28968fcac0291 |
| SHA512 | 8b1be522ef23888d46c13888a18229f4c9cb6e1c6e6730cca79d9b13d71eb86ecd3d0c172ade6f70ff63a7fb5242e4de7d9742b93376669d13c77de0cb622f94 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\th.pak
| MD5 | 879a881174501e22c3de65b9f80bc19b |
| SHA1 | a2e020d5ed1be7dee50a495a2f8581e751cbf735 |
| SHA256 | 647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d |
| SHA512 | b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\ta.pak
| MD5 | 52ee28471f2f9d01ef3f57233496554b |
| SHA1 | abd7dd9989fac90636626a41f007eb6aa5ec7a2e |
| SHA256 | 1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242 |
| SHA512 | af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\sw.pak
| MD5 | be2bc09130635406f560b95e789f9a81 |
| SHA1 | f189cd6eb6c844e2d96ffaeda66fe4d5f1453130 |
| SHA256 | f0fccf2e3ad332846736d816e254028569f5f84918573872442987a8bc9bba58 |
| SHA512 | f651ea959066a5966f35493788b9833597dff653f649a5bc8b09a8ed748bcf086bd0586a36e1f4ecddd361d04774253e21d67801760d0988f3e17f0c6e1121cd |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\sv.pak
| MD5 | 819b5e4f2b7734ea4677f6d579d72f84 |
| SHA1 | aff3048d8e35fabf68a756513b67efedba59f85b |
| SHA256 | 105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e |
| SHA512 | 3e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\sr.pak
| MD5 | eb8ec452c7079ef7dc24bc7975513ed9 |
| SHA1 | 4787250292b8f2040c7ec0b265f60edcfd1ffcd6 |
| SHA256 | 4cea4c83b5e887463dadbf470a9953b8175149f31fd07b83406a6fc59acfde41 |
| SHA512 | 3ab2eafd3f09627efed8263cc2d59d5780b6a856a6d1299be511bbb5c1350fa05f98b0e77c53c3707ada17e7e44b8801b191802e2cf5129548e279703983a8ba |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\sl.pak
| MD5 | 6c71fa576a41711dcb351abf92a65ea4 |
| SHA1 | a0281f6b9dc363628e7d6045f7dc2904149c9dad |
| SHA256 | 458b15bf249c1e6fe9843725c42443274ef6e09dcb15f5288c916c0561aefc47 |
| SHA512 | 258e49b51ee65bf508d05a5b3286a8937d3a876a876635b59b97752c5171e89458b9d23d9d7178153aa16b6fc908cc011a8e855c6d3a0152c919b40349cdf4fc |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\sk.pak
| MD5 | 5d41e75bf42cb12d7674986f4e5dcba4 |
| SHA1 | 7c3375226997e3f69e3c9a3a5ed762ec40d24973 |
| SHA256 | 89f984a67cea3997c704005fbfbacd3f6f5652248626945c2ab1c3bcf24e6623 |
| SHA512 | a2b91c888ea3dc2e618bf8faf7ac9f0fe562ff16c85d03afac0778ed671b1868a665b892aeb2d588e7f5bf32a7eba57b75e2e15f2c51fc9264e0db2f95d804d0 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\ro.pak
| MD5 | cfd7cb2444248216e12193689ba56c10 |
| SHA1 | 0a9d65fdbc68688bf1624a8c98fd42673961e0d2 |
| SHA256 | 655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9 |
| SHA512 | 7ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\pt-PT.pak
| MD5 | 03138b2e4fb822b03713f6c4f0fc67cf |
| SHA1 | 8f6f6585743676177eaff5a582d18691e3386bbc |
| SHA256 | 02ea290fac25b414a1d4ed78cdc159cf6c73fe5350824c2f36f032e426a23364 |
| SHA512 | b000f1b8fc952849d1ada21aab665cbb97989fc28e892a75077ae9a24c4ef1d15b7d5cf1c5aca89d27d40a01c64f343a08f790049249fcfed43a1a430b4fef9b |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\pt-BR.pak
| MD5 | b4183914f46fd63a7bd32d715b8629f5 |
| SHA1 | d0295b556e55a74e357f932473f9dd2bb1cd2f51 |
| SHA256 | 5ff219be32f9178fee40e8966ac5deff2be1f2ff259a66cb9cdce81c2e90a7e8 |
| SHA512 | 3bcd37cc49a827c03fb5b3a97a5eeb863ebb6f071fb2af697ebfc4f57dda676227533cc6a2fdb00505cb2395aae685dae087970ce13af113260d856b845a985a |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\pl.pak
| MD5 | 8d4db26e2ee5181afdfdd513053f3c17 |
| SHA1 | 0da427a085927a5c02d2a67c424ea99cbf5e6b02 |
| SHA256 | f2a7dcb69a433c2a898866c555b82c26e3515c089f500e7748b9b11ec3047786 |
| SHA512 | bf441f501d746f1fd996c21e5e2cde643b9031bf58bac31474e68a72ea6993447f8bfad3284351bffc94d6a088e183e0b24d109398d65dac0edee8826076ee21 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\nl.pak
| MD5 | d59fed8986eee2b9d406ad52d88cbcf5 |
| SHA1 | f7e409e17723e21174361bc81e54bcef269f40f7 |
| SHA256 | 619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e |
| SHA512 | 234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\ms.pak
| MD5 | 9fb7c18f376b46b254ef9a960e08655f |
| SHA1 | 31cb060fc606d011151f1b5464e2a469372113a2 |
| SHA256 | 2f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2 |
| SHA512 | 23ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\mr.pak
| MD5 | 649e76b6666096a2258b942745ff9fe1 |
| SHA1 | 82edf8ca68dff0caa36b17901c1e12a17172fa51 |
| SHA256 | 039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4 |
| SHA512 | 92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\ml.pak
| MD5 | 39d4a5ed8cf7c8e0df946220fbfc0f68 |
| SHA1 | 70794849b41d00f2b895f1211a6baaae3fa7d261 |
| SHA256 | 87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6 |
| SHA512 | ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\lv.pak
| MD5 | a999e734f9addcf07c080f9861c3c170 |
| SHA1 | 522bb12a0cd4e5232570001684aed84f421abcd0 |
| SHA256 | 33fdf706f6d3f06b485c5115a7c73a571296dac41c582fc9d0dbb371d86e8653 |
| SHA512 | ecb92c4ddf7b252a3216059e63b387c6847f6eccde532c300b74e6b04ab56da0208c2ecbd00ab1d5e48acced909db74b1aabf88e34d0d5928b89320f45200dc8 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\lt.pak
| MD5 | 20906aec4a21bcbb8bc8bab067075ba6 |
| SHA1 | 369da9c1567d4376852cebdb87cd9213dc4bd321 |
| SHA256 | a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58 |
| SHA512 | 8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\kn.pak
| MD5 | a11d186b8eec7362a280abec3859107f |
| SHA1 | 966065cc6f69c3a222751d2191a0efeb6049cbdd |
| SHA256 | a6ecf1dfe4d99f6ba0926c696b5b23b77d234fa8fd03da9825b074ecc640d508 |
| SHA512 | 099e73977453a5dca329b1d8a8cbc612dd2739bb3db034b7509af35877ede6ee12450875302ff3f9351fc7096b60be1b2d8ccbec89ace3145eb264f25946d46c |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\ja.pak
| MD5 | 412bef3ec11f53c2aa6511ca139b1f35 |
| SHA1 | 8b42655c2b62edc13c61a4625f55c961cefd1c49 |
| SHA256 | c5692ca739c31569ae2431fd58f1028e6c8c01af278b76656ee0bb65b79e9985 |
| SHA512 | 85760c2a0dd4404a2d41f0d957c9cf8962d6b80389df838cd2d85b6a31a54f4e50c5f19ee73d2ee66e3e61a8809aeb5b493e7170aceeef9bda53e135ae02bc42 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\it.pak
| MD5 | 591113bc491e5c388ee3876de4aab3a1 |
| SHA1 | a63c2a18eb92fd03445bd237a5755d557e1cb593 |
| SHA256 | 33652aae78a486dc3ce4e5affd1b7f72e1248f6f9f3e62188afe3b5d73bd148e |
| SHA512 | 66f1e79c9bf179f19942352258181858268a991b42d4a79747ca580df3fa219c2be71ab6597cec4ba7bd4c691a5e1328aa03a565b3eef442c6e2216f0d82653c |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\hu.pak
| MD5 | 2515bb367f56f282657b3dd3b9ffcbc3 |
| SHA1 | 8cc350e359f1cfefdf0ce3b016109dd483d45a8e |
| SHA256 | b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a |
| SHA512 | 779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\hr.pak
| MD5 | 1973723b9c45b9d971c97229e7a441cb |
| SHA1 | 2bfa4922bf2084486681af45cd7f7dedf95b2d66 |
| SHA256 | afed35643df24709c8c5cc9b8158b3d9a2266fbfeed132e98ff254ced4086c5f |
| SHA512 | 6a1f35435b01ab187cd93b376b76444dff575284632fbf37bf8b08e6cfe7783f985d0fad2425df3d3c332aad2278971412455a748e83c2d6fabd0f6afc3dc292 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\he.pak
| MD5 | ad6af80367f0b5d408bbe2c7b32ade48 |
| SHA1 | 9dd4e4e5a63e50e9d3715667b8149edd8d07a52c |
| SHA256 | 20b1c80f8b2bd5130a1fb372814fb9c9ceac15305da3da0cb29923960a94a934 |
| SHA512 | 95df5ce7f7885d0e72b2d89e1794a3796a1ab407fb27174219db22c668f74a8c3ba1f680cbf990be533c35ca0b2136b1917c0cb92d4556e3ff2ef3447c55efbf |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\gu.pak
| MD5 | e884bbc8ded4f5f059211fbbb85ed351 |
| SHA1 | 8f4ecb45ca73902791ff5e56e0b272252c08508e |
| SHA256 | 087e99953eef9b5fd736e3dbd98d702fdb01dc614593a4c575cb619159688118 |
| SHA512 | 50837daec40a2624097cf36dfd7beebba4db748fd9cc470bf71b526e612c1aa6c88ead7511ba751e370f6f5d28ad9d6338dcb3581d7e3d53e2672741915b952f |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\fr.pak
| MD5 | 79d945ef9b8ebc7d39fd03d05d9b2f27 |
| SHA1 | 6fbcb748515f97056689d4a747e4df3a830fe049 |
| SHA256 | 1f6cc56e04bcbd6b6ecbe500bcb0a5702551ec80d79e624642d0c7d9758d4424 |
| SHA512 | f1a26715ad9399052b664c71fb60b6eb6f965fa80d6d8d6c47e0b96ad0d4a4d2028c3e19dad49e008bbc29edc24e656777ce073da008d3f4dfdee4c8f2212a07 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\fi.pak
| MD5 | 6d7aaddb1365b3efee94d4c510a3002e |
| SHA1 | 2a970204894c5ac163c980ec0fac2dbd1711e5b5 |
| SHA256 | 11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274 |
| SHA512 | f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\et.pak
| MD5 | 3cad945e9ae6e31cfe66c89365e5d353 |
| SHA1 | 43758cb523d60d936b9a417123f337b8e123481c |
| SHA256 | ba4ec85d2306a1f1f178a017fef4d340b77b33e10bbee07bd359a8e0ff8ea461 |
| SHA512 | ac07e7f72b670a2e8b7a46a672fefedc58d9384d4773a6f220c231c619c1134613ff68c0ccb0dc9e03eb5f47dea7ac57de318af5f3f242d6be7ae43071e2d947 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\es.pak
| MD5 | f90d43351ffdc63bcef25bf634c1fd35 |
| SHA1 | f80df8034cb64df1ef62e586891275a74868ab6c |
| SHA256 | 0385e6776de5a0d8a3b30b7bad44308ac4cb04e2bcebd573d3c7938b68036573 |
| SHA512 | 7bfa70a5de14652063d261c28ffd3df89ea5e38877cc7977ab27f7280c48084a4ab1e5bdad0c2f624a7434a5d975feb9d8d221c010e24963d3c42921f5a36e65 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\en-US.pak
| MD5 | 5c52a86b21633b55b383c20f16859b2f |
| SHA1 | 126585e68cb17f241351004e21c1d30e65de1cf6 |
| SHA256 | 41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078 |
| SHA512 | 2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\locales\da.pak
| MD5 | 5f8f09aa98ec3a4c8122d64c5bc6610e |
| SHA1 | 08a6dfaa3a11d8c994da90460e78ce0a4fcfb644 |
| SHA256 | 3430c0f1946901dfa24190ca3989f72171ec564bc7c523853e6a1f531b61b5ee |
| SHA512 | 9c643eb6415cad6aca0584d62211aed5ed21a0f8d71ac4f692bd420a4a190a9781add7c874d0f56bb5c1c0f65d543d932d0f50caf127e8d014c05d015ae61ca3 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app-update.yml
| MD5 | 4dd45d9de32f1a1a9aaae5d05314e29c |
| SHA1 | 80e458fe95becbdbdc82b1c06c92ae4f3781f497 |
| SHA256 | f2063da30e10724592fa8e42767f066c34520c4fc8302b6647a1d2a0a039d71f |
| SHA512 | f5b0ade03d39d867ba3d7db972f999b92696beab9c20d1eb0440d3a0aaf66fc6459f0d6100f3ee8d9dbaacb5d6d78b8d3e0f8abcef8dd76f05719b7f896a7c40 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\@next\swc-win32-x64-msvc\package.json
| MD5 | 704b387859cdf10e134ba4c181773747 |
| SHA1 | 626f9cd6f668b8f310a4c11f331b96cb4289e44b |
| SHA256 | f6b59292c52960efe68cc3813a78bc505d80cae11d632006770059380173cd53 |
| SHA512 | 5416f7ac6d243bd04f32d5a776b596b94db1858cbf904357d8eb4733a22ddc94bcfbc116437e86799ccf402493212117f65289308f4ae16f3d39083693f9ae66 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\.prettierrc.json
| MD5 | e502800d651a7ef3ff58d918c68aa81a |
| SHA1 | c3b456549821510c5729648bfd93886491df1db8 |
| SHA256 | 37055c98043228133ffcc5cad7bba5ef6c8f24698a551cae547b90f51d22e519 |
| SHA512 | 9892bb44616c6c2761027562371e5c72a355ce1b519072ce5733ea1d4971ffb8c9b3e83f935a18120e0702aae644d07274ad4b09214459fc13679a8ed6051e7c |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\jsconfig.json
| MD5 | 21cfa078a36c66a3d1f4f2caf729fd56 |
| SHA1 | 8849b6bf237cf4464a4628f0c2e163e866dead8f |
| SHA256 | 87cd1d700216892ba7d388d04f42e373e1abda0b5d407c54a60e67b5dde48ab2 |
| SHA512 | 92f7960fe79d8e5813372d7a7833bf883c3dce6eddb083302314a2d9ff52d800178f8ddcbf071c169267b346dfbc5d59b1dc0f95a70671bd63453e56e18846d7 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\LICENSE
| MD5 | 9b54883148dfd5ff6b9f1a23f9470a30 |
| SHA1 | f062e421fa2d8f722e9ccb2b0b4be9502a7386ad |
| SHA256 | 0fa6b5d2902f7ac42db390dfd2cb3b4ce82ed45cb5ad5dea41c11d1d67e0934d |
| SHA512 | d2af503c12f0fda687293452af39f98f5c3987eb8a57cf12c47da5aed67c761349e5186c15371a96f5d490c140e8dd0d5e8bd6a6164139dde0562d6ee46db90b |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\package.json
| MD5 | d973ee4a6969bc5e14e93d99d4680c16 |
| SHA1 | 22ad20391ccb50fb6343931a1312751b2f7e049f |
| SHA256 | f0051785c8178f10c2b5ebe86edd6949eb9db7b293d9abbb51a857f7e62500aa |
| SHA512 | 2f8c64f04b3fe023d296899b16f6596f42cd69c1b8230c5bee561c18af6bbf44697966b45b50d718eff75cbffab37054a6de7b57bebc16b2d85a5a0e307dfa9d |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\nodemon.js
| MD5 | 30894042a167528293c057f833e7b6f2 |
| SHA1 | ec993fedf1f1a22c77b985c72d8b0074811ea680 |
| SHA256 | 9bb0e59dfd1cc00fc40bed0ccf10d88414d915d79875b9dee5c1d5009f4e89cf |
| SHA512 | 2b544b29e44e0471a9da5474209bc15cb81a44a38448a74a7a67f4ed3ca7d1926cef4b2b13d3269fb785a468d00f1cfc042d2a7d6b4d563725da65028e2df15f |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe
| MD5 | de5ecb14c8a2212beb309284b5a62aae |
| SHA1 | cf89d1cbd52f3183590b33bd6be591f95a6f5291 |
| SHA256 | d35c0d3af8f66984b1ead5cb56744049c1d71ef0791383250ad1086c0e21f865 |
| SHA512 | fea8a49538f5fd4cb8c262c1619f9f8e906edeef7d3c791bd3b85f032a0499aa5f18b4370a00e1f4dab9698e1958b042cab467103598f1bdaa583eb1fb918c07 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\authors.txt
| MD5 | b5c019895f49ad741cd49e6291aad090 |
| SHA1 | 03567a03c8346dd89516e2e03957bb674af91408 |
| SHA256 | e1e0dfdaaed1f025c106731aff67d664b849635cc6cd3b9b08674db8dbcbc5e7 |
| SHA512 | ff13c9416d29d9a3fe636e14fd63e5424129a6e72366c06b1bae3c5a06f60cbbf3520d868c492d472450e35e547881be93955b29eed63e66979592da576f8bef |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\config.txt
| MD5 | 73ea33e660552d101eca031a0baf6be3 |
| SHA1 | 3d3384db49a197a8a616a274598bc18a25ade114 |
| SHA256 | 032c4ca3b1814a39579d7a0a00154a3772d89aece9884d135fdef782f36e27c1 |
| SHA512 | c7b9a4bf4de7d13bb45b4db857511cb411a7927ee4db759af263905e01cfda8d95477d2e2d6ad6c51c9f301710e20ef64b54a4d15082f5054680da9cfbca1146 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\help.txt
| MD5 | 0034cf996f84911ff0646b717ae47ee4 |
| SHA1 | 5aeef8ef12d8023fe208c0492174a960e57c643e |
| SHA256 | d98c56a3cb9643b399fa04c422da35204dc91cd869c47019e9783fb4f7289adc |
| SHA512 | b1f174300ee58e16676ee8ccfae4e48794ed5412d89e0cc0d8a134ec055dfbdb596d0ab43ab376f46adbf76cf970210455bf46ed666839d69357d0ded8c057af |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\logo.txt
| MD5 | f55be3331bb0e69fc47994610da41ada |
| SHA1 | d8415b399bd3853ef658a5f2057812404598b5c2 |
| SHA256 | cb0c73fe1bc7676104d6a92ca91250cd562b7f37a564edc260de01a3fc636b6d |
| SHA512 | 505d427c6d0add618e0c54f8079e4303fee73e0ccd9c4edfa67b44660ce5d5deab4fac09601002f73cfd00f445640a69ce9fe9a39b8a0f3039b200f5bff058e7 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\options.txt
| MD5 | 016f8e569786ff8f5f6c321a735e2323 |
| SHA1 | b7a7a46bf03f4564d6e47fa55a4fc6b9be1e39fc |
| SHA256 | 3c8ec4fa239f82b2b9f427925ac2f75af2af9147eaecc706b1990540b95ae94b |
| SHA512 | 6b8372648371ea46ac98dc49ec93cb2efb9cc81f75e8ee7a5e1f0a01b7bf209ca92e07649c22630722370b1f254e956ea7ffe4be68d0f9ef419766f90dc80fe7 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\topics.txt
| MD5 | 57a5e0be8307585fffdbe867f0d047da |
| SHA1 | 0185976215d973431c6810571b21d6804bf64632 |
| SHA256 | 5f8f41620ccdc1d7298df4ab786abc7edcf049fa7e06fc69bb26b38cbd453643 |
| SHA512 | 4c05c95f21225be793051bf799255f6e021145e17ca384697877aa9dad66303d8bdb6e47751433eaf17b22dc766758cb799034a34e1e7851a8328a95b6784273 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\usage.txt
| MD5 | 1448d12c8524497e0abecc6089aa5a99 |
| SHA1 | 183f63e7726b128a36e247e6bb506ced31272e49 |
| SHA256 | 844e2d826c59dbd72ad383fe8a23b24373d83e9b184b437f7f04c42487cd5759 |
| SHA512 | e14e41721ee4bba6deeedcc5786a113042cd595024eb411ea7d874f282547c5943dbdf1eb7674d752ebbac16ac4e1c98149b957ed5cf3623e85a561a42354e45 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\whoami.txt
| MD5 | 5a53b8ff8c3670ff035f6490a24a0789 |
| SHA1 | e079a16d67475a83eea085058af0cd704da97393 |
| SHA256 | 4e7d19dfe1603ca93a0421b1abd4b19cfa5324ef458ff549809c5e66a2efc596 |
| SHA512 | e906ef44ff0273e4df3397ba719c173c87a9919b7f9d2580e2c3354fba22f69b0c0a020eb049d276934dbc66f497b279d15c135fa0e12e04acd39802fc5dfefe |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\index.js
| MD5 | 5250f6ffce08844c0f9f139fd707243c |
| SHA1 | b5646886daa1c00461042d1a35c1a83675f8c8ed |
| SHA256 | 95111d84575ab36b697d760e130d722daea3d322cf56612f2ae67c7b3e8cef19 |
| SHA512 | 49dc989edab7b4ce7477bbc5c678e1b1f4aca0f77e0ad6323d3c251164ed28b59f4d18d5b0280d53108b93e133eb2dab5469093ecbb2f1fe2bb32b758f59e729 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\nodemon.js
| MD5 | 392a1c2f9f7dec3e4f64bb738f21785d |
| SHA1 | 02d0364639bbc6483d727e5e24e6c6b39c8f0ae2 |
| SHA256 | 3bb0b111682da4977e265b0bc746cd57191e294e0c25bf667f129771897dace4 |
| SHA512 | 48b0517f41013b024dd5a674b88a9e53590113f664482b0420236babb9ecbf0428c40c9f708b204bcb1f2d59789ef6383641eb8efcc7a7ac506d4345c78358d6 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\spawn.js
| MD5 | ad2e1e41a1aaf8c0d0b622a27bc6bf9e |
| SHA1 | 139625411959345da513904bcb7d73d7c312b63d |
| SHA256 | 7804d7450f305b9142af45967be5c96f52be8350dba2a403f4bf79d5e092bc60 |
| SHA512 | e43ecd8af261ad4cbed89f549c18c18df9cfae6338c0719c1e5c06361c6cee4598d080ee32dfda56cc742e23fad5db56a842ef8511d9d5e2c28b7f7eb4eac091 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\version.js
| MD5 | 7232bc938db18583ac3447bebc844430 |
| SHA1 | 55051c267076fa3bd3764864ee77d4c41c4b3233 |
| SHA256 | 5071083e2e09969b2741a46cdedbbfcb2608fa35c1d1237e3bcf134749fb5ecd |
| SHA512 | 9167690b0ad72c815c3d8c7227ba8d3574acbab95236de0ddea28c73f6a2899dd700ef9083b06d2badad19c21659a93ab101ecc439a42292d2540ed8c2ff3c5e |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js
| MD5 | 05d07534c94e2d589bcc02e96e1b9503 |
| SHA1 | 3c3712ecff74a1099c4d65e4eefd9cf2e38f1119 |
| SHA256 | 5c5b008f28d9aa1d6f8c30a30de037b95b50141a20ad0f029d0d79bcd75caa4d |
| SHA512 | 7c7526f2b4e685cc7e20689ebe5abf7630b738d2d15ab7b5e94765e0e6f221492e9e029f715f5b3ac156d3d11ffd907e070d2d7f968b5f5fb401aa9c7ec84ea5 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js
| MD5 | 63db540f7184a372ac611fc3d7f21136 |
| SHA1 | 0b3a8e70600a6705297a532849b7470c34f8c19e |
| SHA256 | 93b9bbbc19e6f0456185d7c9e9ce11e994f41c01e46067959c5168bd345b0313 |
| SHA512 | 1f56bbc4856fbefd21f6de0738712157b91f1388a71a957c37444b617ee161885822b21fcf4e7efe14d5af54b9706d8181acbb286dbd7525c91a56b53dc391be |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js
| MD5 | 90c1aa9f031e818373c2f2f7ed6b9dbe |
| SHA1 | b6476cdfa45ab967436ba9bb32aac1d65e531a9f |
| SHA256 | 50f10478098f06b77a58b351a93bb8fe7a7572bfbfb3e6f0bf668460865da3a7 |
| SHA512 | 4ee766da766530bb372d8e04b058edd6b28ca5d77f603b175336e9b5e8f5c677e77e0ea4afc07a642c07c48e0c209716dbd9cef4f6ab97864a9ea51af2b49bbc |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js
| MD5 | 2e6f9c975170db8136c9ca5c5ecf2a0c |
| SHA1 | 404a2c64977cae3407aa138c23a2f841546f713d |
| SHA256 | 2b577f3fd8e3d03d64c1ee07ef13db89df04d0a9cf7b69ebf2c17041f7251104 |
| SHA512 | 15bfa9fad522ddc043383704cac725c8cc2b4565708b891e9e03d889237cd528ee4d347e54a983c801550856c2d1ac1269dcc127edfa6d63bf3d2aa0a19eb358 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js
| MD5 | efcab0a70d5e71fb513734cf92f2a201 |
| SHA1 | aa55660d5d6a38e2ea632d4de0640ad2b1b7fc5a |
| SHA256 | fcd713c63326ff75fc44afdcbd2bf63991c3c76169a26a2646defab46ce24155 |
| SHA512 | 260a468807d297c2fe85ce8341ae10be64a7833a8249f2932c6a93e6ade07438ca4bd26222326a1b0e3203ba0c80a6a6fb78e90015b667feda8f68538e1011ad |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js
| MD5 | ac3af2f96d2e824bc37e36e30cb35cad |
| SHA1 | d04e50eb9464ee715a940819ac7af1b612884bb4 |
| SHA256 | be155df5dbc29c88c67c936f2840d2bb3abd09981fdb6db6480d54beeb27e9fe |
| SHA512 | 060bc19e10d8b9cd959869866b4ac5e0739edd72ca1e61a230a5f3c735feda6fb75ae7a8ea13349013082bedbcd40e30219ca09ccfaad43571059a765bcaee8c |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js
| MD5 | 3379b8830f56cd13355114f157e57857 |
| SHA1 | cec1a9f2c8ca7f666cb4efc2f3eb99317ea59602 |
| SHA256 | 7329c732d39f8e884c0ec197e1133c536545bf4137417e6d664bbec962990e29 |
| SHA512 | 0690be21833aa598da0d7d20312ee8a2e2ecaf164981c94c3bb12036cea40a206e1b25e839209db78419d6262ae87e29a5c94f583ddd9b45e05bc5a107842d22 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\help\index.js
| MD5 | e47db45cd167c663151a07e6a3396427 |
| SHA1 | f3002a966b346ef937a47576d754787e4bddabff |
| SHA256 | 1c1678d18dc75f67bbfae8c92836543af6990bce6b1cf1ad3acfb52285dac393 |
| SHA512 | 3f8e10d09fcb527e1c1753d50c9bcef2b8fb70586f34e600c0d60ed27a295f077f380e1df2fdadc78b0d468a54f32a5351fb5c4cb638e3012c96358094d31dea |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\index.js
| MD5 | 532b43e5038c9f6a6d65d40ca44375f0 |
| SHA1 | c7fa3f4fbab77df0eee87d08d428cc06d18faf76 |
| SHA256 | cc16aeb163da6cc7746bf5ced2d11f1436e458c7ee803241e9a9fa1d107450fd |
| SHA512 | 809479d0b075c9bcb3eef6670cdd652a6caf39ec7f93f1d7dde0eee8a792d518238cfa9f78a2ec1a11ebbfeb00d2a117d25b198718af668c7f356bc3f93ebc1c |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\match.js
| MD5 | 65475ff22153cb7e1cdcd5322341c398 |
| SHA1 | c026de2f4276472496755344bea58e11e6b38748 |
| SHA256 | d09e469209e55541c8c67fa7ab25b7d4e051ce26d36f737c6264d4ade4b26d63 |
| SHA512 | 8010e71be183c4b1a02ced648f083be4c8e4be9ac474e1405d91d9925887b00fed0aa07d15b994846417a48ebf768c5402f5d0b004cf9107cb44149bac3da655 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\run.js
| MD5 | 47603d83844b08ba9fc39ac940d78f50 |
| SHA1 | 4b8dfa2ec30dbd1146a9908b10c858ecbd73521a |
| SHA256 | d93e994fddfcf6c7683976452a3d877a51e68f56ce2a49b821240c93cca86d13 |
| SHA512 | 52f33cfc03dda936f4641f1ef8b3f14659247053a701b8990f0713742fb90016ba5d51d1e1f44fde84dd883c92166e77e908d586c527858bd3c0a416b9c9d256 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\signals.js
| MD5 | 0b71010f098a8cbf8ea47a83a699693a |
| SHA1 | 456a713c6a78b49bbf6d613ff9cfc4bc9f01f589 |
| SHA256 | 5c16e2e5f7101eea3f13c19da7c7a9e6fa02f7d1098b170e71f07d14f915e394 |
| SHA512 | 95a382907ac465d95db0cc41055038e839ed9164d4010003c08e6ba4456c19b50158c908b8d287eea09a153e38fdcc7f9a8c0052f35eb069243628e0968750fb |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\watch.js
| MD5 | a0bccf8a21d0c4332643a758c666f725 |
| SHA1 | 1aa6968e927afd86a3f056126f31d2eb6420573f |
| SHA256 | efb0a3f37d9a6279614b29fdbca3f29c1a6d47f2d26067be1c86bb56fbaefcf1 |
| SHA512 | bf4dc9c5b4f3b0a01ca161feee0ed13e6f1db24b0a64bbf01b325d0a2788380516da7da7654ee983818f3e0684983302242fe790bbb384dcc126ac4c394c41b8 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\add.js
| MD5 | 4739ea852e85157f1ab60544ea5ce663 |
| SHA1 | d83c88f7f8bd7ec5d1b36f86009ac7eba9ca1bbb |
| SHA256 | 3cc60361f99b1080c66fce4d6ea0390a38c2a49e821e7f21dc43ed2fafa31277 |
| SHA512 | 780001095f33fe4a18fa06c3311f3505949dfa762da5f1c0c6665b5501190b6e6c45eb69633c99e02b8b59d01813abfce2baa611509f2a0e65364ccf71965bc6 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\index.js
| MD5 | 0691f1f2acabdb82da7d67e05479ca5a |
| SHA1 | dcff01be935756a732591d61fab8e64e530ddeee |
| SHA256 | 3e64a2a35a97e41ff8c073299f07c3754d99b0a6e7d42faef7dc02d61d67757f |
| SHA512 | 85ac8207410deba52d3b58fcf30e468ee46b1073544b61376b4b015e588a52973fefa192a027bfe8019b6cfedefc3c4c1cb4fb0ee88e7c2ef88da1c7ed0f9eb0 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\parse.js
| MD5 | 078e15305c8688746d2e6933d291babf |
| SHA1 | 80f0b4201c45af197cae63c9d93a88525cd5c5d3 |
| SHA256 | 9259995d8e1ca1737ff36cf4f97c80e55d812726ec4ead43b6c0829ce9679df9 |
| SHA512 | 83ea7a6d31845542cf03f4b27be92087e417ba5f995ec740824440ddf92932d3623576b7a1022ade20deeff2f1741d617e32dfeda52efb5fb85e9be28de27df6 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\bus.js
| MD5 | e469c4cef4116cf230f86394586c5775 |
| SHA1 | 8849ab04de5836797a3839989d4325906bea9dff |
| SHA256 | 8ebae78d8d75951b714acaa3e1a3d7f15b382a92b90c8040423e9866d97f1ad9 |
| SHA512 | 923ecfd5103fc6e266e53dbb1d35e11f4058893177fa00cc392a628524dcdbe616c90015a24e15b987f971c5eabe0e53a3b107878bc41bc73aacf1e370d660f2 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\clone.js
| MD5 | 9ef3c7b72b1d63f5e3a7975ff67bdfeb |
| SHA1 | a406bd661839b5efeff4929af9fcfa991e51be12 |
| SHA256 | 5062a7c87599935fec99e505f3f463c3e0872455da73f8c8054ce0788c513ba2 |
| SHA512 | eca4c0784695d43435573725f659409ec33a3acd3a5695665935439cca28122a6d8fdc1eaeb8ac6fbdb921893ad4226467777e8c35e3b9b0b672b2196f4e12d6 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\colour.js
| MD5 | a85f32c2180651cc03bb1f293271bfc4 |
| SHA1 | 0d04f9086ace00f08c628c1af25c728eab897d66 |
| SHA256 | a4969a552701982cd415005d5ce162f955cf26c205229d2f4c75ed4a75bceceb |
| SHA512 | b32f6f7c1bd75a3a23aa5f170e5356cbe1ba7eb031f6eced706aeff8c15d8b37fc771c29a82580a48a95c65334d8e41b0ddb551409164a43bff29def7277c89b |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\index.js
| MD5 | 2f2a9c006f17f892a78a9381932918c6 |
| SHA1 | 80905883f8b96a2265d60202f61de419e8c6d3e9 |
| SHA256 | c69735d5a8d259dbc87614ae268de4f6581fcadcf6f931dd20b36bc09c0a502c |
| SHA512 | 702966aebbf2a8f98a89da8640a3e0f610fdbd063a19bd4c7ce2097dff7ca1d49a2c8040885ca3b31f85662e6a8b86769ea9224e8f64a03bcd0bdcfb71873b35 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\log.js
| MD5 | fa4ca8a08fd35bba58f2af0f046320e7 |
| SHA1 | 5f672b1e8d504a468b7946514e854425fe938d29 |
| SHA256 | dabbcccb1bf0089d96ce9592a575cb64139926d6b899091c1dbd37632e9269c4 |
| SHA512 | 70cdae1e1983fc7bed3bee24f50196ec281752e7567d5c4d5aa2859172141422f3eb6a7ffe9165c408d5e3354d7c139fd90382c73f7ac0de16a5840221dee399 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\merge.js
| MD5 | b5932e306173a01da5d3f814bedcf4b8 |
| SHA1 | d3ffa9ab328864682cbf2f5e9c5e5f6437d92541 |
| SHA256 | c4598a00e91b93b7964bb874e8ceed6d614436335a7fd81aff7f504499e210dd |
| SHA512 | cf565fea7c0b2453b8276fc25b5e0b546b0ef79eebdea4022aedcfdeb7866687c925d95cb4d56de413d53db51d03168b8302383ca9f8b04c3b5e501fd3be0fab |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js
| MD5 | 927d799c0c996a865d11a78f04198211 |
| SHA1 | f5898b61159f1f56ebd3cd439b498a177d413c0a |
| SHA256 | 7f69b31efa09c6e7d442d6229e82e65f38faeafeda1fbed7c5e54324aff062e6 |
| SHA512 | 97e1061700f32af28dbc946e2f3be0358234689f9d3482b37429dc28697516916cf1ff6c7891a29b835cdd775705f432ff7f437bb67ba87d7ae81d62453407b2 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js
| MD5 | e5053e64fdc67009804a42cc8baebf90 |
| SHA1 | 8814ef33fe018ed0a1817e77c7ed7ddb16076137 |
| SHA256 | 5e591255fa35fb3650502e648ff51d6d7c7e57ada312bd33058da03cc412efb3 |
| SHA512 | 60f941a6814dc3efea6a65c6dced552d4248273e1ce57222b428f813e0ab655d13546a0951ad3c0b22adffc7fc40542d7667ce70d315052308ea0fa1195526f5 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE
| MD5 | 216384c4c084ff996a55be20cbd26ef3 |
| SHA1 | 0510d5fdf8e7bf002b8396958f2240222dbb2a5a |
| SHA256 | fe0982bd7d38ee4cb08b2f111067bdeedb9732a6621c761bcf7dd01aa6211c5a |
| SHA512 | eed68402c44f099b181ebbf43ff7efd1dcf6791f7f35f6d386d66202bae0da6e7f0108fe9c3d62af0f69989d92286fd0c307d2192db0113b9fc857746dd01abe |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json
| MD5 | 2ac7232223dd7c39ae2e82220d9a767d |
| SHA1 | cacf598ea739460d281587549421ce95546b3048 |
| SHA256 | 0f49b6c0282be08a5dba3e98024401a921167974a516b630ce9f9a9f2301df08 |
| SHA512 | 249f93debdc2f2aabc8a1d977f2c1a9a54cbc0e3580e4dae06a1193ff83c801518a7cfb7919f98c3b943eea7c7b99d85c8148292b0b96b3bce4788277b956b56 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js
| MD5 | 92a4c6dc39d38ac078ec80977508feac |
| SHA1 | edc8d81988e99c77105abb1455ea224fde97d212 |
| SHA256 | c12583530edc83dcc7cacef4a428eaefa84c10bfe4b62c0c9707de015e338859 |
| SHA512 | 3833af1f274d3bb89776a8dc6b9ff015f5d219ebec47f5e98bf88670e523517ad8a493b0959dd41dd6e658c230335338325e8c2befea61f2f22f8e83822ccab2 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE
| MD5 | 7cb552557240a921e34ad313a224d17d |
| SHA1 | 92ad1627269adefd696ac5a67131e4af575a2cfb |
| SHA256 | 7d355d1a2324c2073059ffe7ea4d96852c873e718bcc197374440dc3efc3f7ba |
| SHA512 | b4bf90a3cd77805fc149a4112f822ee47b4f13404ee92455ecab9dd12d796ffe81d664bf21042ae3ad6419abf6a9de6df231328be6bd8ca2426e3432d456921e |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h
| MD5 | 349864c2d1fbc9c7788cdf95c541ff52 |
| SHA1 | fa968f5bd6560675c26078de4e7d52b454c778f7 |
| SHA256 | 7340eea1def3c1d832a6f40c5022725f1704a783f7f992b71d5f3ba2dcaeb34c |
| SHA512 | 5e1910c23dc08e79199fc80ab8e0c7b300e2e1bd2678d0d9171a73d8f328adbd32021146e5e43485f64f25fcc6bd8413ce1ce3846afd7fcf49ffe3a04d0efbf6 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h
| MD5 | a5a0f8294daad33a66bf30c329157a2d |
| SHA1 | 02b5d7fab93d942033fe9ae2620d1a2363914469 |
| SHA256 | 4955fbf455cc29d63f5dc777d3aa5172d6e1e6df221a33808a913bdebf5a1277 |
| SHA512 | f583116ada3f281c208a98d053fe6b580187d6922e2ceae69917770a46f56c16444267172db2cb0bdef3b8012088706ba1a2203631f9ff79d2814714b25fa78b |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node
| MD5 | 8a50b5876633dd9bb73612fea622a521 |
| SHA1 | 27fb94a39849fe6ba1ce7b983c0d9e4ca4e62ae8 |
| SHA256 | 053c3100121939dfa1fb936718c6088e4490e72faa3c713310b556ea90155278 |
| SHA512 | 958d901f7c72773a2f9439842f422048a8cfa941ef943f5f9e61c5e9d48b4d9ebbbaf72acb2a07138ae66f925b46dd98717656a58719902d417a14ba1e5aacaf |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node
| MD5 | 0b3ffb5b756beae28d8d9da67c288283 |
| SHA1 | 7c2a0be0a5ab1b936c4752254927f5ed066abe5a |
| SHA256 | 462e527de86494f96ed0d42a80c261e46bb57352e86d6175607186c1dcdfc7b0 |
| SHA512 | a1568e7d02bd34992236c587cd77404e4cc9c25011a075dc0cbe52b59ae254eea65cc31ee7fdf26898386e370a752df8bbb2ce70592244d6f24b10d39f9f7854 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h
| MD5 | 6f621ba192a6fe2228ef9965757f0bc9 |
| SHA1 | e3625cddde946f5ea21e4c00be95cad214da4016 |
| SHA256 | 2b561b980e0a01191a6c7cc1cf94c8d5c061f9f299ea256f1e7ca17250ae08bb |
| SHA512 | ab90bc30f2c23a3032334d30294aa02007e0db180c82c6c8f0d84781203be7c342134cc17bb2ac0c7bd89c1e5902c852afb2d09b0c7d4dba27f5101577491f4f |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\node_modules\language-server\en-us.json
| MD5 | de2ac61fe7207c1b2f304b05fae4e39f |
| SHA1 | 72a4623fde7103eebcff4a55ccb8eb6acf6bbee8 |
| SHA256 | c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647 |
| SHA512 | 4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8 |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\node_modules\language-server\globalTypes.d.luau
| MD5 | 6fb690ee838bebdf6591733bdaf632e5 |
| SHA1 | 658ccef6ada0551d661d78706266ff6ad2797858 |
| SHA256 | ae99b7b676e4becb10e6a9b77229e99bdd60e5a91d2e6bbb141c85721962313f |
| SHA512 | 7218ebc8c64a7bbec231989ac7d2221be63f29302f6f16bfc0bd67ed5e9c5ddfcb50ae781f6ef73a3d891a70ca73ecc62bbbe6c5a4a218225b24c0d19c7737ff |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\node_modules\language-server\wave-luau.exe
| MD5 | 12fd29fcaf6f6518b8bf9e976928fa38 |
| SHA1 | 1f9352e217518eaceefdd041e3f085ffbb93acb0 |
| SHA256 | d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4 |
| SHA512 | b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b |
C:\Users\Admin\AppData\Local\Temp\nsoC469.tmp\7z-out\resources\node_modules\language-server\wave.d.luau
| MD5 | 7e477f85c45cfca5731e0e45ca63f8d5 |
| SHA1 | 35390d8d2c0dd00e3c60dd6fd7f1727e36874566 |
| SHA256 | e58e8b24642a8693b1b1ebad703a7efab1cece9a1b12dcf353c4b4432f23062d |
| SHA512 | dd3d9b149dffd31ba4e94b9c84ed0fda1fb67f1f7d633900688cc9e4e40c26f55048c1730f205e5c22b5030362683f0abce86033816f1e089c3b67cc3853ca70 |
\Users\Admin\AppData\Local\Temp\nsoC469.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
memory/2368-973-0x0000000002B50000-0x0000000002B52000-memory.dmp
Analysis: behavioral12
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
161s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe9c646f8,0x7ffbe9c64708,0x7ffbe9c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15842381949894162506,9754166510492311002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15842381949894162506,9754166510492311002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15842381949894162506,9754166510492311002,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15842381949894162506,9754166510492311002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15842381949894162506,9754166510492311002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15842381949894162506,9754166510492311002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15842381949894162506,9754166510492311002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15842381949894162506,9754166510492311002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15842381949894162506,9754166510492311002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15842381949894162506,9754166510492311002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15842381949894162506,9754166510492311002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15842381949894162506,9754166510492311002,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3776 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
\??\pipe\LOCAL\crashpad_1836_RUKFAFVKOXEFXZPV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 428204e6371c122d7f105d9a61d09cc4 |
| SHA1 | b03b476bdde7b04deabd5797ddf06ce742ac3329 |
| SHA256 | d24700dc6db1f4ee24855b756a4c310315956b2eba2b83e50d8f4e5e767654e8 |
| SHA512 | ce9f2f4dadd5c35515c3cfb2390bc3c380f86b4bab6f19c4b039e5ca22ef109ff57978f32db972bd6a18ba76077ed3dad11da76189a1da6023d63d9a96f439d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9ddae28676ad49be081fdc110c81c464 |
| SHA1 | 829905449692a14c033198e8a2365f588f90955e |
| SHA256 | 2b6d25d901330ee1bf1f42e25220031fd9a6d6159328d37a86857620f015ed3b |
| SHA512 | acb236f561a0b1878ad75747d5ef763bb7333de4cfce3edc9022532a40900a4a62d5b2d0a126212a3b8cead237dd09471c66175abffbd3d76646ed7729ad3d7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c9aa541e6e47f04eaec15752cc3e5ee |
| SHA1 | 9012a9dc1444250235cc1296cce6b8877dba9fbe |
| SHA256 | fa30d384edf988a1e9b5187a0e70a93930e70fc8ccf4f692125807792e81139c |
| SHA512 | 004f662bcc7d2514382daf27bf9abe21b70942b6ffe0ca16cba3d92c495d9e8261ba6af124f32cbfbfd59a38dd3c70cf347b675033d67773a32155555a6227dc |
Analysis: behavioral15
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:55
Platform
debian9-mipsbe-20240611-en
Max time kernel
0s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
| Description | Indicator | Process | Target |
| N/A | N/A | /sbin/node | N/A |
| N/A | N/A | /bin/node | N/A |
| N/A | N/A | /usr/local/sbin/node | N/A |
| N/A | N/A | /usr/local/bin/node | N/A |
| N/A | N/A | /usr/sbin/node | N/A |
| N/A | N/A | /usr/bin/node | N/A |
Processes
/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js
[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/local/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/local/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:53
Platform
win7-20241023-en
Max time kernel
121s
Max time network
135s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:53
Platform
win10v2004-20241007-en
Max time kernel
140s
Max time network
156s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win7-20240903-en
Max time kernel
118s
Max time network
130s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win10v2004-20241007-en
Max time kernel
135s
Max time network
160s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win10v2004-20241007-en
Max time kernel
134s
Max time network
154s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1424 wrote to memory of 3476 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1424 wrote to memory of 3476 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1424 wrote to memory of 3476 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3476 -ip 3476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:53
Platform
win7-20240708-en
Max time kernel
117s
Max time network
138s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000643d91c29ce9fe4793d5fd5accd43d4f00000000020000000000106600000001000020000000fbeae1fcba155d832847767943d3a09c2b0783a8fa3768d59655d28f39905ee4000000000e80000000020000200000009f804d39b81db4788666afe61637ebe9aac227ed688fc6f9e9ba25b9bbb498b8200000001a20c9c75bf5a4a3b1c518e915e1e7bdb64e394ec137e3522cc2b07db306209e400000007590d1bd0b2f663ca863b8119ac40b2d3eb2c225ce7848011a1fef2eceea4ac1dbbc0ab6a6bca3dec4287e285660513d5d99dd35ba6349015cda2647d8738e15 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E97E4A31-94B5-11EF-9452-E2BC28E7E786} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 407979bec228db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000643d91c29ce9fe4793d5fd5accd43d4f00000000020000000000106600000001000020000000cd119b692aae68a4e66a1fcb057f050c3ddf88d7df203c1b5af26b5787a74a62000000000e80000000020000200000007d6760a1f61689fd6507435cae63c8387b5b88b841b6564155d905f7e54b60ff9000000065b3580ca1c096eaf5dfb157877b3157ee491396756f36188e08ba360d1bd7b4f6624ad1aa48066022b8815772002a437ad50e5ac6dfccb9a53b29626cd0fb88d6ac9d11faefa324552d1e0c3764a369263d4ae21dd48e5843d64b1bedcf2600bdcc098631a7ef9bba7e438da3518cd9d7ed260b399c1f2524faa35e16f17435cd10e90e4303ac55fa1ed1479b42b34e4000000036edc0f1d6ff7d16de14dc41477d2fa9ca70c3d9271fb75225e5dde5edca53b03b385dcbbfcba572e0194f37dd53ed05eed7518c983298026d79f4f1f5bf2d26 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436231317" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2100 wrote to memory of 2840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2100 wrote to memory of 2840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2100 wrote to memory of 2840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2100 wrote to memory of 2840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabFEEB.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarFF8A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33e3ba53e58933d5015b350342c80832 |
| SHA1 | d6a1220177df6f6cbdd3119601531bb0920bb1a1 |
| SHA256 | 7b5d7e53322f39092505f2c7d59288c61ab797c22bc40de0f0eeb2d6b477ecfb |
| SHA512 | e2c1e7748252c9bd46aff426e2062dc583c11376195b81c62a2eb152cbb4baa7dde5ca2cfee31d0334c35413d36d264e44979e6585305d8982bc3b35ce084a14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76e0d61adbc6aaf388998773a71baaf5 |
| SHA1 | 93b6da98ba2c7723869450c858a121bf97491454 |
| SHA256 | 0301df14b13ae5dd4bf6477d3a36afb8ea8c8e15cd0c877af8abd7d201347307 |
| SHA512 | 069a5c9cbb5598d13c143b9fb5d82de63c250f4c395f57690e60fa7dc73a69e6516ba864df77f4c44537c259900c09c9cdaf02476f32ed7464270e73731af66f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7a70b1a75347b6ec79c4f466f81bfb6 |
| SHA1 | 8e067121f962ba79bd9ff8a0262c3e34246564e7 |
| SHA256 | 16d3cb30afd0b55a2680540d9c681e17ef5bc4298d1982ab591434b2acd56281 |
| SHA512 | 04e998d4f14260b0c0b37f5e61bdac3d4a27001103401e2c1f181acdb4073a4e4fe7fdb77a6ade6c4d6283c72e08e45655f8ce4d393c33e52b7feea1d58baa34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0df5f5f1ae18b05dff26d6147d0fe6c |
| SHA1 | 5e1167d405285424553ba02470c430e9d6cdcaf4 |
| SHA256 | 339cefa27b17aa1a09633888ab8e0007d23ac7eb4202341064f51e70a6501167 |
| SHA512 | cb9e61559d1ec13975bda5057800db48ff11ec04f9c47344172fcf449b73606abfa4ecda6ec4bec934aaf7ce1c80c2c33616cda008cbdbecb4ae14a0d01f61fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ec99e1749f4ca94a8e68541164ce48f |
| SHA1 | 08c448b61ff7998e21aeb7f46555e9177fbaaf2c |
| SHA256 | f8cfa3c69db38b4ba7ff6b62d0abc2a0db813e3d29b9be46a20849f7328ef373 |
| SHA512 | 69690e118486feb57f28582f3d1659fc464a156b3ef5ee5bc77be17f4ee33280269911071206ce579abccf1a8bbb1ceaf2d5b1210bfda1de72ebcb4923eae079 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d86c83ceadfc1e905ca77bcca401ee1 |
| SHA1 | f090544944f3d11dae8bc3dadd63891a6d7e69d6 |
| SHA256 | 60560ff5bec9ad3901a1b463c515138863035eed98be8c9a1b0cb661cc058415 |
| SHA512 | 17ab35da3affbaccabca76e4a2d9e9a7a554ee3f2aa3c5bf3418efac786c0ce494dbcf366a34d74ce732edcf4c89d72563f3bc1d1520a10f5ae5a64634c581d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40711da7886e11d2d47e1cd125cb22af |
| SHA1 | 0c9643119a0e7bea1723ea84a47a701eecc80e07 |
| SHA256 | 046d85534f85e7a9ed7b765a388ba314f29e45a32200a56e0a35133444e413f5 |
| SHA512 | 2268901076465fc81b8c5a3c91d9957dbd2225bd0e64bfa6d731ad6ac38086d3ffd27d1bc74a9ae461293c81baf9c5083ce4947097f7eeaf6b54d0cf4336b923 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a37105a37e1cb109a4dd5ff41a7089f |
| SHA1 | 38f6a2759bfeb4b8ce6f301219b1f36660abbf1b |
| SHA256 | 0e5fda0406fe56d9b4de0904ca8acdf3de006a59d20f5d41e6523ab165460338 |
| SHA512 | e8caee02e74714c4bb41a242dbbbd96cd6e502bc6fa58be1074a83d0f9df0dcee45dddeda182b3825e59fc72165e8461136b4347862a6a9a30748b8f8e3e0b0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7abe65aac718bae09557475a727bdb3a |
| SHA1 | c3e351c94a06059fc3425c6cba861c58b705841a |
| SHA256 | d4caf7c1bb49e311bd096fee229dc052da522ea974de2742dd8cb2b284da7dd4 |
| SHA512 | cd545ba61e3d48671210edfb34a323553b2c112bf09d5d1643be0cb4b43bcfda77d0d71200f7f87a7633f9efcc1adf5e608c0802e94ca1b295d4359d2127d76b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb27bb92036b946a3d6eb0271dc6501e |
| SHA1 | d90719f763bbd26d5b5996028e6dae3a7ed5f7da |
| SHA256 | bcb4f13a16d3359740843b3b5759b62ba64a10e33b298a801258a45092094aff |
| SHA512 | b646dc749f3f46074ad75588f928708bd365b72ebeb4a236cdf24762c50c77b9bf4f2d736b8f9c78e3e45b71fdacdea9e3e3287b96841f776d0f1046fa2c71c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a60127519dc057df432639cfad0ca16 |
| SHA1 | b337fb0d76154bd7b05fce02faedbd8c7bf6446c |
| SHA256 | 9b8b109ea21a50518612e8f41f01eccabb549bb92d2a8fb553cebcce7f5501d1 |
| SHA512 | 4ae24c1eb50c64d00738bc279cdefc2282615ec7f1cf2c915191a969e36c11d1ac46c7dfde5c50f520ea60ebf25c477629c3a3f499c0c3ef8fdee3e8711eb9a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eced8fc56d40c6f4f196d0225dc033cb |
| SHA1 | a71cf4ce8431de651371463e6798c44fa34615df |
| SHA256 | 3cb551ab531445ecc6ce9dbcaac1774f0900861c2492626f7b3451cc935306f8 |
| SHA512 | 2b1c4b524acc41004ebacbfca1821f186440b4f6cefbe6ef830e1c21154960e7020baec4aecd695c491deb93db89b897bd21b4df6bf41eb4c6c635e3729bf4c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 555f086e2d0bccd5cf18908432f67d2e |
| SHA1 | f5d1ec0a66f267023e4d3de8744a8a61c10647ba |
| SHA256 | b5c06005f63105ea852e957ac4e55fa707f203cf43a122dad9fc1e182431a421 |
| SHA512 | a61d2645083e0c5d87073bd5261831dedf37a2d0f6aff59f1b75f63ea1b8bc830fa400077794b0ee1dd5bffb7d47dfd2650ad29f69818bfdaafc30b101c94d2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70fc324eb12ee988e6f96ab15bb4e6a8 |
| SHA1 | 73a4b72c924162248f7d1c225ac71540e7f5b403 |
| SHA256 | 4db5e3b5f930e7ae5b3458807aa68ace01e174947bb36ee68a629db6781f2a01 |
| SHA512 | 24ca08d258eb28d3dd9f5ebc141263503d410ea9f09d7e345249c3d991c54c712b9acd97a39ccaddb875f1dde8770e7ccad1450a3b06f92aa08fc61191b92a4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a3b0daffc4418b2ef9f1604363fd87f |
| SHA1 | 71b1fc0183c089125662ea1d2b99ef4360090311 |
| SHA256 | 6d605c9b6153a1ff33ef9a2dcecffcb8cc20aeb0fedcbabdc0360c7f49f3a8ee |
| SHA512 | 3126a8e5228c0409907a4aecb632c08bade719ffa14e1fa36d03a7faa8ae6097fcf616e60e646f0d36faf2b7c41dc73d083bc1b8f151b9e3c039ec275b444961 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da5cb8e2b91928ba4b9422b64bb8ee2a |
| SHA1 | fdbfe452d8b347a96e7479c93df3bd33372df268 |
| SHA256 | 4e075f7debf75eeb2b58dc0054886fd00e84541b440b83987c985291f3bd578e |
| SHA512 | b192d3c16830b13be80003d0d3d49b57660caf44a0caa698545119872e9ee2b97e7d22f9d62a2ce810ccaf01c41754e93e76aa1dd858a18727e1040e85e7911c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ff68636d8c4c65c92fa1d3845fffe86 |
| SHA1 | 8e175e4a637b7bebd403cfec98262ab2c3c05cce |
| SHA256 | 91180497fe3a8a6aacf253d48e8d4c360ffa7a285d59ea2587d8ceb11b42f7e1 |
| SHA512 | 670459a8d91774f6762e68a0e0a947ceb86c04b2e273821fa635295bff10d85d81155850d58a6b7bdcde3842ff75b10558ca874f655924bae587abc4b9e5e1bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4083ca1f02a2b35be273eaa4429524ae |
| SHA1 | eb3c971bdd2535f51b22fb1f6b10419e1558d4fe |
| SHA256 | 659a02d8d5303b9daf5ea21d80b89eadb9e4c273d65e36734491604edc1efc7f |
| SHA512 | a0bcd9a9363a70e273887016ed3228f7bedb0f3dbcfa9ee4d3d2432b0d3cfa8dc589cdbaa2c34ddedb85941081fd6445261f6075cde7002463f25e0e27d635a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94a3ee9dc02824021874e6cd4b9e6046 |
| SHA1 | 353cabe35a2d2774fddc343287a6862f377e7062 |
| SHA256 | 4910b01e129eeabba11e0698ae98794a5f86921ae85f46ad7d2b0b637e38b7b3 |
| SHA512 | d59cb551906bc919ff057fb7d77c06eb843504d9d40c27e45994030be5d41c03d4d0534551ead015134a1b2176b43238c3f3d59eaacb4c132bfba7fd542cc25e |
Analysis: behavioral18
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win10v2004-20241007-en
Max time kernel
133s
Max time network
149s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe
"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:53
Platform
win7-20240903-en
Max time kernel
122s
Max time network
134s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:53
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
109s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/node | N/A |
| N/A | N/A | /usr/local/sbin/node | N/A |
| N/A | N/A | /usr/local/bin/node | N/A |
| N/A | N/A | /usr/sbin/node | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js
[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/local/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/local/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.3:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win7-20240903-en
Max time kernel
121s
Max time network
132s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:53
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
159s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:54
Platform
debian9-armhf-20240611-en
Max time kernel
2s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/node | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/node | N/A |
Command and Scripting Interpreter: JavaScript
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/local/bin/node | N/A |
| N/A | N/A | /usr/sbin/node | N/A |
| N/A | N/A | /usr/bin/node | N/A |
| N/A | N/A | /usr/local/sbin/node | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js
[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/local/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/local/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:56
Platform
debian9-mipsel-20240226-en
Max time kernel
1s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/local/sbin/node | N/A |
| N/A | N/A | /usr/local/bin/node | N/A |
| N/A | N/A | /usr/sbin/node | N/A |
| N/A | N/A | /usr/bin/node | N/A |
| N/A | N/A | /sbin/node | N/A |
| N/A | N/A | /bin/node | N/A |
Processes
/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js
[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/local/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/local/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/usr/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/sbin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
/bin/node
[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win10v2004-20241007-en
Max time kernel
143s
Max time network
159s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:53
Platform
win7-20240903-en
Max time kernel
121s
Max time network
135s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:53
Platform
win7-20240903-en
Max time kernel
120s
Max time network
132s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
Loads dropped DLL
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\KasperskyLab | C:\Windows\system32\reg.exe | N/A |
Checks installed software on the system
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv
C:\Windows\SysWOW64\find.exe
"C:\Windows\system32\find.exe" "Wave.exe"
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,17924147911313887283,13392484860789430194,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1752 /prefetch:2
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --field-trial-handle=2164,i,17924147911313887283,13392484860789430194,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2056 /prefetch:3
C:\Windows\system32\fsutil.exe
fsutil dirty query C:
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2980,i,17924147911313887283,13392484860789430194,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2976 /prefetch:1
C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe
C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\en-us.json
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session
C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe
C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2844,i,17924147911313887283,13392484860789430194,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1176 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.getwave.gg | udp |
| US | 8.8.8.8:53 | cdn.getwave.gg | udp |
| US | 104.26.2.170:443 | cdn.getwave.gg | tcp |
| US | 8.8.8.8:53 | 170.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | scriptblox.com | udp |
| US | 104.26.11.174:443 | scriptblox.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 2.18.190.78:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 174.11.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | cdn.getwave.gg | udp |
| US | 172.67.73.56:443 | cdn.getwave.gg | tcp |
| US | 8.8.8.8:53 | 56.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\chrome_200_percent.pak
| MD5 | e9c1423fe5d139a4c88ba8b107573536 |
| SHA1 | 46d3efe892044761f19844c4c4b8f9576f9ca43e |
| SHA256 | 2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa |
| SHA512 | abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4 |
C:\Users\Admin\AppData\Local\Programs\Wave\chrome_100_percent.pak
| MD5 | cb4f128469cd84711ed1c9c02212c7a8 |
| SHA1 | 8ae60303be80b74163d5c4132de4a465a1eafc52 |
| SHA256 | 7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3 |
| SHA512 | 0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\d3dcompiler_47.dll
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\ffmpeg.dll
| MD5 | 9691e33909895bfb5bb0355b6f439c81 |
| SHA1 | 7fca2dfcb9aca4ed92c644e8f7ceb98f87116a52 |
| SHA256 | 223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7 |
| SHA512 | 9ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\libEGL.dll
| MD5 | 09d3bc8a5c6104d78566cd6e51c5a6a8 |
| SHA1 | d1db4f83bad27dc0caf75f77d510f2eb62dd84c4 |
| SHA256 | 1307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85 |
| SHA512 | 198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\icudtl.dat
| MD5 | ffd67c1e24cb35dc109a24024b1ba7ec |
| SHA1 | 99f545bc396878c7a53e98a79017d9531af7c1f5 |
| SHA256 | 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92 |
| SHA512 | e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\LICENSES.chromium.html
| MD5 | ae174699b663bd90d8d06c68c6952477 |
| SHA1 | 8c76eda61d320779909adc541593b8e26b24815a |
| SHA256 | c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18 |
| SHA512 | 3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\libGLESv2.dll
| MD5 | 02374701c3dc3b26088763fd3cc11bc9 |
| SHA1 | 84e582496c53ce139d9efd219b762ad38a50d011 |
| SHA256 | 8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41 |
| SHA512 | 09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\snapshot_blob.bin
| MD5 | 62b9e00c46ed829e06d0c2494aa994af |
| SHA1 | 988882632b95bb78d80db60e4787c576e48338e4 |
| SHA256 | 22a46de643045805a3e588f9a18ebaa377f9fba3dee46b2d60f3ae300a09cc4e |
| SHA512 | 03b7c57782923ca3a011fcb85f74e865bb7ff9976c89152758770be3bd3d40684ebd216fe34f0d0050936b536c8bab5eafcaa35fc26e893d30a108e36687876f |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources.pak
| MD5 | 3a87e8d6dc2d7dab0c3c37fe4a74308d |
| SHA1 | 5ddd587a6541e034203f24ee329796dfa316656f |
| SHA256 | 61216fee0360053988d5be52ab626c89173c86da1cf0b5a697bc32944282fe14 |
| SHA512 | 7ba1bc093f25cec2539fb462084cb1fc32b17841f79be95679c90f4c735772d1dbe652471e52f4be254b10e650d31e3460ebebc82d89efa6a9ef801e5d98ea6b |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\v8_context_snapshot.bin
| MD5 | a62fbbb671bf975ed46b42d9cf437bcd |
| SHA1 | 408b595b1dc6658533e0db1d35f509ab9ee70525 |
| SHA256 | a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae |
| SHA512 | 87c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\vk_swiftshader.dll
| MD5 | 337b0322f328251f01bd0fda8948217f |
| SHA1 | 6e59fb5df7773c8668e8f18755e62b532a9071c3 |
| SHA256 | 11f24457eb9af084eb845780f3fdc1989605766c2749fce6fb003dd988d5ff65 |
| SHA512 | 3540b2f5df1f20b5cbb6e61caa005fe7da5d1cfbe58f639ae0c40f6a4e7a9d8786f3db4691dfee9a001a2a87ac7b0bf39b7f308c14f809874a89f86b18ff8fbc |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\vulkan-1.dll
| MD5 | 6db4abe9370ef778e93cfc6bd6dbd292 |
| SHA1 | 0d7bd9d21524780b6f8904a82c3ce09ae5d03f97 |
| SHA256 | 52bf439424759a84cdcb6d379ed88582a6d6ba58127c44adf1b8379f0e88e5ec |
| SHA512 | 1ec07916d82d78243d9a144db3e947c95ca92fce1350708484c45fca2f953bb76728889b8d9a02c041849bcf005f998804d7066a90359fa180d94c237d014317 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\af.pak
| MD5 | e48860fe82ef022ffab38cbc4c96dffc |
| SHA1 | a832fa66bfddabf3ae7f219cf379f66d2903162a |
| SHA256 | e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13 |
| SHA512 | e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\am.pak
| MD5 | d6e8c344b2b40a9c671304f6f252d51b |
| SHA1 | c59ddcaad921b6d2d3f70b7ab07026c35e5d1e08 |
| SHA256 | 4e15946e86a578eeff41feda808bb291d81e240fbdfc96cbe2efe692ad35eef5 |
| SHA512 | 018ce2bf4beb4ce066703b2ac7413c6517759be68f889f27990de5d6694e9f84b4027f9861901ea4b15abdd1bb570e5a16651c935713feafc4d16cd57be0b911 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\ca.pak
| MD5 | 7474c8e0c3285b97f1f12792964b6824 |
| SHA1 | 8b9381be0754fc3df2f4f13f8575bd4abab90e9d |
| SHA256 | b3d5dfae25427596b1f14a8e13d6bcb58532c82554229c2367779ff5c42b28bb |
| SHA512 | 4ad524fd530bfc72d72edf04ba4890e06ca0a20cc1d5c2c3d95cda746b1d884a62ec2d4463ad7be9cd01c7529b41bef65f9e669c62719808a83d3c70f9475d43 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\bn.pak
| MD5 | 57eab375114893a5ed0de36a516e8252 |
| SHA1 | 16f23ab3eb62bc7a2525a7a5d86139fa88670b89 |
| SHA256 | 1aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587 |
| SHA512 | 895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\bg.pak
| MD5 | e6608ecc589e87a6f78f9ce553ec2609 |
| SHA1 | 9fdb2ff6291549df773ba243b3a92b984b15bdf6 |
| SHA256 | 97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768 |
| SHA512 | 25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\ar.pak
| MD5 | f6ca56d15814dd5afd5e7ff985257880 |
| SHA1 | ef236d7027cb50a188c1e771527e6628702311ea |
| SHA256 | 5cc02570e5f61cbca791309985df3a29584e41583b3344f1d9fb6b04ce423e6f |
| SHA512 | 46c0436c110d6f1a8f3ebe962226c51af525228262cd56744e4d89aeb05d1eda614801a294bbfd2e08598e355750d7a2d200b3e7b594da03dd26ece4cdd31e3d |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\cs.pak
| MD5 | 582fde87aac61961e4f7955f16d31769 |
| SHA1 | 3a8eb832317dd7e07efaaeeb5885c32b9d381622 |
| SHA256 | 7d7b701ce510b2e4a18e957e500086db590aad8bf5acd37f82263a676f0b556c |
| SHA512 | adb04ccce5471d80182f7ca73bf1a2e4ce63a4980d455837fb378bf679a0022d4ee6f9fbe148d6932fad83f458c76ac229229542092e0cb9b271c8d44639b11b |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\da.pak
| MD5 | 5f8f09aa98ec3a4c8122d64c5bc6610e |
| SHA1 | 08a6dfaa3a11d8c994da90460e78ce0a4fcfb644 |
| SHA256 | 3430c0f1946901dfa24190ca3989f72171ec564bc7c523853e6a1f531b61b5ee |
| SHA512 | 9c643eb6415cad6aca0584d62211aed5ed21a0f8d71ac4f692bd420a4a190a9781add7c874d0f56bb5c1c0f65d543d932d0f50caf127e8d014c05d015ae61ca3 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\el.pak
| MD5 | 34c6150acccd20c7f260b269bce06930 |
| SHA1 | 277b6d2387f600c84263847d6fb2342fd4746cfb |
| SHA256 | 162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840 |
| SHA512 | 58308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\de.pak
| MD5 | d1a513308f9de55b6c7bbeef7c4fe90b |
| SHA1 | a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d |
| SHA256 | 662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b |
| SHA512 | 9756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\en-GB.pak
| MD5 | 56bdf77ab3487e28d354a8b0f9ba8d2e |
| SHA1 | b10ee918320a50a417b1ee6a28cd4b05a5f77238 |
| SHA256 | 7df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb |
| SHA512 | 8d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\en-US.pak
| MD5 | 5c52a86b21633b55b383c20f16859b2f |
| SHA1 | 126585e68cb17f241351004e21c1d30e65de1cf6 |
| SHA256 | 41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078 |
| SHA512 | 2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\es-419.pak
| MD5 | 15d1e262602e54d76de8bac02dada000 |
| SHA1 | 54e93995675bcebc595befaed6b73c9ff5e6e735 |
| SHA256 | ec922f8ca16b7e7642fc73369ba7b75ec950cafb1dcadc6c88426c034382d483 |
| SHA512 | a232eb97021f17fde322697db2c00423cd70e9741772912c5f7a41849b35dcf3e2fe84001ff0a7902b2b54305d1f805f53988e421e192be0d5abd157bf8b5f1f |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\es.pak
| MD5 | f90d43351ffdc63bcef25bf634c1fd35 |
| SHA1 | f80df8034cb64df1ef62e586891275a74868ab6c |
| SHA256 | 0385e6776de5a0d8a3b30b7bad44308ac4cb04e2bcebd573d3c7938b68036573 |
| SHA512 | 7bfa70a5de14652063d261c28ffd3df89ea5e38877cc7977ab27f7280c48084a4ab1e5bdad0c2f624a7434a5d975feb9d8d221c010e24963d3c42921f5a36e65 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\fa.pak
| MD5 | 7851efacda8438c041c9a511f4097de2 |
| SHA1 | 64cba381a17ef0ffae2dff5135d57fd1f9300ab1 |
| SHA256 | f1a7351bf0d8cad475d2761b9edf970c3098836e38aa98106a5e04a41002b7c8 |
| SHA512 | d94fb1d04630cc292296ad6033c6beed1a00dcd4c11eaca04a7eacb50c238269b21e4d2a4002836f4d41e0f6d951624beefc95beaae23530eccded4569ff1869 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\et.pak
| MD5 | 3cad945e9ae6e31cfe66c89365e5d353 |
| SHA1 | 43758cb523d60d936b9a417123f337b8e123481c |
| SHA256 | ba4ec85d2306a1f1f178a017fef4d340b77b33e10bbee07bd359a8e0ff8ea461 |
| SHA512 | ac07e7f72b670a2e8b7a46a672fefedc58d9384d4773a6f220c231c619c1134613ff68c0ccb0dc9e03eb5f47dea7ac57de318af5f3f242d6be7ae43071e2d947 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\fi.pak
| MD5 | 6d7aaddb1365b3efee94d4c510a3002e |
| SHA1 | 2a970204894c5ac163c980ec0fac2dbd1711e5b5 |
| SHA256 | 11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274 |
| SHA512 | f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\he.pak
| MD5 | ad6af80367f0b5d408bbe2c7b32ade48 |
| SHA1 | 9dd4e4e5a63e50e9d3715667b8149edd8d07a52c |
| SHA256 | 20b1c80f8b2bd5130a1fb372814fb9c9ceac15305da3da0cb29923960a94a934 |
| SHA512 | 95df5ce7f7885d0e72b2d89e1794a3796a1ab407fb27174219db22c668f74a8c3ba1f680cbf990be533c35ca0b2136b1917c0cb92d4556e3ff2ef3447c55efbf |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\gu.pak
| MD5 | e884bbc8ded4f5f059211fbbb85ed351 |
| SHA1 | 8f4ecb45ca73902791ff5e56e0b272252c08508e |
| SHA256 | 087e99953eef9b5fd736e3dbd98d702fdb01dc614593a4c575cb619159688118 |
| SHA512 | 50837daec40a2624097cf36dfd7beebba4db748fd9cc470bf71b526e612c1aa6c88ead7511ba751e370f6f5d28ad9d6338dcb3581d7e3d53e2672741915b952f |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\hi.pak
| MD5 | 66ab509000cac52c805d6871ca6c1f25 |
| SHA1 | e3d3e7bacbcfaa7538ca89d9d26218eca06c01f1 |
| SHA256 | 9c6d8d93278a6e375405142df9829adefbcc8ae9797a4f589591b9784b2b71c8 |
| SHA512 | 356642a19f044c6e192f658ca2bf8764431129cdf7c9891b5b5bf4e99f6b990a1428c1e483487b619865e7f2d31cb5c9bbb3b49ed25fa81c4374de3e8e65519b |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\fr.pak
| MD5 | 79d945ef9b8ebc7d39fd03d05d9b2f27 |
| SHA1 | 6fbcb748515f97056689d4a747e4df3a830fe049 |
| SHA256 | 1f6cc56e04bcbd6b6ecbe500bcb0a5702551ec80d79e624642d0c7d9758d4424 |
| SHA512 | f1a26715ad9399052b664c71fb60b6eb6f965fa80d6d8d6c47e0b96ad0d4a4d2028c3e19dad49e008bbc29edc24e656777ce073da008d3f4dfdee4c8f2212a07 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\fil.pak
| MD5 | c744b92c8feff1c026034f214da59aca |
| SHA1 | 95780d3374841efdbc0d8a46cddc46bb860a26e0 |
| SHA256 | d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745 |
| SHA512 | eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\hr.pak
| MD5 | 1973723b9c45b9d971c97229e7a441cb |
| SHA1 | 2bfa4922bf2084486681af45cd7f7dedf95b2d66 |
| SHA256 | afed35643df24709c8c5cc9b8158b3d9a2266fbfeed132e98ff254ced4086c5f |
| SHA512 | 6a1f35435b01ab187cd93b376b76444dff575284632fbf37bf8b08e6cfe7783f985d0fad2425df3d3c332aad2278971412455a748e83c2d6fabd0f6afc3dc292 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\id.pak
| MD5 | 91bad2312491410c7f0393be512b895f |
| SHA1 | 6e4e9cc985c5b96eaaad91787f8bb7f72cddb604 |
| SHA256 | a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059 |
| SHA512 | 5c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\hu.pak
| MD5 | 2515bb367f56f282657b3dd3b9ffcbc3 |
| SHA1 | 8cc350e359f1cfefdf0ce3b016109dd483d45a8e |
| SHA256 | b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a |
| SHA512 | 779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\kn.pak
| MD5 | a11d186b8eec7362a280abec3859107f |
| SHA1 | 966065cc6f69c3a222751d2191a0efeb6049cbdd |
| SHA256 | a6ecf1dfe4d99f6ba0926c696b5b23b77d234fa8fd03da9825b074ecc640d508 |
| SHA512 | 099e73977453a5dca329b1d8a8cbc612dd2739bb3db034b7509af35877ede6ee12450875302ff3f9351fc7096b60be1b2d8ccbec89ace3145eb264f25946d46c |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\ja.pak
| MD5 | 412bef3ec11f53c2aa6511ca139b1f35 |
| SHA1 | 8b42655c2b62edc13c61a4625f55c961cefd1c49 |
| SHA256 | c5692ca739c31569ae2431fd58f1028e6c8c01af278b76656ee0bb65b79e9985 |
| SHA512 | 85760c2a0dd4404a2d41f0d957c9cf8962d6b80389df838cd2d85b6a31a54f4e50c5f19ee73d2ee66e3e61a8809aeb5b493e7170aceeef9bda53e135ae02bc42 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\it.pak
| MD5 | 591113bc491e5c388ee3876de4aab3a1 |
| SHA1 | a63c2a18eb92fd03445bd237a5755d557e1cb593 |
| SHA256 | 33652aae78a486dc3ce4e5affd1b7f72e1248f6f9f3e62188afe3b5d73bd148e |
| SHA512 | 66f1e79c9bf179f19942352258181858268a991b42d4a79747ca580df3fa219c2be71ab6597cec4ba7bd4c691a5e1328aa03a565b3eef442c6e2216f0d82653c |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\ko.pak
| MD5 | 965ac0d213ccdfd83ac4970de23a8f11 |
| SHA1 | 8326841ab80c40a7ca8b13589a3f5ff54fc15827 |
| SHA256 | 3fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07 |
| SHA512 | 5eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\lt.pak
| MD5 | 20906aec4a21bcbb8bc8bab067075ba6 |
| SHA1 | 369da9c1567d4376852cebdb87cd9213dc4bd321 |
| SHA256 | a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58 |
| SHA512 | 8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\lv.pak
| MD5 | a999e734f9addcf07c080f9861c3c170 |
| SHA1 | 522bb12a0cd4e5232570001684aed84f421abcd0 |
| SHA256 | 33fdf706f6d3f06b485c5115a7c73a571296dac41c582fc9d0dbb371d86e8653 |
| SHA512 | ecb92c4ddf7b252a3216059e63b387c6847f6eccde532c300b74e6b04ab56da0208c2ecbd00ab1d5e48acced909db74b1aabf88e34d0d5928b89320f45200dc8 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\ms.pak
| MD5 | 9fb7c18f376b46b254ef9a960e08655f |
| SHA1 | 31cb060fc606d011151f1b5464e2a469372113a2 |
| SHA256 | 2f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2 |
| SHA512 | 23ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\mr.pak
| MD5 | 649e76b6666096a2258b942745ff9fe1 |
| SHA1 | 82edf8ca68dff0caa36b17901c1e12a17172fa51 |
| SHA256 | 039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4 |
| SHA512 | 92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\ml.pak
| MD5 | 39d4a5ed8cf7c8e0df946220fbfc0f68 |
| SHA1 | 70794849b41d00f2b895f1211a6baaae3fa7d261 |
| SHA256 | 87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6 |
| SHA512 | ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\nb.pak
| MD5 | de04250ff403e9af66a1351598d2a64d |
| SHA1 | 4b7a5a2bf48d988f95aac6e85b11a8c2b2fd007e |
| SHA256 | 887a0278971d6ba61e2f24c62029a3087a46c4962c4357412c28ede12ed6da15 |
| SHA512 | 71527c025205bbcd63351283b7b123d8807c05bc68f2f7555f10386e330e052d031b9986ae2c1f0398bd174e67962657e0b8d4a57a07d167c233390a4e6c5556 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\nl.pak
| MD5 | d59fed8986eee2b9d406ad52d88cbcf5 |
| SHA1 | f7e409e17723e21174361bc81e54bcef269f40f7 |
| SHA256 | 619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e |
| SHA512 | 234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\pl.pak
| MD5 | 8d4db26e2ee5181afdfdd513053f3c17 |
| SHA1 | 0da427a085927a5c02d2a67c424ea99cbf5e6b02 |
| SHA256 | f2a7dcb69a433c2a898866c555b82c26e3515c089f500e7748b9b11ec3047786 |
| SHA512 | bf441f501d746f1fd996c21e5e2cde643b9031bf58bac31474e68a72ea6993447f8bfad3284351bffc94d6a088e183e0b24d109398d65dac0edee8826076ee21 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\pt-BR.pak
| MD5 | b4183914f46fd63a7bd32d715b8629f5 |
| SHA1 | d0295b556e55a74e357f932473f9dd2bb1cd2f51 |
| SHA256 | 5ff219be32f9178fee40e8966ac5deff2be1f2ff259a66cb9cdce81c2e90a7e8 |
| SHA512 | 3bcd37cc49a827c03fb5b3a97a5eeb863ebb6f071fb2af697ebfc4f57dda676227533cc6a2fdb00505cb2395aae685dae087970ce13af113260d856b845a985a |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\sl.pak
| MD5 | 6c71fa576a41711dcb351abf92a65ea4 |
| SHA1 | a0281f6b9dc363628e7d6045f7dc2904149c9dad |
| SHA256 | 458b15bf249c1e6fe9843725c42443274ef6e09dcb15f5288c916c0561aefc47 |
| SHA512 | 258e49b51ee65bf508d05a5b3286a8937d3a876a876635b59b97752c5171e89458b9d23d9d7178153aa16b6fc908cc011a8e855c6d3a0152c919b40349cdf4fc |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\ru.pak
| MD5 | 46fb61aa9515e97293969683fc330764 |
| SHA1 | 5bcc41716976eefb65870ba2a2b230238f7e53d3 |
| SHA256 | 4babe5f20caafca33867ee263aa9dd55ed271704a062e4372fdd133eb359a558 |
| SHA512 | c3acfc1c902c651e5fc0501a7a77358cbb99daa020597f7f6be9fc81ee53509dcb0d63c6bbc5ae308c88d95dace7099f024d698b6f364dc7db4ae2a7660e5b31 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\ro.pak
| MD5 | cfd7cb2444248216e12193689ba56c10 |
| SHA1 | 0a9d65fdbc68688bf1624a8c98fd42673961e0d2 |
| SHA256 | 655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9 |
| SHA512 | 7ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\pt-PT.pak
| MD5 | 03138b2e4fb822b03713f6c4f0fc67cf |
| SHA1 | 8f6f6585743676177eaff5a582d18691e3386bbc |
| SHA256 | 02ea290fac25b414a1d4ed78cdc159cf6c73fe5350824c2f36f032e426a23364 |
| SHA512 | b000f1b8fc952849d1ada21aab665cbb97989fc28e892a75077ae9a24c4ef1d15b7d5cf1c5aca89d27d40a01c64f343a08f790049249fcfed43a1a430b4fef9b |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\sr.pak
| MD5 | eb8ec452c7079ef7dc24bc7975513ed9 |
| SHA1 | 4787250292b8f2040c7ec0b265f60edcfd1ffcd6 |
| SHA256 | 4cea4c83b5e887463dadbf470a9953b8175149f31fd07b83406a6fc59acfde41 |
| SHA512 | 3ab2eafd3f09627efed8263cc2d59d5780b6a856a6d1299be511bbb5c1350fa05f98b0e77c53c3707ada17e7e44b8801b191802e2cf5129548e279703983a8ba |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\sk.pak
| MD5 | 5d41e75bf42cb12d7674986f4e5dcba4 |
| SHA1 | 7c3375226997e3f69e3c9a3a5ed762ec40d24973 |
| SHA256 | 89f984a67cea3997c704005fbfbacd3f6f5652248626945c2ab1c3bcf24e6623 |
| SHA512 | a2b91c888ea3dc2e618bf8faf7ac9f0fe562ff16c85d03afac0778ed671b1868a665b892aeb2d588e7f5bf32a7eba57b75e2e15f2c51fc9264e0db2f95d804d0 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\sv.pak
| MD5 | 819b5e4f2b7734ea4677f6d579d72f84 |
| SHA1 | aff3048d8e35fabf68a756513b67efedba59f85b |
| SHA256 | 105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e |
| SHA512 | 3e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\sw.pak
| MD5 | be2bc09130635406f560b95e789f9a81 |
| SHA1 | f189cd6eb6c844e2d96ffaeda66fe4d5f1453130 |
| SHA256 | f0fccf2e3ad332846736d816e254028569f5f84918573872442987a8bc9bba58 |
| SHA512 | f651ea959066a5966f35493788b9833597dff653f649a5bc8b09a8ed748bcf086bd0586a36e1f4ecddd361d04774253e21d67801760d0988f3e17f0c6e1121cd |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\tr.pak
| MD5 | 414b557adfe76e3564d43cb93f513c5a |
| SHA1 | f775095f7c55e834a777c7f25fdfb81f1e63ca08 |
| SHA256 | f58ed19be62706fb4fd797a6bfd3af5c6ad4b39aef994a577cd28968fcac0291 |
| SHA512 | 8b1be522ef23888d46c13888a18229f4c9cb6e1c6e6730cca79d9b13d71eb86ecd3d0c172ade6f70ff63a7fb5242e4de7d9742b93376669d13c77de0cb622f94 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\th.pak
| MD5 | 879a881174501e22c3de65b9f80bc19b |
| SHA1 | a2e020d5ed1be7dee50a495a2f8581e751cbf735 |
| SHA256 | 647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d |
| SHA512 | b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\te.pak
| MD5 | 3a71904057869c23d1bc108f1e8d0d31 |
| SHA1 | 6fb6e60c80bc332a2bb66d02a1e3db69961a9c41 |
| SHA256 | 8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e |
| SHA512 | 7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\ta.pak
| MD5 | 52ee28471f2f9d01ef3f57233496554b |
| SHA1 | abd7dd9989fac90636626a41f007eb6aa5ec7a2e |
| SHA256 | 1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242 |
| SHA512 | af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\uk.pak
| MD5 | 241fc33569b22647e7d2c4189a8ee7bf |
| SHA1 | f56a73cc81b1e96560b74ee5e73d7af792720ada |
| SHA256 | 13e40208e2c9f4f4b83dcf422610dc82314a8f99ba50acdbd286c508f92eb232 |
| SHA512 | ad16f84482f0c7c3d3c3fb98caa3dbd0048138f361aa6eba2b6338ff6e25da4c3ab39450354f2a86a53d655cad99e92fab2c030b5771d7e6a25190617f1a9385 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\vi.pak
| MD5 | 565abf3f9b296fcff95fa5b169a7d598 |
| SHA1 | 24de1221b2adec13b5bcc23c4a54b8e987e9f12e |
| SHA256 | fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257 |
| SHA512 | 53bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\ur.pak
| MD5 | fb978b7d211112a0774ce09ca54ca96f |
| SHA1 | fb0c69801230437dcd20e3803db81ee60fc042b0 |
| SHA256 | 60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a |
| SHA512 | abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\zh-CN.pak
| MD5 | 3fe312d9859b299c3a332373172c33f8 |
| SHA1 | ce6a99d79dcfc363bcf68bdb1ddd4e6862236020 |
| SHA256 | f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b |
| SHA512 | 488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\locales\zh-TW.pak
| MD5 | e302e1102f3f5a21860f38f41b3c30f8 |
| SHA1 | 78b5d1c451cf674a7641dfcc815f966fc920cf57 |
| SHA256 | d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b |
| SHA512 | 1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app-update.yml
| MD5 | 4dd45d9de32f1a1a9aaae5d05314e29c |
| SHA1 | 80e458fe95becbdbdc82b1c06c92ae4f3781f497 |
| SHA256 | f2063da30e10724592fa8e42767f066c34520c4fc8302b6647a1d2a0a039d71f |
| SHA512 | f5b0ade03d39d867ba3d7db972f999b92696beab9c20d1eb0440d3a0aaf66fc6459f0d6100f3ee8d9dbaacb5d6d78b8d3e0f8abcef8dd76f05719b7f896a7c40 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\@next\swc-win32-x64-msvc\package.json
| MD5 | 704b387859cdf10e134ba4c181773747 |
| SHA1 | 626f9cd6f668b8f310a4c11f331b96cb4289e44b |
| SHA256 | f6b59292c52960efe68cc3813a78bc505d80cae11d632006770059380173cd53 |
| SHA512 | 5416f7ac6d243bd04f32d5a776b596b94db1858cbf904357d8eb4733a22ddc94bcfbc116437e86799ccf402493212117f65289308f4ae16f3d39083693f9ae66 |
C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar.unpacked\node_modules\nodemon\jsconfig.json
| MD5 | 21cfa078a36c66a3d1f4f2caf729fd56 |
| SHA1 | 8849b6bf237cf4464a4628f0c2e163e866dead8f |
| SHA256 | 87cd1d700216892ba7d388d04f42e373e1abda0b5d407c54a60e67b5dde48ab2 |
| SHA512 | 92f7960fe79d8e5813372d7a7833bf883c3dce6eddb083302314a2d9ff52d800178f8ddcbf071c169267b346dfbc5d59b1dc0f95a70671bd63453e56e18846d7 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\.prettierrc.json
| MD5 | e502800d651a7ef3ff58d918c68aa81a |
| SHA1 | c3b456549821510c5729648bfd93886491df1db8 |
| SHA256 | 37055c98043228133ffcc5cad7bba5ef6c8f24698a551cae547b90f51d22e519 |
| SHA512 | 9892bb44616c6c2761027562371e5c72a355ce1b519072ce5733ea1d4971ffb8c9b3e83f935a18120e0702aae644d07274ad4b09214459fc13679a8ed6051e7c |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\package.json
| MD5 | d973ee4a6969bc5e14e93d99d4680c16 |
| SHA1 | 22ad20391ccb50fb6343931a1312751b2f7e049f |
| SHA256 | f0051785c8178f10c2b5ebe86edd6949eb9db7b293d9abbb51a857f7e62500aa |
| SHA512 | 2f8c64f04b3fe023d296899b16f6596f42cd69c1b8230c5bee561c18af6bbf44697966b45b50d718eff75cbffab37054a6de7b57bebc16b2d85a5a0e307dfa9d |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\LICENSE
| MD5 | 9b54883148dfd5ff6b9f1a23f9470a30 |
| SHA1 | f062e421fa2d8f722e9ccb2b0b4be9502a7386ad |
| SHA256 | 0fa6b5d2902f7ac42db390dfd2cb3b4ce82ed45cb5ad5dea41c11d1d67e0934d |
| SHA512 | d2af503c12f0fda687293452af39f98f5c3987eb8a57cf12c47da5aed67c761349e5186c15371a96f5d490c140e8dd0d5e8bd6a6164139dde0562d6ee46db90b |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\nodemon.js
| MD5 | 30894042a167528293c057f833e7b6f2 |
| SHA1 | ec993fedf1f1a22c77b985c72d8b0074811ea680 |
| SHA256 | 9bb0e59dfd1cc00fc40bed0ccf10d88414d915d79875b9dee5c1d5009f4e89cf |
| SHA512 | 2b544b29e44e0471a9da5474209bc15cb81a44a38448a74a7a67f4ed3ca7d1926cef4b2b13d3269fb785a468d00f1cfc042d2a7d6b4d563725da65028e2df15f |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe
| MD5 | de5ecb14c8a2212beb309284b5a62aae |
| SHA1 | cf89d1cbd52f3183590b33bd6be591f95a6f5291 |
| SHA256 | d35c0d3af8f66984b1ead5cb56744049c1d71ef0791383250ad1086c0e21f865 |
| SHA512 | fea8a49538f5fd4cb8c262c1619f9f8e906edeef7d3c791bd3b85f032a0499aa5f18b4370a00e1f4dab9698e1958b042cab467103598f1bdaa583eb1fb918c07 |
C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\authors.txt
| MD5 | b5c019895f49ad741cd49e6291aad090 |
| SHA1 | 03567a03c8346dd89516e2e03957bb674af91408 |
| SHA256 | e1e0dfdaaed1f025c106731aff67d664b849635cc6cd3b9b08674db8dbcbc5e7 |
| SHA512 | ff13c9416d29d9a3fe636e14fd63e5424129a6e72366c06b1bae3c5a06f60cbbf3520d868c492d472450e35e547881be93955b29eed63e66979592da576f8bef |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\config.txt
| MD5 | 73ea33e660552d101eca031a0baf6be3 |
| SHA1 | 3d3384db49a197a8a616a274598bc18a25ade114 |
| SHA256 | 032c4ca3b1814a39579d7a0a00154a3772d89aece9884d135fdef782f36e27c1 |
| SHA512 | c7b9a4bf4de7d13bb45b4db857511cb411a7927ee4db759af263905e01cfda8d95477d2e2d6ad6c51c9f301710e20ef64b54a4d15082f5054680da9cfbca1146 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\help.txt
| MD5 | 0034cf996f84911ff0646b717ae47ee4 |
| SHA1 | 5aeef8ef12d8023fe208c0492174a960e57c643e |
| SHA256 | d98c56a3cb9643b399fa04c422da35204dc91cd869c47019e9783fb4f7289adc |
| SHA512 | b1f174300ee58e16676ee8ccfae4e48794ed5412d89e0cc0d8a134ec055dfbdb596d0ab43ab376f46adbf76cf970210455bf46ed666839d69357d0ded8c057af |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\topics.txt
| MD5 | 57a5e0be8307585fffdbe867f0d047da |
| SHA1 | 0185976215d973431c6810571b21d6804bf64632 |
| SHA256 | 5f8f41620ccdc1d7298df4ab786abc7edcf049fa7e06fc69bb26b38cbd453643 |
| SHA512 | 4c05c95f21225be793051bf799255f6e021145e17ca384697877aa9dad66303d8bdb6e47751433eaf17b22dc766758cb799034a34e1e7851a8328a95b6784273 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\options.txt
| MD5 | 016f8e569786ff8f5f6c321a735e2323 |
| SHA1 | b7a7a46bf03f4564d6e47fa55a4fc6b9be1e39fc |
| SHA256 | 3c8ec4fa239f82b2b9f427925ac2f75af2af9147eaecc706b1990540b95ae94b |
| SHA512 | 6b8372648371ea46ac98dc49ec93cb2efb9cc81f75e8ee7a5e1f0a01b7bf209ca92e07649c22630722370b1f254e956ea7ffe4be68d0f9ef419766f90dc80fe7 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\logo.txt
| MD5 | f55be3331bb0e69fc47994610da41ada |
| SHA1 | d8415b399bd3853ef658a5f2057812404598b5c2 |
| SHA256 | cb0c73fe1bc7676104d6a92ca91250cd562b7f37a564edc260de01a3fc636b6d |
| SHA512 | 505d427c6d0add618e0c54f8079e4303fee73e0ccd9c4edfa67b44660ce5d5deab4fac09601002f73cfd00f445640a69ce9fe9a39b8a0f3039b200f5bff058e7 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\usage.txt
| MD5 | 1448d12c8524497e0abecc6089aa5a99 |
| SHA1 | 183f63e7726b128a36e247e6bb506ced31272e49 |
| SHA256 | 844e2d826c59dbd72ad383fe8a23b24373d83e9b184b437f7f04c42487cd5759 |
| SHA512 | e14e41721ee4bba6deeedcc5786a113042cd595024eb411ea7d874f282547c5943dbdf1eb7674d752ebbac16ac4e1c98149b957ed5cf3623e85a561a42354e45 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\whoami.txt
| MD5 | 5a53b8ff8c3670ff035f6490a24a0789 |
| SHA1 | e079a16d67475a83eea085058af0cd704da97393 |
| SHA256 | 4e7d19dfe1603ca93a0421b1abd4b19cfa5324ef458ff549809c5e66a2efc596 |
| SHA512 | e906ef44ff0273e4df3397ba719c173c87a9919b7f9d2580e2c3354fba22f69b0c0a020eb049d276934dbc66f497b279d15c135fa0e12e04acd39802fc5dfefe |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\index.js
| MD5 | 5250f6ffce08844c0f9f139fd707243c |
| SHA1 | b5646886daa1c00461042d1a35c1a83675f8c8ed |
| SHA256 | 95111d84575ab36b697d760e130d722daea3d322cf56612f2ae67c7b3e8cef19 |
| SHA512 | 49dc989edab7b4ce7477bbc5c678e1b1f4aca0f77e0ad6323d3c251164ed28b59f4d18d5b0280d53108b93e133eb2dab5469093ecbb2f1fe2bb32b758f59e729 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\nodemon.js
| MD5 | 392a1c2f9f7dec3e4f64bb738f21785d |
| SHA1 | 02d0364639bbc6483d727e5e24e6c6b39c8f0ae2 |
| SHA256 | 3bb0b111682da4977e265b0bc746cd57191e294e0c25bf667f129771897dace4 |
| SHA512 | 48b0517f41013b024dd5a674b88a9e53590113f664482b0420236babb9ecbf0428c40c9f708b204bcb1f2d59789ef6383641eb8efcc7a7ac506d4345c78358d6 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\version.js
| MD5 | 7232bc938db18583ac3447bebc844430 |
| SHA1 | 55051c267076fa3bd3764864ee77d4c41c4b3233 |
| SHA256 | 5071083e2e09969b2741a46cdedbbfcb2608fa35c1d1237e3bcf134749fb5ecd |
| SHA512 | 9167690b0ad72c815c3d8c7227ba8d3574acbab95236de0ddea28c73f6a2899dd700ef9083b06d2badad19c21659a93ab101ecc439a42292d2540ed8c2ff3c5e |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js
| MD5 | 05d07534c94e2d589bcc02e96e1b9503 |
| SHA1 | 3c3712ecff74a1099c4d65e4eefd9cf2e38f1119 |
| SHA256 | 5c5b008f28d9aa1d6f8c30a30de037b95b50141a20ad0f029d0d79bcd75caa4d |
| SHA512 | 7c7526f2b4e685cc7e20689ebe5abf7630b738d2d15ab7b5e94765e0e6f221492e9e029f715f5b3ac156d3d11ffd907e070d2d7f968b5f5fb401aa9c7ec84ea5 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\spawn.js
| MD5 | ad2e1e41a1aaf8c0d0b622a27bc6bf9e |
| SHA1 | 139625411959345da513904bcb7d73d7c312b63d |
| SHA256 | 7804d7450f305b9142af45967be5c96f52be8350dba2a403f4bf79d5e092bc60 |
| SHA512 | e43ecd8af261ad4cbed89f549c18c18df9cfae6338c0719c1e5c06361c6cee4598d080ee32dfda56cc742e23fad5db56a842ef8511d9d5e2c28b7f7eb4eac091 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js
| MD5 | 63db540f7184a372ac611fc3d7f21136 |
| SHA1 | 0b3a8e70600a6705297a532849b7470c34f8c19e |
| SHA256 | 93b9bbbc19e6f0456185d7c9e9ce11e994f41c01e46067959c5168bd345b0313 |
| SHA512 | 1f56bbc4856fbefd21f6de0738712157b91f1388a71a957c37444b617ee161885822b21fcf4e7efe14d5af54b9706d8181acbb286dbd7525c91a56b53dc391be |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js
| MD5 | 90c1aa9f031e818373c2f2f7ed6b9dbe |
| SHA1 | b6476cdfa45ab967436ba9bb32aac1d65e531a9f |
| SHA256 | 50f10478098f06b77a58b351a93bb8fe7a7572bfbfb3e6f0bf668460865da3a7 |
| SHA512 | 4ee766da766530bb372d8e04b058edd6b28ca5d77f603b175336e9b5e8f5c677e77e0ea4afc07a642c07c48e0c209716dbd9cef4f6ab97864a9ea51af2b49bbc |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js
| MD5 | 2e6f9c975170db8136c9ca5c5ecf2a0c |
| SHA1 | 404a2c64977cae3407aa138c23a2f841546f713d |
| SHA256 | 2b577f3fd8e3d03d64c1ee07ef13db89df04d0a9cf7b69ebf2c17041f7251104 |
| SHA512 | 15bfa9fad522ddc043383704cac725c8cc2b4565708b891e9e03d889237cd528ee4d347e54a983c801550856c2d1ac1269dcc127edfa6d63bf3d2aa0a19eb358 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js
| MD5 | efcab0a70d5e71fb513734cf92f2a201 |
| SHA1 | aa55660d5d6a38e2ea632d4de0640ad2b1b7fc5a |
| SHA256 | fcd713c63326ff75fc44afdcbd2bf63991c3c76169a26a2646defab46ce24155 |
| SHA512 | 260a468807d297c2fe85ce8341ae10be64a7833a8249f2932c6a93e6ade07438ca4bd26222326a1b0e3203ba0c80a6a6fb78e90015b667feda8f68538e1011ad |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js
| MD5 | 3379b8830f56cd13355114f157e57857 |
| SHA1 | cec1a9f2c8ca7f666cb4efc2f3eb99317ea59602 |
| SHA256 | 7329c732d39f8e884c0ec197e1133c536545bf4137417e6d664bbec962990e29 |
| SHA512 | 0690be21833aa598da0d7d20312ee8a2e2ecaf164981c94c3bb12036cea40a206e1b25e839209db78419d6262ae87e29a5c94f583ddd9b45e05bc5a107842d22 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js
| MD5 | ac3af2f96d2e824bc37e36e30cb35cad |
| SHA1 | d04e50eb9464ee715a940819ac7af1b612884bb4 |
| SHA256 | be155df5dbc29c88c67c936f2840d2bb3abd09981fdb6db6480d54beeb27e9fe |
| SHA512 | 060bc19e10d8b9cd959869866b4ac5e0739edd72ca1e61a230a5f3c735feda6fb75ae7a8ea13349013082bedbcd40e30219ca09ccfaad43571059a765bcaee8c |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\help\index.js
| MD5 | e47db45cd167c663151a07e6a3396427 |
| SHA1 | f3002a966b346ef937a47576d754787e4bddabff |
| SHA256 | 1c1678d18dc75f67bbfae8c92836543af6990bce6b1cf1ad3acfb52285dac393 |
| SHA512 | 3f8e10d09fcb527e1c1753d50c9bcef2b8fb70586f34e600c0d60ed27a295f077f380e1df2fdadc78b0d468a54f32a5351fb5c4cb638e3012c96358094d31dea |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\index.js
| MD5 | 532b43e5038c9f6a6d65d40ca44375f0 |
| SHA1 | c7fa3f4fbab77df0eee87d08d428cc06d18faf76 |
| SHA256 | cc16aeb163da6cc7746bf5ced2d11f1436e458c7ee803241e9a9fa1d107450fd |
| SHA512 | 809479d0b075c9bcb3eef6670cdd652a6caf39ec7f93f1d7dde0eee8a792d518238cfa9f78a2ec1a11ebbfeb00d2a117d25b198718af668c7f356bc3f93ebc1c |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\match.js
| MD5 | 65475ff22153cb7e1cdcd5322341c398 |
| SHA1 | c026de2f4276472496755344bea58e11e6b38748 |
| SHA256 | d09e469209e55541c8c67fa7ab25b7d4e051ce26d36f737c6264d4ade4b26d63 |
| SHA512 | 8010e71be183c4b1a02ced648f083be4c8e4be9ac474e1405d91d9925887b00fed0aa07d15b994846417a48ebf768c5402f5d0b004cf9107cb44149bac3da655 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\signals.js
| MD5 | 0b71010f098a8cbf8ea47a83a699693a |
| SHA1 | 456a713c6a78b49bbf6d613ff9cfc4bc9f01f589 |
| SHA256 | 5c16e2e5f7101eea3f13c19da7c7a9e6fa02f7d1098b170e71f07d14f915e394 |
| SHA512 | 95a382907ac465d95db0cc41055038e839ed9164d4010003c08e6ba4456c19b50158c908b8d287eea09a153e38fdcc7f9a8c0052f35eb069243628e0968750fb |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\run.js
| MD5 | 47603d83844b08ba9fc39ac940d78f50 |
| SHA1 | 4b8dfa2ec30dbd1146a9908b10c858ecbd73521a |
| SHA256 | d93e994fddfcf6c7683976452a3d877a51e68f56ce2a49b821240c93cca86d13 |
| SHA512 | 52f33cfc03dda936f4641f1ef8b3f14659247053a701b8990f0713742fb90016ba5d51d1e1f44fde84dd883c92166e77e908d586c527858bd3c0a416b9c9d256 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\watch.js
| MD5 | a0bccf8a21d0c4332643a758c666f725 |
| SHA1 | 1aa6968e927afd86a3f056126f31d2eb6420573f |
| SHA256 | efb0a3f37d9a6279614b29fdbca3f29c1a6d47f2d26067be1c86bb56fbaefcf1 |
| SHA512 | bf4dc9c5b4f3b0a01ca161feee0ed13e6f1db24b0a64bbf01b325d0a2788380516da7da7654ee983818f3e0684983302242fe790bbb384dcc126ac4c394c41b8 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\index.js
| MD5 | 0691f1f2acabdb82da7d67e05479ca5a |
| SHA1 | dcff01be935756a732591d61fab8e64e530ddeee |
| SHA256 | 3e64a2a35a97e41ff8c073299f07c3754d99b0a6e7d42faef7dc02d61d67757f |
| SHA512 | 85ac8207410deba52d3b58fcf30e468ee46b1073544b61376b4b015e588a52973fefa192a027bfe8019b6cfedefc3c4c1cb4fb0ee88e7c2ef88da1c7ed0f9eb0 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\add.js
| MD5 | 4739ea852e85157f1ab60544ea5ce663 |
| SHA1 | d83c88f7f8bd7ec5d1b36f86009ac7eba9ca1bbb |
| SHA256 | 3cc60361f99b1080c66fce4d6ea0390a38c2a49e821e7f21dc43ed2fafa31277 |
| SHA512 | 780001095f33fe4a18fa06c3311f3505949dfa762da5f1c0c6665b5501190b6e6c45eb69633c99e02b8b59d01813abfce2baa611509f2a0e65364ccf71965bc6 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\parse.js
| MD5 | 078e15305c8688746d2e6933d291babf |
| SHA1 | 80f0b4201c45af197cae63c9d93a88525cd5c5d3 |
| SHA256 | 9259995d8e1ca1737ff36cf4f97c80e55d812726ec4ead43b6c0829ce9679df9 |
| SHA512 | 83ea7a6d31845542cf03f4b27be92087e417ba5f995ec740824440ddf92932d3623576b7a1022ade20deeff2f1741d617e32dfeda52efb5fb85e9be28de27df6 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\bus.js
| MD5 | e469c4cef4116cf230f86394586c5775 |
| SHA1 | 8849ab04de5836797a3839989d4325906bea9dff |
| SHA256 | 8ebae78d8d75951b714acaa3e1a3d7f15b382a92b90c8040423e9866d97f1ad9 |
| SHA512 | 923ecfd5103fc6e266e53dbb1d35e11f4058893177fa00cc392a628524dcdbe616c90015a24e15b987f971c5eabe0e53a3b107878bc41bc73aacf1e370d660f2 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\clone.js
| MD5 | 9ef3c7b72b1d63f5e3a7975ff67bdfeb |
| SHA1 | a406bd661839b5efeff4929af9fcfa991e51be12 |
| SHA256 | 5062a7c87599935fec99e505f3f463c3e0872455da73f8c8054ce0788c513ba2 |
| SHA512 | eca4c0784695d43435573725f659409ec33a3acd3a5695665935439cca28122a6d8fdc1eaeb8ac6fbdb921893ad4226467777e8c35e3b9b0b672b2196f4e12d6 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\log.js
| MD5 | fa4ca8a08fd35bba58f2af0f046320e7 |
| SHA1 | 5f672b1e8d504a468b7946514e854425fe938d29 |
| SHA256 | dabbcccb1bf0089d96ce9592a575cb64139926d6b899091c1dbd37632e9269c4 |
| SHA512 | 70cdae1e1983fc7bed3bee24f50196ec281752e7567d5c4d5aa2859172141422f3eb6a7ffe9165c408d5e3354d7c139fd90382c73f7ac0de16a5840221dee399 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\merge.js
| MD5 | b5932e306173a01da5d3f814bedcf4b8 |
| SHA1 | d3ffa9ab328864682cbf2f5e9c5e5f6437d92541 |
| SHA256 | c4598a00e91b93b7964bb874e8ceed6d614436335a7fd81aff7f504499e210dd |
| SHA512 | cf565fea7c0b2453b8276fc25b5e0b546b0ef79eebdea4022aedcfdeb7866687c925d95cb4d56de413d53db51d03168b8302383ca9f8b04c3b5e501fd3be0fab |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\index.js
| MD5 | 2f2a9c006f17f892a78a9381932918c6 |
| SHA1 | 80905883f8b96a2265d60202f61de419e8c6d3e9 |
| SHA256 | c69735d5a8d259dbc87614ae268de4f6581fcadcf6f931dd20b36bc09c0a502c |
| SHA512 | 702966aebbf2a8f98a89da8640a3e0f610fdbd063a19bd4c7ce2097dff7ca1d49a2c8040885ca3b31f85662e6a8b86769ea9224e8f64a03bcd0bdcfb71873b35 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\colour.js
| MD5 | a85f32c2180651cc03bb1f293271bfc4 |
| SHA1 | 0d04f9086ace00f08c628c1af25c728eab897d66 |
| SHA256 | a4969a552701982cd415005d5ce162f955cf26c205229d2f4c75ed4a75bceceb |
| SHA512 | b32f6f7c1bd75a3a23aa5f170e5356cbe1ba7eb031f6eced706aeff8c15d8b37fc771c29a82580a48a95c65334d8e41b0ddb551409164a43bff29def7277c89b |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js
| MD5 | 927d799c0c996a865d11a78f04198211 |
| SHA1 | f5898b61159f1f56ebd3cd439b498a177d413c0a |
| SHA256 | 7f69b31efa09c6e7d442d6229e82e65f38faeafeda1fbed7c5e54324aff062e6 |
| SHA512 | 97e1061700f32af28dbc946e2f3be0358234689f9d3482b37429dc28697516916cf1ff6c7891a29b835cdd775705f432ff7f437bb67ba87d7ae81d62453407b2 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE
| MD5 | 216384c4c084ff996a55be20cbd26ef3 |
| SHA1 | 0510d5fdf8e7bf002b8396958f2240222dbb2a5a |
| SHA256 | fe0982bd7d38ee4cb08b2f111067bdeedb9732a6621c761bcf7dd01aa6211c5a |
| SHA512 | eed68402c44f099b181ebbf43ff7efd1dcf6791f7f35f6d386d66202bae0da6e7f0108fe9c3d62af0f69989d92286fd0c307d2192db0113b9fc857746dd01abe |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js
| MD5 | e5053e64fdc67009804a42cc8baebf90 |
| SHA1 | 8814ef33fe018ed0a1817e77c7ed7ddb16076137 |
| SHA256 | 5e591255fa35fb3650502e648ff51d6d7c7e57ada312bd33058da03cc412efb3 |
| SHA512 | 60f941a6814dc3efea6a65c6dced552d4248273e1ce57222b428f813e0ab655d13546a0951ad3c0b22adffc7fc40542d7667ce70d315052308ea0fa1195526f5 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json
| MD5 | 2ac7232223dd7c39ae2e82220d9a767d |
| SHA1 | cacf598ea739460d281587549421ce95546b3048 |
| SHA256 | 0f49b6c0282be08a5dba3e98024401a921167974a516b630ce9f9a9f2301df08 |
| SHA512 | 249f93debdc2f2aabc8a1d977f2c1a9a54cbc0e3580e4dae06a1193ff83c801518a7cfb7919f98c3b943eea7c7b99d85c8148292b0b96b3bce4788277b956b56 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js
| MD5 | 92a4c6dc39d38ac078ec80977508feac |
| SHA1 | edc8d81988e99c77105abb1455ea224fde97d212 |
| SHA256 | c12583530edc83dcc7cacef4a428eaefa84c10bfe4b62c0c9707de015e338859 |
| SHA512 | 3833af1f274d3bb89776a8dc6b9ff015f5d219ebec47f5e98bf88670e523517ad8a493b0959dd41dd6e658c230335338325e8c2befea61f2f22f8e83822ccab2 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE
| MD5 | 7cb552557240a921e34ad313a224d17d |
| SHA1 | 92ad1627269adefd696ac5a67131e4af575a2cfb |
| SHA256 | 7d355d1a2324c2073059ffe7ea4d96852c873e718bcc197374440dc3efc3f7ba |
| SHA512 | b4bf90a3cd77805fc149a4112f822ee47b4f13404ee92455ecab9dd12d796ffe81d664bf21042ae3ad6419abf6a9de6df231328be6bd8ca2426e3432d456921e |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h
| MD5 | 349864c2d1fbc9c7788cdf95c541ff52 |
| SHA1 | fa968f5bd6560675c26078de4e7d52b454c778f7 |
| SHA256 | 7340eea1def3c1d832a6f40c5022725f1704a783f7f992b71d5f3ba2dcaeb34c |
| SHA512 | 5e1910c23dc08e79199fc80ab8e0c7b300e2e1bd2678d0d9171a73d8f328adbd32021146e5e43485f64f25fcc6bd8413ce1ce3846afd7fcf49ffe3a04d0efbf6 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h
| MD5 | a5a0f8294daad33a66bf30c329157a2d |
| SHA1 | 02b5d7fab93d942033fe9ae2620d1a2363914469 |
| SHA256 | 4955fbf455cc29d63f5dc777d3aa5172d6e1e6df221a33808a913bdebf5a1277 |
| SHA512 | f583116ada3f281c208a98d053fe6b580187d6922e2ceae69917770a46f56c16444267172db2cb0bdef3b8012088706ba1a2203631f9ff79d2814714b25fa78b |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node
| MD5 | 8a50b5876633dd9bb73612fea622a521 |
| SHA1 | 27fb94a39849fe6ba1ce7b983c0d9e4ca4e62ae8 |
| SHA256 | 053c3100121939dfa1fb936718c6088e4490e72faa3c713310b556ea90155278 |
| SHA512 | 958d901f7c72773a2f9439842f422048a8cfa941ef943f5f9e61c5e9d48b4d9ebbbaf72acb2a07138ae66f925b46dd98717656a58719902d417a14ba1e5aacaf |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node
| MD5 | 0b3ffb5b756beae28d8d9da67c288283 |
| SHA1 | 7c2a0be0a5ab1b936c4752254927f5ed066abe5a |
| SHA256 | 462e527de86494f96ed0d42a80c261e46bb57352e86d6175607186c1dcdfc7b0 |
| SHA512 | a1568e7d02bd34992236c587cd77404e4cc9c25011a075dc0cbe52b59ae254eea65cc31ee7fdf26898386e370a752df8bbb2ce70592244d6f24b10d39f9f7854 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h
| MD5 | 6f621ba192a6fe2228ef9965757f0bc9 |
| SHA1 | e3625cddde946f5ea21e4c00be95cad214da4016 |
| SHA256 | 2b561b980e0a01191a6c7cc1cf94c8d5c061f9f299ea256f1e7ca17250ae08bb |
| SHA512 | ab90bc30f2c23a3032334d30294aa02007e0db180c82c6c8f0d84781203be7c342134cc17bb2ac0c7bd89c1e5902c852afb2d09b0c7d4dba27f5101577491f4f |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\node_modules\language-server\en-us.json
| MD5 | de2ac61fe7207c1b2f304b05fae4e39f |
| SHA1 | 72a4623fde7103eebcff4a55ccb8eb6acf6bbee8 |
| SHA256 | c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647 |
| SHA512 | 4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\node_modules\language-server\globalTypes.d.luau
| MD5 | 6fb690ee838bebdf6591733bdaf632e5 |
| SHA1 | 658ccef6ada0551d661d78706266ff6ad2797858 |
| SHA256 | ae99b7b676e4becb10e6a9b77229e99bdd60e5a91d2e6bbb141c85721962313f |
| SHA512 | 7218ebc8c64a7bbec231989ac7d2221be63f29302f6f16bfc0bd67ed5e9c5ddfcb50ae781f6ef73a3d891a70ca73ecc62bbbe6c5a4a218225b24c0d19c7737ff |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\node_modules\language-server\wave.d.luau
| MD5 | 7e477f85c45cfca5731e0e45ca63f8d5 |
| SHA1 | 35390d8d2c0dd00e3c60dd6fd7f1727e36874566 |
| SHA256 | e58e8b24642a8693b1b1ebad703a7efab1cece9a1b12dcf353c4b4432f23062d |
| SHA512 | dd3d9b149dffd31ba4e94b9c84ed0fda1fb67f1f7d633900688cc9e4e40c26f55048c1730f205e5c22b5030362683f0abce86033816f1e089c3b67cc3853ca70 |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\7z-out\resources\node_modules\language-server\wave-luau.exe
| MD5 | 12fd29fcaf6f6518b8bf9e976928fa38 |
| SHA1 | 1f9352e217518eaceefdd041e3f085ffbb93acb0 |
| SHA256 | d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4 |
| SHA512 | b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b |
C:\Users\Admin\AppData\Local\Temp\nsw7CB3.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/5736-1329-0x00007FFB0B370000-0x00007FFB0B371000-memory.dmp
memory/5736-1330-0x00007FFB0B380000-0x00007FFB0B381000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe
| MD5 | 1fe0657f41f6e83bfff65fec866b8b79 |
| SHA1 | 1aa860cbb9d16fde1150765689c253bcda1b08c9 |
| SHA256 | e83d9d0eb859ef6fa872640bf24e5be66db9451beff75cf404e3e615b210b9b3 |
| SHA512 | 090a76bc3f05cc6c02c5c6115a94b659d69302baa1a1e2e64b96e9ae93c16301ff6587f13d1eb4fb9092842d483a181280fba52bf3500c3221f85b064197d255 |
C:\Users\Admin\AppData\Roaming\Wave\Preferences~RFe57e937.TMP
| MD5 | d11dedf80b85d8d9be3fec6bb292f64b |
| SHA1 | aab8783454819cd66ddf7871e887abdba138aef3 |
| SHA256 | 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67 |
| SHA512 | 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0 |
C:\Users\Admin\AppData\Roaming\Wave\Preferences
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State
| MD5 | 5b5cbf01830e737bef7e4c2a9e72b94a |
| SHA1 | e362f043b3032a91ae5e78b4515f21452e21f795 |
| SHA256 | c1e334c903491077c13b654317b06b68cdfb5a97fc9bcda2419c0f10bb793f62 |
| SHA512 | 8d27d3f2a133a620a7837a03bf29d5f766087d820548212440b47995038871d7336f3304ffaec9008b4911d4d9fe7d47ed4836cdf866587fcc7bf55be7f97ead |
C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State~RFe58dacb.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
memory/2032-1386-0x000002298E0C0000-0x000002298E0C1000-memory.dmp
memory/2032-1385-0x000002298E0C0000-0x000002298E0C1000-memory.dmp
memory/2032-1384-0x000002298E0C0000-0x000002298E0C1000-memory.dmp
memory/2032-1396-0x000002298E0C0000-0x000002298E0C1000-memory.dmp
memory/2032-1395-0x000002298E0C0000-0x000002298E0C1000-memory.dmp
memory/2032-1394-0x000002298E0C0000-0x000002298E0C1000-memory.dmp
memory/2032-1393-0x000002298E0C0000-0x000002298E0C1000-memory.dmp
memory/2032-1392-0x000002298E0C0000-0x000002298E0C1000-memory.dmp
memory/2032-1391-0x000002298E0C0000-0x000002298E0C1000-memory.dmp
memory/2032-1390-0x000002298E0C0000-0x000002298E0C1000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win7-20240903-en
Max time kernel
117s
Max time network
125s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2000 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2000 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2000 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2000 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2000 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2000 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2000 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win7-20240903-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 220
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:54
Platform
win10v2004-20241007-en
Max time kernel
135s
Max time network
162s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:53
Platform
win10v2004-20241007-en
Max time kernel
143s
Max time network
160s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-10-27 22:45
Reported
2024-10-27 22:52
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
159s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |