Malware Analysis Report

2025-04-03 19:17

Sample ID 241029-t1rf2axrbj
Target Wave-Setup.exe
SHA256 141d262be2dcdc37113baad3a6282e6efa33d2d259006bb5094d8803fb45701b
Tags
execution discovery antivm
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

141d262be2dcdc37113baad3a6282e6efa33d2d259006bb5094d8803fb45701b

Threat Level: Likely malicious

The file Wave-Setup.exe was found to be: Likely malicious.

Malicious Activity Summary

execution discovery antivm

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Checks for any installed AV software in registry

Checks installed software on the system

Enumerates processes with tasklist

Checks CPU configuration

Reads CPU attributes

Enumerates kernel/hardware configuration

Program crash

Enumerates physical storage devices

Unsigned PE

Reads runtime system information

System Location Discovery: System Language Discovery

Command and Scripting Interpreter: JavaScript

Browser Information Discovery

Command and Scripting Interpreter: JavaScript

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-29 16:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win10v2004-20241007-en

Max time kernel

138s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win10v2004-20241007-en

Max time kernel

142s

Max time network

156s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win10v2004-20241007-en

Max time kernel

136s

Max time network

174s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:38

Platform

win7-20240903-en

Max time kernel

122s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 220

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:38

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

152s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2916 wrote to memory of 2376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2916 wrote to memory of 2376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2916 wrote to memory of 2376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2376 -ip 2376

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:40

Platform

debian9-armhf-20240729-en

Max time kernel

3s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/node N/A

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win7-20240903-en

Max time kernel

121s

Max time network

133s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win7-20241010-en

Max time kernel

7s

Max time network

27s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:40

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /sbin/node N/A
N/A N/A /bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:40

Platform

debian9-mipsel-20240611-en

Max time kernel

0s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/bin/node N/A
N/A N/A /sbin/node N/A
N/A N/A /bin/node N/A
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win10v2004-20241007-en

Max time kernel

136s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win7-20240903-en

Max time kernel

135s

Max time network

139s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436381672" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000b6ef9b4fcecf9c1c52072ed1af254fe538f0d6d7fd12e5b27399ac8baf1fb760000000000e80000000020000200000005e0de46087350300b7ad66dd8bcabfa96b52d1416852b43a21c26f36e77ed31a9000000022fd1f2c234e1b996117421f58e15a8c65c1e94de9476b3449cb726648b668a42f55cea66e0c003ddd3473da8053c859302a10e2b707cc0cc5287ebee0bc8f561a5f076059b1366926e5e57012854b7496f8bb8f164f7e1065fd5f32e6414f38c80f2b3f43e6b653b7a2315a29ce24ec5a07a065fb55583e959bfc1b36a42774d7a57127ec80c47e443ce7f1e0d0994b40000000d3f6408d3a2e08f0be766d11681d21083fb2d36e7f464efae8d63f5ac51a0fb22b4d656cf996a7a6c3e31a8f43859f8059b321122ce2342c02422588c0e65e87 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b04f99d0202adb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB94AAC1-9613-11EF-B954-F2DF7204BD4F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f0000000002000000000010660000000100002000000083ca09d0ec1d3bf5404a32ef038f7a42a8352eaf38297677595dc6204d1be861000000000e8000000002000020000000e821f08fb6255647d3cf0f3ebf298f82622f12fb6ad74699cd2a44bd1f839484200000003c05735c725a108729bcaf89dd573ded2d9c74079a7dd3a843bbd6df7e4dcdef40000000cb64080b2d330f45eff06a7417dab9194a52d4cff09def93793f48724630559657ddfb5ab096561c9bd20fb77aaeb314fbe79b8e9839420f2fd6a159d7025e14 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab28B9.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 600eafe723416d9e210d9b07cb2c70cc
SHA1 c8afe2d673836f8ea74d72aef641decf95af6c01
SHA256 9d5fd16ceb1058c8de9fbb9db9894077dba73d668a5afd4d84ddc43bf39b6d83
SHA512 c0f0e9e57e5a069fcf7dab126b075df2769f79bed87f08aec213e27f1d6e69597b96cc9702bb112a0626434ff702cf8a1095ce6b7b494486d380875243cf8967

C:\Users\Admin\AppData\Local\Temp\Tar2967.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f6d9968fcc61cea6322acbf791f7969
SHA1 53fb890de22f1afef2ae6c47658a36a15b4d8bfe
SHA256 017573e0bba294d608fa3e55826b0658d635b38076e97aee4c5791a591931f27
SHA512 41a405136ac482ebbbed279a577d37f4834aa9d6b6f5bb8ae4b70e1536b3825db674a16cca23de43e9d95a3c8c10bd6f87b5acfcc1162ec0c1c41e5ba72a0e58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc0f9695571e64b1ba0e20f7f83b842e
SHA1 5fcb1e1d86f0bfe76f56e99b53bad4be02e08f88
SHA256 57ee6d4751268bbd27fc609ebafe95d9e6f3e18a60261f6c83142fa0b117c98c
SHA512 1e8af8525ce94024ce12430e937444100ed1c026ee2e6b0ea461d1af9e818e8f56667e77378a65d023b986c7ecceb0077a8bae59e527f086698880c8a2c6f263

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b67a5184e0dece1dba818b65ba1da67
SHA1 189e8e5c72dd21caa9c9a83a3a2b2c468a48d873
SHA256 c58312a8e46aacc5efdc12b76e340780d0074d61c82ccfa095f2f5df2dc4c689
SHA512 1fcf6cab69c3b3216b145f9a1bc88170e39dd1905895e91c3a6f877be2d7ee08738380802a14770f0bd8f4055b96da968327e753fe83497a5fdc5c1468d6a107

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 166fc7a03328f247831148d69cd4c619
SHA1 cdc8b3e0a1f247f2278b561362a4432484dfeb16
SHA256 390e3d3e45675042406632955ac7e12e37d9b8eee2997427bb1a32f40e1bb0bc
SHA512 85720935dff4e430580b3ab0dc810f7000ed3cbc78335e65cc01e87618ddceb54a51f357cf6f6b903479ef9f31877c0c1a9bf9ef39b235a949351ed52f4890a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be87dde53b6745837ec47fcc166cc2d1
SHA1 4d329702afda69157665515292e74662e88da7ef
SHA256 658c6ebc8d8cfaeffd12c99d90a9351660ae24510c3f55b4f21f267d6cf44518
SHA512 b3ea2f2dfbc80e503e122d6487c36544e1be70fc828208191c21fe126b495dc40c80d63c0c56dd5098749073b68e008c1be51f4ebc1f06ac5a13821bbffab652

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 757f80d58995b8c4d405c4665c262fe1
SHA1 bb4087fd16aeb0d11c2afb5bd200a51425c38cd8
SHA256 a53cad8dd107fdc55fc507ffe1a9bfbf1d4ba1100ffa8ffb9c7b8f0dac6dcf33
SHA512 876610cd290d26144885ec2d859ae8204cbe485eb062641742a8fb5d564d8c83ffcddb22c021924da25dbcc2a41296daee221bec39d70aad23b7d68a02770bd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 699349b6a98ebe26b814460513935efc
SHA1 2fb3e491b006a99f2454f0fb5070f8e3d8e2531b
SHA256 bb6891e4bd8a81e88f4eff0729a079ee0a70b9b45ff94eb6801f0f6321d8a984
SHA512 8abf2ca7e01eaac7284309414ca22f82325f8758b2da6e67a601881b1c9d982a001f2002ec3fcef23e27b350e984df9aeb26a4b033d4f3f0211cd681cbfe016b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8485f01d1a148de9900f8f2aacd1285
SHA1 95bcab0992dc7fead8744146163f4f211d424be7
SHA256 4a65da35ab3511bfe9d54194fa9f2cf9ff67d8b54de27101bd01d2cb38209a8c
SHA512 0b6a524de407772f0fd90bc7ce45b9c0d0cccd939f3bd7125106e80b626a23a3841ee5915e1f2ed7154c5a8b8df2050f1987d2de89b7c769ea368021600daf08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc0f7e049cea3fc671bfff3a284a2a71
SHA1 e07d6a74fd0d0d1476f0b96590d685a08cf10159
SHA256 2d2b430116421fa757659a0b0c0f0c7d7ad38b968ec4135a05d8ad0c127a79df
SHA512 a67c60c2493fdcf2392adce687b99cc2f1090ab2742b2530aab8413ff9cf335c061fca960b49fd7b71fd8e35cc67b8193d30390f430ab13cf56794c1757736fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d9e5586b526dd8c5243128bcac0e02a
SHA1 b9fa736fdbef0cfc7ad9fa5dbecafabbd1fa7329
SHA256 c4bfd1ab020c98cbdc0b20b58f076115f197dacb3f51b350b7f0d3ab1798e827
SHA512 5bdd635e02965ee209d811b11da15b555aa50150c4dda1333f62b5d3bf21bb6a17a0fb0cbc0017fe7dcb2d59bfaecc144f1f0324d12eade496539c36abcbf96e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90f4fbc2b52df525cb314b35cfd9912b
SHA1 b2b5ed9280ef4a94bfb6d0eaf9cb1194741578d3
SHA256 a30c3e78c3ef441ccf55ca965d49fcc365f38fe1ca4880b5bc5da68c2cf25739
SHA512 22da0707583c5df56fce60f254ff52972438142f89a3f5a06b6bc3798d8cd10b84b590457f7f56c820b9694578db0cc6c3d6777644535c3037165845269d323e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cbc02c45d64e93d0f2ef83db3a5ee7c
SHA1 10fa67f1b964f20e8885ee3e88e5a384c0bd121e
SHA256 5f2ea3716fa1bece81732c7b38ae94046826ab4cd3d4087e0f8c1f5f9b6525f6
SHA512 d097fc68ef964c9c9e7c8a58e83529e22907c814e8b94b26a1cd0d7b34283803e0b145d437c954ce92a4696e57a88353a09c93015a11301fbf48ae4e762df5b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29713e1edc8f5f48a014715a765b252c
SHA1 56163ecfb02d0c6dc4cf2fd629170c70371a3b57
SHA256 af8768084b10d3463b84c70bf0f95c640e2f645fd668e224232c5412f774ba58
SHA512 27b598a2322b5b5518ec76e35a8e3c84cd91a999a7c9f98ca082c13d51632b549c45c403ec6aad4bf890301014f816045e9ed07b99b91841757f690784b91ec7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcee5dfb74ff5d99d9e68471157fc7ae
SHA1 cf7729f9a1af680cb1af74645cbd8ff8ffa9be62
SHA256 c5135b3d4ef16804a91523c61662da672673ebd975519617d59a8f0da20547a9
SHA512 f8fd47e451cca28ebf6edf16ddbd3ec2346aa41fd24d32783c6ff407ca3fc05943fe17740fc5d3cdaa82abb5a2fb87a8be32e2e3a45c05ec4374ffe54be4cff3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f11321de5f1881b51599cabb2e66538
SHA1 e7a2894efc758ddcbe569e88a3f3f76f3029fc82
SHA256 44562f76426f6434293d7e661268c7a282c0ccfa4b4d5b2afb40a4b005cfffd3
SHA512 5924323d66f82baab5f327f08b70eb3204e9940990fb013af608e7764fb731e5e5a936420fbe4e6ea39a0e3c918c3c6e374f2913794638b2c1a52059862ce93b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e170062246d711075fa36f7cc24bc277
SHA1 079dc7ff1d03ed8ffec3b30f629f7b518672d459
SHA256 08236c971857462d24e61c98b0519315048e10ab3d5bba904bc149c0ab215459
SHA512 769cdfe40c143771373438e473cadda768878a16671cf46752f30d24f0ac6df304b8b115ee611c944458b873c4f5198f83f7fda547c9e69c1bf09b133ffaf411

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6908dba54edcc0e653a3c6755019d1d
SHA1 2169aba97c929c8feda143d3faa3b6ec2a2a3af7
SHA256 fd8d2d24bd7c9912cca1aafade1d7115934abb53679468d8b7e1f7082ca1c0bb
SHA512 c4d8a5a20ff3a002ea92172a24332137c79f959ad80f343e644df0da064cf4fda045d687b925a6ff882fc6f8de7c0bb90aab801b05a4e76946f7025361b99dbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 019a7e6475858cbd9be5f97ae9ab6d6d
SHA1 b13785174d281bd0d741cb9157ee3084871691fa
SHA256 67ab0aa61d453f93e6abeb1e0ecc0fd6c1430b313f70f71b3159361e2a6301cd
SHA512 57dd7882251dcdad5b38e90458266686e89377c4b150b882d7994ed374f214acc2c80db13426161d663f99834dcbe5162833638fa4efc4e4c0c65cb80d45cec8

Analysis: behavioral12

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

158s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1476 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7b9e46f8,0x7ffa7b9e4708,0x7ffa7b9e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8429500130211626817,11889781534907479236,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8429500130211626817,11889781534907479236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,8429500130211626817,11889781534907479236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8429500130211626817,11889781534907479236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8429500130211626817,11889781534907479236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8429500130211626817,11889781534907479236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8429500130211626817,11889781534907479236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8429500130211626817,11889781534907479236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8429500130211626817,11889781534907479236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8429500130211626817,11889781534907479236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8429500130211626817,11889781534907479236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8429500130211626817,11889781534907479236,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_1476_MQKJWMQQFHKBHVNZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 36abfdd5b3e52065bb20daeaae86f824
SHA1 0eb045cb5a5ced88d90b89bc4a7f99971f0a4f7c
SHA256 7dbaff322de3a3e067d6d64826a7431cf6993f282297353d6013f55e77e6b661
SHA512 9acafc756965b4896b7569060cb08f1f3e489a4fba4ab87ca936acae58fa8d597c9ad30d7b913c05a265912738da3558bd5f29cb89d347eee01d65838c7f8518

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 868efce2091c905668e8b405cdcfaa3b
SHA1 62ab6d07bb3ba797c1d77af224ba451aadb66300
SHA256 b93aa0bdef117336dedf6e5450c3a35671e3ed5461ed4a46f89909a1fcf73eee
SHA512 8995499be8f9d167b6d27ea9314589c7b79d6ae6823e3ba060303c8b4f15048bdfc691025697c7d5c67bc2978c341fe28c34634745336e88debf141fb9c58030

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ae32d9d2289d2af3b3673c5acbcf893
SHA1 062ecde0b533c443ddbc25867a7fab65c8a6c7df
SHA256 ec633cdcbfdb1578a319420c3e70c717752cce1a0b0aba156768c95d01d146aa
SHA512 f4883f94a36eccb6653b5cf27829b92cdd72eea165ad80ef369d48c64e9976cf9718d511c2dd1d351dc45558c5410f34f7d007b1194576a6b5239c5f8b8fcb1f

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win7-20240708-en

Max time kernel

117s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A

Checks installed software on the system

discovery

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv

C:\Windows\SysWOW64\find.exe

"C:\Windows\system32\find.exe" "Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nstAD12.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nstAD12.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nstAD12.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

\Users\Admin\AppData\Local\Temp\nstAD12.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

\Users\Admin\AppData\Local\Temp\nstAD12.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\chrome_200_percent.pak

MD5 e9c1423fe5d139a4c88ba8b107573536
SHA1 46d3efe892044761f19844c4c4b8f9576f9ca43e
SHA256 2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa
SHA512 abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\chrome_100_percent.pak

MD5 cb4f128469cd84711ed1c9c02212c7a8
SHA1 8ae60303be80b74163d5c4132de4a465a1eafc52
SHA256 7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3
SHA512 0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\ffmpeg.dll

MD5 9691e33909895bfb5bb0355b6f439c81
SHA1 7fca2dfcb9aca4ed92c644e8f7ceb98f87116a52
SHA256 223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7
SHA512 9ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\icudtl.dat

MD5 ffd67c1e24cb35dc109a24024b1ba7ec
SHA1 99f545bc396878c7a53e98a79017d9531af7c1f5
SHA256 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512 e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\libEGL.dll

MD5 09d3bc8a5c6104d78566cd6e51c5a6a8
SHA1 d1db4f83bad27dc0caf75f77d510f2eb62dd84c4
SHA256 1307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85
SHA512 198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\libGLESv2.dll

MD5 02374701c3dc3b26088763fd3cc11bc9
SHA1 84e582496c53ce139d9efd219b762ad38a50d011
SHA256 8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41
SHA512 09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\LICENSES.chromium.html

MD5 ae174699b663bd90d8d06c68c6952477
SHA1 8c76eda61d320779909adc541593b8e26b24815a
SHA256 c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18
SHA512 3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources.pak

MD5 3a87e8d6dc2d7dab0c3c37fe4a74308d
SHA1 5ddd587a6541e034203f24ee329796dfa316656f
SHA256 61216fee0360053988d5be52ab626c89173c86da1cf0b5a697bc32944282fe14
SHA512 7ba1bc093f25cec2539fb462084cb1fc32b17841f79be95679c90f4c735772d1dbe652471e52f4be254b10e650d31e3460ebebc82d89efa6a9ef801e5d98ea6b

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\snapshot_blob.bin

MD5 62b9e00c46ed829e06d0c2494aa994af
SHA1 988882632b95bb78d80db60e4787c576e48338e4
SHA256 22a46de643045805a3e588f9a18ebaa377f9fba3dee46b2d60f3ae300a09cc4e
SHA512 03b7c57782923ca3a011fcb85f74e865bb7ff9976c89152758770be3bd3d40684ebd216fe34f0d0050936b536c8bab5eafcaa35fc26e893d30a108e36687876f

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\v8_context_snapshot.bin

MD5 a62fbbb671bf975ed46b42d9cf437bcd
SHA1 408b595b1dc6658533e0db1d35f509ab9ee70525
SHA256 a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae
SHA512 87c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\vk_swiftshader.dll

MD5 337b0322f328251f01bd0fda8948217f
SHA1 6e59fb5df7773c8668e8f18755e62b532a9071c3
SHA256 11f24457eb9af084eb845780f3fdc1989605766c2749fce6fb003dd988d5ff65
SHA512 3540b2f5df1f20b5cbb6e61caa005fe7da5d1cfbe58f639ae0c40f6a4e7a9d8786f3db4691dfee9a001a2a87ac7b0bf39b7f308c14f809874a89f86b18ff8fbc

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\vulkan-1.dll

MD5 6db4abe9370ef778e93cfc6bd6dbd292
SHA1 0d7bd9d21524780b6f8904a82c3ce09ae5d03f97
SHA256 52bf439424759a84cdcb6d379ed88582a6d6ba58127c44adf1b8379f0e88e5ec
SHA512 1ec07916d82d78243d9a144db3e947c95ca92fce1350708484c45fca2f953bb76728889b8d9a02c041849bcf005f998804d7066a90359fa180d94c237d014317

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\af.pak

MD5 e48860fe82ef022ffab38cbc4c96dffc
SHA1 a832fa66bfddabf3ae7f219cf379f66d2903162a
SHA256 e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13
SHA512 e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\am.pak

MD5 d6e8c344b2b40a9c671304f6f252d51b
SHA1 c59ddcaad921b6d2d3f70b7ab07026c35e5d1e08
SHA256 4e15946e86a578eeff41feda808bb291d81e240fbdfc96cbe2efe692ad35eef5
SHA512 018ce2bf4beb4ce066703b2ac7413c6517759be68f889f27990de5d6694e9f84b4027f9861901ea4b15abdd1bb570e5a16651c935713feafc4d16cd57be0b911

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\ar.pak

MD5 f6ca56d15814dd5afd5e7ff985257880
SHA1 ef236d7027cb50a188c1e771527e6628702311ea
SHA256 5cc02570e5f61cbca791309985df3a29584e41583b3344f1d9fb6b04ce423e6f
SHA512 46c0436c110d6f1a8f3ebe962226c51af525228262cd56744e4d89aeb05d1eda614801a294bbfd2e08598e355750d7a2d200b3e7b594da03dd26ece4cdd31e3d

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\bn.pak

MD5 57eab375114893a5ed0de36a516e8252
SHA1 16f23ab3eb62bc7a2525a7a5d86139fa88670b89
SHA256 1aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587
SHA512 895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\cs.pak

MD5 582fde87aac61961e4f7955f16d31769
SHA1 3a8eb832317dd7e07efaaeeb5885c32b9d381622
SHA256 7d7b701ce510b2e4a18e957e500086db590aad8bf5acd37f82263a676f0b556c
SHA512 adb04ccce5471d80182f7ca73bf1a2e4ce63a4980d455837fb378bf679a0022d4ee6f9fbe148d6932fad83f458c76ac229229542092e0cb9b271c8d44639b11b

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\en-GB.pak

MD5 56bdf77ab3487e28d354a8b0f9ba8d2e
SHA1 b10ee918320a50a417b1ee6a28cd4b05a5f77238
SHA256 7df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb
SHA512 8d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\et.pak

MD5 3cad945e9ae6e31cfe66c89365e5d353
SHA1 43758cb523d60d936b9a417123f337b8e123481c
SHA256 ba4ec85d2306a1f1f178a017fef4d340b77b33e10bbee07bd359a8e0ff8ea461
SHA512 ac07e7f72b670a2e8b7a46a672fefedc58d9384d4773a6f220c231c619c1134613ff68c0ccb0dc9e03eb5f47dea7ac57de318af5f3f242d6be7ae43071e2d947

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\he.pak

MD5 ad6af80367f0b5d408bbe2c7b32ade48
SHA1 9dd4e4e5a63e50e9d3715667b8149edd8d07a52c
SHA256 20b1c80f8b2bd5130a1fb372814fb9c9ceac15305da3da0cb29923960a94a934
SHA512 95df5ce7f7885d0e72b2d89e1794a3796a1ab407fb27174219db22c668f74a8c3ba1f680cbf990be533c35ca0b2136b1917c0cb92d4556e3ff2ef3447c55efbf

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\lt.pak

MD5 20906aec4a21bcbb8bc8bab067075ba6
SHA1 369da9c1567d4376852cebdb87cd9213dc4bd321
SHA256 a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58
SHA512 8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\ro.pak

MD5 cfd7cb2444248216e12193689ba56c10
SHA1 0a9d65fdbc68688bf1624a8c98fd42673961e0d2
SHA256 655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9
SHA512 7ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\sw.pak

MD5 be2bc09130635406f560b95e789f9a81
SHA1 f189cd6eb6c844e2d96ffaeda66fe4d5f1453130
SHA256 f0fccf2e3ad332846736d816e254028569f5f84918573872442987a8bc9bba58
SHA512 f651ea959066a5966f35493788b9833597dff653f649a5bc8b09a8ed748bcf086bd0586a36e1f4ecddd361d04774253e21d67801760d0988f3e17f0c6e1121cd

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app-update.yml

MD5 4dd45d9de32f1a1a9aaae5d05314e29c
SHA1 80e458fe95becbdbdc82b1c06c92ae4f3781f497
SHA256 f2063da30e10724592fa8e42767f066c34520c4fc8302b6647a1d2a0a039d71f
SHA512 f5b0ade03d39d867ba3d7db972f999b92696beab9c20d1eb0440d3a0aaf66fc6459f0d6100f3ee8d9dbaacb5d6d78b8d3e0f8abcef8dd76f05719b7f896a7c40

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\zh-TW.pak

MD5 e302e1102f3f5a21860f38f41b3c30f8
SHA1 78b5d1c451cf674a7641dfcc815f966fc920cf57
SHA256 d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b
SHA512 1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\zh-CN.pak

MD5 3fe312d9859b299c3a332373172c33f8
SHA1 ce6a99d79dcfc363bcf68bdb1ddd4e6862236020
SHA256 f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b
SHA512 488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\vi.pak

MD5 565abf3f9b296fcff95fa5b169a7d598
SHA1 24de1221b2adec13b5bcc23c4a54b8e987e9f12e
SHA256 fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257
SHA512 53bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\ur.pak

MD5 fb978b7d211112a0774ce09ca54ca96f
SHA1 fb0c69801230437dcd20e3803db81ee60fc042b0
SHA256 60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a
SHA512 abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\uk.pak

MD5 241fc33569b22647e7d2c4189a8ee7bf
SHA1 f56a73cc81b1e96560b74ee5e73d7af792720ada
SHA256 13e40208e2c9f4f4b83dcf422610dc82314a8f99ba50acdbd286c508f92eb232
SHA512 ad16f84482f0c7c3d3c3fb98caa3dbd0048138f361aa6eba2b6338ff6e25da4c3ab39450354f2a86a53d655cad99e92fab2c030b5771d7e6a25190617f1a9385

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\tr.pak

MD5 414b557adfe76e3564d43cb93f513c5a
SHA1 f775095f7c55e834a777c7f25fdfb81f1e63ca08
SHA256 f58ed19be62706fb4fd797a6bfd3af5c6ad4b39aef994a577cd28968fcac0291
SHA512 8b1be522ef23888d46c13888a18229f4c9cb6e1c6e6730cca79d9b13d71eb86ecd3d0c172ade6f70ff63a7fb5242e4de7d9742b93376669d13c77de0cb622f94

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\th.pak

MD5 879a881174501e22c3de65b9f80bc19b
SHA1 a2e020d5ed1be7dee50a495a2f8581e751cbf735
SHA256 647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d
SHA512 b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

MD5 63db540f7184a372ac611fc3d7f21136
SHA1 0b3a8e70600a6705297a532849b7470c34f8c19e
SHA256 93b9bbbc19e6f0456185d7c9e9ce11e994f41c01e46067959c5168bd345b0313
SHA512 1f56bbc4856fbefd21f6de0738712157b91f1388a71a957c37444b617ee161885822b21fcf4e7efe14d5af54b9706d8181acbb286dbd7525c91a56b53dc391be

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js

MD5 92a4c6dc39d38ac078ec80977508feac
SHA1 edc8d81988e99c77105abb1455ea224fde97d212
SHA256 c12583530edc83dcc7cacef4a428eaefa84c10bfe4b62c0c9707de015e338859
SHA512 3833af1f274d3bb89776a8dc6b9ff015f5d219ebec47f5e98bf88670e523517ad8a493b0959dd41dd6e658c230335338325e8c2befea61f2f22f8e83822ccab2

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\node_modules\language-server\wave.d.luau

MD5 7e477f85c45cfca5731e0e45ca63f8d5
SHA1 35390d8d2c0dd00e3c60dd6fd7f1727e36874566
SHA256 e58e8b24642a8693b1b1ebad703a7efab1cece9a1b12dcf353c4b4432f23062d
SHA512 dd3d9b149dffd31ba4e94b9c84ed0fda1fb67f1f7d633900688cc9e4e40c26f55048c1730f205e5c22b5030362683f0abce86033816f1e089c3b67cc3853ca70

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\node_modules\language-server\wave-luau.exe

MD5 12fd29fcaf6f6518b8bf9e976928fa38
SHA1 1f9352e217518eaceefdd041e3f085ffbb93acb0
SHA256 d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4
SHA512 b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\node_modules\language-server\globalTypes.d.luau

MD5 6fb690ee838bebdf6591733bdaf632e5
SHA1 658ccef6ada0551d661d78706266ff6ad2797858
SHA256 ae99b7b676e4becb10e6a9b77229e99bdd60e5a91d2e6bbb141c85721962313f
SHA512 7218ebc8c64a7bbec231989ac7d2221be63f29302f6f16bfc0bd67ed5e9c5ddfcb50ae781f6ef73a3d891a70ca73ecc62bbbe6c5a4a218225b24c0d19c7737ff

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\node_modules\language-server\en-us.json

MD5 de2ac61fe7207c1b2f304b05fae4e39f
SHA1 72a4623fde7103eebcff4a55ccb8eb6acf6bbee8
SHA256 c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647
SHA512 4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8

\Users\Admin\AppData\Local\Temp\nstAD12.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

memory/2640-973-0x0000000004160000-0x0000000004162000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h

MD5 6f621ba192a6fe2228ef9965757f0bc9
SHA1 e3625cddde946f5ea21e4c00be95cad214da4016
SHA256 2b561b980e0a01191a6c7cc1cf94c8d5c061f9f299ea256f1e7ca17250ae08bb
SHA512 ab90bc30f2c23a3032334d30294aa02007e0db180c82c6c8f0d84781203be7c342134cc17bb2ac0c7bd89c1e5902c852afb2d09b0c7d4dba27f5101577491f4f

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node

MD5 0b3ffb5b756beae28d8d9da67c288283
SHA1 7c2a0be0a5ab1b936c4752254927f5ed066abe5a
SHA256 462e527de86494f96ed0d42a80c261e46bb57352e86d6175607186c1dcdfc7b0
SHA512 a1568e7d02bd34992236c587cd77404e4cc9c25011a075dc0cbe52b59ae254eea65cc31ee7fdf26898386e370a752df8bbb2ce70592244d6f24b10d39f9f7854

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node

MD5 8a50b5876633dd9bb73612fea622a521
SHA1 27fb94a39849fe6ba1ce7b983c0d9e4ca4e62ae8
SHA256 053c3100121939dfa1fb936718c6088e4490e72faa3c713310b556ea90155278
SHA512 958d901f7c72773a2f9439842f422048a8cfa941ef943f5f9e61c5e9d48b4d9ebbbaf72acb2a07138ae66f925b46dd98717656a58719902d417a14ba1e5aacaf

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h

MD5 a5a0f8294daad33a66bf30c329157a2d
SHA1 02b5d7fab93d942033fe9ae2620d1a2363914469
SHA256 4955fbf455cc29d63f5dc777d3aa5172d6e1e6df221a33808a913bdebf5a1277
SHA512 f583116ada3f281c208a98d053fe6b580187d6922e2ceae69917770a46f56c16444267172db2cb0bdef3b8012088706ba1a2203631f9ff79d2814714b25fa78b

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h

MD5 349864c2d1fbc9c7788cdf95c541ff52
SHA1 fa968f5bd6560675c26078de4e7d52b454c778f7
SHA256 7340eea1def3c1d832a6f40c5022725f1704a783f7f992b71d5f3ba2dcaeb34c
SHA512 5e1910c23dc08e79199fc80ab8e0c7b300e2e1bd2678d0d9171a73d8f328adbd32021146e5e43485f64f25fcc6bd8413ce1ce3846afd7fcf49ffe3a04d0efbf6

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE

MD5 7cb552557240a921e34ad313a224d17d
SHA1 92ad1627269adefd696ac5a67131e4af575a2cfb
SHA256 7d355d1a2324c2073059ffe7ea4d96852c873e718bcc197374440dc3efc3f7ba
SHA512 b4bf90a3cd77805fc149a4112f822ee47b4f13404ee92455ecab9dd12d796ffe81d664bf21042ae3ad6419abf6a9de6df231328be6bd8ca2426e3432d456921e

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json

MD5 2ac7232223dd7c39ae2e82220d9a767d
SHA1 cacf598ea739460d281587549421ce95546b3048
SHA256 0f49b6c0282be08a5dba3e98024401a921167974a516b630ce9f9a9f2301df08
SHA512 249f93debdc2f2aabc8a1d977f2c1a9a54cbc0e3580e4dae06a1193ff83c801518a7cfb7919f98c3b943eea7c7b99d85c8148292b0b96b3bce4788277b956b56

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE

MD5 216384c4c084ff996a55be20cbd26ef3
SHA1 0510d5fdf8e7bf002b8396958f2240222dbb2a5a
SHA256 fe0982bd7d38ee4cb08b2f111067bdeedb9732a6621c761bcf7dd01aa6211c5a
SHA512 eed68402c44f099b181ebbf43ff7efd1dcf6791f7f35f6d386d66202bae0da6e7f0108fe9c3d62af0f69989d92286fd0c307d2192db0113b9fc857746dd01abe

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js

MD5 e5053e64fdc67009804a42cc8baebf90
SHA1 8814ef33fe018ed0a1817e77c7ed7ddb16076137
SHA256 5e591255fa35fb3650502e648ff51d6d7c7e57ada312bd33058da03cc412efb3
SHA512 60f941a6814dc3efea6a65c6dced552d4248273e1ce57222b428f813e0ab655d13546a0951ad3c0b22adffc7fc40542d7667ce70d315052308ea0fa1195526f5

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js

MD5 927d799c0c996a865d11a78f04198211
SHA1 f5898b61159f1f56ebd3cd439b498a177d413c0a
SHA256 7f69b31efa09c6e7d442d6229e82e65f38faeafeda1fbed7c5e54324aff062e6
SHA512 97e1061700f32af28dbc946e2f3be0358234689f9d3482b37429dc28697516916cf1ff6c7891a29b835cdd775705f432ff7f437bb67ba87d7ae81d62453407b2

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\merge.js

MD5 b5932e306173a01da5d3f814bedcf4b8
SHA1 d3ffa9ab328864682cbf2f5e9c5e5f6437d92541
SHA256 c4598a00e91b93b7964bb874e8ceed6d614436335a7fd81aff7f504499e210dd
SHA512 cf565fea7c0b2453b8276fc25b5e0b546b0ef79eebdea4022aedcfdeb7866687c925d95cb4d56de413d53db51d03168b8302383ca9f8b04c3b5e501fd3be0fab

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\log.js

MD5 fa4ca8a08fd35bba58f2af0f046320e7
SHA1 5f672b1e8d504a468b7946514e854425fe938d29
SHA256 dabbcccb1bf0089d96ce9592a575cb64139926d6b899091c1dbd37632e9269c4
SHA512 70cdae1e1983fc7bed3bee24f50196ec281752e7567d5c4d5aa2859172141422f3eb6a7ffe9165c408d5e3354d7c139fd90382c73f7ac0de16a5840221dee399

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\index.js

MD5 2f2a9c006f17f892a78a9381932918c6
SHA1 80905883f8b96a2265d60202f61de419e8c6d3e9
SHA256 c69735d5a8d259dbc87614ae268de4f6581fcadcf6f931dd20b36bc09c0a502c
SHA512 702966aebbf2a8f98a89da8640a3e0f610fdbd063a19bd4c7ce2097dff7ca1d49a2c8040885ca3b31f85662e6a8b86769ea9224e8f64a03bcd0bdcfb71873b35

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\colour.js

MD5 a85f32c2180651cc03bb1f293271bfc4
SHA1 0d04f9086ace00f08c628c1af25c728eab897d66
SHA256 a4969a552701982cd415005d5ce162f955cf26c205229d2f4c75ed4a75bceceb
SHA512 b32f6f7c1bd75a3a23aa5f170e5356cbe1ba7eb031f6eced706aeff8c15d8b37fc771c29a82580a48a95c65334d8e41b0ddb551409164a43bff29def7277c89b

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\clone.js

MD5 9ef3c7b72b1d63f5e3a7975ff67bdfeb
SHA1 a406bd661839b5efeff4929af9fcfa991e51be12
SHA256 5062a7c87599935fec99e505f3f463c3e0872455da73f8c8054ce0788c513ba2
SHA512 eca4c0784695d43435573725f659409ec33a3acd3a5695665935439cca28122a6d8fdc1eaeb8ac6fbdb921893ad4226467777e8c35e3b9b0b672b2196f4e12d6

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\bus.js

MD5 e469c4cef4116cf230f86394586c5775
SHA1 8849ab04de5836797a3839989d4325906bea9dff
SHA256 8ebae78d8d75951b714acaa3e1a3d7f15b382a92b90c8040423e9866d97f1ad9
SHA512 923ecfd5103fc6e266e53dbb1d35e11f4058893177fa00cc392a628524dcdbe616c90015a24e15b987f971c5eabe0e53a3b107878bc41bc73aacf1e370d660f2

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\parse.js

MD5 078e15305c8688746d2e6933d291babf
SHA1 80f0b4201c45af197cae63c9d93a88525cd5c5d3
SHA256 9259995d8e1ca1737ff36cf4f97c80e55d812726ec4ead43b6c0829ce9679df9
SHA512 83ea7a6d31845542cf03f4b27be92087e417ba5f995ec740824440ddf92932d3623576b7a1022ade20deeff2f1741d617e32dfeda52efb5fb85e9be28de27df6

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\index.js

MD5 0691f1f2acabdb82da7d67e05479ca5a
SHA1 dcff01be935756a732591d61fab8e64e530ddeee
SHA256 3e64a2a35a97e41ff8c073299f07c3754d99b0a6e7d42faef7dc02d61d67757f
SHA512 85ac8207410deba52d3b58fcf30e468ee46b1073544b61376b4b015e588a52973fefa192a027bfe8019b6cfedefc3c4c1cb4fb0ee88e7c2ef88da1c7ed0f9eb0

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\add.js

MD5 4739ea852e85157f1ab60544ea5ce663
SHA1 d83c88f7f8bd7ec5d1b36f86009ac7eba9ca1bbb
SHA256 3cc60361f99b1080c66fce4d6ea0390a38c2a49e821e7f21dc43ed2fafa31277
SHA512 780001095f33fe4a18fa06c3311f3505949dfa762da5f1c0c6665b5501190b6e6c45eb69633c99e02b8b59d01813abfce2baa611509f2a0e65364ccf71965bc6

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\watch.js

MD5 a0bccf8a21d0c4332643a758c666f725
SHA1 1aa6968e927afd86a3f056126f31d2eb6420573f
SHA256 efb0a3f37d9a6279614b29fdbca3f29c1a6d47f2d26067be1c86bb56fbaefcf1
SHA512 bf4dc9c5b4f3b0a01ca161feee0ed13e6f1db24b0a64bbf01b325d0a2788380516da7da7654ee983818f3e0684983302242fe790bbb384dcc126ac4c394c41b8

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\signals.js

MD5 0b71010f098a8cbf8ea47a83a699693a
SHA1 456a713c6a78b49bbf6d613ff9cfc4bc9f01f589
SHA256 5c16e2e5f7101eea3f13c19da7c7a9e6fa02f7d1098b170e71f07d14f915e394
SHA512 95a382907ac465d95db0cc41055038e839ed9164d4010003c08e6ba4456c19b50158c908b8d287eea09a153e38fdcc7f9a8c0052f35eb069243628e0968750fb

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\run.js

MD5 47603d83844b08ba9fc39ac940d78f50
SHA1 4b8dfa2ec30dbd1146a9908b10c858ecbd73521a
SHA256 d93e994fddfcf6c7683976452a3d877a51e68f56ce2a49b821240c93cca86d13
SHA512 52f33cfc03dda936f4641f1ef8b3f14659247053a701b8990f0713742fb90016ba5d51d1e1f44fde84dd883c92166e77e908d586c527858bd3c0a416b9c9d256

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\match.js

MD5 65475ff22153cb7e1cdcd5322341c398
SHA1 c026de2f4276472496755344bea58e11e6b38748
SHA256 d09e469209e55541c8c67fa7ab25b7d4e051ce26d36f737c6264d4ade4b26d63
SHA512 8010e71be183c4b1a02ced648f083be4c8e4be9ac474e1405d91d9925887b00fed0aa07d15b994846417a48ebf768c5402f5d0b004cf9107cb44149bac3da655

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\index.js

MD5 532b43e5038c9f6a6d65d40ca44375f0
SHA1 c7fa3f4fbab77df0eee87d08d428cc06d18faf76
SHA256 cc16aeb163da6cc7746bf5ced2d11f1436e458c7ee803241e9a9fa1d107450fd
SHA512 809479d0b075c9bcb3eef6670cdd652a6caf39ec7f93f1d7dde0eee8a792d518238cfa9f78a2ec1a11ebbfeb00d2a117d25b198718af668c7f356bc3f93ebc1c

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\help\index.js

MD5 e47db45cd167c663151a07e6a3396427
SHA1 f3002a966b346ef937a47576d754787e4bddabff
SHA256 1c1678d18dc75f67bbfae8c92836543af6990bce6b1cf1ad3acfb52285dac393
SHA512 3f8e10d09fcb527e1c1753d50c9bcef2b8fb70586f34e600c0d60ed27a295f077f380e1df2fdadc78b0d468a54f32a5351fb5c4cb638e3012c96358094d31dea

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

MD5 3379b8830f56cd13355114f157e57857
SHA1 cec1a9f2c8ca7f666cb4efc2f3eb99317ea59602
SHA256 7329c732d39f8e884c0ec197e1133c536545bf4137417e6d664bbec962990e29
SHA512 0690be21833aa598da0d7d20312ee8a2e2ecaf164981c94c3bb12036cea40a206e1b25e839209db78419d6262ae87e29a5c94f583ddd9b45e05bc5a107842d22

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

MD5 ac3af2f96d2e824bc37e36e30cb35cad
SHA1 d04e50eb9464ee715a940819ac7af1b612884bb4
SHA256 be155df5dbc29c88c67c936f2840d2bb3abd09981fdb6db6480d54beeb27e9fe
SHA512 060bc19e10d8b9cd959869866b4ac5e0739edd72ca1e61a230a5f3c735feda6fb75ae7a8ea13349013082bedbcd40e30219ca09ccfaad43571059a765bcaee8c

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

MD5 efcab0a70d5e71fb513734cf92f2a201
SHA1 aa55660d5d6a38e2ea632d4de0640ad2b1b7fc5a
SHA256 fcd713c63326ff75fc44afdcbd2bf63991c3c76169a26a2646defab46ce24155
SHA512 260a468807d297c2fe85ce8341ae10be64a7833a8249f2932c6a93e6ade07438ca4bd26222326a1b0e3203ba0c80a6a6fb78e90015b667feda8f68538e1011ad

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

MD5 2e6f9c975170db8136c9ca5c5ecf2a0c
SHA1 404a2c64977cae3407aa138c23a2f841546f713d
SHA256 2b577f3fd8e3d03d64c1ee07ef13db89df04d0a9cf7b69ebf2c17041f7251104
SHA512 15bfa9fad522ddc043383704cac725c8cc2b4565708b891e9e03d889237cd528ee4d347e54a983c801550856c2d1ac1269dcc127edfa6d63bf3d2aa0a19eb358

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

MD5 90c1aa9f031e818373c2f2f7ed6b9dbe
SHA1 b6476cdfa45ab967436ba9bb32aac1d65e531a9f
SHA256 50f10478098f06b77a58b351a93bb8fe7a7572bfbfb3e6f0bf668460865da3a7
SHA512 4ee766da766530bb372d8e04b058edd6b28ca5d77f603b175336e9b5e8f5c677e77e0ea4afc07a642c07c48e0c209716dbd9cef4f6ab97864a9ea51af2b49bbc

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

MD5 05d07534c94e2d589bcc02e96e1b9503
SHA1 3c3712ecff74a1099c4d65e4eefd9cf2e38f1119
SHA256 5c5b008f28d9aa1d6f8c30a30de037b95b50141a20ad0f029d0d79bcd75caa4d
SHA512 7c7526f2b4e685cc7e20689ebe5abf7630b738d2d15ab7b5e94765e0e6f221492e9e029f715f5b3ac156d3d11ffd907e070d2d7f968b5f5fb401aa9c7ec84ea5

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\version.js

MD5 7232bc938db18583ac3447bebc844430
SHA1 55051c267076fa3bd3764864ee77d4c41c4b3233
SHA256 5071083e2e09969b2741a46cdedbbfcb2608fa35c1d1237e3bcf134749fb5ecd
SHA512 9167690b0ad72c815c3d8c7227ba8d3574acbab95236de0ddea28c73f6a2899dd700ef9083b06d2badad19c21659a93ab101ecc439a42292d2540ed8c2ff3c5e

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\spawn.js

MD5 ad2e1e41a1aaf8c0d0b622a27bc6bf9e
SHA1 139625411959345da513904bcb7d73d7c312b63d
SHA256 7804d7450f305b9142af45967be5c96f52be8350dba2a403f4bf79d5e092bc60
SHA512 e43ecd8af261ad4cbed89f549c18c18df9cfae6338c0719c1e5c06361c6cee4598d080ee32dfda56cc742e23fad5db56a842ef8511d9d5e2c28b7f7eb4eac091

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\nodemon.js

MD5 392a1c2f9f7dec3e4f64bb738f21785d
SHA1 02d0364639bbc6483d727e5e24e6c6b39c8f0ae2
SHA256 3bb0b111682da4977e265b0bc746cd57191e294e0c25bf667f129771897dace4
SHA512 48b0517f41013b024dd5a674b88a9e53590113f664482b0420236babb9ecbf0428c40c9f708b204bcb1f2d59789ef6383641eb8efcc7a7ac506d4345c78358d6

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\index.js

MD5 5250f6ffce08844c0f9f139fd707243c
SHA1 b5646886daa1c00461042d1a35c1a83675f8c8ed
SHA256 95111d84575ab36b697d760e130d722daea3d322cf56612f2ae67c7b3e8cef19
SHA512 49dc989edab7b4ce7477bbc5c678e1b1f4aca0f77e0ad6323d3c251164ed28b59f4d18d5b0280d53108b93e133eb2dab5469093ecbb2f1fe2bb32b758f59e729

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\whoami.txt

MD5 5a53b8ff8c3670ff035f6490a24a0789
SHA1 e079a16d67475a83eea085058af0cd704da97393
SHA256 4e7d19dfe1603ca93a0421b1abd4b19cfa5324ef458ff549809c5e66a2efc596
SHA512 e906ef44ff0273e4df3397ba719c173c87a9919b7f9d2580e2c3354fba22f69b0c0a020eb049d276934dbc66f497b279d15c135fa0e12e04acd39802fc5dfefe

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\usage.txt

MD5 1448d12c8524497e0abecc6089aa5a99
SHA1 183f63e7726b128a36e247e6bb506ced31272e49
SHA256 844e2d826c59dbd72ad383fe8a23b24373d83e9b184b437f7f04c42487cd5759
SHA512 e14e41721ee4bba6deeedcc5786a113042cd595024eb411ea7d874f282547c5943dbdf1eb7674d752ebbac16ac4e1c98149b957ed5cf3623e85a561a42354e45

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\topics.txt

MD5 57a5e0be8307585fffdbe867f0d047da
SHA1 0185976215d973431c6810571b21d6804bf64632
SHA256 5f8f41620ccdc1d7298df4ab786abc7edcf049fa7e06fc69bb26b38cbd453643
SHA512 4c05c95f21225be793051bf799255f6e021145e17ca384697877aa9dad66303d8bdb6e47751433eaf17b22dc766758cb799034a34e1e7851a8328a95b6784273

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\options.txt

MD5 016f8e569786ff8f5f6c321a735e2323
SHA1 b7a7a46bf03f4564d6e47fa55a4fc6b9be1e39fc
SHA256 3c8ec4fa239f82b2b9f427925ac2f75af2af9147eaecc706b1990540b95ae94b
SHA512 6b8372648371ea46ac98dc49ec93cb2efb9cc81f75e8ee7a5e1f0a01b7bf209ca92e07649c22630722370b1f254e956ea7ffe4be68d0f9ef419766f90dc80fe7

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\logo.txt

MD5 f55be3331bb0e69fc47994610da41ada
SHA1 d8415b399bd3853ef658a5f2057812404598b5c2
SHA256 cb0c73fe1bc7676104d6a92ca91250cd562b7f37a564edc260de01a3fc636b6d
SHA512 505d427c6d0add618e0c54f8079e4303fee73e0ccd9c4edfa67b44660ce5d5deab4fac09601002f73cfd00f445640a69ce9fe9a39b8a0f3039b200f5bff058e7

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\help.txt

MD5 0034cf996f84911ff0646b717ae47ee4
SHA1 5aeef8ef12d8023fe208c0492174a960e57c643e
SHA256 d98c56a3cb9643b399fa04c422da35204dc91cd869c47019e9783fb4f7289adc
SHA512 b1f174300ee58e16676ee8ccfae4e48794ed5412d89e0cc0d8a134ec055dfbdb596d0ab43ab376f46adbf76cf970210455bf46ed666839d69357d0ded8c057af

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\config.txt

MD5 73ea33e660552d101eca031a0baf6be3
SHA1 3d3384db49a197a8a616a274598bc18a25ade114
SHA256 032c4ca3b1814a39579d7a0a00154a3772d89aece9884d135fdef782f36e27c1
SHA512 c7b9a4bf4de7d13bb45b4db857511cb411a7927ee4db759af263905e01cfda8d95477d2e2d6ad6c51c9f301710e20ef64b54a4d15082f5054680da9cfbca1146

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\authors.txt

MD5 b5c019895f49ad741cd49e6291aad090
SHA1 03567a03c8346dd89516e2e03957bb674af91408
SHA256 e1e0dfdaaed1f025c106731aff67d664b849635cc6cd3b9b08674db8dbcbc5e7
SHA512 ff13c9416d29d9a3fe636e14fd63e5424129a6e72366c06b1bae3c5a06f60cbbf3520d868c492d472450e35e547881be93955b29eed63e66979592da576f8bef

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

MD5 de5ecb14c8a2212beb309284b5a62aae
SHA1 cf89d1cbd52f3183590b33bd6be591f95a6f5291
SHA256 d35c0d3af8f66984b1ead5cb56744049c1d71ef0791383250ad1086c0e21f865
SHA512 fea8a49538f5fd4cb8c262c1619f9f8e906edeef7d3c791bd3b85f032a0499aa5f18b4370a00e1f4dab9698e1958b042cab467103598f1bdaa583eb1fb918c07

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\nodemon.js

MD5 30894042a167528293c057f833e7b6f2
SHA1 ec993fedf1f1a22c77b985c72d8b0074811ea680
SHA256 9bb0e59dfd1cc00fc40bed0ccf10d88414d915d79875b9dee5c1d5009f4e89cf
SHA512 2b544b29e44e0471a9da5474209bc15cb81a44a38448a74a7a67f4ed3ca7d1926cef4b2b13d3269fb785a468d00f1cfc042d2a7d6b4d563725da65028e2df15f

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\package.json

MD5 d973ee4a6969bc5e14e93d99d4680c16
SHA1 22ad20391ccb50fb6343931a1312751b2f7e049f
SHA256 f0051785c8178f10c2b5ebe86edd6949eb9db7b293d9abbb51a857f7e62500aa
SHA512 2f8c64f04b3fe023d296899b16f6596f42cd69c1b8230c5bee561c18af6bbf44697966b45b50d718eff75cbffab37054a6de7b57bebc16b2d85a5a0e307dfa9d

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\LICENSE

MD5 9b54883148dfd5ff6b9f1a23f9470a30
SHA1 f062e421fa2d8f722e9ccb2b0b4be9502a7386ad
SHA256 0fa6b5d2902f7ac42db390dfd2cb3b4ce82ed45cb5ad5dea41c11d1d67e0934d
SHA512 d2af503c12f0fda687293452af39f98f5c3987eb8a57cf12c47da5aed67c761349e5186c15371a96f5d490c140e8dd0d5e8bd6a6164139dde0562d6ee46db90b

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\jsconfig.json

MD5 21cfa078a36c66a3d1f4f2caf729fd56
SHA1 8849b6bf237cf4464a4628f0c2e163e866dead8f
SHA256 87cd1d700216892ba7d388d04f42e373e1abda0b5d407c54a60e67b5dde48ab2
SHA512 92f7960fe79d8e5813372d7a7833bf883c3dce6eddb083302314a2d9ff52d800178f8ddcbf071c169267b346dfbc5d59b1dc0f95a70671bd63453e56e18846d7

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\.prettierrc.json

MD5 e502800d651a7ef3ff58d918c68aa81a
SHA1 c3b456549821510c5729648bfd93886491df1db8
SHA256 37055c98043228133ffcc5cad7bba5ef6c8f24698a551cae547b90f51d22e519
SHA512 9892bb44616c6c2761027562371e5c72a355ce1b519072ce5733ea1d4971ffb8c9b3e83f935a18120e0702aae644d07274ad4b09214459fc13679a8ed6051e7c

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\resources\app.asar.unpacked\node_modules\@next\swc-win32-x64-msvc\package.json

MD5 704b387859cdf10e134ba4c181773747
SHA1 626f9cd6f668b8f310a4c11f331b96cb4289e44b
SHA256 f6b59292c52960efe68cc3813a78bc505d80cae11d632006770059380173cd53
SHA512 5416f7ac6d243bd04f32d5a776b596b94db1858cbf904357d8eb4733a22ddc94bcfbc116437e86799ccf402493212117f65289308f4ae16f3d39083693f9ae66

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\te.pak

MD5 3a71904057869c23d1bc108f1e8d0d31
SHA1 6fb6e60c80bc332a2bb66d02a1e3db69961a9c41
SHA256 8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e
SHA512 7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\ta.pak

MD5 52ee28471f2f9d01ef3f57233496554b
SHA1 abd7dd9989fac90636626a41f007eb6aa5ec7a2e
SHA256 1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242
SHA512 af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\sv.pak

MD5 819b5e4f2b7734ea4677f6d579d72f84
SHA1 aff3048d8e35fabf68a756513b67efedba59f85b
SHA256 105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e
SHA512 3e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\sr.pak

MD5 eb8ec452c7079ef7dc24bc7975513ed9
SHA1 4787250292b8f2040c7ec0b265f60edcfd1ffcd6
SHA256 4cea4c83b5e887463dadbf470a9953b8175149f31fd07b83406a6fc59acfde41
SHA512 3ab2eafd3f09627efed8263cc2d59d5780b6a856a6d1299be511bbb5c1350fa05f98b0e77c53c3707ada17e7e44b8801b191802e2cf5129548e279703983a8ba

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\sl.pak

MD5 6c71fa576a41711dcb351abf92a65ea4
SHA1 a0281f6b9dc363628e7d6045f7dc2904149c9dad
SHA256 458b15bf249c1e6fe9843725c42443274ef6e09dcb15f5288c916c0561aefc47
SHA512 258e49b51ee65bf508d05a5b3286a8937d3a876a876635b59b97752c5171e89458b9d23d9d7178153aa16b6fc908cc011a8e855c6d3a0152c919b40349cdf4fc

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\sk.pak

MD5 5d41e75bf42cb12d7674986f4e5dcba4
SHA1 7c3375226997e3f69e3c9a3a5ed762ec40d24973
SHA256 89f984a67cea3997c704005fbfbacd3f6f5652248626945c2ab1c3bcf24e6623
SHA512 a2b91c888ea3dc2e618bf8faf7ac9f0fe562ff16c85d03afac0778ed671b1868a665b892aeb2d588e7f5bf32a7eba57b75e2e15f2c51fc9264e0db2f95d804d0

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\ru.pak

MD5 46fb61aa9515e97293969683fc330764
SHA1 5bcc41716976eefb65870ba2a2b230238f7e53d3
SHA256 4babe5f20caafca33867ee263aa9dd55ed271704a062e4372fdd133eb359a558
SHA512 c3acfc1c902c651e5fc0501a7a77358cbb99daa020597f7f6be9fc81ee53509dcb0d63c6bbc5ae308c88d95dace7099f024d698b6f364dc7db4ae2a7660e5b31

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\pt-PT.pak

MD5 03138b2e4fb822b03713f6c4f0fc67cf
SHA1 8f6f6585743676177eaff5a582d18691e3386bbc
SHA256 02ea290fac25b414a1d4ed78cdc159cf6c73fe5350824c2f36f032e426a23364
SHA512 b000f1b8fc952849d1ada21aab665cbb97989fc28e892a75077ae9a24c4ef1d15b7d5cf1c5aca89d27d40a01c64f343a08f790049249fcfed43a1a430b4fef9b

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\pt-BR.pak

MD5 b4183914f46fd63a7bd32d715b8629f5
SHA1 d0295b556e55a74e357f932473f9dd2bb1cd2f51
SHA256 5ff219be32f9178fee40e8966ac5deff2be1f2ff259a66cb9cdce81c2e90a7e8
SHA512 3bcd37cc49a827c03fb5b3a97a5eeb863ebb6f071fb2af697ebfc4f57dda676227533cc6a2fdb00505cb2395aae685dae087970ce13af113260d856b845a985a

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\pl.pak

MD5 8d4db26e2ee5181afdfdd513053f3c17
SHA1 0da427a085927a5c02d2a67c424ea99cbf5e6b02
SHA256 f2a7dcb69a433c2a898866c555b82c26e3515c089f500e7748b9b11ec3047786
SHA512 bf441f501d746f1fd996c21e5e2cde643b9031bf58bac31474e68a72ea6993447f8bfad3284351bffc94d6a088e183e0b24d109398d65dac0edee8826076ee21

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\nl.pak

MD5 d59fed8986eee2b9d406ad52d88cbcf5
SHA1 f7e409e17723e21174361bc81e54bcef269f40f7
SHA256 619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e
SHA512 234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\nb.pak

MD5 de04250ff403e9af66a1351598d2a64d
SHA1 4b7a5a2bf48d988f95aac6e85b11a8c2b2fd007e
SHA256 887a0278971d6ba61e2f24c62029a3087a46c4962c4357412c28ede12ed6da15
SHA512 71527c025205bbcd63351283b7b123d8807c05bc68f2f7555f10386e330e052d031b9986ae2c1f0398bd174e67962657e0b8d4a57a07d167c233390a4e6c5556

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\ms.pak

MD5 9fb7c18f376b46b254ef9a960e08655f
SHA1 31cb060fc606d011151f1b5464e2a469372113a2
SHA256 2f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2
SHA512 23ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\mr.pak

MD5 649e76b6666096a2258b942745ff9fe1
SHA1 82edf8ca68dff0caa36b17901c1e12a17172fa51
SHA256 039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4
SHA512 92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\ml.pak

MD5 39d4a5ed8cf7c8e0df946220fbfc0f68
SHA1 70794849b41d00f2b895f1211a6baaae3fa7d261
SHA256 87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6
SHA512 ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\lv.pak

MD5 a999e734f9addcf07c080f9861c3c170
SHA1 522bb12a0cd4e5232570001684aed84f421abcd0
SHA256 33fdf706f6d3f06b485c5115a7c73a571296dac41c582fc9d0dbb371d86e8653
SHA512 ecb92c4ddf7b252a3216059e63b387c6847f6eccde532c300b74e6b04ab56da0208c2ecbd00ab1d5e48acced909db74b1aabf88e34d0d5928b89320f45200dc8

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\ko.pak

MD5 965ac0d213ccdfd83ac4970de23a8f11
SHA1 8326841ab80c40a7ca8b13589a3f5ff54fc15827
SHA256 3fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07
SHA512 5eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\kn.pak

MD5 a11d186b8eec7362a280abec3859107f
SHA1 966065cc6f69c3a222751d2191a0efeb6049cbdd
SHA256 a6ecf1dfe4d99f6ba0926c696b5b23b77d234fa8fd03da9825b074ecc640d508
SHA512 099e73977453a5dca329b1d8a8cbc612dd2739bb3db034b7509af35877ede6ee12450875302ff3f9351fc7096b60be1b2d8ccbec89ace3145eb264f25946d46c

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\ja.pak

MD5 412bef3ec11f53c2aa6511ca139b1f35
SHA1 8b42655c2b62edc13c61a4625f55c961cefd1c49
SHA256 c5692ca739c31569ae2431fd58f1028e6c8c01af278b76656ee0bb65b79e9985
SHA512 85760c2a0dd4404a2d41f0d957c9cf8962d6b80389df838cd2d85b6a31a54f4e50c5f19ee73d2ee66e3e61a8809aeb5b493e7170aceeef9bda53e135ae02bc42

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\it.pak

MD5 591113bc491e5c388ee3876de4aab3a1
SHA1 a63c2a18eb92fd03445bd237a5755d557e1cb593
SHA256 33652aae78a486dc3ce4e5affd1b7f72e1248f6f9f3e62188afe3b5d73bd148e
SHA512 66f1e79c9bf179f19942352258181858268a991b42d4a79747ca580df3fa219c2be71ab6597cec4ba7bd4c691a5e1328aa03a565b3eef442c6e2216f0d82653c

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\id.pak

MD5 91bad2312491410c7f0393be512b895f
SHA1 6e4e9cc985c5b96eaaad91787f8bb7f72cddb604
SHA256 a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059
SHA512 5c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\hu.pak

MD5 2515bb367f56f282657b3dd3b9ffcbc3
SHA1 8cc350e359f1cfefdf0ce3b016109dd483d45a8e
SHA256 b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a
SHA512 779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\hr.pak

MD5 1973723b9c45b9d971c97229e7a441cb
SHA1 2bfa4922bf2084486681af45cd7f7dedf95b2d66
SHA256 afed35643df24709c8c5cc9b8158b3d9a2266fbfeed132e98ff254ced4086c5f
SHA512 6a1f35435b01ab187cd93b376b76444dff575284632fbf37bf8b08e6cfe7783f985d0fad2425df3d3c332aad2278971412455a748e83c2d6fabd0f6afc3dc292

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\hi.pak

MD5 66ab509000cac52c805d6871ca6c1f25
SHA1 e3d3e7bacbcfaa7538ca89d9d26218eca06c01f1
SHA256 9c6d8d93278a6e375405142df9829adefbcc8ae9797a4f589591b9784b2b71c8
SHA512 356642a19f044c6e192f658ca2bf8764431129cdf7c9891b5b5bf4e99f6b990a1428c1e483487b619865e7f2d31cb5c9bbb3b49ed25fa81c4374de3e8e65519b

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\gu.pak

MD5 e884bbc8ded4f5f059211fbbb85ed351
SHA1 8f4ecb45ca73902791ff5e56e0b272252c08508e
SHA256 087e99953eef9b5fd736e3dbd98d702fdb01dc614593a4c575cb619159688118
SHA512 50837daec40a2624097cf36dfd7beebba4db748fd9cc470bf71b526e612c1aa6c88ead7511ba751e370f6f5d28ad9d6338dcb3581d7e3d53e2672741915b952f

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\fr.pak

MD5 79d945ef9b8ebc7d39fd03d05d9b2f27
SHA1 6fbcb748515f97056689d4a747e4df3a830fe049
SHA256 1f6cc56e04bcbd6b6ecbe500bcb0a5702551ec80d79e624642d0c7d9758d4424
SHA512 f1a26715ad9399052b664c71fb60b6eb6f965fa80d6d8d6c47e0b96ad0d4a4d2028c3e19dad49e008bbc29edc24e656777ce073da008d3f4dfdee4c8f2212a07

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\fil.pak

MD5 c744b92c8feff1c026034f214da59aca
SHA1 95780d3374841efdbc0d8a46cddc46bb860a26e0
SHA256 d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745
SHA512 eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\fi.pak

MD5 6d7aaddb1365b3efee94d4c510a3002e
SHA1 2a970204894c5ac163c980ec0fac2dbd1711e5b5
SHA256 11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274
SHA512 f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\fa.pak

MD5 7851efacda8438c041c9a511f4097de2
SHA1 64cba381a17ef0ffae2dff5135d57fd1f9300ab1
SHA256 f1a7351bf0d8cad475d2761b9edf970c3098836e38aa98106a5e04a41002b7c8
SHA512 d94fb1d04630cc292296ad6033c6beed1a00dcd4c11eaca04a7eacb50c238269b21e4d2a4002836f4d41e0f6d951624beefc95beaae23530eccded4569ff1869

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\es.pak

MD5 f90d43351ffdc63bcef25bf634c1fd35
SHA1 f80df8034cb64df1ef62e586891275a74868ab6c
SHA256 0385e6776de5a0d8a3b30b7bad44308ac4cb04e2bcebd573d3c7938b68036573
SHA512 7bfa70a5de14652063d261c28ffd3df89ea5e38877cc7977ab27f7280c48084a4ab1e5bdad0c2f624a7434a5d975feb9d8d221c010e24963d3c42921f5a36e65

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\es-419.pak

MD5 15d1e262602e54d76de8bac02dada000
SHA1 54e93995675bcebc595befaed6b73c9ff5e6e735
SHA256 ec922f8ca16b7e7642fc73369ba7b75ec950cafb1dcadc6c88426c034382d483
SHA512 a232eb97021f17fde322697db2c00423cd70e9741772912c5f7a41849b35dcf3e2fe84001ff0a7902b2b54305d1f805f53988e421e192be0d5abd157bf8b5f1f

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\en-US.pak

MD5 5c52a86b21633b55b383c20f16859b2f
SHA1 126585e68cb17f241351004e21c1d30e65de1cf6
SHA256 41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078
SHA512 2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\el.pak

MD5 34c6150acccd20c7f260b269bce06930
SHA1 277b6d2387f600c84263847d6fb2342fd4746cfb
SHA256 162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840
SHA512 58308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\de.pak

MD5 d1a513308f9de55b6c7bbeef7c4fe90b
SHA1 a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d
SHA256 662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b
SHA512 9756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\da.pak

MD5 5f8f09aa98ec3a4c8122d64c5bc6610e
SHA1 08a6dfaa3a11d8c994da90460e78ce0a4fcfb644
SHA256 3430c0f1946901dfa24190ca3989f72171ec564bc7c523853e6a1f531b61b5ee
SHA512 9c643eb6415cad6aca0584d62211aed5ed21a0f8d71ac4f692bd420a4a190a9781add7c874d0f56bb5c1c0f65d543d932d0f50caf127e8d014c05d015ae61ca3

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\ca.pak

MD5 7474c8e0c3285b97f1f12792964b6824
SHA1 8b9381be0754fc3df2f4f13f8575bd4abab90e9d
SHA256 b3d5dfae25427596b1f14a8e13d6bcb58532c82554229c2367779ff5c42b28bb
SHA512 4ad524fd530bfc72d72edf04ba4890e06ca0a20cc1d5c2c3d95cda746b1d884a62ec2d4463ad7be9cd01c7529b41bef65f9e669c62719808a83d3c70f9475d43

C:\Users\Admin\AppData\Local\Temp\nstAD12.tmp\7z-out\locales\bg.pak

MD5 e6608ecc589e87a6f78f9ce553ec2609
SHA1 9fdb2ff6291549df773ba243b3a92b984b15bdf6
SHA256 97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768
SHA512 25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:38

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\KasperskyLab C:\Windows\system32\reg.exe N/A

Checks installed software on the system

discovery

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1176 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 1176 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 1176 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 4796 wrote to memory of 116 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4796 wrote to memory of 116 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4796 wrote to memory of 116 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4796 wrote to memory of 3440 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 4796 wrote to memory of 3440 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 4796 wrote to memory of 3440 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Windows\system32\fsutil.exe
PID 3496 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Windows\system32\fsutil.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3496 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv

C:\Windows\SysWOW64\find.exe

"C:\Windows\system32\find.exe" "Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,1099185656946981897,10396604513801124820,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1776 /prefetch:2

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --field-trial-handle=1980,i,1099185656946981897,10396604513801124820,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1976 /prefetch:3

C:\Windows\system32\fsutil.exe

fsutil dirty query C:

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2956,i,1099185656946981897,10396604513801124820,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2952 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe

C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\en-us.json

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session

C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe

C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=968,i,1099185656946981897,10396604513801124820,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 104.26.3.170:443 cdn.getwave.gg tcp
US 8.8.8.8:53 scriptblox.com udp
US 104.26.11.174:443 scriptblox.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 2.18.190.77:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 170.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 174.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 104.26.3.170:443 cdn.getwave.gg tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Programs\Wave\chrome_100_percent.pak

MD5 cb4f128469cd84711ed1c9c02212c7a8
SHA1 8ae60303be80b74163d5c4132de4a465a1eafc52
SHA256 7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3
SHA512 0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\chrome_200_percent.pak

MD5 e9c1423fe5d139a4c88ba8b107573536
SHA1 46d3efe892044761f19844c4c4b8f9576f9ca43e
SHA256 2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa
SHA512 abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\ffmpeg.dll

MD5 9691e33909895bfb5bb0355b6f439c81
SHA1 7fca2dfcb9aca4ed92c644e8f7ceb98f87116a52
SHA256 223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7
SHA512 9ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\icudtl.dat

MD5 ffd67c1e24cb35dc109a24024b1ba7ec
SHA1 99f545bc396878c7a53e98a79017d9531af7c1f5
SHA256 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512 e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\libEGL.dll

MD5 09d3bc8a5c6104d78566cd6e51c5a6a8
SHA1 d1db4f83bad27dc0caf75f77d510f2eb62dd84c4
SHA256 1307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85
SHA512 198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\libGLESv2.dll

MD5 02374701c3dc3b26088763fd3cc11bc9
SHA1 84e582496c53ce139d9efd219b762ad38a50d011
SHA256 8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41
SHA512 09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\LICENSES.chromium.html

MD5 ae174699b663bd90d8d06c68c6952477
SHA1 8c76eda61d320779909adc541593b8e26b24815a
SHA256 c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18
SHA512 3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources.pak

MD5 3a87e8d6dc2d7dab0c3c37fe4a74308d
SHA1 5ddd587a6541e034203f24ee329796dfa316656f
SHA256 61216fee0360053988d5be52ab626c89173c86da1cf0b5a697bc32944282fe14
SHA512 7ba1bc093f25cec2539fb462084cb1fc32b17841f79be95679c90f4c735772d1dbe652471e52f4be254b10e650d31e3460ebebc82d89efa6a9ef801e5d98ea6b

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\snapshot_blob.bin

MD5 62b9e00c46ed829e06d0c2494aa994af
SHA1 988882632b95bb78d80db60e4787c576e48338e4
SHA256 22a46de643045805a3e588f9a18ebaa377f9fba3dee46b2d60f3ae300a09cc4e
SHA512 03b7c57782923ca3a011fcb85f74e865bb7ff9976c89152758770be3bd3d40684ebd216fe34f0d0050936b536c8bab5eafcaa35fc26e893d30a108e36687876f

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\vk_swiftshader.dll

MD5 337b0322f328251f01bd0fda8948217f
SHA1 6e59fb5df7773c8668e8f18755e62b532a9071c3
SHA256 11f24457eb9af084eb845780f3fdc1989605766c2749fce6fb003dd988d5ff65
SHA512 3540b2f5df1f20b5cbb6e61caa005fe7da5d1cfbe58f639ae0c40f6a4e7a9d8786f3db4691dfee9a001a2a87ac7b0bf39b7f308c14f809874a89f86b18ff8fbc

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\v8_context_snapshot.bin

MD5 a62fbbb671bf975ed46b42d9cf437bcd
SHA1 408b595b1dc6658533e0db1d35f509ab9ee70525
SHA256 a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae
SHA512 87c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\vulkan-1.dll

MD5 6db4abe9370ef778e93cfc6bd6dbd292
SHA1 0d7bd9d21524780b6f8904a82c3ce09ae5d03f97
SHA256 52bf439424759a84cdcb6d379ed88582a6d6ba58127c44adf1b8379f0e88e5ec
SHA512 1ec07916d82d78243d9a144db3e947c95ca92fce1350708484c45fca2f953bb76728889b8d9a02c041849bcf005f998804d7066a90359fa180d94c237d014317

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\af.pak

MD5 e48860fe82ef022ffab38cbc4c96dffc
SHA1 a832fa66bfddabf3ae7f219cf379f66d2903162a
SHA256 e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13
SHA512 e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\bg.pak

MD5 e6608ecc589e87a6f78f9ce553ec2609
SHA1 9fdb2ff6291549df773ba243b3a92b984b15bdf6
SHA256 97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768
SHA512 25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\ar.pak

MD5 f6ca56d15814dd5afd5e7ff985257880
SHA1 ef236d7027cb50a188c1e771527e6628702311ea
SHA256 5cc02570e5f61cbca791309985df3a29584e41583b3344f1d9fb6b04ce423e6f
SHA512 46c0436c110d6f1a8f3ebe962226c51af525228262cd56744e4d89aeb05d1eda614801a294bbfd2e08598e355750d7a2d200b3e7b594da03dd26ece4cdd31e3d

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\am.pak

MD5 d6e8c344b2b40a9c671304f6f252d51b
SHA1 c59ddcaad921b6d2d3f70b7ab07026c35e5d1e08
SHA256 4e15946e86a578eeff41feda808bb291d81e240fbdfc96cbe2efe692ad35eef5
SHA512 018ce2bf4beb4ce066703b2ac7413c6517759be68f889f27990de5d6694e9f84b4027f9861901ea4b15abdd1bb570e5a16651c935713feafc4d16cd57be0b911

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\bn.pak

MD5 57eab375114893a5ed0de36a516e8252
SHA1 16f23ab3eb62bc7a2525a7a5d86139fa88670b89
SHA256 1aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587
SHA512 895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\cs.pak

MD5 582fde87aac61961e4f7955f16d31769
SHA1 3a8eb832317dd7e07efaaeeb5885c32b9d381622
SHA256 7d7b701ce510b2e4a18e957e500086db590aad8bf5acd37f82263a676f0b556c
SHA512 adb04ccce5471d80182f7ca73bf1a2e4ce63a4980d455837fb378bf679a0022d4ee6f9fbe148d6932fad83f458c76ac229229542092e0cb9b271c8d44639b11b

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\ca.pak

MD5 7474c8e0c3285b97f1f12792964b6824
SHA1 8b9381be0754fc3df2f4f13f8575bd4abab90e9d
SHA256 b3d5dfae25427596b1f14a8e13d6bcb58532c82554229c2367779ff5c42b28bb
SHA512 4ad524fd530bfc72d72edf04ba4890e06ca0a20cc1d5c2c3d95cda746b1d884a62ec2d4463ad7be9cd01c7529b41bef65f9e669c62719808a83d3c70f9475d43

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\da.pak

MD5 5f8f09aa98ec3a4c8122d64c5bc6610e
SHA1 08a6dfaa3a11d8c994da90460e78ce0a4fcfb644
SHA256 3430c0f1946901dfa24190ca3989f72171ec564bc7c523853e6a1f531b61b5ee
SHA512 9c643eb6415cad6aca0584d62211aed5ed21a0f8d71ac4f692bd420a4a190a9781add7c874d0f56bb5c1c0f65d543d932d0f50caf127e8d014c05d015ae61ca3

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\de.pak

MD5 d1a513308f9de55b6c7bbeef7c4fe90b
SHA1 a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d
SHA256 662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b
SHA512 9756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\el.pak

MD5 34c6150acccd20c7f260b269bce06930
SHA1 277b6d2387f600c84263847d6fb2342fd4746cfb
SHA256 162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840
SHA512 58308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\en-GB.pak

MD5 56bdf77ab3487e28d354a8b0f9ba8d2e
SHA1 b10ee918320a50a417b1ee6a28cd4b05a5f77238
SHA256 7df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb
SHA512 8d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\es-419.pak

MD5 15d1e262602e54d76de8bac02dada000
SHA1 54e93995675bcebc595befaed6b73c9ff5e6e735
SHA256 ec922f8ca16b7e7642fc73369ba7b75ec950cafb1dcadc6c88426c034382d483
SHA512 a232eb97021f17fde322697db2c00423cd70e9741772912c5f7a41849b35dcf3e2fe84001ff0a7902b2b54305d1f805f53988e421e192be0d5abd157bf8b5f1f

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\en-US.pak

MD5 5c52a86b21633b55b383c20f16859b2f
SHA1 126585e68cb17f241351004e21c1d30e65de1cf6
SHA256 41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078
SHA512 2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\et.pak

MD5 3cad945e9ae6e31cfe66c89365e5d353
SHA1 43758cb523d60d936b9a417123f337b8e123481c
SHA256 ba4ec85d2306a1f1f178a017fef4d340b77b33e10bbee07bd359a8e0ff8ea461
SHA512 ac07e7f72b670a2e8b7a46a672fefedc58d9384d4773a6f220c231c619c1134613ff68c0ccb0dc9e03eb5f47dea7ac57de318af5f3f242d6be7ae43071e2d947

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\es.pak

MD5 f90d43351ffdc63bcef25bf634c1fd35
SHA1 f80df8034cb64df1ef62e586891275a74868ab6c
SHA256 0385e6776de5a0d8a3b30b7bad44308ac4cb04e2bcebd573d3c7938b68036573
SHA512 7bfa70a5de14652063d261c28ffd3df89ea5e38877cc7977ab27f7280c48084a4ab1e5bdad0c2f624a7434a5d975feb9d8d221c010e24963d3c42921f5a36e65

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\fa.pak

MD5 7851efacda8438c041c9a511f4097de2
SHA1 64cba381a17ef0ffae2dff5135d57fd1f9300ab1
SHA256 f1a7351bf0d8cad475d2761b9edf970c3098836e38aa98106a5e04a41002b7c8
SHA512 d94fb1d04630cc292296ad6033c6beed1a00dcd4c11eaca04a7eacb50c238269b21e4d2a4002836f4d41e0f6d951624beefc95beaae23530eccded4569ff1869

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\fi.pak

MD5 6d7aaddb1365b3efee94d4c510a3002e
SHA1 2a970204894c5ac163c980ec0fac2dbd1711e5b5
SHA256 11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274
SHA512 f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\fr.pak

MD5 79d945ef9b8ebc7d39fd03d05d9b2f27
SHA1 6fbcb748515f97056689d4a747e4df3a830fe049
SHA256 1f6cc56e04bcbd6b6ecbe500bcb0a5702551ec80d79e624642d0c7d9758d4424
SHA512 f1a26715ad9399052b664c71fb60b6eb6f965fa80d6d8d6c47e0b96ad0d4a4d2028c3e19dad49e008bbc29edc24e656777ce073da008d3f4dfdee4c8f2212a07

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\fil.pak

MD5 c744b92c8feff1c026034f214da59aca
SHA1 95780d3374841efdbc0d8a46cddc46bb860a26e0
SHA256 d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745
SHA512 eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\gu.pak

MD5 e884bbc8ded4f5f059211fbbb85ed351
SHA1 8f4ecb45ca73902791ff5e56e0b272252c08508e
SHA256 087e99953eef9b5fd736e3dbd98d702fdb01dc614593a4c575cb619159688118
SHA512 50837daec40a2624097cf36dfd7beebba4db748fd9cc470bf71b526e612c1aa6c88ead7511ba751e370f6f5d28ad9d6338dcb3581d7e3d53e2672741915b952f

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\he.pak

MD5 ad6af80367f0b5d408bbe2c7b32ade48
SHA1 9dd4e4e5a63e50e9d3715667b8149edd8d07a52c
SHA256 20b1c80f8b2bd5130a1fb372814fb9c9ceac15305da3da0cb29923960a94a934
SHA512 95df5ce7f7885d0e72b2d89e1794a3796a1ab407fb27174219db22c668f74a8c3ba1f680cbf990be533c35ca0b2136b1917c0cb92d4556e3ff2ef3447c55efbf

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\hi.pak

MD5 66ab509000cac52c805d6871ca6c1f25
SHA1 e3d3e7bacbcfaa7538ca89d9d26218eca06c01f1
SHA256 9c6d8d93278a6e375405142df9829adefbcc8ae9797a4f589591b9784b2b71c8
SHA512 356642a19f044c6e192f658ca2bf8764431129cdf7c9891b5b5bf4e99f6b990a1428c1e483487b619865e7f2d31cb5c9bbb3b49ed25fa81c4374de3e8e65519b

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\hr.pak

MD5 1973723b9c45b9d971c97229e7a441cb
SHA1 2bfa4922bf2084486681af45cd7f7dedf95b2d66
SHA256 afed35643df24709c8c5cc9b8158b3d9a2266fbfeed132e98ff254ced4086c5f
SHA512 6a1f35435b01ab187cd93b376b76444dff575284632fbf37bf8b08e6cfe7783f985d0fad2425df3d3c332aad2278971412455a748e83c2d6fabd0f6afc3dc292

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\id.pak

MD5 91bad2312491410c7f0393be512b895f
SHA1 6e4e9cc985c5b96eaaad91787f8bb7f72cddb604
SHA256 a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059
SHA512 5c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\ko.pak

MD5 965ac0d213ccdfd83ac4970de23a8f11
SHA1 8326841ab80c40a7ca8b13589a3f5ff54fc15827
SHA256 3fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07
SHA512 5eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\kn.pak

MD5 a11d186b8eec7362a280abec3859107f
SHA1 966065cc6f69c3a222751d2191a0efeb6049cbdd
SHA256 a6ecf1dfe4d99f6ba0926c696b5b23b77d234fa8fd03da9825b074ecc640d508
SHA512 099e73977453a5dca329b1d8a8cbc612dd2739bb3db034b7509af35877ede6ee12450875302ff3f9351fc7096b60be1b2d8ccbec89ace3145eb264f25946d46c

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\lv.pak

MD5 a999e734f9addcf07c080f9861c3c170
SHA1 522bb12a0cd4e5232570001684aed84f421abcd0
SHA256 33fdf706f6d3f06b485c5115a7c73a571296dac41c582fc9d0dbb371d86e8653
SHA512 ecb92c4ddf7b252a3216059e63b387c6847f6eccde532c300b74e6b04ab56da0208c2ecbd00ab1d5e48acced909db74b1aabf88e34d0d5928b89320f45200dc8

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\lt.pak

MD5 20906aec4a21bcbb8bc8bab067075ba6
SHA1 369da9c1567d4376852cebdb87cd9213dc4bd321
SHA256 a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58
SHA512 8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\ja.pak

MD5 412bef3ec11f53c2aa6511ca139b1f35
SHA1 8b42655c2b62edc13c61a4625f55c961cefd1c49
SHA256 c5692ca739c31569ae2431fd58f1028e6c8c01af278b76656ee0bb65b79e9985
SHA512 85760c2a0dd4404a2d41f0d957c9cf8962d6b80389df838cd2d85b6a31a54f4e50c5f19ee73d2ee66e3e61a8809aeb5b493e7170aceeef9bda53e135ae02bc42

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\it.pak

MD5 591113bc491e5c388ee3876de4aab3a1
SHA1 a63c2a18eb92fd03445bd237a5755d557e1cb593
SHA256 33652aae78a486dc3ce4e5affd1b7f72e1248f6f9f3e62188afe3b5d73bd148e
SHA512 66f1e79c9bf179f19942352258181858268a991b42d4a79747ca580df3fa219c2be71ab6597cec4ba7bd4c691a5e1328aa03a565b3eef442c6e2216f0d82653c

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\hu.pak

MD5 2515bb367f56f282657b3dd3b9ffcbc3
SHA1 8cc350e359f1cfefdf0ce3b016109dd483d45a8e
SHA256 b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a
SHA512 779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\mr.pak

MD5 649e76b6666096a2258b942745ff9fe1
SHA1 82edf8ca68dff0caa36b17901c1e12a17172fa51
SHA256 039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4
SHA512 92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\ml.pak

MD5 39d4a5ed8cf7c8e0df946220fbfc0f68
SHA1 70794849b41d00f2b895f1211a6baaae3fa7d261
SHA256 87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6
SHA512 ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\ms.pak

MD5 9fb7c18f376b46b254ef9a960e08655f
SHA1 31cb060fc606d011151f1b5464e2a469372113a2
SHA256 2f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2
SHA512 23ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\nb.pak

MD5 de04250ff403e9af66a1351598d2a64d
SHA1 4b7a5a2bf48d988f95aac6e85b11a8c2b2fd007e
SHA256 887a0278971d6ba61e2f24c62029a3087a46c4962c4357412c28ede12ed6da15
SHA512 71527c025205bbcd63351283b7b123d8807c05bc68f2f7555f10386e330e052d031b9986ae2c1f0398bd174e67962657e0b8d4a57a07d167c233390a4e6c5556

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\nl.pak

MD5 d59fed8986eee2b9d406ad52d88cbcf5
SHA1 f7e409e17723e21174361bc81e54bcef269f40f7
SHA256 619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e
SHA512 234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597

C:\Users\Admin\AppData\Local\Programs\Wave\locales\pl.pak

MD5 8d4db26e2ee5181afdfdd513053f3c17
SHA1 0da427a085927a5c02d2a67c424ea99cbf5e6b02
SHA256 f2a7dcb69a433c2a898866c555b82c26e3515c089f500e7748b9b11ec3047786
SHA512 bf441f501d746f1fd996c21e5e2cde643b9031bf58bac31474e68a72ea6993447f8bfad3284351bffc94d6a088e183e0b24d109398d65dac0edee8826076ee21

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\pt-PT.pak

MD5 03138b2e4fb822b03713f6c4f0fc67cf
SHA1 8f6f6585743676177eaff5a582d18691e3386bbc
SHA256 02ea290fac25b414a1d4ed78cdc159cf6c73fe5350824c2f36f032e426a23364
SHA512 b000f1b8fc952849d1ada21aab665cbb97989fc28e892a75077ae9a24c4ef1d15b7d5cf1c5aca89d27d40a01c64f343a08f790049249fcfed43a1a430b4fef9b

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\pt-BR.pak

MD5 b4183914f46fd63a7bd32d715b8629f5
SHA1 d0295b556e55a74e357f932473f9dd2bb1cd2f51
SHA256 5ff219be32f9178fee40e8966ac5deff2be1f2ff259a66cb9cdce81c2e90a7e8
SHA512 3bcd37cc49a827c03fb5b3a97a5eeb863ebb6f071fb2af697ebfc4f57dda676227533cc6a2fdb00505cb2395aae685dae087970ce13af113260d856b845a985a

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\ro.pak

MD5 cfd7cb2444248216e12193689ba56c10
SHA1 0a9d65fdbc68688bf1624a8c98fd42673961e0d2
SHA256 655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9
SHA512 7ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\ru.pak

MD5 46fb61aa9515e97293969683fc330764
SHA1 5bcc41716976eefb65870ba2a2b230238f7e53d3
SHA256 4babe5f20caafca33867ee263aa9dd55ed271704a062e4372fdd133eb359a558
SHA512 c3acfc1c902c651e5fc0501a7a77358cbb99daa020597f7f6be9fc81ee53509dcb0d63c6bbc5ae308c88d95dace7099f024d698b6f364dc7db4ae2a7660e5b31

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\sl.pak

MD5 6c71fa576a41711dcb351abf92a65ea4
SHA1 a0281f6b9dc363628e7d6045f7dc2904149c9dad
SHA256 458b15bf249c1e6fe9843725c42443274ef6e09dcb15f5288c916c0561aefc47
SHA512 258e49b51ee65bf508d05a5b3286a8937d3a876a876635b59b97752c5171e89458b9d23d9d7178153aa16b6fc908cc011a8e855c6d3a0152c919b40349cdf4fc

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\sk.pak

MD5 5d41e75bf42cb12d7674986f4e5dcba4
SHA1 7c3375226997e3f69e3c9a3a5ed762ec40d24973
SHA256 89f984a67cea3997c704005fbfbacd3f6f5652248626945c2ab1c3bcf24e6623
SHA512 a2b91c888ea3dc2e618bf8faf7ac9f0fe562ff16c85d03afac0778ed671b1868a665b892aeb2d588e7f5bf32a7eba57b75e2e15f2c51fc9264e0db2f95d804d0

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\sr.pak

MD5 eb8ec452c7079ef7dc24bc7975513ed9
SHA1 4787250292b8f2040c7ec0b265f60edcfd1ffcd6
SHA256 4cea4c83b5e887463dadbf470a9953b8175149f31fd07b83406a6fc59acfde41
SHA512 3ab2eafd3f09627efed8263cc2d59d5780b6a856a6d1299be511bbb5c1350fa05f98b0e77c53c3707ada17e7e44b8801b191802e2cf5129548e279703983a8ba

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\sw.pak

MD5 be2bc09130635406f560b95e789f9a81
SHA1 f189cd6eb6c844e2d96ffaeda66fe4d5f1453130
SHA256 f0fccf2e3ad332846736d816e254028569f5f84918573872442987a8bc9bba58
SHA512 f651ea959066a5966f35493788b9833597dff653f649a5bc8b09a8ed748bcf086bd0586a36e1f4ecddd361d04774253e21d67801760d0988f3e17f0c6e1121cd

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\sv.pak

MD5 819b5e4f2b7734ea4677f6d579d72f84
SHA1 aff3048d8e35fabf68a756513b67efedba59f85b
SHA256 105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e
SHA512 3e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\ta.pak

MD5 52ee28471f2f9d01ef3f57233496554b
SHA1 abd7dd9989fac90636626a41f007eb6aa5ec7a2e
SHA256 1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242
SHA512 af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\te.pak

MD5 3a71904057869c23d1bc108f1e8d0d31
SHA1 6fb6e60c80bc332a2bb66d02a1e3db69961a9c41
SHA256 8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e
SHA512 7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\uk.pak

MD5 241fc33569b22647e7d2c4189a8ee7bf
SHA1 f56a73cc81b1e96560b74ee5e73d7af792720ada
SHA256 13e40208e2c9f4f4b83dcf422610dc82314a8f99ba50acdbd286c508f92eb232
SHA512 ad16f84482f0c7c3d3c3fb98caa3dbd0048138f361aa6eba2b6338ff6e25da4c3ab39450354f2a86a53d655cad99e92fab2c030b5771d7e6a25190617f1a9385

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\vi.pak

MD5 565abf3f9b296fcff95fa5b169a7d598
SHA1 24de1221b2adec13b5bcc23c4a54b8e987e9f12e
SHA256 fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257
SHA512 53bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\ur.pak

MD5 fb978b7d211112a0774ce09ca54ca96f
SHA1 fb0c69801230437dcd20e3803db81ee60fc042b0
SHA256 60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a
SHA512 abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\tr.pak

MD5 414b557adfe76e3564d43cb93f513c5a
SHA1 f775095f7c55e834a777c7f25fdfb81f1e63ca08
SHA256 f58ed19be62706fb4fd797a6bfd3af5c6ad4b39aef994a577cd28968fcac0291
SHA512 8b1be522ef23888d46c13888a18229f4c9cb6e1c6e6730cca79d9b13d71eb86ecd3d0c172ade6f70ff63a7fb5242e4de7d9742b93376669d13c77de0cb622f94

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\th.pak

MD5 879a881174501e22c3de65b9f80bc19b
SHA1 a2e020d5ed1be7dee50a495a2f8581e751cbf735
SHA256 647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d
SHA512 b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\zh-CN.pak

MD5 3fe312d9859b299c3a332373172c33f8
SHA1 ce6a99d79dcfc363bcf68bdb1ddd4e6862236020
SHA256 f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b
SHA512 488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\locales\zh-TW.pak

MD5 e302e1102f3f5a21860f38f41b3c30f8
SHA1 78b5d1c451cf674a7641dfcc815f966fc920cf57
SHA256 d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b
SHA512 1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app-update.yml

MD5 4dd45d9de32f1a1a9aaae5d05314e29c
SHA1 80e458fe95becbdbdc82b1c06c92ae4f3781f497
SHA256 f2063da30e10724592fa8e42767f066c34520c4fc8302b6647a1d2a0a039d71f
SHA512 f5b0ade03d39d867ba3d7db972f999b92696beab9c20d1eb0440d3a0aaf66fc6459f0d6100f3ee8d9dbaacb5d6d78b8d3e0f8abcef8dd76f05719b7f896a7c40

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\@next\swc-win32-x64-msvc\package.json

MD5 704b387859cdf10e134ba4c181773747
SHA1 626f9cd6f668b8f310a4c11f331b96cb4289e44b
SHA256 f6b59292c52960efe68cc3813a78bc505d80cae11d632006770059380173cd53
SHA512 5416f7ac6d243bd04f32d5a776b596b94db1858cbf904357d8eb4733a22ddc94bcfbc116437e86799ccf402493212117f65289308f4ae16f3d39083693f9ae66

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\.prettierrc.json

MD5 e502800d651a7ef3ff58d918c68aa81a
SHA1 c3b456549821510c5729648bfd93886491df1db8
SHA256 37055c98043228133ffcc5cad7bba5ef6c8f24698a551cae547b90f51d22e519
SHA512 9892bb44616c6c2761027562371e5c72a355ce1b519072ce5733ea1d4971ffb8c9b3e83f935a18120e0702aae644d07274ad4b09214459fc13679a8ed6051e7c

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\jsconfig.json

MD5 21cfa078a36c66a3d1f4f2caf729fd56
SHA1 8849b6bf237cf4464a4628f0c2e163e866dead8f
SHA256 87cd1d700216892ba7d388d04f42e373e1abda0b5d407c54a60e67b5dde48ab2
SHA512 92f7960fe79d8e5813372d7a7833bf883c3dce6eddb083302314a2d9ff52d800178f8ddcbf071c169267b346dfbc5d59b1dc0f95a70671bd63453e56e18846d7

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\LICENSE

MD5 9b54883148dfd5ff6b9f1a23f9470a30
SHA1 f062e421fa2d8f722e9ccb2b0b4be9502a7386ad
SHA256 0fa6b5d2902f7ac42db390dfd2cb3b4ce82ed45cb5ad5dea41c11d1d67e0934d
SHA512 d2af503c12f0fda687293452af39f98f5c3987eb8a57cf12c47da5aed67c761349e5186c15371a96f5d490c140e8dd0d5e8bd6a6164139dde0562d6ee46db90b

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\package.json

MD5 d973ee4a6969bc5e14e93d99d4680c16
SHA1 22ad20391ccb50fb6343931a1312751b2f7e049f
SHA256 f0051785c8178f10c2b5ebe86edd6949eb9db7b293d9abbb51a857f7e62500aa
SHA512 2f8c64f04b3fe023d296899b16f6596f42cd69c1b8230c5bee561c18af6bbf44697966b45b50d718eff75cbffab37054a6de7b57bebc16b2d85a5a0e307dfa9d

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

MD5 de5ecb14c8a2212beb309284b5a62aae
SHA1 cf89d1cbd52f3183590b33bd6be591f95a6f5291
SHA256 d35c0d3af8f66984b1ead5cb56744049c1d71ef0791383250ad1086c0e21f865
SHA512 fea8a49538f5fd4cb8c262c1619f9f8e906edeef7d3c791bd3b85f032a0499aa5f18b4370a00e1f4dab9698e1958b042cab467103598f1bdaa583eb1fb918c07

C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar.unpacked\node_modules\nodemon\bin\nodemon.js

MD5 30894042a167528293c057f833e7b6f2
SHA1 ec993fedf1f1a22c77b985c72d8b0074811ea680
SHA256 9bb0e59dfd1cc00fc40bed0ccf10d88414d915d79875b9dee5c1d5009f4e89cf
SHA512 2b544b29e44e0471a9da5474209bc15cb81a44a38448a74a7a67f4ed3ca7d1926cef4b2b13d3269fb785a468d00f1cfc042d2a7d6b4d563725da65028e2df15f

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\options.txt

MD5 016f8e569786ff8f5f6c321a735e2323
SHA1 b7a7a46bf03f4564d6e47fa55a4fc6b9be1e39fc
SHA256 3c8ec4fa239f82b2b9f427925ac2f75af2af9147eaecc706b1990540b95ae94b
SHA512 6b8372648371ea46ac98dc49ec93cb2efb9cc81f75e8ee7a5e1f0a01b7bf209ca92e07649c22630722370b1f254e956ea7ffe4be68d0f9ef419766f90dc80fe7

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\logo.txt

MD5 f55be3331bb0e69fc47994610da41ada
SHA1 d8415b399bd3853ef658a5f2057812404598b5c2
SHA256 cb0c73fe1bc7676104d6a92ca91250cd562b7f37a564edc260de01a3fc636b6d
SHA512 505d427c6d0add618e0c54f8079e4303fee73e0ccd9c4edfa67b44660ce5d5deab4fac09601002f73cfd00f445640a69ce9fe9a39b8a0f3039b200f5bff058e7

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\help.txt

MD5 0034cf996f84911ff0646b717ae47ee4
SHA1 5aeef8ef12d8023fe208c0492174a960e57c643e
SHA256 d98c56a3cb9643b399fa04c422da35204dc91cd869c47019e9783fb4f7289adc
SHA512 b1f174300ee58e16676ee8ccfae4e48794ed5412d89e0cc0d8a134ec055dfbdb596d0ab43ab376f46adbf76cf970210455bf46ed666839d69357d0ded8c057af

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\config.txt

MD5 73ea33e660552d101eca031a0baf6be3
SHA1 3d3384db49a197a8a616a274598bc18a25ade114
SHA256 032c4ca3b1814a39579d7a0a00154a3772d89aece9884d135fdef782f36e27c1
SHA512 c7b9a4bf4de7d13bb45b4db857511cb411a7927ee4db759af263905e01cfda8d95477d2e2d6ad6c51c9f301710e20ef64b54a4d15082f5054680da9cfbca1146

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\authors.txt

MD5 b5c019895f49ad741cd49e6291aad090
SHA1 03567a03c8346dd89516e2e03957bb674af91408
SHA256 e1e0dfdaaed1f025c106731aff67d664b849635cc6cd3b9b08674db8dbcbc5e7
SHA512 ff13c9416d29d9a3fe636e14fd63e5424129a6e72366c06b1bae3c5a06f60cbbf3520d868c492d472450e35e547881be93955b29eed63e66979592da576f8bef

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\topics.txt

MD5 57a5e0be8307585fffdbe867f0d047da
SHA1 0185976215d973431c6810571b21d6804bf64632
SHA256 5f8f41620ccdc1d7298df4ab786abc7edcf049fa7e06fc69bb26b38cbd453643
SHA512 4c05c95f21225be793051bf799255f6e021145e17ca384697877aa9dad66303d8bdb6e47751433eaf17b22dc766758cb799034a34e1e7851a8328a95b6784273

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\whoami.txt

MD5 5a53b8ff8c3670ff035f6490a24a0789
SHA1 e079a16d67475a83eea085058af0cd704da97393
SHA256 4e7d19dfe1603ca93a0421b1abd4b19cfa5324ef458ff549809c5e66a2efc596
SHA512 e906ef44ff0273e4df3397ba719c173c87a9919b7f9d2580e2c3354fba22f69b0c0a020eb049d276934dbc66f497b279d15c135fa0e12e04acd39802fc5dfefe

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\usage.txt

MD5 1448d12c8524497e0abecc6089aa5a99
SHA1 183f63e7726b128a36e247e6bb506ced31272e49
SHA256 844e2d826c59dbd72ad383fe8a23b24373d83e9b184b437f7f04c42487cd5759
SHA512 e14e41721ee4bba6deeedcc5786a113042cd595024eb411ea7d874f282547c5943dbdf1eb7674d752ebbac16ac4e1c98149b957ed5cf3623e85a561a42354e45

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\index.js

MD5 5250f6ffce08844c0f9f139fd707243c
SHA1 b5646886daa1c00461042d1a35c1a83675f8c8ed
SHA256 95111d84575ab36b697d760e130d722daea3d322cf56612f2ae67c7b3e8cef19
SHA512 49dc989edab7b4ce7477bbc5c678e1b1f4aca0f77e0ad6323d3c251164ed28b59f4d18d5b0280d53108b93e133eb2dab5469093ecbb2f1fe2bb32b758f59e729

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\nodemon.js

MD5 392a1c2f9f7dec3e4f64bb738f21785d
SHA1 02d0364639bbc6483d727e5e24e6c6b39c8f0ae2
SHA256 3bb0b111682da4977e265b0bc746cd57191e294e0c25bf667f129771897dace4
SHA512 48b0517f41013b024dd5a674b88a9e53590113f664482b0420236babb9ecbf0428c40c9f708b204bcb1f2d59789ef6383641eb8efcc7a7ac506d4345c78358d6

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\version.js

MD5 7232bc938db18583ac3447bebc844430
SHA1 55051c267076fa3bd3764864ee77d4c41c4b3233
SHA256 5071083e2e09969b2741a46cdedbbfcb2608fa35c1d1237e3bcf134749fb5ecd
SHA512 9167690b0ad72c815c3d8c7227ba8d3574acbab95236de0ddea28c73f6a2899dd700ef9083b06d2badad19c21659a93ab101ecc439a42292d2540ed8c2ff3c5e

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\spawn.js

MD5 ad2e1e41a1aaf8c0d0b622a27bc6bf9e
SHA1 139625411959345da513904bcb7d73d7c312b63d
SHA256 7804d7450f305b9142af45967be5c96f52be8350dba2a403f4bf79d5e092bc60
SHA512 e43ecd8af261ad4cbed89f549c18c18df9cfae6338c0719c1e5c06361c6cee4598d080ee32dfda56cc742e23fad5db56a842ef8511d9d5e2c28b7f7eb4eac091

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

MD5 63db540f7184a372ac611fc3d7f21136
SHA1 0b3a8e70600a6705297a532849b7470c34f8c19e
SHA256 93b9bbbc19e6f0456185d7c9e9ce11e994f41c01e46067959c5168bd345b0313
SHA512 1f56bbc4856fbefd21f6de0738712157b91f1388a71a957c37444b617ee161885822b21fcf4e7efe14d5af54b9706d8181acbb286dbd7525c91a56b53dc391be

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

MD5 05d07534c94e2d589bcc02e96e1b9503
SHA1 3c3712ecff74a1099c4d65e4eefd9cf2e38f1119
SHA256 5c5b008f28d9aa1d6f8c30a30de037b95b50141a20ad0f029d0d79bcd75caa4d
SHA512 7c7526f2b4e685cc7e20689ebe5abf7630b738d2d15ab7b5e94765e0e6f221492e9e029f715f5b3ac156d3d11ffd907e070d2d7f968b5f5fb401aa9c7ec84ea5

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

MD5 90c1aa9f031e818373c2f2f7ed6b9dbe
SHA1 b6476cdfa45ab967436ba9bb32aac1d65e531a9f
SHA256 50f10478098f06b77a58b351a93bb8fe7a7572bfbfb3e6f0bf668460865da3a7
SHA512 4ee766da766530bb372d8e04b058edd6b28ca5d77f603b175336e9b5e8f5c677e77e0ea4afc07a642c07c48e0c209716dbd9cef4f6ab97864a9ea51af2b49bbc

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

MD5 2e6f9c975170db8136c9ca5c5ecf2a0c
SHA1 404a2c64977cae3407aa138c23a2f841546f713d
SHA256 2b577f3fd8e3d03d64c1ee07ef13db89df04d0a9cf7b69ebf2c17041f7251104
SHA512 15bfa9fad522ddc043383704cac725c8cc2b4565708b891e9e03d889237cd528ee4d347e54a983c801550856c2d1ac1269dcc127edfa6d63bf3d2aa0a19eb358

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

MD5 efcab0a70d5e71fb513734cf92f2a201
SHA1 aa55660d5d6a38e2ea632d4de0640ad2b1b7fc5a
SHA256 fcd713c63326ff75fc44afdcbd2bf63991c3c76169a26a2646defab46ce24155
SHA512 260a468807d297c2fe85ce8341ae10be64a7833a8249f2932c6a93e6ade07438ca4bd26222326a1b0e3203ba0c80a6a6fb78e90015b667feda8f68538e1011ad

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

MD5 3379b8830f56cd13355114f157e57857
SHA1 cec1a9f2c8ca7f666cb4efc2f3eb99317ea59602
SHA256 7329c732d39f8e884c0ec197e1133c536545bf4137417e6d664bbec962990e29
SHA512 0690be21833aa598da0d7d20312ee8a2e2ecaf164981c94c3bb12036cea40a206e1b25e839209db78419d6262ae87e29a5c94f583ddd9b45e05bc5a107842d22

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

MD5 ac3af2f96d2e824bc37e36e30cb35cad
SHA1 d04e50eb9464ee715a940819ac7af1b612884bb4
SHA256 be155df5dbc29c88c67c936f2840d2bb3abd09981fdb6db6480d54beeb27e9fe
SHA512 060bc19e10d8b9cd959869866b4ac5e0739edd72ca1e61a230a5f3c735feda6fb75ae7a8ea13349013082bedbcd40e30219ca09ccfaad43571059a765bcaee8c

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\help\index.js

MD5 e47db45cd167c663151a07e6a3396427
SHA1 f3002a966b346ef937a47576d754787e4bddabff
SHA256 1c1678d18dc75f67bbfae8c92836543af6990bce6b1cf1ad3acfb52285dac393
SHA512 3f8e10d09fcb527e1c1753d50c9bcef2b8fb70586f34e600c0d60ed27a295f077f380e1df2fdadc78b0d468a54f32a5351fb5c4cb638e3012c96358094d31dea

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\index.js

MD5 532b43e5038c9f6a6d65d40ca44375f0
SHA1 c7fa3f4fbab77df0eee87d08d428cc06d18faf76
SHA256 cc16aeb163da6cc7746bf5ced2d11f1436e458c7ee803241e9a9fa1d107450fd
SHA512 809479d0b075c9bcb3eef6670cdd652a6caf39ec7f93f1d7dde0eee8a792d518238cfa9f78a2ec1a11ebbfeb00d2a117d25b198718af668c7f356bc3f93ebc1c

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\match.js

MD5 65475ff22153cb7e1cdcd5322341c398
SHA1 c026de2f4276472496755344bea58e11e6b38748
SHA256 d09e469209e55541c8c67fa7ab25b7d4e051ce26d36f737c6264d4ade4b26d63
SHA512 8010e71be183c4b1a02ced648f083be4c8e4be9ac474e1405d91d9925887b00fed0aa07d15b994846417a48ebf768c5402f5d0b004cf9107cb44149bac3da655

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\run.js

MD5 47603d83844b08ba9fc39ac940d78f50
SHA1 4b8dfa2ec30dbd1146a9908b10c858ecbd73521a
SHA256 d93e994fddfcf6c7683976452a3d877a51e68f56ce2a49b821240c93cca86d13
SHA512 52f33cfc03dda936f4641f1ef8b3f14659247053a701b8990f0713742fb90016ba5d51d1e1f44fde84dd883c92166e77e908d586c527858bd3c0a416b9c9d256

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\signals.js

MD5 0b71010f098a8cbf8ea47a83a699693a
SHA1 456a713c6a78b49bbf6d613ff9cfc4bc9f01f589
SHA256 5c16e2e5f7101eea3f13c19da7c7a9e6fa02f7d1098b170e71f07d14f915e394
SHA512 95a382907ac465d95db0cc41055038e839ed9164d4010003c08e6ba4456c19b50158c908b8d287eea09a153e38fdcc7f9a8c0052f35eb069243628e0968750fb

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\watch.js

MD5 a0bccf8a21d0c4332643a758c666f725
SHA1 1aa6968e927afd86a3f056126f31d2eb6420573f
SHA256 efb0a3f37d9a6279614b29fdbca3f29c1a6d47f2d26067be1c86bb56fbaefcf1
SHA512 bf4dc9c5b4f3b0a01ca161feee0ed13e6f1db24b0a64bbf01b325d0a2788380516da7da7654ee983818f3e0684983302242fe790bbb384dcc126ac4c394c41b8

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\add.js

MD5 4739ea852e85157f1ab60544ea5ce663
SHA1 d83c88f7f8bd7ec5d1b36f86009ac7eba9ca1bbb
SHA256 3cc60361f99b1080c66fce4d6ea0390a38c2a49e821e7f21dc43ed2fafa31277
SHA512 780001095f33fe4a18fa06c3311f3505949dfa762da5f1c0c6665b5501190b6e6c45eb69633c99e02b8b59d01813abfce2baa611509f2a0e65364ccf71965bc6

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\index.js

MD5 0691f1f2acabdb82da7d67e05479ca5a
SHA1 dcff01be935756a732591d61fab8e64e530ddeee
SHA256 3e64a2a35a97e41ff8c073299f07c3754d99b0a6e7d42faef7dc02d61d67757f
SHA512 85ac8207410deba52d3b58fcf30e468ee46b1073544b61376b4b015e588a52973fefa192a027bfe8019b6cfedefc3c4c1cb4fb0ee88e7c2ef88da1c7ed0f9eb0

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\parse.js

MD5 078e15305c8688746d2e6933d291babf
SHA1 80f0b4201c45af197cae63c9d93a88525cd5c5d3
SHA256 9259995d8e1ca1737ff36cf4f97c80e55d812726ec4ead43b6c0829ce9679df9
SHA512 83ea7a6d31845542cf03f4b27be92087e417ba5f995ec740824440ddf92932d3623576b7a1022ade20deeff2f1741d617e32dfeda52efb5fb85e9be28de27df6

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\bus.js

MD5 e469c4cef4116cf230f86394586c5775
SHA1 8849ab04de5836797a3839989d4325906bea9dff
SHA256 8ebae78d8d75951b714acaa3e1a3d7f15b382a92b90c8040423e9866d97f1ad9
SHA512 923ecfd5103fc6e266e53dbb1d35e11f4058893177fa00cc392a628524dcdbe616c90015a24e15b987f971c5eabe0e53a3b107878bc41bc73aacf1e370d660f2

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\clone.js

MD5 9ef3c7b72b1d63f5e3a7975ff67bdfeb
SHA1 a406bd661839b5efeff4929af9fcfa991e51be12
SHA256 5062a7c87599935fec99e505f3f463c3e0872455da73f8c8054ce0788c513ba2
SHA512 eca4c0784695d43435573725f659409ec33a3acd3a5695665935439cca28122a6d8fdc1eaeb8ac6fbdb921893ad4226467777e8c35e3b9b0b672b2196f4e12d6

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\colour.js

MD5 a85f32c2180651cc03bb1f293271bfc4
SHA1 0d04f9086ace00f08c628c1af25c728eab897d66
SHA256 a4969a552701982cd415005d5ce162f955cf26c205229d2f4c75ed4a75bceceb
SHA512 b32f6f7c1bd75a3a23aa5f170e5356cbe1ba7eb031f6eced706aeff8c15d8b37fc771c29a82580a48a95c65334d8e41b0ddb551409164a43bff29def7277c89b

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\index.js

MD5 2f2a9c006f17f892a78a9381932918c6
SHA1 80905883f8b96a2265d60202f61de419e8c6d3e9
SHA256 c69735d5a8d259dbc87614ae268de4f6581fcadcf6f931dd20b36bc09c0a502c
SHA512 702966aebbf2a8f98a89da8640a3e0f610fdbd063a19bd4c7ce2097dff7ca1d49a2c8040885ca3b31f85662e6a8b86769ea9224e8f64a03bcd0bdcfb71873b35

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\log.js

MD5 fa4ca8a08fd35bba58f2af0f046320e7
SHA1 5f672b1e8d504a468b7946514e854425fe938d29
SHA256 dabbcccb1bf0089d96ce9592a575cb64139926d6b899091c1dbd37632e9269c4
SHA512 70cdae1e1983fc7bed3bee24f50196ec281752e7567d5c4d5aa2859172141422f3eb6a7ffe9165c408d5e3354d7c139fd90382c73f7ac0de16a5840221dee399

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\merge.js

MD5 b5932e306173a01da5d3f814bedcf4b8
SHA1 d3ffa9ab328864682cbf2f5e9c5e5f6437d92541
SHA256 c4598a00e91b93b7964bb874e8ceed6d614436335a7fd81aff7f504499e210dd
SHA512 cf565fea7c0b2453b8276fc25b5e0b546b0ef79eebdea4022aedcfdeb7866687c925d95cb4d56de413d53db51d03168b8302383ca9f8b04c3b5e501fd3be0fab

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js

MD5 927d799c0c996a865d11a78f04198211
SHA1 f5898b61159f1f56ebd3cd439b498a177d413c0a
SHA256 7f69b31efa09c6e7d442d6229e82e65f38faeafeda1fbed7c5e54324aff062e6
SHA512 97e1061700f32af28dbc946e2f3be0358234689f9d3482b37429dc28697516916cf1ff6c7891a29b835cdd775705f432ff7f437bb67ba87d7ae81d62453407b2

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js

MD5 e5053e64fdc67009804a42cc8baebf90
SHA1 8814ef33fe018ed0a1817e77c7ed7ddb16076137
SHA256 5e591255fa35fb3650502e648ff51d6d7c7e57ada312bd33058da03cc412efb3
SHA512 60f941a6814dc3efea6a65c6dced552d4248273e1ce57222b428f813e0ab655d13546a0951ad3c0b22adffc7fc40542d7667ce70d315052308ea0fa1195526f5

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE

MD5 216384c4c084ff996a55be20cbd26ef3
SHA1 0510d5fdf8e7bf002b8396958f2240222dbb2a5a
SHA256 fe0982bd7d38ee4cb08b2f111067bdeedb9732a6621c761bcf7dd01aa6211c5a
SHA512 eed68402c44f099b181ebbf43ff7efd1dcf6791f7f35f6d386d66202bae0da6e7f0108fe9c3d62af0f69989d92286fd0c307d2192db0113b9fc857746dd01abe

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json

MD5 2ac7232223dd7c39ae2e82220d9a767d
SHA1 cacf598ea739460d281587549421ce95546b3048
SHA256 0f49b6c0282be08a5dba3e98024401a921167974a516b630ce9f9a9f2301df08
SHA512 249f93debdc2f2aabc8a1d977f2c1a9a54cbc0e3580e4dae06a1193ff83c801518a7cfb7919f98c3b943eea7c7b99d85c8148292b0b96b3bce4788277b956b56

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js

MD5 92a4c6dc39d38ac078ec80977508feac
SHA1 edc8d81988e99c77105abb1455ea224fde97d212
SHA256 c12583530edc83dcc7cacef4a428eaefa84c10bfe4b62c0c9707de015e338859
SHA512 3833af1f274d3bb89776a8dc6b9ff015f5d219ebec47f5e98bf88670e523517ad8a493b0959dd41dd6e658c230335338325e8c2befea61f2f22f8e83822ccab2

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE

MD5 7cb552557240a921e34ad313a224d17d
SHA1 92ad1627269adefd696ac5a67131e4af575a2cfb
SHA256 7d355d1a2324c2073059ffe7ea4d96852c873e718bcc197374440dc3efc3f7ba
SHA512 b4bf90a3cd77805fc149a4112f822ee47b4f13404ee92455ecab9dd12d796ffe81d664bf21042ae3ad6419abf6a9de6df231328be6bd8ca2426e3432d456921e

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h

MD5 349864c2d1fbc9c7788cdf95c541ff52
SHA1 fa968f5bd6560675c26078de4e7d52b454c778f7
SHA256 7340eea1def3c1d832a6f40c5022725f1704a783f7f992b71d5f3ba2dcaeb34c
SHA512 5e1910c23dc08e79199fc80ab8e0c7b300e2e1bd2678d0d9171a73d8f328adbd32021146e5e43485f64f25fcc6bd8413ce1ce3846afd7fcf49ffe3a04d0efbf6

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h

MD5 a5a0f8294daad33a66bf30c329157a2d
SHA1 02b5d7fab93d942033fe9ae2620d1a2363914469
SHA256 4955fbf455cc29d63f5dc777d3aa5172d6e1e6df221a33808a913bdebf5a1277
SHA512 f583116ada3f281c208a98d053fe6b580187d6922e2ceae69917770a46f56c16444267172db2cb0bdef3b8012088706ba1a2203631f9ff79d2814714b25fa78b

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node

MD5 8a50b5876633dd9bb73612fea622a521
SHA1 27fb94a39849fe6ba1ce7b983c0d9e4ca4e62ae8
SHA256 053c3100121939dfa1fb936718c6088e4490e72faa3c713310b556ea90155278
SHA512 958d901f7c72773a2f9439842f422048a8cfa941ef943f5f9e61c5e9d48b4d9ebbbaf72acb2a07138ae66f925b46dd98717656a58719902d417a14ba1e5aacaf

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node

MD5 0b3ffb5b756beae28d8d9da67c288283
SHA1 7c2a0be0a5ab1b936c4752254927f5ed066abe5a
SHA256 462e527de86494f96ed0d42a80c261e46bb57352e86d6175607186c1dcdfc7b0
SHA512 a1568e7d02bd34992236c587cd77404e4cc9c25011a075dc0cbe52b59ae254eea65cc31ee7fdf26898386e370a752df8bbb2ce70592244d6f24b10d39f9f7854

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h

MD5 6f621ba192a6fe2228ef9965757f0bc9
SHA1 e3625cddde946f5ea21e4c00be95cad214da4016
SHA256 2b561b980e0a01191a6c7cc1cf94c8d5c061f9f299ea256f1e7ca17250ae08bb
SHA512 ab90bc30f2c23a3032334d30294aa02007e0db180c82c6c8f0d84781203be7c342134cc17bb2ac0c7bd89c1e5902c852afb2d09b0c7d4dba27f5101577491f4f

C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\en-us.json

MD5 de2ac61fe7207c1b2f304b05fae4e39f
SHA1 72a4623fde7103eebcff4a55ccb8eb6acf6bbee8
SHA256 c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647
SHA512 4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\node_modules\language-server\globalTypes.d.luau

MD5 6fb690ee838bebdf6591733bdaf632e5
SHA1 658ccef6ada0551d661d78706266ff6ad2797858
SHA256 ae99b7b676e4becb10e6a9b77229e99bdd60e5a91d2e6bbb141c85721962313f
SHA512 7218ebc8c64a7bbec231989ac7d2221be63f29302f6f16bfc0bd67ed5e9c5ddfcb50ae781f6ef73a3d891a70ca73ecc62bbbe6c5a4a218225b24c0d19c7737ff

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\node_modules\language-server\wave-luau.exe

MD5 12fd29fcaf6f6518b8bf9e976928fa38
SHA1 1f9352e217518eaceefdd041e3f085ffbb93acb0
SHA256 d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4
SHA512 b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\7z-out\resources\node_modules\language-server\wave.d.luau

MD5 7e477f85c45cfca5731e0e45ca63f8d5
SHA1 35390d8d2c0dd00e3c60dd6fd7f1727e36874566
SHA256 e58e8b24642a8693b1b1ebad703a7efab1cece9a1b12dcf353c4b4432f23062d
SHA512 dd3d9b149dffd31ba4e94b9c84ed0fda1fb67f1f7d633900688cc9e4e40c26f55048c1730f205e5c22b5030362683f0abce86033816f1e089c3b67cc3853ca70

C:\Users\Admin\AppData\Local\Temp\nsxB3C0.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

memory/3928-1327-0x00007FF91E960000-0x00007FF91E961000-memory.dmp

memory/3928-1326-0x00007FF91FFD0000-0x00007FF91FFD1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe

MD5 1fe0657f41f6e83bfff65fec866b8b79
SHA1 1aa860cbb9d16fde1150765689c253bcda1b08c9
SHA256 e83d9d0eb859ef6fa872640bf24e5be66db9451beff75cf404e3e615b210b9b3
SHA512 090a76bc3f05cc6c02c5c6115a94b659d69302baa1a1e2e64b96e9ae93c16301ff6587f13d1eb4fb9092842d483a181280fba52bf3500c3221f85b064197d255

C:\Users\Admin\AppData\Roaming\Wave\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\Wave\Preferences~RFe5833ad.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

memory/3928-1368-0x00000234385A0000-0x0000023438CDF000-memory.dmp

C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State

MD5 bd904d04fc3f4bf364c359aa1fe74368
SHA1 cb8b188fbf725e35fd51ff8e555d9f6d2d9d7c29
SHA256 f666c8645d0e8937d2faf119ce2b5433fdc56c67965c70eab57e2f7e51171eca
SHA512 bde7f85cfcee3e8918d55304caa9bfd9ef22d88e00c50f6077492c1ea14fb53e7a19c35c7c66abcc3d69163ed410d01d5cca6d255ce3a22842d633a86d1c55a5

C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State~RFe59259f.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/5060-1397-0x0000021821C00000-0x0000021821C01000-memory.dmp

memory/5060-1396-0x0000021821C00000-0x0000021821C01000-memory.dmp

memory/5060-1395-0x0000021821C00000-0x0000021821C01000-memory.dmp

memory/5060-1401-0x0000021821C00000-0x0000021821C01000-memory.dmp

memory/5060-1402-0x0000021821C00000-0x0000021821C01000-memory.dmp

memory/5060-1407-0x0000021821C00000-0x0000021821C01000-memory.dmp

memory/5060-1406-0x0000021821C00000-0x0000021821C01000-memory.dmp

memory/5060-1405-0x0000021821C00000-0x0000021821C01000-memory.dmp

memory/5060-1404-0x0000021821C00000-0x0000021821C01000-memory.dmp

memory/5060-1403-0x0000021821C00000-0x0000021821C01000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:38

Platform

win7-20240729-en

Max time kernel

120s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2592 wrote to memory of 3016 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2592 wrote to memory of 3016 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2592 wrote to memory of 3016 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2592 wrote to memory of 3016 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2592 wrote to memory of 3016 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2592 wrote to memory of 3016 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2592 wrote to memory of 3016 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win7-20240903-en

Max time kernel

119s

Max time network

131s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win10v2004-20241007-en

Max time kernel

140s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:38

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

156s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4496 wrote to memory of 4424 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4496 wrote to memory of 4424 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4496 wrote to memory of 4424 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 234.17.178.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win7-20240903-en

Max time kernel

121s

Max time network

139s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win7-20240903-en

Max time kernel

121s

Max time network

133s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:38

Platform

win10v2004-20241007-en

Max time kernel

141s

Max time network

157s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Downloads MZ/PE file

Browser Information Discovery

discovery

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133746934217927330" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3324 wrote to memory of 4756 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3324 wrote to memory of 4756 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3324 wrote to memory of 4756 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3772 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 1192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 1192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3772 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4756 -ip 4756

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 612

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0x100,0x124,0x7ffffc58cc40,0x7ffffc58cc4c,0x7ffffc58cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1804 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3676,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3768 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4676 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5064,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5112,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4664,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3160,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5416,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5424,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5432,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5716 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5868,i,16353620597311623795,2705048650498009832,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5860 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.179.234:443 ogads-pa.googleapis.com udp
GB 142.250.200.46:443 apis.google.com udp
GB 142.250.179.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.201.106:443 ogads-pa.googleapis.com tcp
GB 216.58.201.106:443 ogads-pa.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 getwave.gg udp
US 104.26.3.170:443 getwave.gg tcp
US 104.26.3.170:443 getwave.gg tcp
US 104.26.3.170:443 getwave.gg tcp
US 104.26.3.170:443 getwave.gg tcp
US 104.26.3.170:443 getwave.gg tcp
US 104.26.3.170:443 getwave.gg tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 170.3.26.104.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 cdn.getwave.gg udp

Files

\??\pipe\crashpad_3772_MPEOMQMJGMPZYOWB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 d0ae43727be998ad19d2561257d48d95
SHA1 413298423527f27f1040b288fdaf15e008789050
SHA256 65926354e7dcf5b539b28b7ef91ba6c9abcb35c21bc99bcedde5b5eda3ac64d2
SHA512 7d8d98e73285d87312b5ec806bd9d7eed0f23c4400863d76632ef835a22b3bb39e208c3bf2bfffda6972156f3264bdd4623131ce1e7e773a5f57482fb6bb0c6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e359c612fdccee3766f20077794b2756
SHA1 597165410640d0ee53966c8bf54165f504b971f5
SHA256 178e1b10734bb630be64c1dcc0a32cc1e919ba435352d4ef19fd956e4c3fcbd0
SHA512 d874a93f7593fae7da215b37372f5120c347fc1153af5286163d25141aeb8a09a1d98babc7ef1244990c1563fb0665aef8788d127c9ef4fd46ed978edf76182f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a54b6ebe4707e10c7b77db27a82a3d2
SHA1 7d0e5234bdc08e2b11eecc14cd159507e8b30bbc
SHA256 8a46f5aec856fc91f8f082bf30035cadae287ab5f92ddb67630272c0b4d606a0
SHA512 0ecba6484d89c2656349cdec1bec2b8004e80cd68c2bb17d5b78020f4e6c59619a226fd15cc26d3ee6969fe437bfb62dba63e314e7a21cf27407166f7adf77a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ad85a5cdc3e87f195f0e3429e1c6e8ae
SHA1 cf630dfd47fd5c7ce0e101eb1250cf6179378aa4
SHA256 98a828704337ff1c071a4942e980d75578d2b8fd2938a182ed85479c550a088e
SHA512 9c30d7d26d6749c068e4819de7dd9879ed4403ff6074438b2f2ca964cc58b28e961fe0e0282ca4ef2da75b35797d57749d5211cb4bd380942d02ad863a79ee00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5b01dee9056899af069f68de72e4dae9
SHA1 28105f2734bcaab07dd6793b9df3fc9cdb391210
SHA256 9fafb9be9a785a96be3f1b65ca172e7bc4ba2dbed748e9b1e1735f36c08120d4
SHA512 5ed322b7898c62ae4126d1be6b8ae5cd652af0dbc14f0e4e89fac231428951f2b5f838ace3d4e2c06a5b6c208bc07dfcaaa73b82e7fd5a8d423987c5a49909a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e35019c3af560f800c5f9211d102d738
SHA1 2e6809ec38865febac6f8950186e610aad2a90fc
SHA256 7f41c34d3d4bcf1c12d4668aaee45ca334912dc82fa3a8d7c458e639aaf6090b
SHA512 99c7c06aae051e3e7251cc6fb5f196bdcf395fe91253ee9f6640c8e6143cf2a1fbbeb3b6f7a7125b31e9453a488d30075fc90b29de695950a8042b9f8371d698

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 faeafe7aac345d0c1ee706c4ee84d83f
SHA1 6e818dfc8a62fe17302985a9c3625bac6b585ebf
SHA256 1ea68fcc5d09296ece707cff827f4308b230246c50b8f4fcd688915cb3909fb4
SHA512 88d25a482b47c06bac1f69aaa016e2634eb99929ce71d97964027974014b98c8670444a6cd3bdf752ed71ed4ba3349385c8b6e2e74e3afc2020bcd4d44515091

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2ea2896da28cadadedd153dd7a0362af
SHA1 f4730f71d6b5ed4b5a4120dac656b03066b96161
SHA256 db79f26eaae7510e3dc8549ff37c097b76681a947fa0130e968f2d20f7c09003
SHA512 45d898e27194539fc35789fffe1abdb97cb8ddcebdf52adefcd0503bfb10d2419e2b370865ef8ce30d6089c5a8de095d811c194916ffb0633b71a803e1fca68d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2cfc7e9a53adb2617cdc706189a74e5
SHA1 72a00e65ab737a9f6f47c117809c5a479a975aea
SHA256 03cd1e6072da1de7ed059f2850fb1f2bdfbf21c2484f9f88b7f04610c8460fa0
SHA512 cbbadba53244c044ed37c393d1886aa40bd806067df641399cfb7d4f29d3079fc3d8866372b67295b1db9099318b4534f9820a5e9bdfe0f8f5c3b962145500f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\effe966a-a4a0-4cfc-9bfa-80e3231e04d1.tmp

MD5 55e43c14e2dd589688cfa3bc5b06c5b8
SHA1 740cdd0f797a562684a73018667ad12cfa4cab26
SHA256 0ffb3a9b90209ecfa8c983f5a5715186688302ae362db3a329bcd6b9d863129e
SHA512 3ae965e3684deb5f5c931be90da5be4e851946cfaf0b18daf2464ddec524e356e9da066685163bc8338da4d0e99e9b778e7fbfdc7fb5141dbabf0999501846d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5c5bde63d951a4a0b26c762742f66c3c
SHA1 52e8a56db063372d4f85380cd121dfaa54edf3ca
SHA256 4ecefae07b4c3c47d81a81879aa6e8c307540fcbb0c308bee064e00d159691fa
SHA512 4d8d9b4d6b9a199e358dce16c612ffe9601c4b290c809e78e94cd4e010a69547df97724d5a21da2e016bcc6c9dc41bf0cbe87212698eea873ce83b7496f37e19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f01f2aecadf9c4038e5cd91a46b3543e
SHA1 4973528a79e1f2cf4d938848f68b4d5c74c4ccd8
SHA256 b5d3827cc66909421ed21b62ddcade576b2279e1c08ed09072392388faad21a5
SHA512 bd3be98803d7b792f4a75ea1741fb632de3c066659d46cc29ab3d610af160244810a4d77ec1d8434baa85638d9fc9df741ba4a8cde940cf25c00d08ef3bfc2ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 01667e8339ae5c78a003469525b2c348
SHA1 46e027cd60123962edfbb17f9bd1e7ca848b0367
SHA256 1b8d04efe1bb9e81da9d3d12fca919e59afefec0de99902982ff4127f43d9ff1
SHA512 27ac6aabf34f06c600215ef099833071ddce134931c4f54a40cd4949fefacaa8aa7e1221db66b7255ccef26c3da11df3ee600463ac25ad8ffc8215f4a27ec1fc

Analysis: behavioral20

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win10v2004-20241007-en

Max time kernel

139s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win10v2004-20241007-en

Max time kernel

130s

Max time network

168s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:38

Platform

win7-20240903-en

Max time kernel

117s

Max time network

123s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 220

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win7-20241023-en

Max time kernel

121s

Max time network

128s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 220

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win7-20240903-en

Max time kernel

122s

Max time network

136s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win7-20240903-en

Max time kernel

120s

Max time network

137s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win10v2004-20241007-en

Max time kernel

140s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

110s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/bin/node N/A
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

Country Destination Domain Proto
US 151.101.193.91:443 tcp
N/A 224.0.0.251:5353 udp
GB 89.187.167.6:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win10v2004-20241007-en

Max time kernel

135s

Max time network

156s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3308 wrote to memory of 5112 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3308 wrote to memory of 5112 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3308 wrote to memory of 5112 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5112 -ip 5112

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-10-29 16:31

Reported

2024-10-29 16:39

Platform

win7-20240903-en

Max time kernel

117s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Network

N/A

Files

N/A