Malware Analysis Report

2024-12-07 15:16

Sample ID 241113-1j1rpssrfr
Target CrossOver.exe
SHA256 11f9c346648801ed7949bfd0c680b8a34d8f9454dfed3dafccc579308e58d0b0
Tags
discovery execution
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

11f9c346648801ed7949bfd0c680b8a34d8f9454dfed3dafccc579308e58d0b0

Threat Level: Shows suspicious behavior

The file CrossOver.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery execution

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Checks installed software on the system

System Location Discovery: System Language Discovery

Program crash

Enumerates physical storage devices

Unsigned PE

Command and Scripting Interpreter: JavaScript

NSIS installer

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 21:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4576 wrote to memory of 4512 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4576 wrote to memory of 4512 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4576 wrote to memory of 4512 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4512 -ip 4512

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win7-20240903-en

Max time kernel

117s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\lib\main.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\lib\main.js

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:47

Platform

win10v2004-20241007-en

Max time kernel

142s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\lib\main.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\lib\main.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 66.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 67.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win10v2004-20241007-en

Max time kernel

142s

Max time network

164s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\iohook.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2620 wrote to memory of 3132 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2620 wrote to memory of 3132 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2620 wrote to memory of 3132 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\iohook.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\iohook.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3132 -ip 3132

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 572

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3132 -ip 3132

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 792

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 67.208.201.84.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win10v2004-20241007-en

Max time kernel

142s

Max time network

158s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\NodeRtUtils.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\NodeRtUtils.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win10v2004-20241007-en

Max time kernel

143s

Max time network

165s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CrossOver.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\CrossOver.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\CrossOver.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4368 wrote to memory of 5500 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 5500 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 5516 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 5516 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe
PID 4368 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe

Processes

C:\Users\Admin\AppData\Local\Temp\CrossOver.exe

"C:\Users\Admin\AppData\Local\Temp\CrossOver.exe"

C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe

"C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe"

C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe

"C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2324,8978804898085995933,8852134882988874101,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2332 /prefetch:8

C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe

"C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe" --type=renderer --field-trial-handle=2324,8978804898085995933,8852134882988874101,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=com.lacymorrow.crossover --app-path="C:\Users\Admin\AppData\Local\Programs\crossover\resources\app.asar" --no-sandbox --no-zygote --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\crossover\resources\app.asar\src\renderer\preload.js" --context-isolation --background-color=#00FFFFFF --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2392 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe

"C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe" --type=renderer --field-trial-handle=2324,8978804898085995933,8852134882988874101,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=com.lacymorrow.crossover --app-path="C:\Users\Admin\AppData\Local\Programs\crossover\resources\app.asar" --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\crossover\resources\app.asar\src\renderer\preload-chooser.js" --context-isolation --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe

"C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2324,8978804898085995933,8852134882988874101,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3336 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x49c 0x4a4

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 74.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\System.dll

MD5 fbe295e5a1acfbd0a6271898f885fe6a
SHA1 d6d205922e61635472efb13c2bb92c9ac6cb96da
SHA256 a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
SHA512 2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\StdUtils.dll

MD5 21d805663834f61cb443545b8883faf2
SHA1 b222c5ca1e4cb8a7bff7eb7b78d46b8d99bf71e1
SHA256 c18b46a68436d164c964ba9b208e5c27ccc50e6a5a2db115e8fb086663b5308f
SHA512 37836150ef2837f69b82399024d0b93dbdac992971c7fe7b50959107c0520f5874d45f4230f08554514e3bd6a76d6e35c55c8afd53f993aba18f77475ef02001

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\SpiderBanner.dll

MD5 4287dbf2ad9e000d8653137470528fb7
SHA1 d488ea09a1c35f9d773195b3cbdbb20e4878c0a4
SHA256 35a523fe649201442c9fa00d875cf9acf8ced7c11347726cc0c6df5b0eda9f95
SHA512 e5dafa93600e9c1e994b4e0131b841b2e14f76d874875926f90f1f1c2cfd9e2caa374a1f584594f41e4feb0c06e93115e9fa23237dbc31d3e1c208ad8d0cf58a

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\nsis7z.dll

MD5 d7778720208a94e2049972fb7a1e0637
SHA1 080d607b10f93c839ec3f07faec3548bb78ac4dc
SHA256 98f425f30e42e85f57e039356e30d929e878fdb551e67abfb9f71c31eeb5d44e
SHA512 98493ea271738ed6ba3a02de774deef267bfa3c16f3736f1a1a3856b9fecc07f0ea8670827e7eb4ed05c907e96425a0c762e7010cb55a09302ca3cfb3fe44b2b

C:\Users\Admin\AppData\Local\Programs\crossover\chrome_100_percent.pak

MD5 06baf0ad34e0231bd76651203dba8326
SHA1 a5f99ecdcc06dec9d7f9ce0a8c66e46969117391
SHA256 5ae14147992a92548bcad76867dd88cdfcdb69d951c8720920cce6fb135e3189
SHA512 aff6616e56781ebb925a0ca146245ad3b2827250b32261c0c7c0d5b10b20a343a17fc3761c95d93104163e77b2eae3f1f9cbd3cb2b377f49b42bea39bdd09b91

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\chrome_200_percent.pak

MD5 57c27201e7cd33471da7ec205fe9973c
SHA1 a8e7bce09c4cbdae2797611b2be8aeb5491036f9
SHA256 dd8146b2ee289e4d54a4a0f1fd3b2f61b979c6a2baaba96a406d96c3f4fdb33b
SHA512 57258aa169bec66abf0f45a3e026bb68751fb970b74bd0cb465607fa3b2a89967e832d92d8f675f0449bb6662fcb7786d05f0597124cc8e18bb99a47245779b4

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\ffmpeg.dll

MD5 eabfc10d56cb44a86493cb2f8ca7aab2
SHA1 09d7e87f43527333cd021329d6c2f4e8bd8ddab5
SHA256 42a2a996ac433ac33a22776b8418a82753557093d90147b7951138b5c83924b6
SHA512 ee31e3539fba9e5969a9f38c428f586de2dd7630cb5d8c5e3c2c934b5881f8176b8ab6ef6397c1ce4fa6ccf3ee9615225c7afa0e0b28c6fc23974e8b96625dec

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\icudtl.dat

MD5 ad2988770b8cb3281a28783ad833a201
SHA1 94b7586ee187d9b58405485f4c551b55615f11b5
SHA256 df876c7af43ed93eec6aea4d2d55c805009c219653cdeb368f1d048f4922b108
SHA512 f27e542a9c6c60fa28c5b7cc2818079341ef93aef3bbcadecad2dc11aff5b1592b19c7ebfa543ea42a3cbfec26a668641b255545fb0912056e25e852c2dedd01

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\libEGL.dll

MD5 660a9ae1282e6205fc0a51e64470eb5b
SHA1 f91a9c9559f51a8f33a552f0145ed9e706909de8
SHA256 f2a841b6ef320f226965c7cb01fbc4709fc31425e490a3edfa20147ce3656c85
SHA512 20bed2bed042033e3d8b077f9d66bce67922aaec180cc3777f20560219226b7efc73932bb87445afda4e3877472ddcd307215d23954cd082051437e5f2224263

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\libGLESv2.dll

MD5 bc45db0195aa369cc3c572e4e9eefc7e
SHA1 b880ca4933656be52f027028af5ef8a3b7e07e97
SHA256 a81729fd6ee2d64dfc47501a1d53794cdeee5c1daa3751f7554aea2503686d10
SHA512 dd8c39947e7d767fbdccf90c5b3eaedf3937b43c55200d2199107333b63ac09e5356c286618874fac841e1357dd927e0c70b5066c1feeedd8cc6c0fba605ee5f

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\LICENSE.electron.txt

MD5 45574510c534a8195f53b30e3810239e
SHA1 10bfa95a2f25df14dfe6a55a9e73d9fa5becdb60
SHA256 c44607a865e7a6db05552baa0ef71f9887d96acd00d123854b44996bc27c0e33
SHA512 b59d4c8e07748b68da51b2163a2ebafd51cdc546a1776a1105c19f6727dad697692d4fcb137578bb43dc615342a08c2e9e103384b80fc81c3c669aecc9c443c8

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\LICENSES.chromium.html

MD5 d4a79b5d46f0931b9eb7125fd40baff0
SHA1 3a38fb263dde2251b9fe157b5fddec7acb07c53e
SHA256 03f1d245e6a2facca9edbdaad108169e0765dd9101875bc2d123797994b9e80f
SHA512 17cf94805f11d499ff12d8e42cb262ceecbeb265f56338e0837d291f6a7ed7f8135a025dbe99fdb2e2bb299f2267bed9365976ea51269aafd4c3220cffef9339

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\v8_context_snapshot.bin

MD5 c2208c06c8ff81bca3c092cc42b8df1b
SHA1 f7b9faa9ba0e72d062f68642a02cc8f3fed49910
SHA256 4a67de195878d290f49b503b83e415917b8bbcbd9936b07a5d33b48e9bc6e0a3
SHA512 6c3c370dd086a976c44d4059a315bd3bcbb50961aa34734e65a40d861cffca9090d47cec74575afe23952e394e4845bda2d8798eebe01fb54a7a6288bce238f5

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\vulkan-1.dll

MD5 67ebd2114a9c3a1b2ce2635f21e100e8
SHA1 15a8315b28dca9d7b5c1f604882050714f130718
SHA256 37ee8858cada6db0e511d083ba0729282b004b7e239966521300955ad8b1b18a
SHA512 6578d098b657ba4b28da60f338e033f5622e2fa9473d1833af85a44b314c1d662fcf12120dc466c7c19fcd5901b012f1f8ae7c9ce65ff8155ecd68714f25e102

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\vk_swiftshader.dll

MD5 df2f469b761a706fba0b50149660f7cf
SHA1 2f9d8cb92b6e321e24a5437a1f77745a3507e7be
SHA256 be1e1dd3897dc9a997fdc5b3216f9af24c20fc678963f7486b0a6dae8900c274
SHA512 827e979f573f5cbbe6dd3c6bbe4414ab0d292005856b651b157f150a8d5605c3e77f76944dc0158ae9c632bdc31c243b1e9a467f03d3d3ddb08e95ff5b2e1347

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\snapshot_blob.bin

MD5 db29bb80c7dd644cf9a48f8086dbcc90
SHA1 51d55dcde1bb3aed9f4f130e00020f614f2a8fbf
SHA256 6cc3d838a2b7cf5957802d378ba353b502e8a80b39648213285496a83825a702
SHA512 62e477809c7e4c202d99d1a05c6b6d9e89a307298d783a161bdae1af6f999aa4a26b24de63e94fcecd050aa4fda79fda24f081fdeca56e47e9392fe3d22b6c31

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources.pak

MD5 d13873f6fb051266deb3599b14535806
SHA1 143782c0ce5a5773ae0aae7a22377c8a6d18a5b2
SHA256 7b953443e3cd54a0a4775528b52fbfe5ebecbc2c71731600ed0999d227969506
SHA512 1ab38fcb70d1958c74da2493459532b52a04b884009509a1ac8dd39f6e9e670658a52f4d19ef57f1bc71dccfdd6ceedbc18034bbcad0b500d75a97c74aac6939

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\cs.pak

MD5 b7ed7dd838c0c0980d7c011a3cef03b5
SHA1 d752b7e7098e5cb2c894ac35591db2852946d497
SHA256 9651b8f3304c70d96dcca76cfffad90ce8afcab6231ffd8e4e9beade3d510841
SHA512 23a6de6b8093c8f87e84ab7cbad1910a96f228900967b16cec9852fe88f756be7d5fd45b45b4f0b4caa4db05aa315f21c73b2c1c6c32e11d55ae6b810dfed49a

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\de.pak

MD5 9b1f23b3e07d947c0227f640560bc0a6
SHA1 17908d26037c885655a40e470fdf004a3367ebed
SHA256 e71f4320553f65cfd0356a4b30f3aec2eec7b4fd327866d528917b9909cfa761
SHA512 72de618027466a819692425fa028d65d432e825f6eb9a3bc100dac808c4e8acaec7c515a7d7674f04f0343edff731ea07381a5159b817b86d07359e324bd829b

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\da.pak

MD5 55a82964b36308b838d627e7ce708078
SHA1 c685eeae43f85346fc984d02c9fe4120f8b5467f
SHA256 1d1a3e38ddf282969bca2a5d893b3db4a0aed10b53eab37bb2dad7d2d18c94de
SHA512 57f7a23db6ffeb0be0b90005fa8c4ca22294b27da7a14e6afd70ac417b05122bd3ebacc41a168e28586a157521ca0e3093cb18d4bd7df71cdbc0f95b2925ece8

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\ca.pak

MD5 d92f01e66dbefbe28d9ddc0a0b318258
SHA1 8c2b07df543e7b523ee6a682450eb96ace988c46
SHA256 14e99f4d94868a454f40ee8e0f62d056e0abb303caf6e184a9a61bdec18ac271
SHA512 0a27d8533128cf03568e8b1e8223188415429a8be8919cf3f81bc041ee93fb530d465d1a8313876c3db9c83b9dc04cb4ea0d9bab0dcbb3373813aedb5803725c

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\bn.pak

MD5 5d7894bc1947927acac8491e1036d44e
SHA1 273b9438740d379d1a20a7c5ed4275940405a44b
SHA256 f7d704207cb3340f1ace2f2e5af031e816bb86e4bf3f665907d837d094bba37a
SHA512 6179ce46ba48fdd110a8c7d2ae17b43b064b45d147b18e9f20223c845382dc01e0e4f3fbe549ce3a23b6f46e59050f9337465d73e748003a1e650bbfdfd21b8a

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\bg.pak

MD5 26a0431ff9f22716c55f68f7e164c595
SHA1 9e9924ad447907031bc9d1cb753e0d0f66125b19
SHA256 1bb8c5ce9215d42ba9ceec52f86fbff46df668ce48ff56bd1cbe96adadf4922c
SHA512 486ab8c00646afc60193f97583324778c9010e0cc3b4c2f74554c25515c1edba92d83c44bfc6b364b388621c1631f2f51de19a325382ca5e668dac3a75bc85a7

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\ar.pak

MD5 985efad36a2c07c95fc304319d6cd1f1
SHA1 6bd0adbb16ca511850df5132d78322bd7c525a6c
SHA256 1cdef40ba8343e7f826c2020906915efaac5e56f543cd2ed6ebf704882525d8c
SHA512 7176d5254dad1ef91a428087099b1729285c5a58bd2f0b20e51b340d298973be2e36ee32128f71948bff3b013f42fcba01f37eff8f80bb2926695bfb65a02316

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\am.pak

MD5 e1b02b36ce38a843a12867d2700a1bee
SHA1 4e165fd9290921b9acbec8ff24e6987f36a2f3c3
SHA256 e9c78c2410d5c81e0cd5d122462e852143eea15ca69cd01b85322cede1e10806
SHA512 46ce9cc38ab338187fbf0c07a8a9fc1a96bb1d9181fb3b26741ecdc5e1b9fd2ac91b3b9e33d149bf07e6ef5879f72a589954e9314b47fd7b833677384d8b1933

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\el.pak

MD5 5949036e7e364f5c97fec60c80a4740c
SHA1 6380125302942906a7ffac45c724c9a1c392a50b
SHA256 a3431d3ac720f871c33d7e522cf506b2fa8ea1872bac02a4b4b427a6d063af38
SHA512 017fd71ba9ca2718e138fd1baf8893bf0e6ae86d947774671a72ffba6bcf330d039e313a949ca3c869186155c7243059885931a7de0804ed9ce4faf0989de94a

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\en-GB.pak

MD5 32f8d0492b73ce67df70c2f6b65a9db6
SHA1 eb7cb21681e65869a931f50d83b19d06f60d28b5
SHA256 c4fdfa9c6f30ad657bf12ccb95f70542a0fade45d8490259a4507629f4b33299
SHA512 04d80661d37c5c99657f9ac268674c058fec4a25fd9aa30c0a2113558e51aab4cb2f01baea3d8625d744df29575944a19f8575579f872c0716876819e933d693

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\en-US.pak

MD5 bd8f7b719110342b7cefb16ddd05ec55
SHA1 82a79aeaa1dd4b1464b67053ba1766a4498c13e7
SHA256 d1d3f892be16329c79f9a8ee8c5fa1c9fb46d17edfeb56a3d9407f9d7587a0de
SHA512 7cd1493e59e87c70927e66769eb200f79a57e1eb1223af4eb4064088571893d3e32cbc4b5ece568fd308992aad65684aa280dc9834f2b5d327bdee514b046e5e

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\es-419.pak

MD5 a6de020b1ec17664d99aa372dfc3aeef
SHA1 b7c2e6af4854252df86ea49c625f15ee094c891b
SHA256 64df687bbb37bcd92e609f7e3bf950ee5629b693ff8636607285f5753b1bdaae
SHA512 6af0488ea1632e6aad16b149166319dd9039f00da56c740c196dbcfc5265a0c225581450efe616e0d9a82e6d6a5bb50f2e0ee90f095628dfc5acb9f2d160193b

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\es.pak

MD5 06a2c6940def84d9327083aee446f446
SHA1 a542fd511568ae5f90e86259d427b7792ec52d03
SHA256 eb22282dbf211f64142ef4dfac2c1d811d65decd617c4a3d1c892967dc72ac07
SHA512 23d0547ca962419bd6013f094de67a6f20779440674fef3bd38ae613c72daef6072a217d7832e1c62dd68bdfdb1eeba241ac302f72cb710015d8924f8e6797c1

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\et.pak

MD5 ac38b14b7663b5e4e98baa6bc47143a1
SHA1 d41c2be94d6b5aaeb23c17b9a6c453a5ac9dceba
SHA256 b3baf825f9b237565260ba2935fe9acf2ae381e3bfc6fbf837dbfe6fb83314b5
SHA512 930a9ef5b3cfabec18b18b52d6b3da8f91e6c4d4b03e311ff34eb8f5af85c6b91077c7cc1bda609f114935d6b287a503f5e1ee792548cef0a5686bf4a3c433d4

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\fa.pak

MD5 a6c8f787f9f3ef00bc38673f806e69f3
SHA1 6be8d4a7afc97748b1bf619d10086a6d27c1a519
SHA256 8ea08e9874892edefcbdc55c393dc00fe451f3c7f29b57d7105377349eb4bfc4
SHA512 64668ae3d459c95f22e580c2f637c8b739ecd7c177243d505544b4b55f0c70710cd99ac71215412d04845e170d47e7ef69e9cde1e698c8898692a950619388db

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\fi.pak

MD5 8cb6cf7f173c2deac78fa136c8eb94c6
SHA1 c873e1cd9a2db4997683574f1a6fa2f6c53143e4
SHA256 bfc24d41ea8e362bb1a18c11860d2217fc100b1a422cf54629c7d0c6640d5ed7
SHA512 e8600b3fdca4c0c0f27d3959087616235c537b8ba6cbc85177cf96f2a9b50add40989d56c9ed92c5793fd3b55515ff611a6e273d622a1c25a301d35cb52d2d4d

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\fil.pak

MD5 91e33c418c453abcbb8ea4fc89d4b673
SHA1 11a4293e6a1e1a9dba94b80ab812f305bf70abd9
SHA256 75d473ffd351a828bd7854067ad986908efefdfb75800650587b8bef09f9ff2a
SHA512 b77b1533fb26832f9de21dc361ad58088d7aedf26bfb1111872cbb1b0da8b8f9061b8ea9c561fd645b8d683110998c71acbfedc02d9399e4f4aedb8c717cf97c

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\fr.pak

MD5 5d2e3041fb2154b01cfc628935aeb183
SHA1 620a2aaba08d430251e408cf99186ae0439f8a60
SHA256 b387afb8c8ae3c3ce90728fb7eb39a39ec789c6e7bfe4dbd2b5d49e72434db1f
SHA512 8709fbc3e63e94f61918872128134bd3636ce69765437272c99f1529801b97283d4baa4b3e61f2dea73cfdecae0321ba30c903d6055068d62d024843d6213974

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\gu.pak

MD5 7e5416a501994ffbebab3edc57756b3b
SHA1 c350fd10c8d7584f6d92612d9afce4c62e0e54ea
SHA256 a49597e67fcf93448c89e07f9cc3519b3b1b77505bc30adf3f25c250718eec0c
SHA512 611276c8d8a42c4258c9ae33f3e95b9b44932aa04c27d985dc70893cad75135b9d4ee74c1bb7c96449053debf5e0cc2e261ae1909b0b13126193b955069382bf

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\hi.pak

MD5 262a8aef9a1160a55b193c4a0caf0e73
SHA1 5ce45534b4d133c7f65ee03b8c2e14f3a7afc209
SHA256 acc53ca41a9a04a57c1f18fea58cc4329b8add0ded37f9f7d7a73584a910d6c9
SHA512 6b8b910588607bb080e66384c10e8d72803fdac3b2acbc65dff54ba32563a0768dc11af6806fabb82f7bf877333f6dd30d61a6630ef5b2ae291fcc59f3246fbf

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\hr.pak

MD5 0b263bb9ce59ac162811f06f441f5944
SHA1 073d6a9de44affc840c68a0e8c5562c922ba1582
SHA256 e55d011ac0cc50d33bf22d43a9c5a6b59f5c31bd2884789efee124929be9a7fa
SHA512 64d69dcf063e4328ea3874ea0d3c29d2387117cd3927096dd6ce12624f802ccac4cdb8157757d70be8656c5a9757538f84d946eff48878c4763cd2bfae274d87

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\he.pak

MD5 b73d141efba773482bcc09853c4598cb
SHA1 b1768edbe4c2efdb39a3d5629999bb9f9280e595
SHA256 7420e94f19bd61f33950e120f29c9783305f218d089f0a7d3ea3451655cdda1f
SHA512 f61e2d92dd77a24301d9c658560fcc9ceeb59a7ddf3eebf1872aaef2de5f8607b95bfef61ad386d5705c796b032f0471a85d43dd2a5e6d9da3725e466382b3d8

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\hu.pak

MD5 0b3b9d23034926aab2e6a2f9795ea640
SHA1 01ead327ee1a66e0c741e411c4ba0185951c36c5
SHA256 030cbf833a350946959afa0d2b699512c0b715ff7b38b613bcd16b15282b940a
SHA512 15ba2136cfb870dac7bd39f287b35a756817d05003d545063b4e8f8e99698f528ccc652be83c45f6dd8b125f9f5eb7ff8bff8e95d4569542954d47b38774f3d3

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\id.pak

MD5 978465f6021894f8f1eb0db3719cc720
SHA1 da37cc7d02a2ec1ef136127314a994316f1b9c62
SHA256 d12d87d003bda037b411daab09d1698671f8284e4297ffc08b0558749df6495b
SHA512 6383ea1e0c731ca93a9a121e4ea919b4be9aa48ba3e288ab511dc8ab873a3099f683c9c665c3dded79ee74bfd9729623d9a8fe323d2085f4d81dcbe6cf104dfc

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\ja.pak

MD5 25eebd1c10519b8c1c01d05c5a9c75af
SHA1 aa06f180ea9a48c7e032e52614bcf405c4dbdce9
SHA256 4d0910d196b6b5652e3e5d677ddb048b8dae1ec974593484df2838093c96fed7
SHA512 d278e262df63b2f816013449870f096796ec70eb0acfdc5d0700be07dd70fa87fd8c1f08fe112a919904d77bafcab0519ac13da82de1c10a03745c59a2c0bcf7

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\it.pak

MD5 f89173cbd42ec09af2fb0a86aa5395b2
SHA1 3dc7ac0c537e2ae37c579ac7352330bd3bccab3f
SHA256 266f501703d3899000d5eb60d55ccc8f59f186e862a4a9a34910e81699ea289e
SHA512 41cf233eacb47680f3d8a17b9cad17ce872c6a9c443929de776a315c0436568e8150ca75e7bcd46ff1a4814517a8c78d7694dffab00509977ac7f45676d54dcc

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\kn.pak

MD5 f83907e5b38876e6c50480f727fc2497
SHA1 517f0d01d47c6838e008dec87f089ebfa1b036b0
SHA256 f25c8b41249c8f54224702795644c80bb5a7eaaeb6f0af5b6a1048960a27c827
SHA512 e4c1c23cd72197616e3e7a9fea5924b4ddb01d717810bd69937de49526fab9f3f368df896771eca697de77cdafa2207992cbc77a448082d65ae25894484131a9

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\ko.pak

MD5 7f61b6f66e6d22083bf0b2ca8b64309d
SHA1 748a0198780c238346781a0c1df3d84963591877
SHA256 99addd110ae7ba9fb37daf5c32ad2815172840764da0c71d0304dc9562951d61
SHA512 3945e3821cd2f4a420770182ac29cc2e2db72335d934ade001c196357dcbecd33428689a7588f62e7b845f63765fa102ddb6aca07ac7e7b7104a9633015126da

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\mr.pak

MD5 be54eb7b1f16378e07d88072912e0119
SHA1 d54ccc3aabcdf06968f6cbbd61bee3b316d062f9
SHA256 5f1ffe801f3701434a73d3ad3d04e9fcb6238f0f3b14e9325413910799954543
SHA512 07fbe367d6caa27e24b66551f1d6fedc17702a39121c48e33d2bb6547214aa7480ac8ec8500f1f3da7c064d1174270056d6f49757e9f4d67fc44ea5b9eae993e

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\ml.pak

MD5 7fdcd82db37be12740f93b8511055703
SHA1 606547e1cf56a68df1299bb962fef86cc6e99e20
SHA256 cc9fd4f2d44df646c6117465f820ad390efbc9cb64eb4ff898a50cdfef8f324c
SHA512 f92b42994639f48e5bf949efd6b483b1502c6204d15cd32ad6fd53f0f76886d10caa802fba7317421225a214c479fbb1509a03b7f4092b0b2c47f68ab7615848

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\lv.pak

MD5 05a27f135f550fcce9c1359730aa334f
SHA1 1e23b09f0f7aec17a64c9f09de1955ee6bc5112c
SHA256 6861e9a4e8a9f2493f0103afa0f860c280478a64293a6de883ba9cb6a45776f6
SHA512 980c32e547fae231db2758978811d49a9a631ec95a3e47f257e1387f276d94005925ec432551368eaf3dcd310cd6219902dd360aff8a67033797ed3e7fb519c1

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\lt.pak

MD5 99e0e932b751c50565af36025523fbb8
SHA1 1e5d3b2f722efe60d4d4f2d81cc5183309313547
SHA256 9124dc353864cf6570580ae3afa0a7f09f5e3d32a61e71a64ff4cf824ad4fb29
SHA512 a94b4565acd04ddd9265de072fb2e1887c21dfa251afbf76b30824cf9de84791ed3658c6f71be17366cbc0b7f73921e045ecc125c42bad3004d189c7943c7f3f

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\ms.pak

MD5 08d7bd42520462f677a3b8204feb1777
SHA1 0dfcab20465137c4ee25f285f82a499b9aa3205c
SHA256 f4f6362d9963b7d244e29e85c7ecda552ff7756621f6efc9f3b6f12940896a81
SHA512 f48373053bc7bb197308fcc3133dda664a7d1babe5e188c7498be3396ee94e43d27fd2ef233318271cf11e1ffb75dae3d0ee83f78b590690fdb84e1d0cc832ec

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\nb.pak

MD5 fcbf5dc281a9ab77d7bb03751b9563e4
SHA1 e4c4e499431a3e693bc262a25ac444cbb9ef1ba9
SHA256 efc934122d4232276f9f2317e5906517bd91ec2a6d76995fe8aae04eff866a50
SHA512 502eb74466ed1efeb61688e7b5f6904014e72be9f701f18ed49dec1547fcb6303fe816e4340b97b410cc1f76bc715cd836c3adbc84cda1c8ebeecc64a0f477be

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\pl.pak

MD5 7a4ef59181d02e62cc295b676d479d7f
SHA1 84fe4e425f1684f5d3efefb7e571ae8853ef68bd
SHA256 ce84676f37bf97078b3d087d913a874d3c092f76b729f43d3e9553d3c9754f03
SHA512 53c8c9526f3a655af2251fd599f130606eae88692a726ba25e2b09c129ad89f00f833e6e4e1b6d82200cc110b8988b61c0a2d678c712d7c0f1b2e67b1aae1e01

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\pt-PT.pak

MD5 2ae2e6ebb6ecdc5dab094ca28167a27e
SHA1 499c9a7169ddf760d9395b5801aa90632ea6323e
SHA256 7f0b86e4f6391e48fd045c8b967a1ad33d9c54f5a6ceda98d800c254dd2ec059
SHA512 9b3f6df3d9d2dfbb5f7319c41ccaeb66ec4d30b0c0c505ecf6031abb5e36f95e0435d91d0913def09d13abf38488a9285e170d502e3e3ab2cb44effbffee3f04

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\sk.pak

MD5 800dc45f273a82862fc0b0aae4f3e908
SHA1 8cd818ee32f9ec697226659b3b86df2ba35d019f
SHA256 4a09c8f22d1fe71cdfd0149599c59ec3059cd35f7dc8f33f22f967a237f7def1
SHA512 6fb7674ddb299efe896f3c0f2255295d0489d86f1bc492fb95d7e9eabd63847d2cf162f008e7e715a6fd3a409a1a3d6675e095ef910f52dcd28e302627f09ea1

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\ru.pak

MD5 bfc17d03eec2df2985249a96e4476a11
SHA1 5399b5054515bdb48942ac7d662d936eaf65e253
SHA256 5c93984215f69bc6c7a1430fedbdc619ee6ccc9e491354e3541fdc8ed1947f8b
SHA512 faa2f3f0176cb8b1484e4e8fad6a019a4198f549991f4aba52453c077156e5cc00009a9c1c08cff999deaa87d2c8bc31c385b22bd10e8818e68d3fe61f07db60

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\sl.pak

MD5 fd9efa0cde455dafa0905dc1b06cd02e
SHA1 9371bea539436ac65dc13ea475d6ca852f236caf
SHA256 1ed9fc4abb8bef48e0fd5e10a107fb456dcb0c7a275bb789cb0728cfadfdcc42
SHA512 888b83e1d111ade5b2260ef2b7458928594d8bb0dba9722d4a1e343f58ee0a668a6731a99f84601149ed4e56db39073f562255850a9cdfa406c7b8236c5943ef

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\te.pak

MD5 15d65c33aeab73a95a183643b57f5fd0
SHA1 66037e1366e4631a412fb5caa0a18efd1fb0411a
SHA256 c9f427a4efa5d9835432e3a190e26d684c18c26e13fcda1b7e73d6a7527cfd4f
SHA512 9e99a60110126ae311e2a428ae121d4671db202c2cfae96317119f3ae67520af50a06d0ea58477a199aa39c3eb0f4f5d14954a7b7c6a9aeae8582a457cd07ab7

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\ta.pak

MD5 1518a611019dbb88dbf9af005d31cc2e
SHA1 6ac31736c93779f279bf893f869f6e0a251d9766
SHA256 2363b6a8cce7868830915303dc2825351e7ea9dfd98568e448cd8b71c7ceef90
SHA512 341fd001613772a495909420bfae00439bd0320a27d7ed10b7e76f64634ee7f9a36751b24388853723f41850d125060f7c0ca6aaf6ff0f768c5fadb7f5f42b9f

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\sw.pak

MD5 59e99f7b257d5f0d0575038c8332138c
SHA1 0deff978d72e4b6eb2ad0534be5cb573b3a662c1
SHA256 26fbb15e26f5a4c44bc0e86326fbff28686c771edd11bda6bfea178364299eaa
SHA512 fd0f603d73a96fe1b40030067e6eaeeb4c6ef18bab57288a4a049ed2c687c85836d10c1b652d7d1ff2030903dd5e3fd4c222b987b87464b5aaa916a9f12d0f22

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\sv.pak

MD5 f03c7cdb6921e881c788ecb10b8ba710
SHA1 e40e1b540be2eff535e62e44931ac5bafb21e524
SHA256 cfe9ad173d516a3e1855f00f53fcb20a53ade93fef6256e909b0f0da12723cc2
SHA512 7de1c83fbe86d552044e8663969b5c49aabdb762ef73788e6082aaa2117bf1f2788df6b8a28d65cb3be51a9c6bf7afadcecce716bfe7fc6dcdd646730897cdfb

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\sr.pak

MD5 e64fbe3d0a19f6c48bd7f81a093900db
SHA1 a63d6e8c469dac2bb68f1ccdb43bbb78a769f210
SHA256 362a50ec28da0af4c6b8e282ad64d45298b939a03883de22c5a33adfa919bc74
SHA512 390690233c9b89eb9fc962e95066fee0e8b2356bd9816025f7f3218e442324edeec5d1e4990c073e965c66dc6126136d975aa3deeeb65b090ae6bb0b89415617

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\ro.pak

MD5 84d177ee0f1409e8d69b9a559fb176d0
SHA1 f22ae3c93347b0947e7d440a311f3856dc1f913a
SHA256 60859215a025b95a1ac06333a66d14e1698b28ae31451c999e8adc072401a86a
SHA512 85fec9c41cae2191650654addeb6639c8ce09198a023e8548cbefc7778d1a0ec27214b7c755c10ff403b6435260537b9644dabb0c37d01b297323152ade5bddd

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\pt-BR.pak

MD5 5beaa2cb0bea5d59f461c8c076236201
SHA1 65228896fe64734a7b56a735e5b5fed8e4b85d57
SHA256 7cca8f6ee8b2a19c8ea53b3a2bb2af4ebbb2b8612caba87f581938e7d6aa9f18
SHA512 39ad2f8d072469843b939e69dc7e4dc408b366a07168234d2c45a32d6100e904646e66a966e457aacb65a2b07ec5f51dbba71fcfa3c9e4afe1684f42db01bb6a

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\nl.pak

MD5 e3fc5005e01568eb856d1edcccc200e0
SHA1 b105b8d844cb2ef868d56057cde0e491b9b077db
SHA256 4669c10a7fcc8a150a641e73320547ed1b966a92fe78041a860ce4892f79b0cd
SHA512 288cc9c97e781d2ae4a95e2fef230f3c04b8419b87840c4ede04b3d8a7798e78bbd69be37b374b179e9f10b50c8c997834cf9d8a79266c16b3dafac83ad8e9e1

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\th.pak

MD5 d2ffd3529b4880f2e8a8d0f01ae69395
SHA1 451ebcf352234a4b343d30a172054558c259ec83
SHA256 301966a229a09b37e5b2bf12c89522a33144c977411099b81502261c4ca554ad
SHA512 c4d3f5c3e7b307caf6a51fd74e828fcf8eaf41a07dd198ed5844893e3b27af20cdbc7b33d58fe2ca0e487ea546a4d1fc58d99faa9e14ed0a55bfa43265211256

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\uk.pak

MD5 026ef6b51c0b2fc92211aa0a6a1ddbcf
SHA1 d1a5eb09b90d04fe02560b33acbb55ea4f6352c8
SHA256 27d3c996804b4f4c106f12becdaeeb1ce65df53abe12658574852ab7b6643bc1
SHA512 b8efeeb10841dae8c23e1c8d2e939b809d4f0aaba56521e037ce5d1ab6748a119a6d064f767dfd209415b4f6ed94527132696fe8c12a71c0c5b61637414c23c8

C:\Users\Admin\AppData\Local\Programs\crossover\locales\tr.pak

MD5 7c897de0ad3c9d9da88ffd01cc7a6e99
SHA1 4864bf127f5de75c9f3a2cd4b13b6cb56c3c0a14
SHA256 81694a8258624f82dfbe0af43aa0ce5fdf1304c25a2f6735b972a2a29beb8e15
SHA512 2578bce090dc69d9743684671bf6ea68efff7db900128ee0703f4eb3c34db2a92f0c805c6febc8a978d1488511250e9f133d500c551cea22d091a9150f0dd88e

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\zh-CN.pak

MD5 dc160104962893fe87f3a5088a78926c
SHA1 775945e0c70ab40d2b7ba10e58e7e0f857a95021
SHA256 44a9dd0a830ce2feeb81523cce7fae8a0a553f05921b34d34c7826d50ac3a1b7
SHA512 4b6bebf59513c27d5e022ae01f15fb0ecec0be4b547a1231eaa79555948c7ce92f08a7b6ddc6cea7484f945afd2eed5a29acb98afc568d21ec656b076912171a

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\vi.pak

MD5 b7dd26646a77979ee0c4776ba0b1a52a
SHA1 4b9ba889a4aeba5b162dada01982420527a76007
SHA256 7f94586012c85732d23b05dbdde2c497326d5fcab87de83aafa3594b614dbd36
SHA512 a8f4f2decf5367c02c8847bb6873a44a3389f4b3e637ab54197df5c56cef70c293a849ed260bde922b4d6a4bda4c95ec03c9d94a837028e21f74df699c434c03

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\locales\zh-TW.pak

MD5 4bc50b6f5c29ea7cb60d5b79147326e7
SHA1 c22a956b438fe25987ffb4654321dababd49d1ae
SHA256 268041a1a95dd540cf7e92a01802b65df8c8d1c80726007da1bb8a9cba6e5414
SHA512 4c65d6d3b3db84412a589ea5c9a19e609d4b47e37b752d4231dd5ce02d5ed8a9ad4eecf23e321e4f48eb96c1e14f2da2a38057e6ca4079d0b025a2266783fd85

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app-update.yml

MD5 9f605a6584b698c9ed18ebe2d79228d5
SHA1 bd4f0894d0b2220e1327e8f9aa07da3fff953399
SHA256 ad5d37308e15be2219e0a078fe88fc7977618528701e13a89cff23c5788277c5
SHA512 c12bc01449b0b776c094c615e29ae0f0c01aeb905330dc2f2c28e496cfdfbd1e8d6ae7822206522bea64375a4eb65b458dd867bc7878d9c1bfff9561b122434e

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar

MD5 624f2bb518e035865e5d97e60dac2d84
SHA1 605b58f2043e6ba3a1507c5a96334a180151aeb7
SHA256 0668060767f02ea924d1b3c97cc31a066c5807c650bcfe2c72eaa4a2b2c4df41
SHA512 b3e2471218ad571b46ef47e29f6cb4df77400d60a4b035a686a2f4e514cbb64bc113664dd3faee668d0a3a366a52d5ebe9d169acdcfbbd995e74ebddd37f07f4

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\CollectionsConverterUtils.h

MD5 990b5b88e177c0bdce8ed465bdaf0d18
SHA1 cf676ed2a2e929c2edfe68b7ea65445804864ac2
SHA256 50fe10a565fec37116bd54b36c29f6a6b51a172d59f783c9c5e8b143df8b3c98
SHA512 58069821bb3f935f6bf69498d94a9bf21a49ee659ab96aa1701fbcc47a7f685376e426a0178c0fa8db3ea3f0f4e078d3c0f53a9fa179b6888e1873f2bafc9c45

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\CollectionsConverterUtils.cpp

MD5 e675445179139ff54291eed1216dc99a
SHA1 e694855ad009fd8caac77ffb77032bf87c62fe27
SHA256 7ac6d302c5751c8722d698dfc21506c4dd78a109aeb3f3269dd339ccc572ed37
SHA512 51a1ff585ff042181e6f8b1e5b2eaa719af4856ba666e444cdcdb0b6dfe550e940b281c6414fa4740f63c0ab8191d438c84aa5683d0cc95a0a69c416fde91fa3

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\CollectionsConverter.h

MD5 e050192645ce19456d2fe733b820789f
SHA1 ce1939d4c590f1734930607e57cf458d6e3d8a81
SHA256 d6a7d0c081faad10943336d739fb17a7171ddb15552e188bdfb70e2a0f3b3202
SHA512 0576a9f9046141a0f499c21b6c55e37b5d40ba660f2d1780c25eede23def27199e86e31a83eaf511975881a0868e7da9610600df25f132db5f8a76c2d354f78b

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\CollectionsWrap.h

MD5 53d97711949c79288fefd74aa0aa28e4
SHA1 c851d741d247bd97c4877e9209078eff89a7ee06
SHA256 afb1dc44d97f9c57c129da4858398f1a47b29c74cebad961377efcb329eb84c3
SHA512 91f760339fdcba18e8ae514ff9f15b10f1d621c4b4d4eb9bbb7be7fb631cdc146a8fd03393a5cad15bde2386bd8a8389d8c28dda4f5970d2a01cbdca44b317b0

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\common.gypi

MD5 b821e1ea5d77a4e99b0ef6a43c1a9956
SHA1 c925aab00adec7313ad129fdc62420c5e59c71b8
SHA256 d59db748a03c6f8f86c5be52d450c2b98b6d26f7bfee149fbb40438a086b7174
SHA512 0f32f6ee0d0b9f4259fdfc3c3125c1ec3cc33742c889125c027ae7d30cfa752252ead5bebd07a9de4eac83677aaeee3390544639e83a1d420d2725797cc61177

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\NodeRtUtils.cpp

MD5 c812adc119aa4e5d00058fb53e9fdc8a
SHA1 72c43331e067d09a3ad2422feae8839aa4d39f19
SHA256 c1c8ca7fd67da8dba6fb8507a0f9ba0a09e0b5ba70bf48e83c118f775f308151
SHA512 6ac804776e1eb0b9c75e07dd0a9a815f8f5aa1a199956e6ca55b63229c4c55fca6d3aac6d5f8f03d8f49f4d7bf896dc7e6f8e0e9cc5b54341d819838631eb74e

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\node-async.h

MD5 597a56960bf5ff7802c3ebb1e2a1930f
SHA1 957795b4b5a6ee9938608f9d1c9fdace53f70141
SHA256 89cef960f5c1c27c6d75f87f4a05280e309ae9b1abde6b4e442103bd2bb43add
SHA512 2d5b011151e15d20b155e426e446ea8f2558adb4ea64dc70fae4afa93da5b5b3439c81231965fe8d2c36cd2c7ff45a1374059b2f7493c8eba88bea05197e4406

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\LICENSE

MD5 e4c33272a29fa026cb1a591581374020
SHA1 2c68a49de5588cbb0738c11ea7fdef2d0f8f07d0
SHA256 d72530be5d4dea24dc337f6eb7a655cb48f600302a8e2f4358474d1a75ef6fb4
SHA512 de9e2b864c5d1c6023fc1e4a25153b0bd3b91464cef81835451ca9456fafaf3cf6f407d5646cad45a0aaf85ec31ad3383ba5e7d94b18912a59e19d4ca337ca16

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\OpaqueWrapper.h

MD5 293014e7968a1cd5a708b29ee2c87ac8
SHA1 a7dcff6e7bfe54dd0a15bf18bf4d5d27a35e5f04
SHA256 1e47624dc4c6cfa8b537f949076c022abcd53cbfbe68e27519398f5e92c641a1
SHA512 bbcc7d9c62f3ad8067026b651bcf7fa91930cb5eb87ce3c4c4fe0c21ff355d52a86554399cef18045fb57941bea39f024e189ab7d88354059e93faec248cdbb5

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\OpaqueWrapper.cpp

MD5 9436601b7ed36dc3921b761897383aff
SHA1 ec117eb6107002564ab1892d32d20883143a3bc2
SHA256 ea1cee68646053deb26ebbb95ca842f171211d378ab3ac66cc786187c6b6f5f4
SHA512 6349c583579ef455b029ed3e4bb70a00ca82eb22b609d0f99221472c873da01cefd2f7d992bd06c029be938c56ebc5b4e02315af707e57ae0be094c387325f68

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\package.json

MD5 d2c75a44268a7ef6b3111ed372330fcf
SHA1 f1ca8346c48c4888f0d91138d79e32ebb5b7276b
SHA256 ad43cf548390675ea3f73215585099c90c3e94c53f24b9dc13346a2d7538cd37
SHA512 ad68b418df7c334fed1c3558eb74413d5175be37e909f2f98b9a3ebcb8932588ad26739f5dbf05846dbd89dda4cbf8122c51454be152172be6bcfbf94f3551da

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\NodeRtUtils.h

MD5 3fc3900c6186510cf76718f40274f7e6
SHA1 ed6b762cbd61f1cfe99e272e51d463ae6bd001a4
SHA256 4ee07400a7339866f4e9a8f201a82c2523a44af1b8ffd8ce3a483bd309212357
SHA512 40700aa9684538606ffa54a799efe75791d24c733ff5b2f38c2e9d5a493a249362685641eccf03272754dd36c25fd9f56558ec735a35951f6502921595af4573

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\WrapperBase.h

MD5 bd868d857eb22289711bb3191da19696
SHA1 6451d1055848de39536f27cb78a2ec333577b531
SHA256 227cd71fad0e44f724245578991d8723c172513da9f7159662fe741ad1e7f302
SHA512 bcb59ac522f52cf6b92bb3177b27022256c1ccce2aa3bba0a3072cb8b5d79851d932f37f3a64f7c7bf125d96d35f0ef952b20b6df6ce97ebad3349e25e981951

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\_nodert_generated.cpp

MD5 d37dd9a79b211d29ada1402f4d3db138
SHA1 27114403eea9e46fe1971497b24412f025ef89e2
SHA256 f0c74e398831d58fccded2b4653a4519474fb1d9f892ce120a3919db72324cef
SHA512 ff71ad5fd08cae9c5207abf792759023d8b637b1f77a09111b57935b312168bb6313d81d5af18ab99cfa42fcd3d4d59fdec63086af73c1a209854ba406b8e009

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\build\node_gyp_bins\python3

MD5 a5914fb2ca257450b1e6095bd0a732cb
SHA1 c28051d2f6e9d80fc0b79c4fefd55292f638d6a8
SHA256 48ec55b2f9c8bccee1f393b7aeb854d64888d7077bfe3a316c3483857468b65e
SHA512 a85ce27a355fe9ede3e76b35766052518c60ce9d7879dd28e1a8653b485706c74ecee3698acae7f824a6360ebd2b05dc5821839992747b17cc486bc7cdbd517e

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\build\Release\binding.node

MD5 76be38e4d7dadd409553d5971c98601f
SHA1 5afd4ef47f735a2a6b224781fae29a485efebee7
SHA256 29c72429aab0a0df1c2984b007bd4cea56c087c18fcbc0c773cf70ff08e94f60
SHA512 35f04a3f7f55854dd8fdbc5767eb46ab41c8cd4223f5ffaa7de0d95880b73320b1cb0bffdbbc763a197eb7b69401b6501c1983a725300cdc1aa7c1dedc1b7c81

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\lib\NodeRT_Windows_ApplicationModel.d.js

MD5 bf4887001f28c7ac2e044c2e6503fc76
SHA1 dbc4d1c1068ecdb767a7266b39077708c928fd17
SHA256 5687892065436598a128a82fb44ea4424e564dddf90bdd88e50278244d54227d
SHA512 873075a127d08374182f69ed8ed7feff9de9dfd069283b11d3e4a2b75e57060838de653e6ab868f3ce5a9c45f1938518aba3663882056dd16d626c18df4e2606

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\.nvmrc

MD5 367764329430db34be92fd14a7a770ee
SHA1 030514d80869744a4e2f60d2fd37d6081f5ed01a
SHA256 9a92adbc0cee38ef658c71ce1b1bf8c65668f166bfb213644c895ccb1ad07a25
SHA512 e549f6070c123cf545d7205b7d00bf9e5ad4a7e479b5f852a7f98a770c82f1af5ef8fa5f8bb5d262a697dd28130c9cee023fb10b387f4da4c36b0a5a1ee88c04

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\CMakeLists.txt

MD5 2430189b021ba8bf1584202989261273
SHA1 e4ae4a474c96845f613287d613b526119767119c
SHA256 2a14d8beb7bca493c523ca01e956d539fdbb130be3d594f807e71b01e6ae9b67
SHA512 db1a40c732567697d4dc42648e67d63591a53dfd0bf8088f4f0f780e6af8b5affbe5428ce6af8f591fdc7cd2cd6679aca046778e09d9c81811bf09926fa9630b

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\build.js

MD5 18b42357d93feebac8cd44ffa7cb1b19
SHA1 35e6caf7535d2b55bd624b18901b1e8c3fa1b9cc
SHA256 667c8af5f36f9263a34f0d3537d91a5db5ed784a3199d865727d9a20cb0a194a
SHA512 ba08516ca80a9faa39fc015eb07296fba27408a735bb647857a39e58076ba7ca77438a30278fdfae3f53e23185bf5e10e2a618ba156d8f939d72556609bb0869

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\lib\main.js

MD5 c4c7883b9fc9248efa8c77eec37fda2b
SHA1 45b3edf5e38f5fcb1aca78f159516d3f4d7bf9ed
SHA256 29fabaaf7fa2aa34e4bb6242f6ee7c8fa9cf9d4a803b9027cff76c34183b6191
SHA512 364cf1e9bd2b59dd9895e5aad333bed64750603412a6997d6fe8ddb0aa253f22ce8378a42211567511575882400f7eef6ab2a1e8ba16d5c0a4f28ca9dfacddf8

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\LICENSE

MD5 893f5e36706da0fa5c38aa5f243589d0
SHA1 848679cae3c761b7f7f661f3805bf997d2f2fee1
SHA256 f98c13fc55febd7c4e2ab4d2185765696001ae22a7f9a91267d67efa16f3a178
SHA512 5a8e2a5e971a6a748d65c245042b64e0f24e9ccac8dd47ec6b93736b818c235c09c23637da6f3258f4f4d532102569543e23d50c2fccc5ff37080efd4d7d3075

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\index.js

MD5 eb8b61033179bd94eeba37d7e9787732
SHA1 71d09cec087dade89036714925d27b2d8d7132e9
SHA256 3b86aaca5882a0b012ac02175f967707558c79c40c7a2b8238238ae4d2280e43
SHA512 f8653b973ed19e4daaefe51ba1b5c2b5ba3b3471c9faeb68b1d88e58a15e5f3f70688df3616933db9ff3e3f98a64a5b57b10696636d251cad97ca108dd442900

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\install.js

MD5 377a0664c93089ac8359a7e7c6f86a4d
SHA1 bd0cef123a5a5d4784fb8fa6918ef4cb43b48297
SHA256 6b04824706a4864b218da706204df28caab0283859bcc6d2fb9ace9589867148
SHA512 21b06d5b9bc6bbb9794de33dd199cacd4ac13639a9f19faae33bcb655cdd29d9c552049ddb1f04cebded30975fb4cedb937b35108d2a5ef805a9d53b85f3fd8d

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-darwin-x64\build\Release\iohook.node

MD5 b7979eb403fadbf05aa746d11067ebe7
SHA1 4f80eda8dcf74945c94483744d414f5358cea4f9
SHA256 4e9f6b6047b5b5b86c6eb20407c6bef563df06cc593312365906a5695c2b712e
SHA512 22b676b0c228872b156f6a370d665701b278d8933b073013f186e547cd25c34c46ed18ffbafd48170322d4e922053f2a53b346b6338d3692eaff7d0ba661d785

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\package.json

MD5 03d9b76d3412406b89899a1ba52cb889
SHA1 56a073adbda709e8379bbcfc3434728143594386
SHA256 fce5c6009228094cc108116715514a0fd06f48749c3058a65f05d27cf5b05817
SHA512 7b362e1753a7a78a1879131dde5537bbbab5deb788a1b3f5b595d626a4185f95e9c50c766df3660ffd16c63f5846661cd2aec587c78d18a9be72918a109e7088

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\helpers.js

MD5 f156e429c7d4f3ea433537e28c1a46f3
SHA1 baa1daa4e753821ff5439d9845d0f36c7c82c250
SHA256 cbb5bfabf0c6284c37c3e9548920a85760b8f19a22190e66db2b9751e940bb98
SHA512 3a508918da5330e9d3784902d6919e3cab603925d8c3aa21b468fec7b71763a30bc5d8bbbe1aaa85f5ad346fbc3cbbaaf4937235df66dd81d0e5bceccca49819

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-darwin-x64\build\Release\uiohook.dylib

MD5 1fba79e592301f24c6107ce8f65e8faf
SHA1 22c0ee24fb5b00b46e05a6ddf7df39e05d562748
SHA256 9ab4b5aa52a2b7db520c8f1a9db5681be20ac8ea3d10d09b1382d9d3956559d9
SHA512 32c6a607ce29500516ee7a48d40b8973c74366ed413553fb372401665c6def903125d4e4c9dea788fbf25dd71f331b506baf002d3a4225da701052030dba93ce

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-linux-ia32\build\Release\iohook.node

MD5 500694c8b0ad3f4719099b6def21409d
SHA1 ba68521b75ef73a261e25a438aad847679e2f7df
SHA256 2706d0878062208beb8e12efed952a6fe7628b245c73ed27ed5dbc4e866845f6
SHA512 eab4a47892f31773115f2dff19e6562904a15166893d8a984f474e1d387af3543092e8c59095f730377f3104e89d47af58f8654a81de6ba6c05a15217e1ff8f3

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-linux-ia32\build\Release\uiohook.so

MD5 6ca9899c280818906c76807605fe00cb
SHA1 7ffaf2c863f20c057fb38349dda96fbcbb67fefa
SHA256 2fdbd6a76a5e0cbc747e77f4109a84e92abe1aac64dc4f8995b082b87f47ab93
SHA512 c21c2c5380b1c5d1807e963e27a557500c3c8db28e5c7ef19181cc83dfc88a4e1fe31dbfe6313eed5a7fc0e94380bd1bfe981a0b39ad34e20a198f718521b7db

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\iohook.node

MD5 3e4049c4023d3758f9c3454edaac7990
SHA1 f526da85fd10d6efe4c525406fb2c493c9064b90
SHA256 114a97a0c6c5f8016d5c720fbfbf9911972651cceb3b4f0d43bfedec456b08b0
SHA512 0e7f89f3cdef3a463d11addfd8a49effc1ab4cc9adb7a83dbe3c7b39d698169f23e77111cb8dabea6ff9b61a86e27655cd72656c2801828b05b0dc7af5f6691e

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\uiohook.dll

MD5 091a7deacb932c361c2682f15297a13b
SHA1 fd0141d5af843fb186e684f00bac5200d3b008a6
SHA256 dbac4a1094dc9de4e00dbda749624aabf898db6254a3ff0fe01d608e19eaa067
SHA512 14c468107cfe3dc3158b6432d32e5d4f56bdd1cea1d6db95724461c05da59fb27f6fa3b95738e8a534cd7f636952ad18cb73e2e4a736bff3544145a29e5288b3

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\iohook.node

MD5 72d0e43eb061779fdff81523bfcbafb7
SHA1 8771eed6b959a9fff1012828fff4e9d120d07c0a
SHA256 426f0fcaa3e30b37cc92f3ee69e15758c272fa6039f8796582ccf0193b216133
SHA512 7aa6b39f677aaa7d62c10c81b68bd51882501e5f3ac3d2f5ede42565716a3f6a31e0822474171d2a584393c34d41d93c9add9f6b41aaa2f23d2f75dfc0e2e418

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\uiohook.dll

MD5 61e0db4335d75161045b87bb49dc350c
SHA1 f8abd7e277d83ee230205e11c872c27d09b29914
SHA256 1d3dcb5b8d0935209ef23ce5bbfa4802cceb4f9d0de53bb0d474141700d93038
SHA512 2b3815db45c84b30ba3186e4ac3de4c4ce97ddb4b42d7ae0264071478805cd69599563f097f5f9b22e5f6ad50473241592f7dcb88935b2cfe611cca81448d912

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-linux-ia32\build\Release\uiohook.so

MD5 f92b21c4145b95b80986b631e1f352ad
SHA1 fe8c17f6724da5f08a71363ff7300274603fc645
SHA256 26ab014e09c917865ce4b5e25e5683867e29ae1e273b690f5d9f0c018a6c333a
SHA512 371f426d13c3b519edbc23def349eb7f8a02445aeb1a9467eeefb73b7b86b00e78977bd0dec43eba46e60cec0be358f0863ee944104ebe97abeded386a671ba1

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-win32-ia32\build\Release\uiohook.dll

MD5 30ec860487a4437994df279b0101a913
SHA1 e47a4a3ba57f9de5cc727948a3e820d89fcc4482
SHA256 bd58939cb799a927b46d4ff281d39413800172d73f5deb4bc895a100a56cf7c6
SHA512 6ec811a6997f1076f6f122d8392b754283605f09d4983fe2cef463fa0c7cd07cbaa507ba2609a453b9457f82be33d4c2a95860f0fe8e5cfee8b80c3e7d7e84a6

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-win32-ia32\build\Release\iohook.node

MD5 6e58cc50a88997f1b2057edb1aa36ff3
SHA1 0b03e5abcdc10597f60d8302cf5d23c1f46cc4ff
SHA256 d8cba0ef36c2ff0b8dcff8f5f7314cecbafeb373b19dfba7cb7ed3963eaeddeb
SHA512 66b524200a44e05c481ccefa68323ddee42595729216fdf6e5cb8bd8f4b47e20cc30a3724c6538ce75af74dd6631b2798ec4ff89ab3bf9127fc806787efe2255

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-win32-x64\build\Release\iohook.node

MD5 81c23a1d86df767f44f81143c5d5800e
SHA1 41f1dff89aeff6d8e961275c7fa4f32ca8f40a39
SHA256 1eb2c1d12740a1c07b45a9ef21de78004699b5387dde70558e964dd4eb43056f
SHA512 b18fc4f3e502803b2c1eb0060920547d0c57dd3300fe0ca99f426bd1a18260afe1415c3fde206ac446691487eb8ec6423471faf8d10a1e1723695d0d1479a18d

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-win32-x64\build\Release\uiohook.dll

MD5 d94113f3f7228ff06786dd840efaaf3e
SHA1 2ca2928325f926dae3798f3e06e177ea28f1ee73
SHA256 7a56e443efbe3c22466e2c4b2a51537bb0376aa7bcef8a2b6125b539d69cb7af
SHA512 666d5506be03cf09723afdb24e161c4bdec7f0bebf7e4bf08e0d7336223779fbe751651a68628ecd6aebea7c21a3efdc4dd3e8cfa349b5d0b2ebfe414173f9bf

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-linux-ia32\build\Release\iohook.node

MD5 3fa7e77cdf682cfc33deedbc9f302579
SHA1 80ed42556e08b7d19f064d0fd62110eb530acf30
SHA256 34322c778867362102cd7adb52eeb64e32162e13d9b1c5039ff8e204c5990302
SHA512 bf282f6b13e91848cf2c41714b094b4abf9f5ea3a4b64afc19ef6f58b935e0f38399e7d4343316575e92f78b54810d0d661092d68f5d8f05892f9fad7aabe6ab

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-darwin-x64\build\Release\uiohook.dylib

MD5 7a66adb9e7283884a410abb6a8625b13
SHA1 8ffee87abefb781e3b2b265947822585019faf58
SHA256 32412f4a443afb581907cb7efd7f10b66a6f73ba459c09deb9629a7f2b657853
SHA512 89c9f60f5582fa0917e8b690b8c077e3f57090357509272ef0843151b67a38700e76c588e807324ef38bdd4d8ea081c5ab2f0e7a84f981399076ddce5fde7f2d

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-darwin-x64\build\Release\iohook.node

MD5 946b1e65d7f2ee9bf8beb9d0b39b444e
SHA1 bcb680af3a59526cb9ce6644ab9878a7e207602e
SHA256 fd28452b625f28bb144af6728ba96eba91516438ed0f51681f5e6c64d5683732
SHA512 07a6265b406253e11eda3f43d8ae6003677276cf990e64fad88666227bf77b1b331910aceeb28a286f1d7c93746792032b23e6b722b42ae9f9025c523bc641ed

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\build_def\darwin\uiohook.gyp

MD5 7c3acf7a192b329a31c4c9217d1ac98c
SHA1 f16b85a74521ea4960c42e1d3550d85dbd24267b
SHA256 2c7b8b5719b83aee64ee1de7c4e2e8e22e330dbcd744ace99256d0e5ada6b2c1
SHA512 afe0f9a7747b2e6d0ccdefdfc16272e0f8319f93704a2965262d0d360d6f825290e0f3f050cb1f8b2817765e100fba6f7a1c20dd940e6a43981caba68dee3b6c

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\build_def\linux\uiohook.gyp

MD5 bf791c9319e39cbb76efa38a00536f90
SHA1 94d74cec05d5f2896e851710cf7b55b758acc63e
SHA256 113ecf3727940eb782971a725e8151482428b536a0b55d4a05c0d2998de76626
SHA512 84cb8d70fbb48923c04d8eefbfef33707b969a53fffca3080e77c39e4db1c0897ec93af4d5e4cbb8dc991f8149d6079aff6ffa9e2a89f8a833f1a59399ec26fc

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\build_def\win32\uiohook.gyp

MD5 3327c57c9780d9968cf676f890f89e5b
SHA1 7794b44dc83aa1d5d7b8ea8d9718de7b988947bc
SHA256 03efde41aa10588a49d9517d1b9027096bd88cf7e2656d410e88de9bd616ea4a
SHA512 3dd53fa03202806b7360225cb7ae80710d9c09edfa77b4254e39ebb581805fa1788881433e1791ecea8d510f47c13b54a00accc9ef4b8619b903d0941fcfef10

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\src\iohook.h

MD5 793bede2cd156de96f72215fb7c24490
SHA1 c714d29620a745af2be776f5f7a9f0d793a82a77
SHA256 227782182d3a8676104a4e959f15fd8ca9de25540bb0130b62c55618de03ef36
SHA512 bbec9d718432566ff0aa36031dda3a52a29ad256539759e4d639837e82626d7e16f994b6575028fe239d31019430a7607c9b7cb8024233caf5705743b47c72ce

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 8090f82a02c6850cc7bd2b481a7533e0
SHA1 54a0b66d76c1b60e45e83ba4627299d0b2aae84a
SHA256 e9473ba82f6d8742ab74e67484886291aa69037db72e0ae256b19581de0b772e
SHA512 b2e3c57926860a7954ca6e426f5f2fa080cf6ccb5c4edd77f59744f240f597aa9613f46294e8b344db76b46fe78777b5016828b8ab2fc274ca107f3af7abd878

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\7z-out\swiftshader\libEGL.dll

MD5 acd46d81bb4f34912c255a8d01953635
SHA1 25969cc9e588e174b854566778f283f067c3c0c6
SHA256 bd1bc00a5c29726fb39645041fc6c8295256d90c7f739ebeaa8b6c382a4db189
SHA512 83692654ada422391b428953b2cec67048a171bbef4c59158f34607a762feac8a233b52ceaa528306cf103d9830ee38897afa996389e086d3778f290555a059b

C:\Users\Admin\AppData\Local\Temp\nsbA336.tmp\WinShell.dll

MD5 5c6b12fefc626a0594f4412b5be04b22
SHA1 b7e8af03e3f264fa066224687547de7e62318db3
SHA256 83d8c52c47d81dd019c8986deb1108166518248ed0d0c691906f8cf9de57a672
SHA512 b4306c41b1f60e9aaaf55867340dbb3648c792b48cee770202f9274e7fa94c144e1b619ece631f769e9bc3d6a2e96181bcf43bdaa5f19a68beef4996c3211b7d

C:\Users\Admin\AppData\Roaming\CrossOver\preferences.json.3177488518

MD5 146eb4fe475d7e4a11b5f5c6c246a5dd
SHA1 2f29bc38da245c754e7588e834757b499d2048b9
SHA256 41935cb1531391249bb6489af132210e0d89a681cc3e560260d4131d4a1ff18d
SHA512 75931a1512bb26157e8375d82750bae657eccbaab261d87737c9a31f1dc7ec77642d01780103762024fac1063cebc841ffd45930467d7dd7841d706c89512f41

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/748-1311-0x00007FF9BAE60000-0x00007FF9BAE61000-memory.dmp

C:\Users\Admin\AppData\Roaming\CrossOver\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\CrossOver\Preferences~RFe5818d2.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

memory/748-1330-0x000002AEFA1C0000-0x000002AEFA269000-memory.dmp

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:47

Platform

win7-20241023-en

Max time kernel

122s

Max time network

131s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\lib\NodeRT_Windows_ApplicationModel.d.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\lib\NodeRT_Windows_ApplicationModel.d.js

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:47

Platform

win10v2004-20241007-en

Max time kernel

143s

Max time network

154s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\uiohook.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\uiohook.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 101.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win7-20240903-en

Max time kernel

120s

Max time network

132s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\_nodert_generated.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\_nodert_generated.js

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win7-20240903-en

Max time kernel

120s

Max time network

134s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2404 wrote to memory of 2444 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2404 wrote to memory of 2444 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2404 wrote to memory of 2444 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2404 wrote to memory of 2444 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2404 wrote to memory of 2444 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2404 wrote to memory of 2444 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2404 wrote to memory of 2444 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

154s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 968 wrote to memory of 2064 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 968 wrote to memory of 2064 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 968 wrote to memory of 2064 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2064 -ip 2064

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win10v2004-20241007-en

Max time kernel

133s

Max time network

146s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\iohook.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\iohook.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:47

Platform

win7-20241023-en

Max time kernel

117s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\uiohook.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\uiohook.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win10v2004-20241007-en

Max time kernel

90s

Max time network

162s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1724 wrote to memory of 2844 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1724 wrote to memory of 2844 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1724 wrote to memory of 2844 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 98.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win7-20240903-en

Max time kernel

119s

Max time network

134s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\uiohook.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2112 wrote to memory of 3060 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2112 wrote to memory of 3060 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2112 wrote to memory of 3060 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2112 wrote to memory of 3060 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2112 wrote to memory of 3060 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2112 wrote to memory of 3060 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2112 wrote to memory of 3060 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\uiohook.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\uiohook.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:45

Platform

win7-20240903-en

Max time kernel

48s

Max time network

59s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CrossOver.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\CrossOver.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\CrossOver.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\CrossOver.exe

"C:\Users\Admin\AppData\Local\Temp\CrossOver.exe"

C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe

"C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe"

C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe

"C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1292,12800854450475240171,417149789378907115,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1348 /prefetch:8

C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe

"C:\Users\Admin\AppData\Local\Programs\crossover\CrossOver.exe" --type=renderer --field-trial-handle=1292,12800854450475240171,417149789378907115,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=com.lacymorrow.crossover --app-path="C:\Users\Admin\AppData\Local\Programs\crossover\resources\app.asar" --no-sandbox --no-zygote --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\crossover\resources\app.asar\src\renderer\preload.js" --context-isolation --background-color=#00FFFFFF --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1528 /prefetch:1

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r4---sn-aigzrn7z.gvt1.com udp
GB 173.194.135.105:443 r4---sn-aigzrn7z.gvt1.com tcp

Files

\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\System.dll

MD5 fbe295e5a1acfbd0a6271898f885fe6a
SHA1 d6d205922e61635472efb13c2bb92c9ac6cb96da
SHA256 a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
SHA512 2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\StdUtils.dll

MD5 21d805663834f61cb443545b8883faf2
SHA1 b222c5ca1e4cb8a7bff7eb7b78d46b8d99bf71e1
SHA256 c18b46a68436d164c964ba9b208e5c27ccc50e6a5a2db115e8fb086663b5308f
SHA512 37836150ef2837f69b82399024d0b93dbdac992971c7fe7b50959107c0520f5874d45f4230f08554514e3bd6a76d6e35c55c8afd53f993aba18f77475ef02001

\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\SpiderBanner.dll

MD5 4287dbf2ad9e000d8653137470528fb7
SHA1 d488ea09a1c35f9d773195b3cbdbb20e4878c0a4
SHA256 35a523fe649201442c9fa00d875cf9acf8ced7c11347726cc0c6df5b0eda9f95
SHA512 e5dafa93600e9c1e994b4e0131b841b2e14f76d874875926f90f1f1c2cfd9e2caa374a1f584594f41e4feb0c06e93115e9fa23237dbc31d3e1c208ad8d0cf58a

\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\nsis7z.dll

MD5 d7778720208a94e2049972fb7a1e0637
SHA1 080d607b10f93c839ec3f07faec3548bb78ac4dc
SHA256 98f425f30e42e85f57e039356e30d929e878fdb551e67abfb9f71c31eeb5d44e
SHA512 98493ea271738ed6ba3a02de774deef267bfa3c16f3736f1a1a3856b9fecc07f0ea8670827e7eb4ed05c907e96425a0c762e7010cb55a09302ca3cfb3fe44b2b

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\chrome_100_percent.pak

MD5 06baf0ad34e0231bd76651203dba8326
SHA1 a5f99ecdcc06dec9d7f9ce0a8c66e46969117391
SHA256 5ae14147992a92548bcad76867dd88cdfcdb69d951c8720920cce6fb135e3189
SHA512 aff6616e56781ebb925a0ca146245ad3b2827250b32261c0c7c0d5b10b20a343a17fc3761c95d93104163e77b2eae3f1f9cbd3cb2b377f49b42bea39bdd09b91

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\chrome_200_percent.pak

MD5 57c27201e7cd33471da7ec205fe9973c
SHA1 a8e7bce09c4cbdae2797611b2be8aeb5491036f9
SHA256 dd8146b2ee289e4d54a4a0f1fd3b2f61b979c6a2baaba96a406d96c3f4fdb33b
SHA512 57258aa169bec66abf0f45a3e026bb68751fb970b74bd0cb465607fa3b2a89967e832d92d8f675f0449bb6662fcb7786d05f0597124cc8e18bb99a47245779b4

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\ffmpeg.dll

MD5 eabfc10d56cb44a86493cb2f8ca7aab2
SHA1 09d7e87f43527333cd021329d6c2f4e8bd8ddab5
SHA256 42a2a996ac433ac33a22776b8418a82753557093d90147b7951138b5c83924b6
SHA512 ee31e3539fba9e5969a9f38c428f586de2dd7630cb5d8c5e3c2c934b5881f8176b8ab6ef6397c1ce4fa6ccf3ee9615225c7afa0e0b28c6fc23974e8b96625dec

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\icudtl.dat

MD5 ad2988770b8cb3281a28783ad833a201
SHA1 94b7586ee187d9b58405485f4c551b55615f11b5
SHA256 df876c7af43ed93eec6aea4d2d55c805009c219653cdeb368f1d048f4922b108
SHA512 f27e542a9c6c60fa28c5b7cc2818079341ef93aef3bbcadecad2dc11aff5b1592b19c7ebfa543ea42a3cbfec26a668641b255545fb0912056e25e852c2dedd01

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\libEGL.dll

MD5 660a9ae1282e6205fc0a51e64470eb5b
SHA1 f91a9c9559f51a8f33a552f0145ed9e706909de8
SHA256 f2a841b6ef320f226965c7cb01fbc4709fc31425e490a3edfa20147ce3656c85
SHA512 20bed2bed042033e3d8b077f9d66bce67922aaec180cc3777f20560219226b7efc73932bb87445afda4e3877472ddcd307215d23954cd082051437e5f2224263

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\libGLESv2.dll

MD5 bc45db0195aa369cc3c572e4e9eefc7e
SHA1 b880ca4933656be52f027028af5ef8a3b7e07e97
SHA256 a81729fd6ee2d64dfc47501a1d53794cdeee5c1daa3751f7554aea2503686d10
SHA512 dd8c39947e7d767fbdccf90c5b3eaedf3937b43c55200d2199107333b63ac09e5356c286618874fac841e1357dd927e0c70b5066c1feeedd8cc6c0fba605ee5f

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\LICENSE.electron.txt

MD5 45574510c534a8195f53b30e3810239e
SHA1 10bfa95a2f25df14dfe6a55a9e73d9fa5becdb60
SHA256 c44607a865e7a6db05552baa0ef71f9887d96acd00d123854b44996bc27c0e33
SHA512 b59d4c8e07748b68da51b2163a2ebafd51cdc546a1776a1105c19f6727dad697692d4fcb137578bb43dc615342a08c2e9e103384b80fc81c3c669aecc9c443c8

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\LICENSES.chromium.html

MD5 d4a79b5d46f0931b9eb7125fd40baff0
SHA1 3a38fb263dde2251b9fe157b5fddec7acb07c53e
SHA256 03f1d245e6a2facca9edbdaad108169e0765dd9101875bc2d123797994b9e80f
SHA512 17cf94805f11d499ff12d8e42cb262ceecbeb265f56338e0837d291f6a7ed7f8135a025dbe99fdb2e2bb299f2267bed9365976ea51269aafd4c3220cffef9339

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources.pak

MD5 d13873f6fb051266deb3599b14535806
SHA1 143782c0ce5a5773ae0aae7a22377c8a6d18a5b2
SHA256 7b953443e3cd54a0a4775528b52fbfe5ebecbc2c71731600ed0999d227969506
SHA512 1ab38fcb70d1958c74da2493459532b52a04b884009509a1ac8dd39f6e9e670658a52f4d19ef57f1bc71dccfdd6ceedbc18034bbcad0b500d75a97c74aac6939

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\v8_context_snapshot.bin

MD5 c2208c06c8ff81bca3c092cc42b8df1b
SHA1 f7b9faa9ba0e72d062f68642a02cc8f3fed49910
SHA256 4a67de195878d290f49b503b83e415917b8bbcbd9936b07a5d33b48e9bc6e0a3
SHA512 6c3c370dd086a976c44d4059a315bd3bcbb50961aa34734e65a40d861cffca9090d47cec74575afe23952e394e4845bda2d8798eebe01fb54a7a6288bce238f5

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\snapshot_blob.bin

MD5 db29bb80c7dd644cf9a48f8086dbcc90
SHA1 51d55dcde1bb3aed9f4f130e00020f614f2a8fbf
SHA256 6cc3d838a2b7cf5957802d378ba353b502e8a80b39648213285496a83825a702
SHA512 62e477809c7e4c202d99d1a05c6b6d9e89a307298d783a161bdae1af6f999aa4a26b24de63e94fcecd050aa4fda79fda24f081fdeca56e47e9392fe3d22b6c31

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\vulkan-1.dll

MD5 67ebd2114a9c3a1b2ce2635f21e100e8
SHA1 15a8315b28dca9d7b5c1f604882050714f130718
SHA256 37ee8858cada6db0e511d083ba0729282b004b7e239966521300955ad8b1b18a
SHA512 6578d098b657ba4b28da60f338e033f5622e2fa9473d1833af85a44b314c1d662fcf12120dc466c7c19fcd5901b012f1f8ae7c9ce65ff8155ecd68714f25e102

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\vk_swiftshader.dll

MD5 df2f469b761a706fba0b50149660f7cf
SHA1 2f9d8cb92b6e321e24a5437a1f77745a3507e7be
SHA256 be1e1dd3897dc9a997fdc5b3216f9af24c20fc678963f7486b0a6dae8900c274
SHA512 827e979f573f5cbbe6dd3c6bbe4414ab0d292005856b651b157f150a8d5605c3e77f76944dc0158ae9c632bdc31c243b1e9a467f03d3d3ddb08e95ff5b2e1347

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\am.pak

MD5 e1b02b36ce38a843a12867d2700a1bee
SHA1 4e165fd9290921b9acbec8ff24e6987f36a2f3c3
SHA256 e9c78c2410d5c81e0cd5d122462e852143eea15ca69cd01b85322cede1e10806
SHA512 46ce9cc38ab338187fbf0c07a8a9fc1a96bb1d9181fb3b26741ecdc5e1b9fd2ac91b3b9e33d149bf07e6ef5879f72a589954e9314b47fd7b833677384d8b1933

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\ar.pak

MD5 985efad36a2c07c95fc304319d6cd1f1
SHA1 6bd0adbb16ca511850df5132d78322bd7c525a6c
SHA256 1cdef40ba8343e7f826c2020906915efaac5e56f543cd2ed6ebf704882525d8c
SHA512 7176d5254dad1ef91a428087099b1729285c5a58bd2f0b20e51b340d298973be2e36ee32128f71948bff3b013f42fcba01f37eff8f80bb2926695bfb65a02316

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\bg.pak

MD5 26a0431ff9f22716c55f68f7e164c595
SHA1 9e9924ad447907031bc9d1cb753e0d0f66125b19
SHA256 1bb8c5ce9215d42ba9ceec52f86fbff46df668ce48ff56bd1cbe96adadf4922c
SHA512 486ab8c00646afc60193f97583324778c9010e0cc3b4c2f74554c25515c1edba92d83c44bfc6b364b388621c1631f2f51de19a325382ca5e668dac3a75bc85a7

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\bn.pak

MD5 5d7894bc1947927acac8491e1036d44e
SHA1 273b9438740d379d1a20a7c5ed4275940405a44b
SHA256 f7d704207cb3340f1ace2f2e5af031e816bb86e4bf3f665907d837d094bba37a
SHA512 6179ce46ba48fdd110a8c7d2ae17b43b064b45d147b18e9f20223c845382dc01e0e4f3fbe549ce3a23b6f46e59050f9337465d73e748003a1e650bbfdfd21b8a

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\da.pak

MD5 55a82964b36308b838d627e7ce708078
SHA1 c685eeae43f85346fc984d02c9fe4120f8b5467f
SHA256 1d1a3e38ddf282969bca2a5d893b3db4a0aed10b53eab37bb2dad7d2d18c94de
SHA512 57f7a23db6ffeb0be0b90005fa8c4ca22294b27da7a14e6afd70ac417b05122bd3ebacc41a168e28586a157521ca0e3093cb18d4bd7df71cdbc0f95b2925ece8

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\cs.pak

MD5 b7ed7dd838c0c0980d7c011a3cef03b5
SHA1 d752b7e7098e5cb2c894ac35591db2852946d497
SHA256 9651b8f3304c70d96dcca76cfffad90ce8afcab6231ffd8e4e9beade3d510841
SHA512 23a6de6b8093c8f87e84ab7cbad1910a96f228900967b16cec9852fe88f756be7d5fd45b45b4f0b4caa4db05aa315f21c73b2c1c6c32e11d55ae6b810dfed49a

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\el.pak

MD5 5949036e7e364f5c97fec60c80a4740c
SHA1 6380125302942906a7ffac45c724c9a1c392a50b
SHA256 a3431d3ac720f871c33d7e522cf506b2fa8ea1872bac02a4b4b427a6d063af38
SHA512 017fd71ba9ca2718e138fd1baf8893bf0e6ae86d947774671a72ffba6bcf330d039e313a949ca3c869186155c7243059885931a7de0804ed9ce4faf0989de94a

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\de.pak

MD5 9b1f23b3e07d947c0227f640560bc0a6
SHA1 17908d26037c885655a40e470fdf004a3367ebed
SHA256 e71f4320553f65cfd0356a4b30f3aec2eec7b4fd327866d528917b9909cfa761
SHA512 72de618027466a819692425fa028d65d432e825f6eb9a3bc100dac808c4e8acaec7c515a7d7674f04f0343edff731ea07381a5159b817b86d07359e324bd829b

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\en-US.pak

MD5 bd8f7b719110342b7cefb16ddd05ec55
SHA1 82a79aeaa1dd4b1464b67053ba1766a4498c13e7
SHA256 d1d3f892be16329c79f9a8ee8c5fa1c9fb46d17edfeb56a3d9407f9d7587a0de
SHA512 7cd1493e59e87c70927e66769eb200f79a57e1eb1223af4eb4064088571893d3e32cbc4b5ece568fd308992aad65684aa280dc9834f2b5d327bdee514b046e5e

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\en-GB.pak

MD5 32f8d0492b73ce67df70c2f6b65a9db6
SHA1 eb7cb21681e65869a931f50d83b19d06f60d28b5
SHA256 c4fdfa9c6f30ad657bf12ccb95f70542a0fade45d8490259a4507629f4b33299
SHA512 04d80661d37c5c99657f9ac268674c058fec4a25fd9aa30c0a2113558e51aab4cb2f01baea3d8625d744df29575944a19f8575579f872c0716876819e933d693

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\ca.pak

MD5 d92f01e66dbefbe28d9ddc0a0b318258
SHA1 8c2b07df543e7b523ee6a682450eb96ace988c46
SHA256 14e99f4d94868a454f40ee8e0f62d056e0abb303caf6e184a9a61bdec18ac271
SHA512 0a27d8533128cf03568e8b1e8223188415429a8be8919cf3f81bc041ee93fb530d465d1a8313876c3db9c83b9dc04cb4ea0d9bab0dcbb3373813aedb5803725c

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\es-419.pak

MD5 a6de020b1ec17664d99aa372dfc3aeef
SHA1 b7c2e6af4854252df86ea49c625f15ee094c891b
SHA256 64df687bbb37bcd92e609f7e3bf950ee5629b693ff8636607285f5753b1bdaae
SHA512 6af0488ea1632e6aad16b149166319dd9039f00da56c740c196dbcfc5265a0c225581450efe616e0d9a82e6d6a5bb50f2e0ee90f095628dfc5acb9f2d160193b

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\et.pak

MD5 ac38b14b7663b5e4e98baa6bc47143a1
SHA1 d41c2be94d6b5aaeb23c17b9a6c453a5ac9dceba
SHA256 b3baf825f9b237565260ba2935fe9acf2ae381e3bfc6fbf837dbfe6fb83314b5
SHA512 930a9ef5b3cfabec18b18b52d6b3da8f91e6c4d4b03e311ff34eb8f5af85c6b91077c7cc1bda609f114935d6b287a503f5e1ee792548cef0a5686bf4a3c433d4

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\es.pak

MD5 06a2c6940def84d9327083aee446f446
SHA1 a542fd511568ae5f90e86259d427b7792ec52d03
SHA256 eb22282dbf211f64142ef4dfac2c1d811d65decd617c4a3d1c892967dc72ac07
SHA512 23d0547ca962419bd6013f094de67a6f20779440674fef3bd38ae613c72daef6072a217d7832e1c62dd68bdfdb1eeba241ac302f72cb710015d8924f8e6797c1

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\fa.pak

MD5 a6c8f787f9f3ef00bc38673f806e69f3
SHA1 6be8d4a7afc97748b1bf619d10086a6d27c1a519
SHA256 8ea08e9874892edefcbdc55c393dc00fe451f3c7f29b57d7105377349eb4bfc4
SHA512 64668ae3d459c95f22e580c2f637c8b739ecd7c177243d505544b4b55f0c70710cd99ac71215412d04845e170d47e7ef69e9cde1e698c8898692a950619388db

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\gu.pak

MD5 7e5416a501994ffbebab3edc57756b3b
SHA1 c350fd10c8d7584f6d92612d9afce4c62e0e54ea
SHA256 a49597e67fcf93448c89e07f9cc3519b3b1b77505bc30adf3f25c250718eec0c
SHA512 611276c8d8a42c4258c9ae33f3e95b9b44932aa04c27d985dc70893cad75135b9d4ee74c1bb7c96449053debf5e0cc2e261ae1909b0b13126193b955069382bf

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\fr.pak

MD5 5d2e3041fb2154b01cfc628935aeb183
SHA1 620a2aaba08d430251e408cf99186ae0439f8a60
SHA256 b387afb8c8ae3c3ce90728fb7eb39a39ec789c6e7bfe4dbd2b5d49e72434db1f
SHA512 8709fbc3e63e94f61918872128134bd3636ce69765437272c99f1529801b97283d4baa4b3e61f2dea73cfdecae0321ba30c903d6055068d62d024843d6213974

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\fil.pak

MD5 91e33c418c453abcbb8ea4fc89d4b673
SHA1 11a4293e6a1e1a9dba94b80ab812f305bf70abd9
SHA256 75d473ffd351a828bd7854067ad986908efefdfb75800650587b8bef09f9ff2a
SHA512 b77b1533fb26832f9de21dc361ad58088d7aedf26bfb1111872cbb1b0da8b8f9061b8ea9c561fd645b8d683110998c71acbfedc02d9399e4f4aedb8c717cf97c

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\fi.pak

MD5 8cb6cf7f173c2deac78fa136c8eb94c6
SHA1 c873e1cd9a2db4997683574f1a6fa2f6c53143e4
SHA256 bfc24d41ea8e362bb1a18c11860d2217fc100b1a422cf54629c7d0c6640d5ed7
SHA512 e8600b3fdca4c0c0f27d3959087616235c537b8ba6cbc85177cf96f2a9b50add40989d56c9ed92c5793fd3b55515ff611a6e273d622a1c25a301d35cb52d2d4d

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\he.pak

MD5 b73d141efba773482bcc09853c4598cb
SHA1 b1768edbe4c2efdb39a3d5629999bb9f9280e595
SHA256 7420e94f19bd61f33950e120f29c9783305f218d089f0a7d3ea3451655cdda1f
SHA512 f61e2d92dd77a24301d9c658560fcc9ceeb59a7ddf3eebf1872aaef2de5f8607b95bfef61ad386d5705c796b032f0471a85d43dd2a5e6d9da3725e466382b3d8

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\hu.pak

MD5 0b3b9d23034926aab2e6a2f9795ea640
SHA1 01ead327ee1a66e0c741e411c4ba0185951c36c5
SHA256 030cbf833a350946959afa0d2b699512c0b715ff7b38b613bcd16b15282b940a
SHA512 15ba2136cfb870dac7bd39f287b35a756817d05003d545063b4e8f8e99698f528ccc652be83c45f6dd8b125f9f5eb7ff8bff8e95d4569542954d47b38774f3d3

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\id.pak

MD5 978465f6021894f8f1eb0db3719cc720
SHA1 da37cc7d02a2ec1ef136127314a994316f1b9c62
SHA256 d12d87d003bda037b411daab09d1698671f8284e4297ffc08b0558749df6495b
SHA512 6383ea1e0c731ca93a9a121e4ea919b4be9aa48ba3e288ab511dc8ab873a3099f683c9c665c3dded79ee74bfd9729623d9a8fe323d2085f4d81dcbe6cf104dfc

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\hr.pak

MD5 0b263bb9ce59ac162811f06f441f5944
SHA1 073d6a9de44affc840c68a0e8c5562c922ba1582
SHA256 e55d011ac0cc50d33bf22d43a9c5a6b59f5c31bd2884789efee124929be9a7fa
SHA512 64d69dcf063e4328ea3874ea0d3c29d2387117cd3927096dd6ce12624f802ccac4cdb8157757d70be8656c5a9757538f84d946eff48878c4763cd2bfae274d87

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\ko.pak

MD5 7f61b6f66e6d22083bf0b2ca8b64309d
SHA1 748a0198780c238346781a0c1df3d84963591877
SHA256 99addd110ae7ba9fb37daf5c32ad2815172840764da0c71d0304dc9562951d61
SHA512 3945e3821cd2f4a420770182ac29cc2e2db72335d934ade001c196357dcbecd33428689a7588f62e7b845f63765fa102ddb6aca07ac7e7b7104a9633015126da

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\kn.pak

MD5 f83907e5b38876e6c50480f727fc2497
SHA1 517f0d01d47c6838e008dec87f089ebfa1b036b0
SHA256 f25c8b41249c8f54224702795644c80bb5a7eaaeb6f0af5b6a1048960a27c827
SHA512 e4c1c23cd72197616e3e7a9fea5924b4ddb01d717810bd69937de49526fab9f3f368df896771eca697de77cdafa2207992cbc77a448082d65ae25894484131a9

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\ja.pak

MD5 25eebd1c10519b8c1c01d05c5a9c75af
SHA1 aa06f180ea9a48c7e032e52614bcf405c4dbdce9
SHA256 4d0910d196b6b5652e3e5d677ddb048b8dae1ec974593484df2838093c96fed7
SHA512 d278e262df63b2f816013449870f096796ec70eb0acfdc5d0700be07dd70fa87fd8c1f08fe112a919904d77bafcab0519ac13da82de1c10a03745c59a2c0bcf7

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\lt.pak

MD5 99e0e932b751c50565af36025523fbb8
SHA1 1e5d3b2f722efe60d4d4f2d81cc5183309313547
SHA256 9124dc353864cf6570580ae3afa0a7f09f5e3d32a61e71a64ff4cf824ad4fb29
SHA512 a94b4565acd04ddd9265de072fb2e1887c21dfa251afbf76b30824cf9de84791ed3658c6f71be17366cbc0b7f73921e045ecc125c42bad3004d189c7943c7f3f

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\it.pak

MD5 f89173cbd42ec09af2fb0a86aa5395b2
SHA1 3dc7ac0c537e2ae37c579ac7352330bd3bccab3f
SHA256 266f501703d3899000d5eb60d55ccc8f59f186e862a4a9a34910e81699ea289e
SHA512 41cf233eacb47680f3d8a17b9cad17ce872c6a9c443929de776a315c0436568e8150ca75e7bcd46ff1a4814517a8c78d7694dffab00509977ac7f45676d54dcc

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\hi.pak

MD5 262a8aef9a1160a55b193c4a0caf0e73
SHA1 5ce45534b4d133c7f65ee03b8c2e14f3a7afc209
SHA256 acc53ca41a9a04a57c1f18fea58cc4329b8add0ded37f9f7d7a73584a910d6c9
SHA512 6b8b910588607bb080e66384c10e8d72803fdac3b2acbc65dff54ba32563a0768dc11af6806fabb82f7bf877333f6dd30d61a6630ef5b2ae291fcc59f3246fbf

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\lv.pak

MD5 05a27f135f550fcce9c1359730aa334f
SHA1 1e23b09f0f7aec17a64c9f09de1955ee6bc5112c
SHA256 6861e9a4e8a9f2493f0103afa0f860c280478a64293a6de883ba9cb6a45776f6
SHA512 980c32e547fae231db2758978811d49a9a631ec95a3e47f257e1387f276d94005925ec432551368eaf3dcd310cd6219902dd360aff8a67033797ed3e7fb519c1

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\ml.pak

MD5 7fdcd82db37be12740f93b8511055703
SHA1 606547e1cf56a68df1299bb962fef86cc6e99e20
SHA256 cc9fd4f2d44df646c6117465f820ad390efbc9cb64eb4ff898a50cdfef8f324c
SHA512 f92b42994639f48e5bf949efd6b483b1502c6204d15cd32ad6fd53f0f76886d10caa802fba7317421225a214c479fbb1509a03b7f4092b0b2c47f68ab7615848

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\ms.pak

MD5 08d7bd42520462f677a3b8204feb1777
SHA1 0dfcab20465137c4ee25f285f82a499b9aa3205c
SHA256 f4f6362d9963b7d244e29e85c7ecda552ff7756621f6efc9f3b6f12940896a81
SHA512 f48373053bc7bb197308fcc3133dda664a7d1babe5e188c7498be3396ee94e43d27fd2ef233318271cf11e1ffb75dae3d0ee83f78b590690fdb84e1d0cc832ec

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\mr.pak

MD5 be54eb7b1f16378e07d88072912e0119
SHA1 d54ccc3aabcdf06968f6cbbd61bee3b316d062f9
SHA256 5f1ffe801f3701434a73d3ad3d04e9fcb6238f0f3b14e9325413910799954543
SHA512 07fbe367d6caa27e24b66551f1d6fedc17702a39121c48e33d2bb6547214aa7480ac8ec8500f1f3da7c064d1174270056d6f49757e9f4d67fc44ea5b9eae993e

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\nb.pak

MD5 fcbf5dc281a9ab77d7bb03751b9563e4
SHA1 e4c4e499431a3e693bc262a25ac444cbb9ef1ba9
SHA256 efc934122d4232276f9f2317e5906517bd91ec2a6d76995fe8aae04eff866a50
SHA512 502eb74466ed1efeb61688e7b5f6904014e72be9f701f18ed49dec1547fcb6303fe816e4340b97b410cc1f76bc715cd836c3adbc84cda1c8ebeecc64a0f477be

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\pt-PT.pak

MD5 2ae2e6ebb6ecdc5dab094ca28167a27e
SHA1 499c9a7169ddf760d9395b5801aa90632ea6323e
SHA256 7f0b86e4f6391e48fd045c8b967a1ad33d9c54f5a6ceda98d800c254dd2ec059
SHA512 9b3f6df3d9d2dfbb5f7319c41ccaeb66ec4d30b0c0c505ecf6031abb5e36f95e0435d91d0913def09d13abf38488a9285e170d502e3e3ab2cb44effbffee3f04

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\sk.pak

MD5 800dc45f273a82862fc0b0aae4f3e908
SHA1 8cd818ee32f9ec697226659b3b86df2ba35d019f
SHA256 4a09c8f22d1fe71cdfd0149599c59ec3059cd35f7dc8f33f22f967a237f7def1
SHA512 6fb7674ddb299efe896f3c0f2255295d0489d86f1bc492fb95d7e9eabd63847d2cf162f008e7e715a6fd3a409a1a3d6675e095ef910f52dcd28e302627f09ea1

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\sr.pak

MD5 e64fbe3d0a19f6c48bd7f81a093900db
SHA1 a63d6e8c469dac2bb68f1ccdb43bbb78a769f210
SHA256 362a50ec28da0af4c6b8e282ad64d45298b939a03883de22c5a33adfa919bc74
SHA512 390690233c9b89eb9fc962e95066fee0e8b2356bd9816025f7f3218e442324edeec5d1e4990c073e965c66dc6126136d975aa3deeeb65b090ae6bb0b89415617

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\ta.pak

MD5 1518a611019dbb88dbf9af005d31cc2e
SHA1 6ac31736c93779f279bf893f869f6e0a251d9766
SHA256 2363b6a8cce7868830915303dc2825351e7ea9dfd98568e448cd8b71c7ceef90
SHA512 341fd001613772a495909420bfae00439bd0320a27d7ed10b7e76f64634ee7f9a36751b24388853723f41850d125060f7c0ca6aaf6ff0f768c5fadb7f5f42b9f

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\tr.pak

MD5 7c897de0ad3c9d9da88ffd01cc7a6e99
SHA1 4864bf127f5de75c9f3a2cd4b13b6cb56c3c0a14
SHA256 81694a8258624f82dfbe0af43aa0ce5fdf1304c25a2f6735b972a2a29beb8e15
SHA512 2578bce090dc69d9743684671bf6ea68efff7db900128ee0703f4eb3c34db2a92f0c805c6febc8a978d1488511250e9f133d500c551cea22d091a9150f0dd88e

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\zh-TW.pak

MD5 4bc50b6f5c29ea7cb60d5b79147326e7
SHA1 c22a956b438fe25987ffb4654321dababd49d1ae
SHA256 268041a1a95dd540cf7e92a01802b65df8c8d1c80726007da1bb8a9cba6e5414
SHA512 4c65d6d3b3db84412a589ea5c9a19e609d4b47e37b752d4231dd5ce02d5ed8a9ad4eecf23e321e4f48eb96c1e14f2da2a38057e6ca4079d0b025a2266783fd85

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app-update.yml

MD5 9f605a6584b698c9ed18ebe2d79228d5
SHA1 bd4f0894d0b2220e1327e8f9aa07da3fff953399
SHA256 ad5d37308e15be2219e0a078fe88fc7977618528701e13a89cff23c5788277c5
SHA512 c12bc01449b0b776c094c615e29ae0f0c01aeb905330dc2f2c28e496cfdfbd1e8d6ae7822206522bea64375a4eb65b458dd867bc7878d9c1bfff9561b122434e

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\zh-CN.pak

MD5 dc160104962893fe87f3a5088a78926c
SHA1 775945e0c70ab40d2b7ba10e58e7e0f857a95021
SHA256 44a9dd0a830ce2feeb81523cce7fae8a0a553f05921b34d34c7826d50ac3a1b7
SHA512 4b6bebf59513c27d5e022ae01f15fb0ecec0be4b547a1231eaa79555948c7ce92f08a7b6ddc6cea7484f945afd2eed5a29acb98afc568d21ec656b076912171a

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\CollectionsConverterUtils.cpp

MD5 e675445179139ff54291eed1216dc99a
SHA1 e694855ad009fd8caac77ffb77032bf87c62fe27
SHA256 7ac6d302c5751c8722d698dfc21506c4dd78a109aeb3f3269dd339ccc572ed37
SHA512 51a1ff585ff042181e6f8b1e5b2eaa719af4856ba666e444cdcdb0b6dfe550e940b281c6414fa4740f63c0ab8191d438c84aa5683d0cc95a0a69c416fde91fa3

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\node-async.h

MD5 597a56960bf5ff7802c3ebb1e2a1930f
SHA1 957795b4b5a6ee9938608f9d1c9fdace53f70141
SHA256 89cef960f5c1c27c6d75f87f4a05280e309ae9b1abde6b4e442103bd2bb43add
SHA512 2d5b011151e15d20b155e426e446ea8f2558adb4ea64dc70fae4afa93da5b5b3439c81231965fe8d2c36cd2c7ff45a1374059b2f7493c8eba88bea05197e4406

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\_nodert_generated.cpp

MD5 d37dd9a79b211d29ada1402f4d3db138
SHA1 27114403eea9e46fe1971497b24412f025ef89e2
SHA256 f0c74e398831d58fccded2b4653a4519474fb1d9f892ce120a3919db72324cef
SHA512 ff71ad5fd08cae9c5207abf792759023d8b637b1f77a09111b57935b312168bb6313d81d5af18ab99cfa42fcd3d4d59fdec63086af73c1a209854ba406b8e009

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\build\Release\binding.node

MD5 76be38e4d7dadd409553d5971c98601f
SHA1 5afd4ef47f735a2a6b224781fae29a485efebee7
SHA256 29c72429aab0a0df1c2984b007bd4cea56c087c18fcbc0c773cf70ff08e94f60
SHA512 35f04a3f7f55854dd8fdbc5767eb46ab41c8cd4223f5ffaa7de0d95880b73320b1cb0bffdbbc763a197eb7b69401b6501c1983a725300cdc1aa7c1dedc1b7c81

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\.nvmrc

MD5 367764329430db34be92fd14a7a770ee
SHA1 030514d80869744a4e2f60d2fd37d6081f5ed01a
SHA256 9a92adbc0cee38ef658c71ce1b1bf8c65668f166bfb213644c895ccb1ad07a25
SHA512 e549f6070c123cf545d7205b7d00bf9e5ad4a7e479b5f852a7f98a770c82f1af5ef8fa5f8bb5d262a697dd28130c9cee023fb10b387f4da4c36b0a5a1ee88c04

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\helpers.js

MD5 f156e429c7d4f3ea433537e28c1a46f3
SHA1 baa1daa4e753821ff5439d9845d0f36c7c82c250
SHA256 cbb5bfabf0c6284c37c3e9548920a85760b8f19a22190e66db2b9751e940bb98
SHA512 3a508918da5330e9d3784902d6919e3cab603925d8c3aa21b468fec7b71763a30bc5d8bbbe1aaa85f5ad346fbc3cbbaaf4937235df66dd81d0e5bceccca49819

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\LICENSE

MD5 893f5e36706da0fa5c38aa5f243589d0
SHA1 848679cae3c761b7f7f661f3805bf997d2f2fee1
SHA256 f98c13fc55febd7c4e2ab4d2185765696001ae22a7f9a91267d67efa16f3a178
SHA512 5a8e2a5e971a6a748d65c245042b64e0f24e9ccac8dd47ec6b93736b818c235c09c23637da6f3258f4f4d532102569543e23d50c2fccc5ff37080efd4d7d3075

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-darwin-x64\build\Release\iohook.node

MD5 b7979eb403fadbf05aa746d11067ebe7
SHA1 4f80eda8dcf74945c94483744d414f5358cea4f9
SHA256 4e9f6b6047b5b5b86c6eb20407c6bef563df06cc593312365906a5695c2b712e
SHA512 22b676b0c228872b156f6a370d665701b278d8933b073013f186e547cd25c34c46ed18ffbafd48170322d4e922053f2a53b346b6338d3692eaff7d0ba661d785

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-linux-ia32\build\Release\uiohook.so

MD5 6ca9899c280818906c76807605fe00cb
SHA1 7ffaf2c863f20c057fb38349dda96fbcbb67fefa
SHA256 2fdbd6a76a5e0cbc747e77f4109a84e92abe1aac64dc4f8995b082b87f47ab93
SHA512 c21c2c5380b1c5d1807e963e27a557500c3c8db28e5c7ef19181cc83dfc88a4e1fe31dbfe6313eed5a7fc0e94380bd1bfe981a0b39ad34e20a198f718521b7db

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-linux-ia32\build\Release\iohook.node

MD5 500694c8b0ad3f4719099b6def21409d
SHA1 ba68521b75ef73a261e25a438aad847679e2f7df
SHA256 2706d0878062208beb8e12efed952a6fe7628b245c73ed27ed5dbc4e866845f6
SHA512 eab4a47892f31773115f2dff19e6562904a15166893d8a984f474e1d387af3543092e8c59095f730377f3104e89d47af58f8654a81de6ba6c05a15217e1ff8f3

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\iohook.node

MD5 3e4049c4023d3758f9c3454edaac7990
SHA1 f526da85fd10d6efe4c525406fb2c493c9064b90
SHA256 114a97a0c6c5f8016d5c720fbfbf9911972651cceb3b4f0d43bfedec456b08b0
SHA512 0e7f89f3cdef3a463d11addfd8a49effc1ab4cc9adb7a83dbe3c7b39d698169f23e77111cb8dabea6ff9b61a86e27655cd72656c2801828b05b0dc7af5f6691e

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\iohook.node

MD5 72d0e43eb061779fdff81523bfcbafb7
SHA1 8771eed6b959a9fff1012828fff4e9d120d07c0a
SHA256 426f0fcaa3e30b37cc92f3ee69e15758c272fa6039f8796582ccf0193b216133
SHA512 7aa6b39f677aaa7d62c10c81b68bd51882501e5f3ac3d2f5ede42565716a3f6a31e0822474171d2a584393c34d41d93c9add9f6b41aaa2f23d2f75dfc0e2e418

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\uiohook.dll

MD5 61e0db4335d75161045b87bb49dc350c
SHA1 f8abd7e277d83ee230205e11c872c27d09b29914
SHA256 1d3dcb5b8d0935209ef23ce5bbfa4802cceb4f9d0de53bb0d474141700d93038
SHA512 2b3815db45c84b30ba3186e4ac3de4c4ce97ddb4b42d7ae0264071478805cd69599563f097f5f9b22e5f6ad50473241592f7dcb88935b2cfe611cca81448d912

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-linux-ia32\build\Release\uiohook.so

MD5 f92b21c4145b95b80986b631e1f352ad
SHA1 fe8c17f6724da5f08a71363ff7300274603fc645
SHA256 26ab014e09c917865ce4b5e25e5683867e29ae1e273b690f5d9f0c018a6c333a
SHA512 371f426d13c3b519edbc23def349eb7f8a02445aeb1a9467eeefb73b7b86b00e78977bd0dec43eba46e60cec0be358f0863ee944104ebe97abeded386a671ba1

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-linux-ia32\build\Release\iohook.node

MD5 3fa7e77cdf682cfc33deedbc9f302579
SHA1 80ed42556e08b7d19f064d0fd62110eb530acf30
SHA256 34322c778867362102cd7adb52eeb64e32162e13d9b1c5039ff8e204c5990302
SHA512 bf282f6b13e91848cf2c41714b094b4abf9f5ea3a4b64afc19ef6f58b935e0f38399e7d4343316575e92f78b54810d0d661092d68f5d8f05892f9fad7aabe6ab

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-darwin-x64\build\Release\uiohook.dylib

MD5 7a66adb9e7283884a410abb6a8625b13
SHA1 8ffee87abefb781e3b2b265947822585019faf58
SHA256 32412f4a443afb581907cb7efd7f10b66a6f73ba459c09deb9629a7f2b657853
SHA512 89c9f60f5582fa0917e8b690b8c077e3f57090357509272ef0843151b67a38700e76c588e807324ef38bdd4d8ea081c5ab2f0e7a84f981399076ddce5fde7f2d

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-win32-ia32\build\Release\uiohook.dll

MD5 30ec860487a4437994df279b0101a913
SHA1 e47a4a3ba57f9de5cc727948a3e820d89fcc4482
SHA256 bd58939cb799a927b46d4ff281d39413800172d73f5deb4bc895a100a56cf7c6
SHA512 6ec811a6997f1076f6f122d8392b754283605f09d4983fe2cef463fa0c7cd07cbaa507ba2609a453b9457f82be33d4c2a95860f0fe8e5cfee8b80c3e7d7e84a6

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\build_def\darwin\uiohook.gyp

MD5 7c3acf7a192b329a31c4c9217d1ac98c
SHA1 f16b85a74521ea4960c42e1d3550d85dbd24267b
SHA256 2c7b8b5719b83aee64ee1de7c4e2e8e22e330dbcd744ace99256d0e5ada6b2c1
SHA512 afe0f9a7747b2e6d0ccdefdfc16272e0f8319f93704a2965262d0d360d6f825290e0f3f050cb1f8b2817765e100fba6f7a1c20dd940e6a43981caba68dee3b6c

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 8090f82a02c6850cc7bd2b481a7533e0
SHA1 54a0b66d76c1b60e45e83ba4627299d0b2aae84a
SHA256 e9473ba82f6d8742ab74e67484886291aa69037db72e0ae256b19581de0b772e
SHA512 b2e3c57926860a7954ca6e426f5f2fa080cf6ccb5c4edd77f59744f240f597aa9613f46294e8b344db76b46fe78777b5016828b8ab2fc274ca107f3af7abd878

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\swiftshader\libEGL.dll

MD5 acd46d81bb4f34912c255a8d01953635
SHA1 25969cc9e588e174b854566778f283f067c3c0c6
SHA256 bd1bc00a5c29726fb39645041fc6c8295256d90c7f739ebeaa8b6c382a4db189
SHA512 83692654ada422391b428953b2cec67048a171bbef4c59158f34607a762feac8a233b52ceaa528306cf103d9830ee38897afa996389e086d3778f290555a059b

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\src\iohook.h

MD5 793bede2cd156de96f72215fb7c24490
SHA1 c714d29620a745af2be776f5f7a9f0d793a82a77
SHA256 227782182d3a8676104a4e959f15fd8ca9de25540bb0130b62c55618de03ef36
SHA512 bbec9d718432566ff0aa36031dda3a52a29ad256539759e4d639837e82626d7e16f994b6575028fe239d31019430a7607c9b7cb8024233caf5705743b47c72ce

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\build_def\win32\uiohook.gyp

MD5 3327c57c9780d9968cf676f890f89e5b
SHA1 7794b44dc83aa1d5d7b8ea8d9718de7b988947bc
SHA256 03efde41aa10588a49d9517d1b9027096bd88cf7e2656d410e88de9bd616ea4a
SHA512 3dd53fa03202806b7360225cb7ae80710d9c09edfa77b4254e39ebb581805fa1788881433e1791ecea8d510f47c13b54a00accc9ef4b8619b903d0941fcfef10

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\build_def\linux\uiohook.gyp

MD5 bf791c9319e39cbb76efa38a00536f90
SHA1 94d74cec05d5f2896e851710cf7b55b758acc63e
SHA256 113ecf3727940eb782971a725e8151482428b536a0b55d4a05c0d2998de76626
SHA512 84cb8d70fbb48923c04d8eefbfef33707b969a53fffca3080e77c39e4db1c0897ec93af4d5e4cbb8dc991f8149d6079aff6ffa9e2a89f8a833f1a59399ec26fc

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-win32-x64\build\Release\uiohook.dll

MD5 d94113f3f7228ff06786dd840efaaf3e
SHA1 2ca2928325f926dae3798f3e06e177ea28f1ee73
SHA256 7a56e443efbe3c22466e2c4b2a51537bb0376aa7bcef8a2b6125b539d69cb7af
SHA512 666d5506be03cf09723afdb24e161c4bdec7f0bebf7e4bf08e0d7336223779fbe751651a68628ecd6aebea7c21a3efdc4dd3e8cfa349b5d0b2ebfe414173f9bf

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-win32-x64\build\Release\iohook.node

MD5 81c23a1d86df767f44f81143c5d5800e
SHA1 41f1dff89aeff6d8e961275c7fa4f32ca8f40a39
SHA256 1eb2c1d12740a1c07b45a9ef21de78004699b5387dde70558e964dd4eb43056f
SHA512 b18fc4f3e502803b2c1eb0060920547d0c57dd3300fe0ca99f426bd1a18260afe1415c3fde206ac446691487eb8ec6423471faf8d10a1e1723695d0d1479a18d

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-win32-ia32\build\Release\iohook.node

MD5 6e58cc50a88997f1b2057edb1aa36ff3
SHA1 0b03e5abcdc10597f60d8302cf5d23c1f46cc4ff
SHA256 d8cba0ef36c2ff0b8dcff8f5f7314cecbafeb373b19dfba7cb7ed3963eaeddeb
SHA512 66b524200a44e05c481ccefa68323ddee42595729216fdf6e5cb8bd8f4b47e20cc30a3724c6538ce75af74dd6631b2798ec4ff89ab3bf9127fc806787efe2255

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\node-v83-darwin-x64\build\Release\iohook.node

MD5 946b1e65d7f2ee9bf8beb9d0b39b444e
SHA1 bcb680af3a59526cb9ce6644ab9878a7e207602e
SHA256 fd28452b625f28bb144af6728ba96eba91516438ed0f51681f5e6c64d5683732
SHA512 07a6265b406253e11eda3f43d8ae6003677276cf990e64fad88666227bf77b1b331910aceeb28a286f1d7c93746792032b23e6b722b42ae9f9025c523bc641ed

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\uiohook.dll

MD5 091a7deacb932c361c2682f15297a13b
SHA1 fd0141d5af843fb186e684f00bac5200d3b008a6
SHA256 dbac4a1094dc9de4e00dbda749624aabf898db6254a3ff0fe01d608e19eaa067
SHA512 14c468107cfe3dc3158b6432d32e5d4f56bdd1cea1d6db95724461c05da59fb27f6fa3b95738e8a534cd7f636952ad18cb73e2e4a736bff3544145a29e5288b3

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-darwin-x64\build\Release\uiohook.dylib

MD5 1fba79e592301f24c6107ce8f65e8faf
SHA1 22c0ee24fb5b00b46e05a6ddf7df39e05d562748
SHA256 9ab4b5aa52a2b7db520c8f1a9db5681be20ac8ea3d10d09b1382d9d3956559d9
SHA512 32c6a607ce29500516ee7a48d40b8973c74366ed413553fb372401665c6def903125d4e4c9dea788fbf25dd71f331b506baf002d3a4225da701052030dba93ce

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\package.json

MD5 03d9b76d3412406b89899a1ba52cb889
SHA1 56a073adbda709e8379bbcfc3434728143594386
SHA256 fce5c6009228094cc108116715514a0fd06f48749c3058a65f05d27cf5b05817
SHA512 7b362e1753a7a78a1879131dde5537bbbab5deb788a1b3f5b595d626a4185f95e9c50c766df3660ffd16c63f5846661cd2aec587c78d18a9be72918a109e7088

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\install.js

MD5 377a0664c93089ac8359a7e7c6f86a4d
SHA1 bd0cef123a5a5d4784fb8fa6918ef4cb43b48297
SHA256 6b04824706a4864b218da706204df28caab0283859bcc6d2fb9ace9589867148
SHA512 21b06d5b9bc6bbb9794de33dd199cacd4ac13639a9f19faae33bcb655cdd29d9c552049ddb1f04cebded30975fb4cedb937b35108d2a5ef805a9d53b85f3fd8d

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\index.js

MD5 eb8b61033179bd94eeba37d7e9787732
SHA1 71d09cec087dade89036714925d27b2d8d7132e9
SHA256 3b86aaca5882a0b012ac02175f967707558c79c40c7a2b8238238ae4d2280e43
SHA512 f8653b973ed19e4daaefe51ba1b5c2b5ba3b3471c9faeb68b1d88e58a15e5f3f70688df3616933db9ff3e3f98a64a5b57b10696636d251cad97ca108dd442900

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\CMakeLists.txt

MD5 2430189b021ba8bf1584202989261273
SHA1 e4ae4a474c96845f613287d613b526119767119c
SHA256 2a14d8beb7bca493c523ca01e956d539fdbb130be3d594f807e71b01e6ae9b67
SHA512 db1a40c732567697d4dc42648e67d63591a53dfd0bf8088f4f0f780e6af8b5affbe5428ce6af8f591fdc7cd2cd6679aca046778e09d9c81811bf09926fa9630b

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\iohook\build.js

MD5 18b42357d93feebac8cd44ffa7cb1b19
SHA1 35e6caf7535d2b55bd624b18901b1e8c3fa1b9cc
SHA256 667c8af5f36f9263a34f0d3537d91a5db5ed784a3199d865727d9a20cb0a194a
SHA512 ba08516ca80a9faa39fc015eb07296fba27408a735bb647857a39e58076ba7ca77438a30278fdfae3f53e23185bf5e10e2a618ba156d8f939d72556609bb0869

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\lib\NodeRT_Windows_ApplicationModel.d.js

MD5 bf4887001f28c7ac2e044c2e6503fc76
SHA1 dbc4d1c1068ecdb767a7266b39077708c928fd17
SHA256 5687892065436598a128a82fb44ea4424e564dddf90bdd88e50278244d54227d
SHA512 873075a127d08374182f69ed8ed7feff9de9dfd069283b11d3e4a2b75e57060838de653e6ab868f3ce5a9c45f1938518aba3663882056dd16d626c18df4e2606

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\lib\main.js

MD5 c4c7883b9fc9248efa8c77eec37fda2b
SHA1 45b3edf5e38f5fcb1aca78f159516d3f4d7bf9ed
SHA256 29fabaaf7fa2aa34e4bb6242f6ee7c8fa9cf9d4a803b9027cff76c34183b6191
SHA512 364cf1e9bd2b59dd9895e5aad333bed64750603412a6997d6fe8ddb0aa253f22ce8378a42211567511575882400f7eef6ab2a1e8ba16d5c0a4f28ca9dfacddf8

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\build\node_gyp_bins\python3

MD5 a5914fb2ca257450b1e6095bd0a732cb
SHA1 c28051d2f6e9d80fc0b79c4fefd55292f638d6a8
SHA256 48ec55b2f9c8bccee1f393b7aeb854d64888d7077bfe3a316c3483857468b65e
SHA512 a85ce27a355fe9ede3e76b35766052518c60ce9d7879dd28e1a8653b485706c74ecee3698acae7f824a6360ebd2b05dc5821839992747b17cc486bc7cdbd517e

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\WrapperBase.h

MD5 bd868d857eb22289711bb3191da19696
SHA1 6451d1055848de39536f27cb78a2ec333577b531
SHA256 227cd71fad0e44f724245578991d8723c172513da9f7159662fe741ad1e7f302
SHA512 bcb59ac522f52cf6b92bb3177b27022256c1ccce2aa3bba0a3072cb8b5d79851d932f37f3a64f7c7bf125d96d35f0ef952b20b6df6ce97ebad3349e25e981951

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\package.json

MD5 d2c75a44268a7ef6b3111ed372330fcf
SHA1 f1ca8346c48c4888f0d91138d79e32ebb5b7276b
SHA256 ad43cf548390675ea3f73215585099c90c3e94c53f24b9dc13346a2d7538cd37
SHA512 ad68b418df7c334fed1c3558eb74413d5175be37e909f2f98b9a3ebcb8932588ad26739f5dbf05846dbd89dda4cbf8122c51454be152172be6bcfbf94f3551da

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\OpaqueWrapper.h

MD5 293014e7968a1cd5a708b29ee2c87ac8
SHA1 a7dcff6e7bfe54dd0a15bf18bf4d5d27a35e5f04
SHA256 1e47624dc4c6cfa8b537f949076c022abcd53cbfbe68e27519398f5e92c641a1
SHA512 bbcc7d9c62f3ad8067026b651bcf7fa91930cb5eb87ce3c4c4fe0c21ff355d52a86554399cef18045fb57941bea39f024e189ab7d88354059e93faec248cdbb5

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\OpaqueWrapper.cpp

MD5 9436601b7ed36dc3921b761897383aff
SHA1 ec117eb6107002564ab1892d32d20883143a3bc2
SHA256 ea1cee68646053deb26ebbb95ca842f171211d378ab3ac66cc786187c6b6f5f4
SHA512 6349c583579ef455b029ed3e4bb70a00ca82eb22b609d0f99221472c873da01cefd2f7d992bd06c029be938c56ebc5b4e02315af707e57ae0be094c387325f68

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\NodeRtUtils.h

MD5 3fc3900c6186510cf76718f40274f7e6
SHA1 ed6b762cbd61f1cfe99e272e51d463ae6bd001a4
SHA256 4ee07400a7339866f4e9a8f201a82c2523a44af1b8ffd8ce3a483bd309212357
SHA512 40700aa9684538606ffa54a799efe75791d24c733ff5b2f38c2e9d5a493a249362685641eccf03272754dd36c25fd9f56558ec735a35951f6502921595af4573

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\NodeRtUtils.cpp

MD5 c812adc119aa4e5d00058fb53e9fdc8a
SHA1 72c43331e067d09a3ad2422feae8839aa4d39f19
SHA256 c1c8ca7fd67da8dba6fb8507a0f9ba0a09e0b5ba70bf48e83c118f775f308151
SHA512 6ac804776e1eb0b9c75e07dd0a9a815f8f5aa1a199956e6ca55b63229c4c55fca6d3aac6d5f8f03d8f49f4d7bf896dc7e6f8e0e9cc5b54341d819838631eb74e

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\LICENSE

MD5 e4c33272a29fa026cb1a591581374020
SHA1 2c68a49de5588cbb0738c11ea7fdef2d0f8f07d0
SHA256 d72530be5d4dea24dc337f6eb7a655cb48f600302a8e2f4358474d1a75ef6fb4
SHA512 de9e2b864c5d1c6023fc1e4a25153b0bd3b91464cef81835451ca9456fafaf3cf6f407d5646cad45a0aaf85ec31ad3383ba5e7d94b18912a59e19d4ca337ca16

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\common.gypi

MD5 b821e1ea5d77a4e99b0ef6a43c1a9956
SHA1 c925aab00adec7313ad129fdc62420c5e59c71b8
SHA256 d59db748a03c6f8f86c5be52d450c2b98b6d26f7bfee149fbb40438a086b7174
SHA512 0f32f6ee0d0b9f4259fdfc3c3125c1ec3cc33742c889125c027ae7d30cfa752252ead5bebd07a9de4eac83677aaeee3390544639e83a1d420d2725797cc61177

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\CollectionsWrap.h

MD5 53d97711949c79288fefd74aa0aa28e4
SHA1 c851d741d247bd97c4877e9209078eff89a7ee06
SHA256 afb1dc44d97f9c57c129da4858398f1a47b29c74cebad961377efcb329eb84c3
SHA512 91f760339fdcba18e8ae514ff9f15b10f1d621c4b4d4eb9bbb7be7fb631cdc146a8fd03393a5cad15bde2386bd8a8389d8c28dda4f5970d2a01cbdca44b317b0

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\CollectionsConverterUtils.h

MD5 990b5b88e177c0bdce8ed465bdaf0d18
SHA1 cf676ed2a2e929c2edfe68b7ea65445804864ac2
SHA256 50fe10a565fec37116bd54b36c29f6a6b51a172d59f783c9c5e8b143df8b3c98
SHA512 58069821bb3f935f6bf69498d94a9bf21a49ee659ab96aa1701fbcc47a7f685376e426a0178c0fa8db3ea3f0f4e078d3c0f53a9fa179b6888e1873f2bafc9c45

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\CollectionsConverter.h

MD5 e050192645ce19456d2fe733b820789f
SHA1 ce1939d4c590f1734930607e57cf458d6e3d8a81
SHA256 d6a7d0c081faad10943336d739fb17a7171ddb15552e188bdfb70e2a0f3b3202
SHA512 0576a9f9046141a0f499c21b6c55e37b5d40ba660f2d1780c25eede23def27199e86e31a83eaf511975881a0868e7da9610600df25f132db5f8a76c2d354f78b

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\resources\app.asar

MD5 624f2bb518e035865e5d97e60dac2d84
SHA1 605b58f2043e6ba3a1507c5a96334a180151aeb7
SHA256 0668060767f02ea924d1b3c97cc31a066c5807c650bcfe2c72eaa4a2b2c4df41
SHA512 b3e2471218ad571b46ef47e29f6cb4df77400d60a4b035a686a2f4e514cbb64bc113664dd3faee668d0a3a366a52d5ebe9d169acdcfbbd995e74ebddd37f07f4

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\vi.pak

MD5 b7dd26646a77979ee0c4776ba0b1a52a
SHA1 4b9ba889a4aeba5b162dada01982420527a76007
SHA256 7f94586012c85732d23b05dbdde2c497326d5fcab87de83aafa3594b614dbd36
SHA512 a8f4f2decf5367c02c8847bb6873a44a3389f4b3e637ab54197df5c56cef70c293a849ed260bde922b4d6a4bda4c95ec03c9d94a837028e21f74df699c434c03

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\uk.pak

MD5 026ef6b51c0b2fc92211aa0a6a1ddbcf
SHA1 d1a5eb09b90d04fe02560b33acbb55ea4f6352c8
SHA256 27d3c996804b4f4c106f12becdaeeb1ce65df53abe12658574852ab7b6643bc1
SHA512 b8efeeb10841dae8c23e1c8d2e939b809d4f0aaba56521e037ce5d1ab6748a119a6d064f767dfd209415b4f6ed94527132696fe8c12a71c0c5b61637414c23c8

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\th.pak

MD5 d2ffd3529b4880f2e8a8d0f01ae69395
SHA1 451ebcf352234a4b343d30a172054558c259ec83
SHA256 301966a229a09b37e5b2bf12c89522a33144c977411099b81502261c4ca554ad
SHA512 c4d3f5c3e7b307caf6a51fd74e828fcf8eaf41a07dd198ed5844893e3b27af20cdbc7b33d58fe2ca0e487ea546a4d1fc58d99faa9e14ed0a55bfa43265211256

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\te.pak

MD5 15d65c33aeab73a95a183643b57f5fd0
SHA1 66037e1366e4631a412fb5caa0a18efd1fb0411a
SHA256 c9f427a4efa5d9835432e3a190e26d684c18c26e13fcda1b7e73d6a7527cfd4f
SHA512 9e99a60110126ae311e2a428ae121d4671db202c2cfae96317119f3ae67520af50a06d0ea58477a199aa39c3eb0f4f5d14954a7b7c6a9aeae8582a457cd07ab7

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\sw.pak

MD5 59e99f7b257d5f0d0575038c8332138c
SHA1 0deff978d72e4b6eb2ad0534be5cb573b3a662c1
SHA256 26fbb15e26f5a4c44bc0e86326fbff28686c771edd11bda6bfea178364299eaa
SHA512 fd0f603d73a96fe1b40030067e6eaeeb4c6ef18bab57288a4a049ed2c687c85836d10c1b652d7d1ff2030903dd5e3fd4c222b987b87464b5aaa916a9f12d0f22

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\sv.pak

MD5 f03c7cdb6921e881c788ecb10b8ba710
SHA1 e40e1b540be2eff535e62e44931ac5bafb21e524
SHA256 cfe9ad173d516a3e1855f00f53fcb20a53ade93fef6256e909b0f0da12723cc2
SHA512 7de1c83fbe86d552044e8663969b5c49aabdb762ef73788e6082aaa2117bf1f2788df6b8a28d65cb3be51a9c6bf7afadcecce716bfe7fc6dcdd646730897cdfb

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\sl.pak

MD5 fd9efa0cde455dafa0905dc1b06cd02e
SHA1 9371bea539436ac65dc13ea475d6ca852f236caf
SHA256 1ed9fc4abb8bef48e0fd5e10a107fb456dcb0c7a275bb789cb0728cfadfdcc42
SHA512 888b83e1d111ade5b2260ef2b7458928594d8bb0dba9722d4a1e343f58ee0a668a6731a99f84601149ed4e56db39073f562255850a9cdfa406c7b8236c5943ef

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\ru.pak

MD5 bfc17d03eec2df2985249a96e4476a11
SHA1 5399b5054515bdb48942ac7d662d936eaf65e253
SHA256 5c93984215f69bc6c7a1430fedbdc619ee6ccc9e491354e3541fdc8ed1947f8b
SHA512 faa2f3f0176cb8b1484e4e8fad6a019a4198f549991f4aba52453c077156e5cc00009a9c1c08cff999deaa87d2c8bc31c385b22bd10e8818e68d3fe61f07db60

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\ro.pak

MD5 84d177ee0f1409e8d69b9a559fb176d0
SHA1 f22ae3c93347b0947e7d440a311f3856dc1f913a
SHA256 60859215a025b95a1ac06333a66d14e1698b28ae31451c999e8adc072401a86a
SHA512 85fec9c41cae2191650654addeb6639c8ce09198a023e8548cbefc7778d1a0ec27214b7c755c10ff403b6435260537b9644dabb0c37d01b297323152ade5bddd

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\pt-BR.pak

MD5 5beaa2cb0bea5d59f461c8c076236201
SHA1 65228896fe64734a7b56a735e5b5fed8e4b85d57
SHA256 7cca8f6ee8b2a19c8ea53b3a2bb2af4ebbb2b8612caba87f581938e7d6aa9f18
SHA512 39ad2f8d072469843b939e69dc7e4dc408b366a07168234d2c45a32d6100e904646e66a966e457aacb65a2b07ec5f51dbba71fcfa3c9e4afe1684f42db01bb6a

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\pl.pak

MD5 7a4ef59181d02e62cc295b676d479d7f
SHA1 84fe4e425f1684f5d3efefb7e571ae8853ef68bd
SHA256 ce84676f37bf97078b3d087d913a874d3c092f76b729f43d3e9553d3c9754f03
SHA512 53c8c9526f3a655af2251fd599f130606eae88692a726ba25e2b09c129ad89f00f833e6e4e1b6d82200cc110b8988b61c0a2d678c712d7c0f1b2e67b1aae1e01

C:\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\7z-out\locales\nl.pak

MD5 e3fc5005e01568eb856d1edcccc200e0
SHA1 b105b8d844cb2ef868d56057cde0e491b9b077db
SHA256 4669c10a7fcc8a150a641e73320547ed1b966a92fe78041a860ce4892f79b0cd
SHA512 288cc9c97e781d2ae4a95e2fef230f3c04b8419b87840c4ede04b3d8a7798e78bbd69be37b374b179e9f10b50c8c997834cf9d8a79266c16b3dafac83ad8e9e1

\Users\Admin\AppData\Local\Temp\nsy19F7.tmp\WinShell.dll

MD5 5c6b12fefc626a0594f4412b5be04b22
SHA1 b7e8af03e3f264fa066224687547de7e62318db3
SHA256 83d8c52c47d81dd019c8986deb1108166518248ed0d0c691906f8cf9de57a672
SHA512 b4306c41b1f60e9aaaf55867340dbb3648c792b48cee770202f9274e7fa94c144e1b619ece631f769e9bc3d6a2e96181bcf43bdaa5f19a68beef4996c3211b7d

memory/1688-919-0x0000000003C60000-0x0000000003C62000-memory.dmp

C:\Users\Admin\AppData\Roaming\CrossOver\preferences.json

MD5 146eb4fe475d7e4a11b5f5c6c246a5dd
SHA1 2f29bc38da245c754e7588e834757b499d2048b9
SHA256 41935cb1531391249bb6489af132210e0d89a681cc3e560260d4131d4a1ff18d
SHA512 75931a1512bb26157e8375d82750bae657eccbaab261d87737c9a31f1dc7ec77642d01780103762024fac1063cebc841ffd45930467d7dd7841d706c89512f41

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win10v2004-20241007-en

Max time kernel

142s

Max time network

158s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\lib\NodeRT_Windows_ApplicationModel.d.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\lib\NodeRT_Windows_ApplicationModel.d.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win7-20240708-en

Max time kernel

118s

Max time network

127s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\_nodert_generated.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\_nodert_generated.js

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

174s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\_nodert_generated.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\_nodert_generated.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 66.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 71.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win7-20240903-en

Max time kernel

119s

Max time network

134s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\NodeRtUtils.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\NodeRtUtils.js

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

163s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\build.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\build.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:47

Platform

win10v2004-20241007-en

Max time kernel

147s

Max time network

161s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\uiohook.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4780 wrote to memory of 2984 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4780 wrote to memory of 2984 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4780 wrote to memory of 2984 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\uiohook.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\uiohook.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win10v2004-20241007-en

Max time kernel

147s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\_nodert_generated.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\_nodert_generated.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 104.208.201.84.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:47

Platform

win7-20240903-en

Max time kernel

122s

Max time network

132s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\iohook.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\iohook.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-ia32\build\Release\iohook.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 256

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:47

Platform

win7-20240903-en

Max time kernel

120s

Max time network

131s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\iohook.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2492 wrote to memory of 1240 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2492 wrote to memory of 1240 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2492 wrote to memory of 1240 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\iohook.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2492 -s 156

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:47

Platform

win7-20240903-en

Max time kernel

120s

Max time network

129s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 220

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win7-20240903-en

Max time kernel

121s

Max time network

134s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 220

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:47

Platform

win10v2004-20241007-en

Max time kernel

141s

Max time network

165s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4800 wrote to memory of 4308 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4800 wrote to memory of 4308 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4800 wrote to memory of 4308 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4308 -ip 4308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 104.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 98.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win7-20240903-en

Max time kernel

121s

Max time network

137s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 220

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win10v2004-20241007-en

Max time kernel

144s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\NodeRtUtils.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\NodeRtUtils.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:47

Platform

win7-20241010-en

Max time kernel

121s

Max time network

136s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\build.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\build.js

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-11-13 21:41

Reported

2024-11-13 21:46

Platform

win7-20240903-en

Max time kernel

122s

Max time network

130s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\NodeRtUtils.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@nodert-win10-au\windows.applicationmodel\NodeRtUtils.js

Network

N/A

Files

N/A