Malware Analysis Report

2024-12-07 15:39

Sample ID 241113-x5kqtsybkr
Target Wave-Setup.exe
SHA256 9450dafe9611c073d06b5f7dc8a11659217ba80a5566dd7c12161f87b80b265a
Tags
execution discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9450dafe9611c073d06b5f7dc8a11659217ba80a5566dd7c12161f87b80b265a

Threat Level: Shows suspicious behavior

The file Wave-Setup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

execution discovery antivm

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks for any installed AV software in registry

Checks installed software on the system

Enumerates processes with tasklist

Reads CPU attributes

Checks CPU configuration

Program crash

Enumerates kernel/hardware configuration

Browser Information Discovery

Command and Scripting Interpreter: JavaScript

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Command and Scripting Interpreter: JavaScript

Reads runtime system information

Unsigned PE

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 19:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win7-20240729-en

Max time kernel

119s

Max time network

130s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:32

Platform

win7-20240903-en

Max time kernel

122s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 220

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

159s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2796 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff159946f8,0x7fff15994708,0x7fff15994718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11620931305461873051,1876368112630905323,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,11620931305461873051,1876368112630905323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,11620931305461873051,1876368112630905323,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11620931305461873051,1876368112630905323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11620931305461873051,1876368112630905323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11620931305461873051,1876368112630905323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11620931305461873051,1876368112630905323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11620931305461873051,1876368112630905323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11620931305461873051,1876368112630905323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11620931305461873051,1876368112630905323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11620931305461873051,1876368112630905323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11620931305461873051,1876368112630905323,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2740 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

\??\pipe\LOCAL\crashpad_2796_DGVMBWONYOSATQVA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f830288c157653fb7cda5d086ad5dacb
SHA1 19860ea22a6a7ca0edf918cef39c9837ec3df428
SHA256 c7941bd15bffe283a89b5e589eaf0c4aec0f294e4a2f26d079a733ce4cf22307
SHA512 6e2463ce04aa7cc08627a0df59b9324810b91f42efbd30df7be07a7b2ddb6152523b3b1ff80ad757f369bbb3e0996bb977addcbed286706d109e0cb62233798c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a9b8d51f381a6ae3a70e6e4c54319602
SHA1 cd67e4574dbe28b69d9a2d564047500e687a9347
SHA256 efbba370100d6bb18f0e787a93dcd3e3b7aa3c561cd32e04870a36f2b5fed76f
SHA512 cd7ecd2859d78712a38739b885f345b0fd380d4312b04f4b9e96c2199b1676261fc0e0b2a8a2fee58c6fcbece2f22ea08bb03ac777d9e9cb7c9bfd878624dda7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f2528fecfebb6defce7b1332bb79afea
SHA1 83893289d2249a066b5b025e0741b515731ee5e9
SHA256 3b240bb8b2a83a43656aeebd9e18c042185577acce85f581acdc0cb541be0521
SHA512 113d09de2316e737e1894757750cc758d812b918316efea433c76541abe3cfbdc518787e3a2ff434e631e0ca40419e9411620ea7af7597cdc35d70a94916f630

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:35

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /sbin/node N/A
N/A N/A /bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win7-20240903-en

Max time kernel

120s

Max time network

134s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win7-20240903-en

Max time kernel

118s

Max time network

134s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win7-20241010-en

Max time kernel

122s

Max time network

140s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 224

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:32

Platform

win7-20240903-en

Max time kernel

121s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2572 wrote to memory of 2376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2572 wrote to memory of 2376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2572 wrote to memory of 2376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2572 wrote to memory of 2376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2572 wrote to memory of 2376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2572 wrote to memory of 2376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2572 wrote to memory of 2376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

145s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1752 wrote to memory of 4552 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1752 wrote to memory of 4552 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1752 wrote to memory of 4552 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4552 -ip 4552

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:34

Platform

debian9-mipsel-20240729-en

Max time kernel

0s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /sbin/node N/A
N/A N/A /bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win7-20240903-en

Max time kernel

122s

Max time network

140s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win7-20241010-en

Max time kernel

13s

Max time network

31s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4476 wrote to memory of 3268 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4476 wrote to memory of 3268 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4476 wrote to memory of 3268 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:32

Platform

win7-20240903-en

Max time kernel

121s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 220

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win10v2004-20241007-en

Max time kernel

137s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win7-20240903-en

Max time kernel

120s

Max time network

129s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

158s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win7-20241023-en

Max time kernel

121s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf0000000002000000000010660000000100002000000039c837e88b37b0586f939ff6945a6d2ee7db9c1ad2ec656afe30a2d73c1999db000000000e80000000020000200000001b4e394febbdc7922c36e737ec67aaa5717489bc90ef28326da4a58dc8f722679000000027923f15705d90855511c681813861ff48b241217ab67f02c786d7c54c22d8de1505544c6a35289b1af63d3e4d1943d96cad0c3bf8d6faf92016739a39f3c180c982f0fbdd5e7ea9fa47cfe61aabf3ed2ead09908a6319b6e65e4184d50a9be48d66af15be5c969696c8d377630caef4dd21c3698994fc36a6c0ccb1458ff690dddec79ad9b8b84621f285a0d7400dfb40000000265553f6fb271811e309d42a13e5e22a57ef4077673c87ca00f301d4adb9150a245287a53a4420defba6e28cf998ed6f5baea12a7953a0323f1cf6c14575119c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000250af38d5a4f210de520baba14adbf9281f14933de92befefd2bb187f07ccc7a000000000e8000000002000020000000c7490ab4141e3f11a67de937d94d8b33962ed72c2f93b00dec8557a72853fe9f200000003faec5ad871525bb617a466d2ee9af22009cbf4df74f241885abd169b49885d540000000bce65cafe847c43de0056d11da44d1670e34ab51ca04a51b47928bce531f726ed1e2e5030d61c51223f43d65fcbe200fef0cb9cbb7d1c136066a89972b0b6c7a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437688109" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C4FC9DE1-A1F5-11EF-B7A5-FED808322145} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4072fd990236db01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1884 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4D4.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar583.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86a2cb86794b42d9df56e26837f62c5f
SHA1 8b1f9d2a642f8a32f2ae8e7b302408607fa2c298
SHA256 2d0dd5ec5aa328a8e99bbf33b2ca7b7b79d02c57ef19b317b23dbfd63620f88b
SHA512 d52461ab4214d28de3e0c26d23ac5b582b05bfbfde041a380a114355229bcd27ad3f291ed46fa944b49747af2e6d1b5025f140e6ed6046df195c3d4440e5f214

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48eec38910b47fbb7dd6fa5e5fe6ada8
SHA1 1bec5cdfe130ef9797be14ccba0d6146481029fb
SHA256 417153e31e0d11488e0569e8dd3a511bd029a0e194e34d1bc3230fedbb178c2d
SHA512 124f1b3030ac62e87d86bbf1effa93ea43d0a23d4b0801fa5efd834983606e4eff51025875f6f4afe7c1cab0e8b1c62dff31da139bdafd95c34888e1a37c8936

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 688c4815ab421dbeb5581eda61fdeac9
SHA1 a68ec90703c55212d64d330da45ab22cdfbfe326
SHA256 9817ec6532413aa2222fc1676b07d475ef2c3f487364e960ef83aab38931f0de
SHA512 04e6a1b49222c1425b7cbe16e3b87174dd78e8d8925737825c62f01e5bfbe8c2159c651d7c5c473f4b001de36bbc346d2775aa40e4058c1d35b1ed4ed2fef0f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80db980d11ee7bb5ae06adb6df1a064e
SHA1 028a4b3b8b8336e76674cf7a1d805c7d0f49ff81
SHA256 7d8f8c328f55e0a939c4ef3102c1ee2176c860c0d9d513a8ec67125440f16850
SHA512 09be2e07b160dbafb75980377fb3b11860dc7d0e88a14bd806fc06b90b53ba8abb535947b0d6191d963e0d239f29b1f46794a490bd9fa6a4c8a7a93dc6495239

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9762633ce7faf901a958529acb19fd3
SHA1 3c681dd7cccbbb233fdd58e44c7273fe101cd7ca
SHA256 360de1fc822d307141a16d06999c5087d082cb3586f87ab8f079190eeded402f
SHA512 a503aa75df96c614af5adb8368042259db6a6d5ffd7e3948ebe6a231d613cf03cbf0eb62f80471acbc1ea01caea72d74dff10a3fca71c7f9bc807f5030f65ba4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00275e5e2a7db58aaeae57522c05d4a2
SHA1 9d6dcd0e482e446ba1f0d799d4859cb59d855118
SHA256 503e0a5c6d8187ab1e43ff550a9a05e563f44bfa9537f34ff8bd19aa1a29e11b
SHA512 5b0d9a44cad7ba4f77f0aa4f3218c486cbbbdc9382341b50eb6ebb61a8851f031329bbbccdb8cb6ab670dc8a7a91f4712983bb908c1a950e23cfff6265f0ac4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86e8d5962d7a5bc73dc60acb5bf88fc6
SHA1 8562da804eed9469debaa4c75fee3f33975a034b
SHA256 41fcea4e45d1e17bcd126f19093881764ef135e6f3b2e38f84a023f484a84f3d
SHA512 21fe6a14ca34902ccf20403a4146e842f1fa175e923f0313b2b81a5c7c0143888faccd46ee0749646f811a543c50aaf2615644f87bcef5756fa60de772ad7eb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da09d3dcd8cfc124b04347e9f2a9d31b
SHA1 b6be1ecaa0902fea55f1c4d6c46b083ba6a6e2fb
SHA256 855f8664f72654bbaf5b9c064c6e9bf33042d89764242963f8a0edc604c0cd3b
SHA512 10fa6dbcc11c47093ed1ef252048b0f074a9f46ed5962dece9f0645175157b82b7e875c949a390aa602545a08ed365c351383c9cb7504b7a44b7a72d19cb2ecd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2e654798aaed81f9b9214fd222ad8c8
SHA1 e88d9754b23a0070e86bf95fae14f86a65911601
SHA256 16348935e50b2ddafd3305f8295af228a237ac40773b6d1ae4fd75e5f2709803
SHA512 58e65e9c7feaf54a991aa69e7e9300c4bd8a090a5ae95b126abde3852f85086ec37d1eaa963970d82b262a7f1e943e3d565b6a5a562f2ad10a586e9bdfacd398

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da420cb5bb7924492fd70f825d9a4128
SHA1 0e0a39ecf913a51ecd1568ae442d5d5b2f6c657c
SHA256 ca50ae2641555b7139883c8b3a5d8c1828d8407512ece4fcdbdd7d6b0db5a280
SHA512 cf704f28d4875455f31af9d81bada73a732da06a61731cb59c9fd39df65eae4d1527076f089f0fc9d4ca299747aef7dd1d41ec2854c99883a64174f77dbcdba9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8db28ac61601d59dbc85ff7769cda71d
SHA1 0474c1790e65c5c59c3f600033aa336dbee4eb4a
SHA256 94eb335d4f6855201d4479589bff08009da95c8a58f854b41de1f3b6ffaadd60
SHA512 48ff9956c6615fd00fcf4cd867dcd1eb69174a258c958a27c04249b8c2c648a15b0d4f9ab54a7948038a6fc0b8e91779d90c0af76fc146eeccb9e0568984228b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7215258759854bb3735260bb63a90b4
SHA1 d29176266b040da5ecbf7042838ef1ec15f83363
SHA256 f2870de011c039aab60f0c23051da58d1941ee2349374fd1ba8967147f803625
SHA512 ae94a7db649b6600c9d267951b7af73ffeab5542dac1c9b5f60f3d9a1d3ba7f25d59438dbaa5b89d9c66acf8a596e59574611557e93c19f2e0c0a110b6d3903c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b69546bcb67a1e197d8d50a97d6179e5
SHA1 26043e2ac26b73d2c8208660409fd0488c043400
SHA256 6dfc245c1e1eb5b272a71151b6260f45b1be20cb35d3fab2670f711d54537acc
SHA512 b940cf62c01ce4679c569e8dbed1e62286fb2961f8cd758b3facd1a9100c9c58f540ffb8c3841ece7c4f55782b1e68d68847b6bc8c48ee4bf74302dcd2d3d09a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6182e36b041fc3d1ffa7ee1751ec8f29
SHA1 af57241d4f96fde34f9319455bbb2887a7d45ec0
SHA256 fd58729cb7aafe5354255c2874f3ed72267b3b38ce6d49330e8ab0a754f9c7c1
SHA512 664b59b1acd08952895d66d6dc426a62dcda870bbe0be09f45d8f84058600d7fed0376aef6eaffe9bd5117500343f5a754e610cae45edf4723c2a260701ec3e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5794cb1f717dff4fd8994c5500e4d65
SHA1 d05985f640e633020a3670abbebce59e5183af6c
SHA256 44aad59afa9132435c8daebfced281929ae0dfca0d2d3567c9edcd76ba263a57
SHA512 63b39e932ea148ed76136b047896c18f18787a88931cd5e46351b997a354feca6eddedf95a9be00372590bcaf38354c5a002a97807a922feb872036a799ba7e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31f1dc9a110f7b54a187153ff87137b3
SHA1 94336be65adf94938c96d50699e6adb08df0a111
SHA256 1815473b484dfb3b435d78ac03a0bc7ab22d92fffa02e4e50bd43fbbdc6c60ee
SHA512 db3c09f7507db560de4a18c7585fea925267c3534c32ba16584aa25584f466ab1d61cbcdb8d6d334182aaf2495d6599510d411de0e1ccc6964a02ad1638ff9ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efdce5d769fabd50139d1829c916dbcf
SHA1 f3ffb3d87067cd6f362a95bae000a7d962d76b1b
SHA256 dfa6487aab7fa34c55354b3b640ce44acb9c6cac4968ea030b547e0bd0a5e4b3
SHA512 4ac004ba95bc5d851bb722ac1b079bc08675281acb9983095b4a662dcc6b0fecced931a9bfaff0db3c6b26b2843863f770e18f0b962b2d6672b47bf5c0405b40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63e6ac7a1c5cf6d5bf642ad6389dbda2
SHA1 a6c59483257f85b1c8d83fc64f3e9f5f2c568a2c
SHA256 78daa19ff04fe08c03e5d9ea00a25f5351a9e5c9a8667c664944496f26e7ff87
SHA512 74944a0e0d4a36ef2908f7b99605d378af2c130d0f3bec835a2dc293ef829fef1fbc0aa471743d9976eaa9a90bf24cbd73c2cc81cd67ab5da3e40d721bdc7475

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4813961ca1122f34a9a42c149991551a
SHA1 ac23df25ad7c018fd6f662bb201f61132b2c9096
SHA256 bd7db51bccf76b9d5a0c56d913aec2071622ed72014acc1eedbbdd19152901ce
SHA512 e720cbb82b0a2c7bba3ac070560abaf8a9afa7cd6eae1f70d2075898b7640598aa773dfb050d72e308ccae8798b10edd753f0d2842cb910bd3f59efa155bd627

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Wave.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bin\Bloxstrap.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\Bloxstrap.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\KasperskyLab C:\Windows\system32\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\Bloxstrap.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Windows\system32\fsutil.exe
PID 3916 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Windows\system32\fsutil.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe
PID 3916 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Wave.exe C:\Users\Admin\AppData\Local\Temp\Wave.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Wave.exe

"C:\Users\Admin\AppData\Local\Temp\Wave.exe"

C:\Users\Admin\AppData\Local\Temp\Wave.exe

"C:\Users\Admin\AppData\Local\Temp\Wave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,11261994432221309591,11151045339724376095,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1744 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Wave.exe

"C:\Users\Admin\AppData\Local\Temp\Wave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --field-trial-handle=1972,i,11261994432221309591,11151045339724376095,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1968 /prefetch:3

C:\Windows\system32\fsutil.exe

fsutil dirty query C:

C:\Users\Admin\AppData\Local\Temp\Wave.exe

"C:\Users\Admin\AppData\Local\Temp\Wave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2920,i,11261994432221309591,11151045339724376095,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2916 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\resources\node_modules\language-server\wave-luau.exe

C:\Users\Admin\AppData\Local\Temp\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\AppData\Local\Temp\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\AppData\Local\Temp\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\AppData\Local\Temp\resources\node_modules\language-server\en-us.json

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session

C:\Users\Admin\AppData\Local\Temp\bin\Bloxstrap.exe

C:\Users\Admin\AppData\Local\Temp\bin\Bloxstrap.exe

C:\Users\Admin\AppData\Local\Temp\Wave.exe

"C:\Users\Admin\AppData\Local\Temp\Wave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1200,i,11261994432221309591,11151045339724376095,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=936 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 172.67.73.56:443 cdn.getwave.gg tcp
US 8.8.8.8:53 scriptblox.com udp
US 8.8.8.8:53 56.73.67.172.in-addr.arpa udp
US 104.26.11.174:443 scriptblox.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 2.18.190.78:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 174.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 78.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 cdn.getwave.gg udp
US 104.26.3.170:443 cdn.getwave.gg tcp
US 8.8.8.8:53 170.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/1940-60-0x00007FF8035D0000-0x00007FF8035D1000-memory.dmp

memory/1940-61-0x00007FF804DA0000-0x00007FF804DA1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\bin\Bloxstrap.exe

MD5 104981cb101bd19e37763cebd753928d
SHA1 df7f64cb7ea7045f5d19060af8686f8c66432b37
SHA256 0ee218fde47582841e22fb4f2c866ec8bdcbeb00f8d636876677b2ecfde50792
SHA512 3b3e8dfa2fee7a3c083d8fb370b68ff89c209d36a3e09bf677559e67c3afba275955dbf85b89d483b26151fe91e5ba6ce0907ef786464ac4a8a16f1d3f490c2f

C:\Users\Admin\AppData\Roaming\Wave\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\Wave\Preferences~RFe57fffb.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

memory/1940-95-0x00000157634F0000-0x000001576359D000-memory.dmp

C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State

MD5 055db080a8b8c654b6c54d625528d480
SHA1 002a9374c9144da31f063e0bcf6fd0dcda1f4020
SHA256 84d1e12449203908bce1e80ec1a02fed76034df282ca82d8d92df7e9370be3fd
SHA512 93eb5e45b7ea45b59adf5abf7c9c9c90ee12a818ff7c5a4ea92062b34cb2ab0e979fe64cff262fd0229c1c4464c94f9c5da11099eb7aed53bf909fae06174900

C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State~RFe58efca.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/780-117-0x000001BB2B7B0000-0x000001BB2B7B1000-memory.dmp

memory/780-119-0x000001BB2B7B0000-0x000001BB2B7B1000-memory.dmp

memory/780-118-0x000001BB2B7B0000-0x000001BB2B7B1000-memory.dmp

memory/780-123-0x000001BB2B7B0000-0x000001BB2B7B1000-memory.dmp

memory/780-125-0x000001BB2B7B0000-0x000001BB2B7B1000-memory.dmp

memory/780-129-0x000001BB2B7B0000-0x000001BB2B7B1000-memory.dmp

memory/780-128-0x000001BB2B7B0000-0x000001BB2B7B1000-memory.dmp

memory/780-127-0x000001BB2B7B0000-0x000001BB2B7B1000-memory.dmp

memory/780-126-0x000001BB2B7B0000-0x000001BB2B7B1000-memory.dmp

memory/780-124-0x000001BB2B7B0000-0x000001BB2B7B1000-memory.dmp

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win10v2004-20241007-en

Max time kernel

139s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 136.71.105.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win10v2004-20241007-en

Max time kernel

131s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win10v2004-20241007-en

Max time kernel

142s

Max time network

165s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win10v2004-20241007-en

Max time kernel

138s

Max time network

162s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win7-20240708-en

Max time kernel

122s

Max time network

133s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:32

Platform

win7-20240903-en

Max time kernel

51s

Max time network

99s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A

Checks installed software on the system

discovery

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2144 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2144 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2144 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2144 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2836 wrote to memory of 2832 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2836 wrote to memory of 2832 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2836 wrote to memory of 2832 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2836 wrote to memory of 2832 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2836 wrote to memory of 2636 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2836 wrote to memory of 2636 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2836 wrote to memory of 2636 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2836 wrote to memory of 2636 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2016 wrote to memory of 2032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 2032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 2032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 2800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 2800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 2800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv

C:\Windows\SysWOW64\find.exe

"C:\Windows\system32\find.exe" "Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ae9758,0x7fef6ae9768,0x7fef6ae9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1384,i,5176700022089527081,15509243592672377041,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1064 --field-trial-handle=1384,i,5176700022089527081,15509243592672377041,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1384,i,5176700022089527081,15509243592672377041,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1384,i,5176700022089527081,15509243592672377041,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1384,i,5176700022089527081,15509243592672377041,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1412 --field-trial-handle=1384,i,5176700022089527081,15509243592672377041,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1472 --field-trial-handle=1384,i,5176700022089527081,15509243592672377041,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1384,i,5176700022089527081,15509243592672377041,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4056 --field-trial-handle=1384,i,5176700022089527081,15509243592672377041,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1384,i,5176700022089527081,15509243592672377041,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 --field-trial-handle=1384,i,5176700022089527081,15509243592672377041,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x598

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.18.99:443 beacons.gcp.gvt2.com tcp

Files

\Users\Admin\AppData\Local\Temp\nse2E81.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nse2E81.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

\Users\Admin\AppData\Local\Temp\nse2E81.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

\Users\Admin\AppData\Local\Temp\nse2E81.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\chrome_100_percent.pak

MD5 cb4f128469cd84711ed1c9c02212c7a8
SHA1 8ae60303be80b74163d5c4132de4a465a1eafc52
SHA256 7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3
SHA512 0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\chrome_200_percent.pak

MD5 e9c1423fe5d139a4c88ba8b107573536
SHA1 46d3efe892044761f19844c4c4b8f9576f9ca43e
SHA256 2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa
SHA512 abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\icudtl.dat

MD5 ffd67c1e24cb35dc109a24024b1ba7ec
SHA1 99f545bc396878c7a53e98a79017d9531af7c1f5
SHA256 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512 e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\ffmpeg.dll

MD5 9691e33909895bfb5bb0355b6f439c81
SHA1 7fca2dfcb9aca4ed92c644e8f7ceb98f87116a52
SHA256 223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7
SHA512 9ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\libGLESv2.dll

MD5 02374701c3dc3b26088763fd3cc11bc9
SHA1 84e582496c53ce139d9efd219b762ad38a50d011
SHA256 8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41
SHA512 09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\LICENSES.chromium.html

MD5 ae174699b663bd90d8d06c68c6952477
SHA1 8c76eda61d320779909adc541593b8e26b24815a
SHA256 c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18
SHA512 3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\v8_context_snapshot.bin

MD5 a62fbbb671bf975ed46b42d9cf437bcd
SHA1 408b595b1dc6658533e0db1d35f509ab9ee70525
SHA256 a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae
SHA512 87c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\vulkan-1.dll

MD5 6db4abe9370ef778e93cfc6bd6dbd292
SHA1 0d7bd9d21524780b6f8904a82c3ce09ae5d03f97
SHA256 52bf439424759a84cdcb6d379ed88582a6d6ba58127c44adf1b8379f0e88e5ec
SHA512 1ec07916d82d78243d9a144db3e947c95ca92fce1350708484c45fca2f953bb76728889b8d9a02c041849bcf005f998804d7066a90359fa180d94c237d014317

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\vk_swiftshader.dll

MD5 337b0322f328251f01bd0fda8948217f
SHA1 6e59fb5df7773c8668e8f18755e62b532a9071c3
SHA256 11f24457eb9af084eb845780f3fdc1989605766c2749fce6fb003dd988d5ff65
SHA512 3540b2f5df1f20b5cbb6e61caa005fe7da5d1cfbe58f639ae0c40f6a4e7a9d8786f3db4691dfee9a001a2a87ac7b0bf39b7f308c14f809874a89f86b18ff8fbc

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\snapshot_blob.bin

MD5 62b9e00c46ed829e06d0c2494aa994af
SHA1 988882632b95bb78d80db60e4787c576e48338e4
SHA256 22a46de643045805a3e588f9a18ebaa377f9fba3dee46b2d60f3ae300a09cc4e
SHA512 03b7c57782923ca3a011fcb85f74e865bb7ff9976c89152758770be3bd3d40684ebd216fe34f0d0050936b536c8bab5eafcaa35fc26e893d30a108e36687876f

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources.pak

MD5 3a87e8d6dc2d7dab0c3c37fe4a74308d
SHA1 5ddd587a6541e034203f24ee329796dfa316656f
SHA256 61216fee0360053988d5be52ab626c89173c86da1cf0b5a697bc32944282fe14
SHA512 7ba1bc093f25cec2539fb462084cb1fc32b17841f79be95679c90f4c735772d1dbe652471e52f4be254b10e650d31e3460ebebc82d89efa6a9ef801e5d98ea6b

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\libEGL.dll

MD5 09d3bc8a5c6104d78566cd6e51c5a6a8
SHA1 d1db4f83bad27dc0caf75f77d510f2eb62dd84c4
SHA256 1307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85
SHA512 198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\af.pak

MD5 e48860fe82ef022ffab38cbc4c96dffc
SHA1 a832fa66bfddabf3ae7f219cf379f66d2903162a
SHA256 e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13
SHA512 e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\bg.pak

MD5 e6608ecc589e87a6f78f9ce553ec2609
SHA1 9fdb2ff6291549df773ba243b3a92b984b15bdf6
SHA256 97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768
SHA512 25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\cs.pak

MD5 582fde87aac61961e4f7955f16d31769
SHA1 3a8eb832317dd7e07efaaeeb5885c32b9d381622
SHA256 7d7b701ce510b2e4a18e957e500086db590aad8bf5acd37f82263a676f0b556c
SHA512 adb04ccce5471d80182f7ca73bf1a2e4ce63a4980d455837fb378bf679a0022d4ee6f9fbe148d6932fad83f458c76ac229229542092e0cb9b271c8d44639b11b

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\el.pak

MD5 34c6150acccd20c7f260b269bce06930
SHA1 277b6d2387f600c84263847d6fb2342fd4746cfb
SHA256 162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840
SHA512 58308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\es.pak

MD5 f90d43351ffdc63bcef25bf634c1fd35
SHA1 f80df8034cb64df1ef62e586891275a74868ab6c
SHA256 0385e6776de5a0d8a3b30b7bad44308ac4cb04e2bcebd573d3c7938b68036573
SHA512 7bfa70a5de14652063d261c28ffd3df89ea5e38877cc7977ab27f7280c48084a4ab1e5bdad0c2f624a7434a5d975feb9d8d221c010e24963d3c42921f5a36e65

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\fr.pak

MD5 79d945ef9b8ebc7d39fd03d05d9b2f27
SHA1 6fbcb748515f97056689d4a747e4df3a830fe049
SHA256 1f6cc56e04bcbd6b6ecbe500bcb0a5702551ec80d79e624642d0c7d9758d4424
SHA512 f1a26715ad9399052b664c71fb60b6eb6f965fa80d6d8d6c47e0b96ad0d4a4d2028c3e19dad49e008bbc29edc24e656777ce073da008d3f4dfdee4c8f2212a07

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\ja.pak

MD5 412bef3ec11f53c2aa6511ca139b1f35
SHA1 8b42655c2b62edc13c61a4625f55c961cefd1c49
SHA256 c5692ca739c31569ae2431fd58f1028e6c8c01af278b76656ee0bb65b79e9985
SHA512 85760c2a0dd4404a2d41f0d957c9cf8962d6b80389df838cd2d85b6a31a54f4e50c5f19ee73d2ee66e3e61a8809aeb5b493e7170aceeef9bda53e135ae02bc42

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\ms.pak

MD5 9fb7c18f376b46b254ef9a960e08655f
SHA1 31cb060fc606d011151f1b5464e2a469372113a2
SHA256 2f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2
SHA512 23ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\ru.pak

MD5 46fb61aa9515e97293969683fc330764
SHA1 5bcc41716976eefb65870ba2a2b230238f7e53d3
SHA256 4babe5f20caafca33867ee263aa9dd55ed271704a062e4372fdd133eb359a558
SHA512 c3acfc1c902c651e5fc0501a7a77358cbb99daa020597f7f6be9fc81ee53509dcb0d63c6bbc5ae308c88d95dace7099f024d698b6f364dc7db4ae2a7660e5b31

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\tr.pak

MD5 414b557adfe76e3564d43cb93f513c5a
SHA1 f775095f7c55e834a777c7f25fdfb81f1e63ca08
SHA256 f58ed19be62706fb4fd797a6bfd3af5c6ad4b39aef994a577cd28968fcac0291
SHA512 8b1be522ef23888d46c13888a18229f4c9cb6e1c6e6730cca79d9b13d71eb86ecd3d0c172ade6f70ff63a7fb5242e4de7d9742b93376669d13c77de0cb622f94

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\th.pak

MD5 879a881174501e22c3de65b9f80bc19b
SHA1 a2e020d5ed1be7dee50a495a2f8581e751cbf735
SHA256 647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d
SHA512 b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\te.pak

MD5 3a71904057869c23d1bc108f1e8d0d31
SHA1 6fb6e60c80bc332a2bb66d02a1e3db69961a9c41
SHA256 8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e
SHA512 7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\ta.pak

MD5 52ee28471f2f9d01ef3f57233496554b
SHA1 abd7dd9989fac90636626a41f007eb6aa5ec7a2e
SHA256 1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242
SHA512 af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\sw.pak

MD5 be2bc09130635406f560b95e789f9a81
SHA1 f189cd6eb6c844e2d96ffaeda66fe4d5f1453130
SHA256 f0fccf2e3ad332846736d816e254028569f5f84918573872442987a8bc9bba58
SHA512 f651ea959066a5966f35493788b9833597dff653f649a5bc8b09a8ed748bcf086bd0586a36e1f4ecddd361d04774253e21d67801760d0988f3e17f0c6e1121cd

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\sv.pak

MD5 819b5e4f2b7734ea4677f6d579d72f84
SHA1 aff3048d8e35fabf68a756513b67efedba59f85b
SHA256 105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e
SHA512 3e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\sr.pak

MD5 eb8ec452c7079ef7dc24bc7975513ed9
SHA1 4787250292b8f2040c7ec0b265f60edcfd1ffcd6
SHA256 4cea4c83b5e887463dadbf470a9953b8175149f31fd07b83406a6fc59acfde41
SHA512 3ab2eafd3f09627efed8263cc2d59d5780b6a856a6d1299be511bbb5c1350fa05f98b0e77c53c3707ada17e7e44b8801b191802e2cf5129548e279703983a8ba

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\sl.pak

MD5 6c71fa576a41711dcb351abf92a65ea4
SHA1 a0281f6b9dc363628e7d6045f7dc2904149c9dad
SHA256 458b15bf249c1e6fe9843725c42443274ef6e09dcb15f5288c916c0561aefc47
SHA512 258e49b51ee65bf508d05a5b3286a8937d3a876a876635b59b97752c5171e89458b9d23d9d7178153aa16b6fc908cc011a8e855c6d3a0152c919b40349cdf4fc

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\sk.pak

MD5 5d41e75bf42cb12d7674986f4e5dcba4
SHA1 7c3375226997e3f69e3c9a3a5ed762ec40d24973
SHA256 89f984a67cea3997c704005fbfbacd3f6f5652248626945c2ab1c3bcf24e6623
SHA512 a2b91c888ea3dc2e618bf8faf7ac9f0fe562ff16c85d03afac0778ed671b1868a665b892aeb2d588e7f5bf32a7eba57b75e2e15f2c51fc9264e0db2f95d804d0

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\ro.pak

MD5 cfd7cb2444248216e12193689ba56c10
SHA1 0a9d65fdbc68688bf1624a8c98fd42673961e0d2
SHA256 655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9
SHA512 7ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\pt-PT.pak

MD5 03138b2e4fb822b03713f6c4f0fc67cf
SHA1 8f6f6585743676177eaff5a582d18691e3386bbc
SHA256 02ea290fac25b414a1d4ed78cdc159cf6c73fe5350824c2f36f032e426a23364
SHA512 b000f1b8fc952849d1ada21aab665cbb97989fc28e892a75077ae9a24c4ef1d15b7d5cf1c5aca89d27d40a01c64f343a08f790049249fcfed43a1a430b4fef9b

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\pt-BR.pak

MD5 b4183914f46fd63a7bd32d715b8629f5
SHA1 d0295b556e55a74e357f932473f9dd2bb1cd2f51
SHA256 5ff219be32f9178fee40e8966ac5deff2be1f2ff259a66cb9cdce81c2e90a7e8
SHA512 3bcd37cc49a827c03fb5b3a97a5eeb863ebb6f071fb2af697ebfc4f57dda676227533cc6a2fdb00505cb2395aae685dae087970ce13af113260d856b845a985a

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\pl.pak

MD5 8d4db26e2ee5181afdfdd513053f3c17
SHA1 0da427a085927a5c02d2a67c424ea99cbf5e6b02
SHA256 f2a7dcb69a433c2a898866c555b82c26e3515c089f500e7748b9b11ec3047786
SHA512 bf441f501d746f1fd996c21e5e2cde643b9031bf58bac31474e68a72ea6993447f8bfad3284351bffc94d6a088e183e0b24d109398d65dac0edee8826076ee21

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\nl.pak

MD5 d59fed8986eee2b9d406ad52d88cbcf5
SHA1 f7e409e17723e21174361bc81e54bcef269f40f7
SHA256 619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e
SHA512 234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\nb.pak

MD5 de04250ff403e9af66a1351598d2a64d
SHA1 4b7a5a2bf48d988f95aac6e85b11a8c2b2fd007e
SHA256 887a0278971d6ba61e2f24c62029a3087a46c4962c4357412c28ede12ed6da15
SHA512 71527c025205bbcd63351283b7b123d8807c05bc68f2f7555f10386e330e052d031b9986ae2c1f0398bd174e67962657e0b8d4a57a07d167c233390a4e6c5556

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\mr.pak

MD5 649e76b6666096a2258b942745ff9fe1
SHA1 82edf8ca68dff0caa36b17901c1e12a17172fa51
SHA256 039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4
SHA512 92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\ml.pak

MD5 39d4a5ed8cf7c8e0df946220fbfc0f68
SHA1 70794849b41d00f2b895f1211a6baaae3fa7d261
SHA256 87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6
SHA512 ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\lv.pak

MD5 a999e734f9addcf07c080f9861c3c170
SHA1 522bb12a0cd4e5232570001684aed84f421abcd0
SHA256 33fdf706f6d3f06b485c5115a7c73a571296dac41c582fc9d0dbb371d86e8653
SHA512 ecb92c4ddf7b252a3216059e63b387c6847f6eccde532c300b74e6b04ab56da0208c2ecbd00ab1d5e48acced909db74b1aabf88e34d0d5928b89320f45200dc8

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\lt.pak

MD5 20906aec4a21bcbb8bc8bab067075ba6
SHA1 369da9c1567d4376852cebdb87cd9213dc4bd321
SHA256 a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58
SHA512 8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\ko.pak

MD5 965ac0d213ccdfd83ac4970de23a8f11
SHA1 8326841ab80c40a7ca8b13589a3f5ff54fc15827
SHA256 3fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07
SHA512 5eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\kn.pak

MD5 a11d186b8eec7362a280abec3859107f
SHA1 966065cc6f69c3a222751d2191a0efeb6049cbdd
SHA256 a6ecf1dfe4d99f6ba0926c696b5b23b77d234fa8fd03da9825b074ecc640d508
SHA512 099e73977453a5dca329b1d8a8cbc612dd2739bb3db034b7509af35877ede6ee12450875302ff3f9351fc7096b60be1b2d8ccbec89ace3145eb264f25946d46c

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\it.pak

MD5 591113bc491e5c388ee3876de4aab3a1
SHA1 a63c2a18eb92fd03445bd237a5755d557e1cb593
SHA256 33652aae78a486dc3ce4e5affd1b7f72e1248f6f9f3e62188afe3b5d73bd148e
SHA512 66f1e79c9bf179f19942352258181858268a991b42d4a79747ca580df3fa219c2be71ab6597cec4ba7bd4c691a5e1328aa03a565b3eef442c6e2216f0d82653c

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\id.pak

MD5 91bad2312491410c7f0393be512b895f
SHA1 6e4e9cc985c5b96eaaad91787f8bb7f72cddb604
SHA256 a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059
SHA512 5c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\hu.pak

MD5 2515bb367f56f282657b3dd3b9ffcbc3
SHA1 8cc350e359f1cfefdf0ce3b016109dd483d45a8e
SHA256 b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a
SHA512 779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\hr.pak

MD5 1973723b9c45b9d971c97229e7a441cb
SHA1 2bfa4922bf2084486681af45cd7f7dedf95b2d66
SHA256 afed35643df24709c8c5cc9b8158b3d9a2266fbfeed132e98ff254ced4086c5f
SHA512 6a1f35435b01ab187cd93b376b76444dff575284632fbf37bf8b08e6cfe7783f985d0fad2425df3d3c332aad2278971412455a748e83c2d6fabd0f6afc3dc292

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\hi.pak

MD5 66ab509000cac52c805d6871ca6c1f25
SHA1 e3d3e7bacbcfaa7538ca89d9d26218eca06c01f1
SHA256 9c6d8d93278a6e375405142df9829adefbcc8ae9797a4f589591b9784b2b71c8
SHA512 356642a19f044c6e192f658ca2bf8764431129cdf7c9891b5b5bf4e99f6b990a1428c1e483487b619865e7f2d31cb5c9bbb3b49ed25fa81c4374de3e8e65519b

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\he.pak

MD5 ad6af80367f0b5d408bbe2c7b32ade48
SHA1 9dd4e4e5a63e50e9d3715667b8149edd8d07a52c
SHA256 20b1c80f8b2bd5130a1fb372814fb9c9ceac15305da3da0cb29923960a94a934
SHA512 95df5ce7f7885d0e72b2d89e1794a3796a1ab407fb27174219db22c668f74a8c3ba1f680cbf990be533c35ca0b2136b1917c0cb92d4556e3ff2ef3447c55efbf

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\gu.pak

MD5 e884bbc8ded4f5f059211fbbb85ed351
SHA1 8f4ecb45ca73902791ff5e56e0b272252c08508e
SHA256 087e99953eef9b5fd736e3dbd98d702fdb01dc614593a4c575cb619159688118
SHA512 50837daec40a2624097cf36dfd7beebba4db748fd9cc470bf71b526e612c1aa6c88ead7511ba751e370f6f5d28ad9d6338dcb3581d7e3d53e2672741915b952f

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\fil.pak

MD5 c744b92c8feff1c026034f214da59aca
SHA1 95780d3374841efdbc0d8a46cddc46bb860a26e0
SHA256 d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745
SHA512 eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\fi.pak

MD5 6d7aaddb1365b3efee94d4c510a3002e
SHA1 2a970204894c5ac163c980ec0fac2dbd1711e5b5
SHA256 11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274
SHA512 f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\fa.pak

MD5 7851efacda8438c041c9a511f4097de2
SHA1 64cba381a17ef0ffae2dff5135d57fd1f9300ab1
SHA256 f1a7351bf0d8cad475d2761b9edf970c3098836e38aa98106a5e04a41002b7c8
SHA512 d94fb1d04630cc292296ad6033c6beed1a00dcd4c11eaca04a7eacb50c238269b21e4d2a4002836f4d41e0f6d951624beefc95beaae23530eccded4569ff1869

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\et.pak

MD5 3cad945e9ae6e31cfe66c89365e5d353
SHA1 43758cb523d60d936b9a417123f337b8e123481c
SHA256 ba4ec85d2306a1f1f178a017fef4d340b77b33e10bbee07bd359a8e0ff8ea461
SHA512 ac07e7f72b670a2e8b7a46a672fefedc58d9384d4773a6f220c231c619c1134613ff68c0ccb0dc9e03eb5f47dea7ac57de318af5f3f242d6be7ae43071e2d947

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\es-419.pak

MD5 15d1e262602e54d76de8bac02dada000
SHA1 54e93995675bcebc595befaed6b73c9ff5e6e735
SHA256 ec922f8ca16b7e7642fc73369ba7b75ec950cafb1dcadc6c88426c034382d483
SHA512 a232eb97021f17fde322697db2c00423cd70e9741772912c5f7a41849b35dcf3e2fe84001ff0a7902b2b54305d1f805f53988e421e192be0d5abd157bf8b5f1f

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\en-US.pak

MD5 5c52a86b21633b55b383c20f16859b2f
SHA1 126585e68cb17f241351004e21c1d30e65de1cf6
SHA256 41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078
SHA512 2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\en-GB.pak

MD5 56bdf77ab3487e28d354a8b0f9ba8d2e
SHA1 b10ee918320a50a417b1ee6a28cd4b05a5f77238
SHA256 7df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb
SHA512 8d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\de.pak

MD5 d1a513308f9de55b6c7bbeef7c4fe90b
SHA1 a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d
SHA256 662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b
SHA512 9756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\da.pak

MD5 5f8f09aa98ec3a4c8122d64c5bc6610e
SHA1 08a6dfaa3a11d8c994da90460e78ce0a4fcfb644
SHA256 3430c0f1946901dfa24190ca3989f72171ec564bc7c523853e6a1f531b61b5ee
SHA512 9c643eb6415cad6aca0584d62211aed5ed21a0f8d71ac4f692bd420a4a190a9781add7c874d0f56bb5c1c0f65d543d932d0f50caf127e8d014c05d015ae61ca3

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\ca.pak

MD5 7474c8e0c3285b97f1f12792964b6824
SHA1 8b9381be0754fc3df2f4f13f8575bd4abab90e9d
SHA256 b3d5dfae25427596b1f14a8e13d6bcb58532c82554229c2367779ff5c42b28bb
SHA512 4ad524fd530bfc72d72edf04ba4890e06ca0a20cc1d5c2c3d95cda746b1d884a62ec2d4463ad7be9cd01c7529b41bef65f9e669c62719808a83d3c70f9475d43

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\bn.pak

MD5 57eab375114893a5ed0de36a516e8252
SHA1 16f23ab3eb62bc7a2525a7a5d86139fa88670b89
SHA256 1aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587
SHA512 895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\ar.pak

MD5 f6ca56d15814dd5afd5e7ff985257880
SHA1 ef236d7027cb50a188c1e771527e6628702311ea
SHA256 5cc02570e5f61cbca791309985df3a29584e41583b3344f1d9fb6b04ce423e6f
SHA512 46c0436c110d6f1a8f3ebe962226c51af525228262cd56744e4d89aeb05d1eda614801a294bbfd2e08598e355750d7a2d200b3e7b594da03dd26ece4cdd31e3d

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\am.pak

MD5 d6e8c344b2b40a9c671304f6f252d51b
SHA1 c59ddcaad921b6d2d3f70b7ab07026c35e5d1e08
SHA256 4e15946e86a578eeff41feda808bb291d81e240fbdfc96cbe2efe692ad35eef5
SHA512 018ce2bf4beb4ce066703b2ac7413c6517759be68f889f27990de5d6694e9f84b4027f9861901ea4b15abdd1bb570e5a16651c935713feafc4d16cd57be0b911

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app-update.yml

MD5 4dd45d9de32f1a1a9aaae5d05314e29c
SHA1 80e458fe95becbdbdc82b1c06c92ae4f3781f497
SHA256 f2063da30e10724592fa8e42767f066c34520c4fc8302b6647a1d2a0a039d71f
SHA512 f5b0ade03d39d867ba3d7db972f999b92696beab9c20d1eb0440d3a0aaf66fc6459f0d6100f3ee8d9dbaacb5d6d78b8d3e0f8abcef8dd76f05719b7f896a7c40

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\zh-TW.pak

MD5 e302e1102f3f5a21860f38f41b3c30f8
SHA1 78b5d1c451cf674a7641dfcc815f966fc920cf57
SHA256 d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b
SHA512 1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\zh-CN.pak

MD5 3fe312d9859b299c3a332373172c33f8
SHA1 ce6a99d79dcfc363bcf68bdb1ddd4e6862236020
SHA256 f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b
SHA512 488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\vi.pak

MD5 565abf3f9b296fcff95fa5b169a7d598
SHA1 24de1221b2adec13b5bcc23c4a54b8e987e9f12e
SHA256 fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257
SHA512 53bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\ur.pak

MD5 fb978b7d211112a0774ce09ca54ca96f
SHA1 fb0c69801230437dcd20e3803db81ee60fc042b0
SHA256 60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a
SHA512 abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\index.js

MD5 5250f6ffce08844c0f9f139fd707243c
SHA1 b5646886daa1c00461042d1a35c1a83675f8c8ed
SHA256 95111d84575ab36b697d760e130d722daea3d322cf56612f2ae67c7b3e8cef19
SHA512 49dc989edab7b4ce7477bbc5c678e1b1f4aca0f77e0ad6323d3c251164ed28b59f4d18d5b0280d53108b93e133eb2dab5469093ecbb2f1fe2bb32b758f59e729

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json

MD5 2ac7232223dd7c39ae2e82220d9a767d
SHA1 cacf598ea739460d281587549421ce95546b3048
SHA256 0f49b6c0282be08a5dba3e98024401a921167974a516b630ce9f9a9f2301df08
SHA512 249f93debdc2f2aabc8a1d977f2c1a9a54cbc0e3580e4dae06a1193ff83c801518a7cfb7919f98c3b943eea7c7b99d85c8148292b0b96b3bce4788277b956b56

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\node_modules\language-server\wave.d.luau

MD5 7e477f85c45cfca5731e0e45ca63f8d5
SHA1 35390d8d2c0dd00e3c60dd6fd7f1727e36874566
SHA256 e58e8b24642a8693b1b1ebad703a7efab1cece9a1b12dcf353c4b4432f23062d
SHA512 dd3d9b149dffd31ba4e94b9c84ed0fda1fb67f1f7d633900688cc9e4e40c26f55048c1730f205e5c22b5030362683f0abce86033816f1e089c3b67cc3853ca70

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\node_modules\language-server\wave-luau.exe

MD5 12fd29fcaf6f6518b8bf9e976928fa38
SHA1 1f9352e217518eaceefdd041e3f085ffbb93acb0
SHA256 d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4
SHA512 b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\node_modules\language-server\globalTypes.d.luau

MD5 6fb690ee838bebdf6591733bdaf632e5
SHA1 658ccef6ada0551d661d78706266ff6ad2797858
SHA256 ae99b7b676e4becb10e6a9b77229e99bdd60e5a91d2e6bbb141c85721962313f
SHA512 7218ebc8c64a7bbec231989ac7d2221be63f29302f6f16bfc0bd67ed5e9c5ddfcb50ae781f6ef73a3d891a70ca73ecc62bbbe6c5a4a218225b24c0d19c7737ff

\Users\Admin\AppData\Local\Temp\nse2E81.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

memory/2144-973-0x0000000004260000-0x0000000004262000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\node_modules\language-server\en-us.json

MD5 de2ac61fe7207c1b2f304b05fae4e39f
SHA1 72a4623fde7103eebcff4a55ccb8eb6acf6bbee8
SHA256 c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647
SHA512 4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h

MD5 6f621ba192a6fe2228ef9965757f0bc9
SHA1 e3625cddde946f5ea21e4c00be95cad214da4016
SHA256 2b561b980e0a01191a6c7cc1cf94c8d5c061f9f299ea256f1e7ca17250ae08bb
SHA512 ab90bc30f2c23a3032334d30294aa02007e0db180c82c6c8f0d84781203be7c342134cc17bb2ac0c7bd89c1e5902c852afb2d09b0c7d4dba27f5101577491f4f

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node

MD5 0b3ffb5b756beae28d8d9da67c288283
SHA1 7c2a0be0a5ab1b936c4752254927f5ed066abe5a
SHA256 462e527de86494f96ed0d42a80c261e46bb57352e86d6175607186c1dcdfc7b0
SHA512 a1568e7d02bd34992236c587cd77404e4cc9c25011a075dc0cbe52b59ae254eea65cc31ee7fdf26898386e370a752df8bbb2ce70592244d6f24b10d39f9f7854

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node

MD5 8a50b5876633dd9bb73612fea622a521
SHA1 27fb94a39849fe6ba1ce7b983c0d9e4ca4e62ae8
SHA256 053c3100121939dfa1fb936718c6088e4490e72faa3c713310b556ea90155278
SHA512 958d901f7c72773a2f9439842f422048a8cfa941ef943f5f9e61c5e9d48b4d9ebbbaf72acb2a07138ae66f925b46dd98717656a58719902d417a14ba1e5aacaf

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h

MD5 a5a0f8294daad33a66bf30c329157a2d
SHA1 02b5d7fab93d942033fe9ae2620d1a2363914469
SHA256 4955fbf455cc29d63f5dc777d3aa5172d6e1e6df221a33808a913bdebf5a1277
SHA512 f583116ada3f281c208a98d053fe6b580187d6922e2ceae69917770a46f56c16444267172db2cb0bdef3b8012088706ba1a2203631f9ff79d2814714b25fa78b

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h

MD5 349864c2d1fbc9c7788cdf95c541ff52
SHA1 fa968f5bd6560675c26078de4e7d52b454c778f7
SHA256 7340eea1def3c1d832a6f40c5022725f1704a783f7f992b71d5f3ba2dcaeb34c
SHA512 5e1910c23dc08e79199fc80ab8e0c7b300e2e1bd2678d0d9171a73d8f328adbd32021146e5e43485f64f25fcc6bd8413ce1ce3846afd7fcf49ffe3a04d0efbf6

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE

MD5 7cb552557240a921e34ad313a224d17d
SHA1 92ad1627269adefd696ac5a67131e4af575a2cfb
SHA256 7d355d1a2324c2073059ffe7ea4d96852c873e718bcc197374440dc3efc3f7ba
SHA512 b4bf90a3cd77805fc149a4112f822ee47b4f13404ee92455ecab9dd12d796ffe81d664bf21042ae3ad6419abf6a9de6df231328be6bd8ca2426e3432d456921e

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js

MD5 92a4c6dc39d38ac078ec80977508feac
SHA1 edc8d81988e99c77105abb1455ea224fde97d212
SHA256 c12583530edc83dcc7cacef4a428eaefa84c10bfe4b62c0c9707de015e338859
SHA512 3833af1f274d3bb89776a8dc6b9ff015f5d219ebec47f5e98bf88670e523517ad8a493b0959dd41dd6e658c230335338325e8c2befea61f2f22f8e83822ccab2

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE

MD5 216384c4c084ff996a55be20cbd26ef3
SHA1 0510d5fdf8e7bf002b8396958f2240222dbb2a5a
SHA256 fe0982bd7d38ee4cb08b2f111067bdeedb9732a6621c761bcf7dd01aa6211c5a
SHA512 eed68402c44f099b181ebbf43ff7efd1dcf6791f7f35f6d386d66202bae0da6e7f0108fe9c3d62af0f69989d92286fd0c307d2192db0113b9fc857746dd01abe

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js

MD5 e5053e64fdc67009804a42cc8baebf90
SHA1 8814ef33fe018ed0a1817e77c7ed7ddb16076137
SHA256 5e591255fa35fb3650502e648ff51d6d7c7e57ada312bd33058da03cc412efb3
SHA512 60f941a6814dc3efea6a65c6dced552d4248273e1ce57222b428f813e0ab655d13546a0951ad3c0b22adffc7fc40542d7667ce70d315052308ea0fa1195526f5

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js

MD5 927d799c0c996a865d11a78f04198211
SHA1 f5898b61159f1f56ebd3cd439b498a177d413c0a
SHA256 7f69b31efa09c6e7d442d6229e82e65f38faeafeda1fbed7c5e54324aff062e6
SHA512 97e1061700f32af28dbc946e2f3be0358234689f9d3482b37429dc28697516916cf1ff6c7891a29b835cdd775705f432ff7f437bb67ba87d7ae81d62453407b2

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\merge.js

MD5 b5932e306173a01da5d3f814bedcf4b8
SHA1 d3ffa9ab328864682cbf2f5e9c5e5f6437d92541
SHA256 c4598a00e91b93b7964bb874e8ceed6d614436335a7fd81aff7f504499e210dd
SHA512 cf565fea7c0b2453b8276fc25b5e0b546b0ef79eebdea4022aedcfdeb7866687c925d95cb4d56de413d53db51d03168b8302383ca9f8b04c3b5e501fd3be0fab

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\log.js

MD5 fa4ca8a08fd35bba58f2af0f046320e7
SHA1 5f672b1e8d504a468b7946514e854425fe938d29
SHA256 dabbcccb1bf0089d96ce9592a575cb64139926d6b899091c1dbd37632e9269c4
SHA512 70cdae1e1983fc7bed3bee24f50196ec281752e7567d5c4d5aa2859172141422f3eb6a7ffe9165c408d5e3354d7c139fd90382c73f7ac0de16a5840221dee399

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\index.js

MD5 2f2a9c006f17f892a78a9381932918c6
SHA1 80905883f8b96a2265d60202f61de419e8c6d3e9
SHA256 c69735d5a8d259dbc87614ae268de4f6581fcadcf6f931dd20b36bc09c0a502c
SHA512 702966aebbf2a8f98a89da8640a3e0f610fdbd063a19bd4c7ce2097dff7ca1d49a2c8040885ca3b31f85662e6a8b86769ea9224e8f64a03bcd0bdcfb71873b35

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\colour.js

MD5 a85f32c2180651cc03bb1f293271bfc4
SHA1 0d04f9086ace00f08c628c1af25c728eab897d66
SHA256 a4969a552701982cd415005d5ce162f955cf26c205229d2f4c75ed4a75bceceb
SHA512 b32f6f7c1bd75a3a23aa5f170e5356cbe1ba7eb031f6eced706aeff8c15d8b37fc771c29a82580a48a95c65334d8e41b0ddb551409164a43bff29def7277c89b

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\clone.js

MD5 9ef3c7b72b1d63f5e3a7975ff67bdfeb
SHA1 a406bd661839b5efeff4929af9fcfa991e51be12
SHA256 5062a7c87599935fec99e505f3f463c3e0872455da73f8c8054ce0788c513ba2
SHA512 eca4c0784695d43435573725f659409ec33a3acd3a5695665935439cca28122a6d8fdc1eaeb8ac6fbdb921893ad4226467777e8c35e3b9b0b672b2196f4e12d6

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\bus.js

MD5 e469c4cef4116cf230f86394586c5775
SHA1 8849ab04de5836797a3839989d4325906bea9dff
SHA256 8ebae78d8d75951b714acaa3e1a3d7f15b382a92b90c8040423e9866d97f1ad9
SHA512 923ecfd5103fc6e266e53dbb1d35e11f4058893177fa00cc392a628524dcdbe616c90015a24e15b987f971c5eabe0e53a3b107878bc41bc73aacf1e370d660f2

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\parse.js

MD5 078e15305c8688746d2e6933d291babf
SHA1 80f0b4201c45af197cae63c9d93a88525cd5c5d3
SHA256 9259995d8e1ca1737ff36cf4f97c80e55d812726ec4ead43b6c0829ce9679df9
SHA512 83ea7a6d31845542cf03f4b27be92087e417ba5f995ec740824440ddf92932d3623576b7a1022ade20deeff2f1741d617e32dfeda52efb5fb85e9be28de27df6

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\index.js

MD5 0691f1f2acabdb82da7d67e05479ca5a
SHA1 dcff01be935756a732591d61fab8e64e530ddeee
SHA256 3e64a2a35a97e41ff8c073299f07c3754d99b0a6e7d42faef7dc02d61d67757f
SHA512 85ac8207410deba52d3b58fcf30e468ee46b1073544b61376b4b015e588a52973fefa192a027bfe8019b6cfedefc3c4c1cb4fb0ee88e7c2ef88da1c7ed0f9eb0

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\add.js

MD5 4739ea852e85157f1ab60544ea5ce663
SHA1 d83c88f7f8bd7ec5d1b36f86009ac7eba9ca1bbb
SHA256 3cc60361f99b1080c66fce4d6ea0390a38c2a49e821e7f21dc43ed2fafa31277
SHA512 780001095f33fe4a18fa06c3311f3505949dfa762da5f1c0c6665b5501190b6e6c45eb69633c99e02b8b59d01813abfce2baa611509f2a0e65364ccf71965bc6

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\watch.js

MD5 a0bccf8a21d0c4332643a758c666f725
SHA1 1aa6968e927afd86a3f056126f31d2eb6420573f
SHA256 efb0a3f37d9a6279614b29fdbca3f29c1a6d47f2d26067be1c86bb56fbaefcf1
SHA512 bf4dc9c5b4f3b0a01ca161feee0ed13e6f1db24b0a64bbf01b325d0a2788380516da7da7654ee983818f3e0684983302242fe790bbb384dcc126ac4c394c41b8

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\signals.js

MD5 0b71010f098a8cbf8ea47a83a699693a
SHA1 456a713c6a78b49bbf6d613ff9cfc4bc9f01f589
SHA256 5c16e2e5f7101eea3f13c19da7c7a9e6fa02f7d1098b170e71f07d14f915e394
SHA512 95a382907ac465d95db0cc41055038e839ed9164d4010003c08e6ba4456c19b50158c908b8d287eea09a153e38fdcc7f9a8c0052f35eb069243628e0968750fb

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\run.js

MD5 47603d83844b08ba9fc39ac940d78f50
SHA1 4b8dfa2ec30dbd1146a9908b10c858ecbd73521a
SHA256 d93e994fddfcf6c7683976452a3d877a51e68f56ce2a49b821240c93cca86d13
SHA512 52f33cfc03dda936f4641f1ef8b3f14659247053a701b8990f0713742fb90016ba5d51d1e1f44fde84dd883c92166e77e908d586c527858bd3c0a416b9c9d256

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\match.js

MD5 65475ff22153cb7e1cdcd5322341c398
SHA1 c026de2f4276472496755344bea58e11e6b38748
SHA256 d09e469209e55541c8c67fa7ab25b7d4e051ce26d36f737c6264d4ade4b26d63
SHA512 8010e71be183c4b1a02ced648f083be4c8e4be9ac474e1405d91d9925887b00fed0aa07d15b994846417a48ebf768c5402f5d0b004cf9107cb44149bac3da655

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\index.js

MD5 532b43e5038c9f6a6d65d40ca44375f0
SHA1 c7fa3f4fbab77df0eee87d08d428cc06d18faf76
SHA256 cc16aeb163da6cc7746bf5ced2d11f1436e458c7ee803241e9a9fa1d107450fd
SHA512 809479d0b075c9bcb3eef6670cdd652a6caf39ec7f93f1d7dde0eee8a792d518238cfa9f78a2ec1a11ebbfeb00d2a117d25b198718af668c7f356bc3f93ebc1c

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\help\index.js

MD5 e47db45cd167c663151a07e6a3396427
SHA1 f3002a966b346ef937a47576d754787e4bddabff
SHA256 1c1678d18dc75f67bbfae8c92836543af6990bce6b1cf1ad3acfb52285dac393
SHA512 3f8e10d09fcb527e1c1753d50c9bcef2b8fb70586f34e600c0d60ed27a295f077f380e1df2fdadc78b0d468a54f32a5351fb5c4cb638e3012c96358094d31dea

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

MD5 3379b8830f56cd13355114f157e57857
SHA1 cec1a9f2c8ca7f666cb4efc2f3eb99317ea59602
SHA256 7329c732d39f8e884c0ec197e1133c536545bf4137417e6d664bbec962990e29
SHA512 0690be21833aa598da0d7d20312ee8a2e2ecaf164981c94c3bb12036cea40a206e1b25e839209db78419d6262ae87e29a5c94f583ddd9b45e05bc5a107842d22

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

MD5 ac3af2f96d2e824bc37e36e30cb35cad
SHA1 d04e50eb9464ee715a940819ac7af1b612884bb4
SHA256 be155df5dbc29c88c67c936f2840d2bb3abd09981fdb6db6480d54beeb27e9fe
SHA512 060bc19e10d8b9cd959869866b4ac5e0739edd72ca1e61a230a5f3c735feda6fb75ae7a8ea13349013082bedbcd40e30219ca09ccfaad43571059a765bcaee8c

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

MD5 efcab0a70d5e71fb513734cf92f2a201
SHA1 aa55660d5d6a38e2ea632d4de0640ad2b1b7fc5a
SHA256 fcd713c63326ff75fc44afdcbd2bf63991c3c76169a26a2646defab46ce24155
SHA512 260a468807d297c2fe85ce8341ae10be64a7833a8249f2932c6a93e6ade07438ca4bd26222326a1b0e3203ba0c80a6a6fb78e90015b667feda8f68538e1011ad

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

MD5 2e6f9c975170db8136c9ca5c5ecf2a0c
SHA1 404a2c64977cae3407aa138c23a2f841546f713d
SHA256 2b577f3fd8e3d03d64c1ee07ef13db89df04d0a9cf7b69ebf2c17041f7251104
SHA512 15bfa9fad522ddc043383704cac725c8cc2b4565708b891e9e03d889237cd528ee4d347e54a983c801550856c2d1ac1269dcc127edfa6d63bf3d2aa0a19eb358

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

MD5 90c1aa9f031e818373c2f2f7ed6b9dbe
SHA1 b6476cdfa45ab967436ba9bb32aac1d65e531a9f
SHA256 50f10478098f06b77a58b351a93bb8fe7a7572bfbfb3e6f0bf668460865da3a7
SHA512 4ee766da766530bb372d8e04b058edd6b28ca5d77f603b175336e9b5e8f5c677e77e0ea4afc07a642c07c48e0c209716dbd9cef4f6ab97864a9ea51af2b49bbc

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

MD5 63db540f7184a372ac611fc3d7f21136
SHA1 0b3a8e70600a6705297a532849b7470c34f8c19e
SHA256 93b9bbbc19e6f0456185d7c9e9ce11e994f41c01e46067959c5168bd345b0313
SHA512 1f56bbc4856fbefd21f6de0738712157b91f1388a71a957c37444b617ee161885822b21fcf4e7efe14d5af54b9706d8181acbb286dbd7525c91a56b53dc391be

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

MD5 05d07534c94e2d589bcc02e96e1b9503
SHA1 3c3712ecff74a1099c4d65e4eefd9cf2e38f1119
SHA256 5c5b008f28d9aa1d6f8c30a30de037b95b50141a20ad0f029d0d79bcd75caa4d
SHA512 7c7526f2b4e685cc7e20689ebe5abf7630b738d2d15ab7b5e94765e0e6f221492e9e029f715f5b3ac156d3d11ffd907e070d2d7f968b5f5fb401aa9c7ec84ea5

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\version.js

MD5 7232bc938db18583ac3447bebc844430
SHA1 55051c267076fa3bd3764864ee77d4c41c4b3233
SHA256 5071083e2e09969b2741a46cdedbbfcb2608fa35c1d1237e3bcf134749fb5ecd
SHA512 9167690b0ad72c815c3d8c7227ba8d3574acbab95236de0ddea28c73f6a2899dd700ef9083b06d2badad19c21659a93ab101ecc439a42292d2540ed8c2ff3c5e

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\spawn.js

MD5 ad2e1e41a1aaf8c0d0b622a27bc6bf9e
SHA1 139625411959345da513904bcb7d73d7c312b63d
SHA256 7804d7450f305b9142af45967be5c96f52be8350dba2a403f4bf79d5e092bc60
SHA512 e43ecd8af261ad4cbed89f549c18c18df9cfae6338c0719c1e5c06361c6cee4598d080ee32dfda56cc742e23fad5db56a842ef8511d9d5e2c28b7f7eb4eac091

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\nodemon.js

MD5 392a1c2f9f7dec3e4f64bb738f21785d
SHA1 02d0364639bbc6483d727e5e24e6c6b39c8f0ae2
SHA256 3bb0b111682da4977e265b0bc746cd57191e294e0c25bf667f129771897dace4
SHA512 48b0517f41013b024dd5a674b88a9e53590113f664482b0420236babb9ecbf0428c40c9f708b204bcb1f2d59789ef6383641eb8efcc7a7ac506d4345c78358d6

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\whoami.txt

MD5 5a53b8ff8c3670ff035f6490a24a0789
SHA1 e079a16d67475a83eea085058af0cd704da97393
SHA256 4e7d19dfe1603ca93a0421b1abd4b19cfa5324ef458ff549809c5e66a2efc596
SHA512 e906ef44ff0273e4df3397ba719c173c87a9919b7f9d2580e2c3354fba22f69b0c0a020eb049d276934dbc66f497b279d15c135fa0e12e04acd39802fc5dfefe

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\usage.txt

MD5 1448d12c8524497e0abecc6089aa5a99
SHA1 183f63e7726b128a36e247e6bb506ced31272e49
SHA256 844e2d826c59dbd72ad383fe8a23b24373d83e9b184b437f7f04c42487cd5759
SHA512 e14e41721ee4bba6deeedcc5786a113042cd595024eb411ea7d874f282547c5943dbdf1eb7674d752ebbac16ac4e1c98149b957ed5cf3623e85a561a42354e45

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\topics.txt

MD5 57a5e0be8307585fffdbe867f0d047da
SHA1 0185976215d973431c6810571b21d6804bf64632
SHA256 5f8f41620ccdc1d7298df4ab786abc7edcf049fa7e06fc69bb26b38cbd453643
SHA512 4c05c95f21225be793051bf799255f6e021145e17ca384697877aa9dad66303d8bdb6e47751433eaf17b22dc766758cb799034a34e1e7851a8328a95b6784273

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\options.txt

MD5 016f8e569786ff8f5f6c321a735e2323
SHA1 b7a7a46bf03f4564d6e47fa55a4fc6b9be1e39fc
SHA256 3c8ec4fa239f82b2b9f427925ac2f75af2af9147eaecc706b1990540b95ae94b
SHA512 6b8372648371ea46ac98dc49ec93cb2efb9cc81f75e8ee7a5e1f0a01b7bf209ca92e07649c22630722370b1f254e956ea7ffe4be68d0f9ef419766f90dc80fe7

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\logo.txt

MD5 f55be3331bb0e69fc47994610da41ada
SHA1 d8415b399bd3853ef658a5f2057812404598b5c2
SHA256 cb0c73fe1bc7676104d6a92ca91250cd562b7f37a564edc260de01a3fc636b6d
SHA512 505d427c6d0add618e0c54f8079e4303fee73e0ccd9c4edfa67b44660ce5d5deab4fac09601002f73cfd00f445640a69ce9fe9a39b8a0f3039b200f5bff058e7

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\help.txt

MD5 0034cf996f84911ff0646b717ae47ee4
SHA1 5aeef8ef12d8023fe208c0492174a960e57c643e
SHA256 d98c56a3cb9643b399fa04c422da35204dc91cd869c47019e9783fb4f7289adc
SHA512 b1f174300ee58e16676ee8ccfae4e48794ed5412d89e0cc0d8a134ec055dfbdb596d0ab43ab376f46adbf76cf970210455bf46ed666839d69357d0ded8c057af

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\config.txt

MD5 73ea33e660552d101eca031a0baf6be3
SHA1 3d3384db49a197a8a616a274598bc18a25ade114
SHA256 032c4ca3b1814a39579d7a0a00154a3772d89aece9884d135fdef782f36e27c1
SHA512 c7b9a4bf4de7d13bb45b4db857511cb411a7927ee4db759af263905e01cfda8d95477d2e2d6ad6c51c9f301710e20ef64b54a4d15082f5054680da9cfbca1146

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\authors.txt

MD5 b5c019895f49ad741cd49e6291aad090
SHA1 03567a03c8346dd89516e2e03957bb674af91408
SHA256 e1e0dfdaaed1f025c106731aff67d664b849635cc6cd3b9b08674db8dbcbc5e7
SHA512 ff13c9416d29d9a3fe636e14fd63e5424129a6e72366c06b1bae3c5a06f60cbbf3520d868c492d472450e35e547881be93955b29eed63e66979592da576f8bef

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

MD5 de5ecb14c8a2212beb309284b5a62aae
SHA1 cf89d1cbd52f3183590b33bd6be591f95a6f5291
SHA256 d35c0d3af8f66984b1ead5cb56744049c1d71ef0791383250ad1086c0e21f865
SHA512 fea8a49538f5fd4cb8c262c1619f9f8e906edeef7d3c791bd3b85f032a0499aa5f18b4370a00e1f4dab9698e1958b042cab467103598f1bdaa583eb1fb918c07

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\nodemon.js

MD5 30894042a167528293c057f833e7b6f2
SHA1 ec993fedf1f1a22c77b985c72d8b0074811ea680
SHA256 9bb0e59dfd1cc00fc40bed0ccf10d88414d915d79875b9dee5c1d5009f4e89cf
SHA512 2b544b29e44e0471a9da5474209bc15cb81a44a38448a74a7a67f4ed3ca7d1926cef4b2b13d3269fb785a468d00f1cfc042d2a7d6b4d563725da65028e2df15f

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\package.json

MD5 d973ee4a6969bc5e14e93d99d4680c16
SHA1 22ad20391ccb50fb6343931a1312751b2f7e049f
SHA256 f0051785c8178f10c2b5ebe86edd6949eb9db7b293d9abbb51a857f7e62500aa
SHA512 2f8c64f04b3fe023d296899b16f6596f42cd69c1b8230c5bee561c18af6bbf44697966b45b50d718eff75cbffab37054a6de7b57bebc16b2d85a5a0e307dfa9d

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\LICENSE

MD5 9b54883148dfd5ff6b9f1a23f9470a30
SHA1 f062e421fa2d8f722e9ccb2b0b4be9502a7386ad
SHA256 0fa6b5d2902f7ac42db390dfd2cb3b4ce82ed45cb5ad5dea41c11d1d67e0934d
SHA512 d2af503c12f0fda687293452af39f98f5c3987eb8a57cf12c47da5aed67c761349e5186c15371a96f5d490c140e8dd0d5e8bd6a6164139dde0562d6ee46db90b

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\jsconfig.json

MD5 21cfa078a36c66a3d1f4f2caf729fd56
SHA1 8849b6bf237cf4464a4628f0c2e163e866dead8f
SHA256 87cd1d700216892ba7d388d04f42e373e1abda0b5d407c54a60e67b5dde48ab2
SHA512 92f7960fe79d8e5813372d7a7833bf883c3dce6eddb083302314a2d9ff52d800178f8ddcbf071c169267b346dfbc5d59b1dc0f95a70671bd63453e56e18846d7

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\.prettierrc.json

MD5 e502800d651a7ef3ff58d918c68aa81a
SHA1 c3b456549821510c5729648bfd93886491df1db8
SHA256 37055c98043228133ffcc5cad7bba5ef6c8f24698a551cae547b90f51d22e519
SHA512 9892bb44616c6c2761027562371e5c72a355ce1b519072ce5733ea1d4971ffb8c9b3e83f935a18120e0702aae644d07274ad4b09214459fc13679a8ed6051e7c

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\resources\app.asar.unpacked\node_modules\@next\swc-win32-x64-msvc\package.json

MD5 704b387859cdf10e134ba4c181773747
SHA1 626f9cd6f668b8f310a4c11f331b96cb4289e44b
SHA256 f6b59292c52960efe68cc3813a78bc505d80cae11d632006770059380173cd53
SHA512 5416f7ac6d243bd04f32d5a776b596b94db1858cbf904357d8eb4733a22ddc94bcfbc116437e86799ccf402493212117f65289308f4ae16f3d39083693f9ae66

C:\Users\Admin\AppData\Local\Temp\nse2E81.tmp\7z-out\locales\uk.pak

MD5 241fc33569b22647e7d2c4189a8ee7bf
SHA1 f56a73cc81b1e96560b74ee5e73d7af792720ada
SHA256 13e40208e2c9f4f4b83dcf422610dc82314a8f99ba50acdbd286c508f92eb232
SHA512 ad16f84482f0c7c3d3c3fb98caa3dbd0048138f361aa6eba2b6338ff6e25da4c3ab39450354f2a86a53d655cad99e92fab2c030b5771d7e6a25190617f1a9385

\??\pipe\crashpad_2016_FHQXKYTBHJMHORTK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ca7c52ef6d6741e48308cac565b906c5
SHA1 55b48082c0632ec3c5fc7e94748aeea6e9f29305
SHA256 2cbabd6bc8110fb1599415ed7bbe8618aac6272ba64807e6d9908c96390f16bd
SHA512 191001b286ad8b705afe3a5aa799afdd0bc437d59823ab738e15229bd5e51daed058948cb404a6135d8324d3f20617531623778ede79a127a36cbc5cf0160ba9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4f946c4941dd35f5f076642b3536b75b
SHA1 6a55bee7d23112abb1d981b7b977a3f24d92cfe1
SHA256 e49a4b0ec32cb9c5db83fb31a538afaa5f81143ebdf6406a07c690f74755953b
SHA512 e1f16123e0d16aac9fa8e57de0b5eccc14d6fba7336f42231ca605539277ce9f0ee3471a9d788fed7756203d69851c1e0a47cf9986994c5ff7315a5001f02269

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64ddbc5363b9961850c3346efbbb69c8
SHA1 5ebfc8dddc536dc64a31f94e63c973f76b338e71
SHA256 4f82e887e083dcc0b2993c5093439fd16403ea9a5911f179de8f955b7c5628cc
SHA512 24ccc7006829ed3d3b21da4287e8fa4f3cd84162c7656a8366f33662660e21f9570bf3e4e606f178e76ec864cde6a71eff7c4d605816f7aa70a7b1f5a13950db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\43bf16e5-a9d2-4fba-b3f2-893c1b335048.tmp

MD5 cbbf1e71dcb8735ad8550dfb2956e52e
SHA1 b3c5a34b75f78d54f92e8001579cabc29e677c33
SHA256 63155575f921c648bb8d6bc3a0757e904a1dc810ef3a22b886195744ec7d3fb2
SHA512 28b4d704bd4b618fe92ff00c8e5b7f559cf9b514d08d02f02cc33cac3de7263f01660c061adae9128b81b1774ae4f8e39744a96a97ee50306453ac25ced96b65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9ca5a971f8dab7970fd37fadd33a922b
SHA1 c2c67030b01f343652a3074f2d9f44b71f62beb7
SHA256 89e94130b27f22e891d621129bb2d07357a0d2cf646ec003662e2cf600517261
SHA512 4d5e65d610f4d3d264453ddf277adc78752111aee7f062b36db69722e518493b4ae640ada6978c3a29739fd1faf1ac5e427365aee158a1e0290b6ff2dc7b756a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f7863f67bbbc6be44a1d60788253701a
SHA1 458c87949bacd243910df3fb18777c572f77e341
SHA256 93b35e912ba7a87307137cf4827e9ae56e48a2a0fd3de0a22dec8d84a8e57a9f
SHA512 d7f5966658ba8c7b3188c76514f6bc70dc96ae3fc66b6af75e8d7107021181e1a170dc2f6f8826f4eb3eb529fb5baacacdb48205155047e70b4b4b551ec08798

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 13727f500fbb8212740044418b962119
SHA1 0223c9bff364bdc395afa2b204e562d58d5b1aa8
SHA256 70c47b6c79d8e55f6c6785ee023f413264f656787f2ca89003f388462c6101ae
SHA512 9f4cd5e0b8adcca9f2ca7fd59aa9300579f94117982d82c2158957ac3c159a9bcea633f408fc9696d8b6282ff948e37dd2408213f6feb1efb45f0b5ce85d1e04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a13cac3f08698a9d4f1f92deccc55c79
SHA1 ff5d3da9c0a2c6d5710337fd1adc8ecf9f0e0f8d
SHA256 8bf4a0c090ecba9cf49acd07d5381f8bed349a2850b44e81600dec3e14b2b45b
SHA512 7a04d14ead149a981a7119aaae36764fb9987fc42bcf52a039c8c409645f64c3300875ff42b4b8b7e664fb355180527fe9c5e1565b37ca01acaee484d2af159f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\03c78396-3ce1-420e-bfc4-ac9ed816fff9.tmp

MD5 b382de360b1e42c54d076400bc5c114d
SHA1 3b3329d3f44ae8e654e154dc35a1e0abdcc98d0c
SHA256 29df488537097a0d68c0e3bf006c1e0b1d98d83008e151db82706b31fdd9f30c
SHA512 115e1eb6ff7ce4045bd0b49061d28e8b22a3c5d2b2c481c87be5004ac5d8de1bf136a202217b73906ba266593408a53f3aaf6ca40d9e0a0399c7f2db61f26de9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 91c56f6d3aec02fd78f7af5169d5b95f
SHA1 e80b6dcd661898e8b2d95d15debac6b5c465ab2e
SHA256 b91cdfe2f88d9e98a2b92f5f65ffc5b6d2695b20a28ba04cb9ed3c0eb99dbb2f
SHA512 c9255576f5534553122fa975264ad2feb33b9b56280e2b414c812daea6e1e125ab5dba534abbad1d4799d77e6f501a8553f3a77020875002a15355a9f6c2f15e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f0282fdef548bf32005b743bddcbd5d5
SHA1 d5440c9b4962065ff87dfea33b43c5f4b4eae08b
SHA256 1d07209d218952ce5d68d457f9849a8ec57a568a409bc5ea9c61d9b147658a5f
SHA512 f57aed64639042b222450ad0c95cf76ade3307295c09f1de764e10acdf858489190eeb4ea6afc7674cd23cf1034d76beceb27a9cbadde39c90f03f4e7a0d4b24

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:32

Platform

win10v2004-20241007-en

Max time kernel

151s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\KasperskyLab C:\Windows\system32\reg.exe N/A

Checks installed software on the system

discovery

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3088 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 3088 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 3088 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 1020 wrote to memory of 464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1020 wrote to memory of 464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1020 wrote to memory of 464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1020 wrote to memory of 4244 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 1020 wrote to memory of 4244 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 1020 wrote to memory of 4244 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Windows\system32\fsutil.exe
PID 3488 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Windows\system32\fsutil.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 3488 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv

C:\Windows\SysWOW64\find.exe

"C:\Windows\system32\find.exe" "Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,6119866095771628324,3246336376242414366,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1776 /prefetch:2

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --field-trial-handle=1968,i,6119866095771628324,3246336376242414366,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1816 /prefetch:3

C:\Windows\system32\fsutil.exe

fsutil dirty query C:

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2852,i,6119866095771628324,3246336376242414366,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2848 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe

C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\en-us.json

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session

C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe

C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4112,i,6119866095771628324,3246336376242414366,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 104.26.2.170:443 cdn.getwave.gg tcp
US 8.8.8.8:53 scriptblox.com udp
US 104.26.11.174:443 scriptblox.com tcp
US 8.8.8.8:53 170.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 2.18.190.77:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 174.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 172.67.73.56:443 cdn.getwave.gg tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 56.73.67.172.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Programs\Wave\chrome_100_percent.pak

MD5 cb4f128469cd84711ed1c9c02212c7a8
SHA1 8ae60303be80b74163d5c4132de4a465a1eafc52
SHA256 7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3
SHA512 0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\chrome_200_percent.pak

MD5 e9c1423fe5d139a4c88ba8b107573536
SHA1 46d3efe892044761f19844c4c4b8f9576f9ca43e
SHA256 2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa
SHA512 abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\ffmpeg.dll

MD5 9691e33909895bfb5bb0355b6f439c81
SHA1 7fca2dfcb9aca4ed92c644e8f7ceb98f87116a52
SHA256 223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7
SHA512 9ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\libEGL.dll

MD5 09d3bc8a5c6104d78566cd6e51c5a6a8
SHA1 d1db4f83bad27dc0caf75f77d510f2eb62dd84c4
SHA256 1307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85
SHA512 198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\icudtl.dat

MD5 ffd67c1e24cb35dc109a24024b1ba7ec
SHA1 99f545bc396878c7a53e98a79017d9531af7c1f5
SHA256 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512 e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\libGLESv2.dll

MD5 02374701c3dc3b26088763fd3cc11bc9
SHA1 84e582496c53ce139d9efd219b762ad38a50d011
SHA256 8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41
SHA512 09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2

C:\Users\Admin\AppData\Local\Programs\Wave\LICENSES.chromium.html

MD5 ae174699b663bd90d8d06c68c6952477
SHA1 8c76eda61d320779909adc541593b8e26b24815a
SHA256 c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18
SHA512 3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\snapshot_blob.bin

MD5 62b9e00c46ed829e06d0c2494aa994af
SHA1 988882632b95bb78d80db60e4787c576e48338e4
SHA256 22a46de643045805a3e588f9a18ebaa377f9fba3dee46b2d60f3ae300a09cc4e
SHA512 03b7c57782923ca3a011fcb85f74e865bb7ff9976c89152758770be3bd3d40684ebd216fe34f0d0050936b536c8bab5eafcaa35fc26e893d30a108e36687876f

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources.pak

MD5 3a87e8d6dc2d7dab0c3c37fe4a74308d
SHA1 5ddd587a6541e034203f24ee329796dfa316656f
SHA256 61216fee0360053988d5be52ab626c89173c86da1cf0b5a697bc32944282fe14
SHA512 7ba1bc093f25cec2539fb462084cb1fc32b17841f79be95679c90f4c735772d1dbe652471e52f4be254b10e650d31e3460ebebc82d89efa6a9ef801e5d98ea6b

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\vk_swiftshader.dll

MD5 337b0322f328251f01bd0fda8948217f
SHA1 6e59fb5df7773c8668e8f18755e62b532a9071c3
SHA256 11f24457eb9af084eb845780f3fdc1989605766c2749fce6fb003dd988d5ff65
SHA512 3540b2f5df1f20b5cbb6e61caa005fe7da5d1cfbe58f639ae0c40f6a4e7a9d8786f3db4691dfee9a001a2a87ac7b0bf39b7f308c14f809874a89f86b18ff8fbc

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\v8_context_snapshot.bin

MD5 a62fbbb671bf975ed46b42d9cf437bcd
SHA1 408b595b1dc6658533e0db1d35f509ab9ee70525
SHA256 a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae
SHA512 87c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\vulkan-1.dll

MD5 6db4abe9370ef778e93cfc6bd6dbd292
SHA1 0d7bd9d21524780b6f8904a82c3ce09ae5d03f97
SHA256 52bf439424759a84cdcb6d379ed88582a6d6ba58127c44adf1b8379f0e88e5ec
SHA512 1ec07916d82d78243d9a144db3e947c95ca92fce1350708484c45fca2f953bb76728889b8d9a02c041849bcf005f998804d7066a90359fa180d94c237d014317

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\af.pak

MD5 e48860fe82ef022ffab38cbc4c96dffc
SHA1 a832fa66bfddabf3ae7f219cf379f66d2903162a
SHA256 e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13
SHA512 e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\am.pak

MD5 d6e8c344b2b40a9c671304f6f252d51b
SHA1 c59ddcaad921b6d2d3f70b7ab07026c35e5d1e08
SHA256 4e15946e86a578eeff41feda808bb291d81e240fbdfc96cbe2efe692ad35eef5
SHA512 018ce2bf4beb4ce066703b2ac7413c6517759be68f889f27990de5d6694e9f84b4027f9861901ea4b15abdd1bb570e5a16651c935713feafc4d16cd57be0b911

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\cs.pak

MD5 582fde87aac61961e4f7955f16d31769
SHA1 3a8eb832317dd7e07efaaeeb5885c32b9d381622
SHA256 7d7b701ce510b2e4a18e957e500086db590aad8bf5acd37f82263a676f0b556c
SHA512 adb04ccce5471d80182f7ca73bf1a2e4ce63a4980d455837fb378bf679a0022d4ee6f9fbe148d6932fad83f458c76ac229229542092e0cb9b271c8d44639b11b

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\ca.pak

MD5 7474c8e0c3285b97f1f12792964b6824
SHA1 8b9381be0754fc3df2f4f13f8575bd4abab90e9d
SHA256 b3d5dfae25427596b1f14a8e13d6bcb58532c82554229c2367779ff5c42b28bb
SHA512 4ad524fd530bfc72d72edf04ba4890e06ca0a20cc1d5c2c3d95cda746b1d884a62ec2d4463ad7be9cd01c7529b41bef65f9e669c62719808a83d3c70f9475d43

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\bn.pak

MD5 57eab375114893a5ed0de36a516e8252
SHA1 16f23ab3eb62bc7a2525a7a5d86139fa88670b89
SHA256 1aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587
SHA512 895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\bg.pak

MD5 e6608ecc589e87a6f78f9ce553ec2609
SHA1 9fdb2ff6291549df773ba243b3a92b984b15bdf6
SHA256 97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768
SHA512 25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\ar.pak

MD5 f6ca56d15814dd5afd5e7ff985257880
SHA1 ef236d7027cb50a188c1e771527e6628702311ea
SHA256 5cc02570e5f61cbca791309985df3a29584e41583b3344f1d9fb6b04ce423e6f
SHA512 46c0436c110d6f1a8f3ebe962226c51af525228262cd56744e4d89aeb05d1eda614801a294bbfd2e08598e355750d7a2d200b3e7b594da03dd26ece4cdd31e3d

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\da.pak

MD5 5f8f09aa98ec3a4c8122d64c5bc6610e
SHA1 08a6dfaa3a11d8c994da90460e78ce0a4fcfb644
SHA256 3430c0f1946901dfa24190ca3989f72171ec564bc7c523853e6a1f531b61b5ee
SHA512 9c643eb6415cad6aca0584d62211aed5ed21a0f8d71ac4f692bd420a4a190a9781add7c874d0f56bb5c1c0f65d543d932d0f50caf127e8d014c05d015ae61ca3

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\es-419.pak

MD5 15d1e262602e54d76de8bac02dada000
SHA1 54e93995675bcebc595befaed6b73c9ff5e6e735
SHA256 ec922f8ca16b7e7642fc73369ba7b75ec950cafb1dcadc6c88426c034382d483
SHA512 a232eb97021f17fde322697db2c00423cd70e9741772912c5f7a41849b35dcf3e2fe84001ff0a7902b2b54305d1f805f53988e421e192be0d5abd157bf8b5f1f

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\en-US.pak

MD5 5c52a86b21633b55b383c20f16859b2f
SHA1 126585e68cb17f241351004e21c1d30e65de1cf6
SHA256 41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078
SHA512 2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\fr.pak

MD5 79d945ef9b8ebc7d39fd03d05d9b2f27
SHA1 6fbcb748515f97056689d4a747e4df3a830fe049
SHA256 1f6cc56e04bcbd6b6ecbe500bcb0a5702551ec80d79e624642d0c7d9758d4424
SHA512 f1a26715ad9399052b664c71fb60b6eb6f965fa80d6d8d6c47e0b96ad0d4a4d2028c3e19dad49e008bbc29edc24e656777ce073da008d3f4dfdee4c8f2212a07

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\fil.pak

MD5 c744b92c8feff1c026034f214da59aca
SHA1 95780d3374841efdbc0d8a46cddc46bb860a26e0
SHA256 d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745
SHA512 eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\fi.pak

MD5 6d7aaddb1365b3efee94d4c510a3002e
SHA1 2a970204894c5ac163c980ec0fac2dbd1711e5b5
SHA256 11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274
SHA512 f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\fa.pak

MD5 7851efacda8438c041c9a511f4097de2
SHA1 64cba381a17ef0ffae2dff5135d57fd1f9300ab1
SHA256 f1a7351bf0d8cad475d2761b9edf970c3098836e38aa98106a5e04a41002b7c8
SHA512 d94fb1d04630cc292296ad6033c6beed1a00dcd4c11eaca04a7eacb50c238269b21e4d2a4002836f4d41e0f6d951624beefc95beaae23530eccded4569ff1869

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\et.pak

MD5 3cad945e9ae6e31cfe66c89365e5d353
SHA1 43758cb523d60d936b9a417123f337b8e123481c
SHA256 ba4ec85d2306a1f1f178a017fef4d340b77b33e10bbee07bd359a8e0ff8ea461
SHA512 ac07e7f72b670a2e8b7a46a672fefedc58d9384d4773a6f220c231c619c1134613ff68c0ccb0dc9e03eb5f47dea7ac57de318af5f3f242d6be7ae43071e2d947

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\gu.pak

MD5 e884bbc8ded4f5f059211fbbb85ed351
SHA1 8f4ecb45ca73902791ff5e56e0b272252c08508e
SHA256 087e99953eef9b5fd736e3dbd98d702fdb01dc614593a4c575cb619159688118
SHA512 50837daec40a2624097cf36dfd7beebba4db748fd9cc470bf71b526e612c1aa6c88ead7511ba751e370f6f5d28ad9d6338dcb3581d7e3d53e2672741915b952f

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\lv.pak

MD5 a999e734f9addcf07c080f9861c3c170
SHA1 522bb12a0cd4e5232570001684aed84f421abcd0
SHA256 33fdf706f6d3f06b485c5115a7c73a571296dac41c582fc9d0dbb371d86e8653
SHA512 ecb92c4ddf7b252a3216059e63b387c6847f6eccde532c300b74e6b04ab56da0208c2ecbd00ab1d5e48acced909db74b1aabf88e34d0d5928b89320f45200dc8

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\nb.pak

MD5 de04250ff403e9af66a1351598d2a64d
SHA1 4b7a5a2bf48d988f95aac6e85b11a8c2b2fd007e
SHA256 887a0278971d6ba61e2f24c62029a3087a46c4962c4357412c28ede12ed6da15
SHA512 71527c025205bbcd63351283b7b123d8807c05bc68f2f7555f10386e330e052d031b9986ae2c1f0398bd174e67962657e0b8d4a57a07d167c233390a4e6c5556

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\ms.pak

MD5 9fb7c18f376b46b254ef9a960e08655f
SHA1 31cb060fc606d011151f1b5464e2a469372113a2
SHA256 2f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2
SHA512 23ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\mr.pak

MD5 649e76b6666096a2258b942745ff9fe1
SHA1 82edf8ca68dff0caa36b17901c1e12a17172fa51
SHA256 039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4
SHA512 92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\ml.pak

MD5 39d4a5ed8cf7c8e0df946220fbfc0f68
SHA1 70794849b41d00f2b895f1211a6baaae3fa7d261
SHA256 87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6
SHA512 ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\lt.pak

MD5 20906aec4a21bcbb8bc8bab067075ba6
SHA1 369da9c1567d4376852cebdb87cd9213dc4bd321
SHA256 a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58
SHA512 8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\ko.pak

MD5 965ac0d213ccdfd83ac4970de23a8f11
SHA1 8326841ab80c40a7ca8b13589a3f5ff54fc15827
SHA256 3fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07
SHA512 5eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\kn.pak

MD5 a11d186b8eec7362a280abec3859107f
SHA1 966065cc6f69c3a222751d2191a0efeb6049cbdd
SHA256 a6ecf1dfe4d99f6ba0926c696b5b23b77d234fa8fd03da9825b074ecc640d508
SHA512 099e73977453a5dca329b1d8a8cbc612dd2739bb3db034b7509af35877ede6ee12450875302ff3f9351fc7096b60be1b2d8ccbec89ace3145eb264f25946d46c

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\ja.pak

MD5 412bef3ec11f53c2aa6511ca139b1f35
SHA1 8b42655c2b62edc13c61a4625f55c961cefd1c49
SHA256 c5692ca739c31569ae2431fd58f1028e6c8c01af278b76656ee0bb65b79e9985
SHA512 85760c2a0dd4404a2d41f0d957c9cf8962d6b80389df838cd2d85b6a31a54f4e50c5f19ee73d2ee66e3e61a8809aeb5b493e7170aceeef9bda53e135ae02bc42

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\it.pak

MD5 591113bc491e5c388ee3876de4aab3a1
SHA1 a63c2a18eb92fd03445bd237a5755d557e1cb593
SHA256 33652aae78a486dc3ce4e5affd1b7f72e1248f6f9f3e62188afe3b5d73bd148e
SHA512 66f1e79c9bf179f19942352258181858268a991b42d4a79747ca580df3fa219c2be71ab6597cec4ba7bd4c691a5e1328aa03a565b3eef442c6e2216f0d82653c

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\id.pak

MD5 91bad2312491410c7f0393be512b895f
SHA1 6e4e9cc985c5b96eaaad91787f8bb7f72cddb604
SHA256 a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059
SHA512 5c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\hu.pak

MD5 2515bb367f56f282657b3dd3b9ffcbc3
SHA1 8cc350e359f1cfefdf0ce3b016109dd483d45a8e
SHA256 b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a
SHA512 779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\hr.pak

MD5 1973723b9c45b9d971c97229e7a441cb
SHA1 2bfa4922bf2084486681af45cd7f7dedf95b2d66
SHA256 afed35643df24709c8c5cc9b8158b3d9a2266fbfeed132e98ff254ced4086c5f
SHA512 6a1f35435b01ab187cd93b376b76444dff575284632fbf37bf8b08e6cfe7783f985d0fad2425df3d3c332aad2278971412455a748e83c2d6fabd0f6afc3dc292

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\hi.pak

MD5 66ab509000cac52c805d6871ca6c1f25
SHA1 e3d3e7bacbcfaa7538ca89d9d26218eca06c01f1
SHA256 9c6d8d93278a6e375405142df9829adefbcc8ae9797a4f589591b9784b2b71c8
SHA512 356642a19f044c6e192f658ca2bf8764431129cdf7c9891b5b5bf4e99f6b990a1428c1e483487b619865e7f2d31cb5c9bbb3b49ed25fa81c4374de3e8e65519b

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\he.pak

MD5 ad6af80367f0b5d408bbe2c7b32ade48
SHA1 9dd4e4e5a63e50e9d3715667b8149edd8d07a52c
SHA256 20b1c80f8b2bd5130a1fb372814fb9c9ceac15305da3da0cb29923960a94a934
SHA512 95df5ce7f7885d0e72b2d89e1794a3796a1ab407fb27174219db22c668f74a8c3ba1f680cbf990be533c35ca0b2136b1917c0cb92d4556e3ff2ef3447c55efbf

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\es.pak

MD5 f90d43351ffdc63bcef25bf634c1fd35
SHA1 f80df8034cb64df1ef62e586891275a74868ab6c
SHA256 0385e6776de5a0d8a3b30b7bad44308ac4cb04e2bcebd573d3c7938b68036573
SHA512 7bfa70a5de14652063d261c28ffd3df89ea5e38877cc7977ab27f7280c48084a4ab1e5bdad0c2f624a7434a5d975feb9d8d221c010e24963d3c42921f5a36e65

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\nl.pak

MD5 d59fed8986eee2b9d406ad52d88cbcf5
SHA1 f7e409e17723e21174361bc81e54bcef269f40f7
SHA256 619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e
SHA512 234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\pl.pak

MD5 8d4db26e2ee5181afdfdd513053f3c17
SHA1 0da427a085927a5c02d2a67c424ea99cbf5e6b02
SHA256 f2a7dcb69a433c2a898866c555b82c26e3515c089f500e7748b9b11ec3047786
SHA512 bf441f501d746f1fd996c21e5e2cde643b9031bf58bac31474e68a72ea6993447f8bfad3284351bffc94d6a088e183e0b24d109398d65dac0edee8826076ee21

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\pt-PT.pak

MD5 03138b2e4fb822b03713f6c4f0fc67cf
SHA1 8f6f6585743676177eaff5a582d18691e3386bbc
SHA256 02ea290fac25b414a1d4ed78cdc159cf6c73fe5350824c2f36f032e426a23364
SHA512 b000f1b8fc952849d1ada21aab665cbb97989fc28e892a75077ae9a24c4ef1d15b7d5cf1c5aca89d27d40a01c64f343a08f790049249fcfed43a1a430b4fef9b

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\pt-BR.pak

MD5 b4183914f46fd63a7bd32d715b8629f5
SHA1 d0295b556e55a74e357f932473f9dd2bb1cd2f51
SHA256 5ff219be32f9178fee40e8966ac5deff2be1f2ff259a66cb9cdce81c2e90a7e8
SHA512 3bcd37cc49a827c03fb5b3a97a5eeb863ebb6f071fb2af697ebfc4f57dda676227533cc6a2fdb00505cb2395aae685dae087970ce13af113260d856b845a985a

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\en-GB.pak

MD5 56bdf77ab3487e28d354a8b0f9ba8d2e
SHA1 b10ee918320a50a417b1ee6a28cd4b05a5f77238
SHA256 7df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb
SHA512 8d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\el.pak

MD5 34c6150acccd20c7f260b269bce06930
SHA1 277b6d2387f600c84263847d6fb2342fd4746cfb
SHA256 162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840
SHA512 58308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\de.pak

MD5 d1a513308f9de55b6c7bbeef7c4fe90b
SHA1 a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d
SHA256 662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b
SHA512 9756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\ru.pak

MD5 46fb61aa9515e97293969683fc330764
SHA1 5bcc41716976eefb65870ba2a2b230238f7e53d3
SHA256 4babe5f20caafca33867ee263aa9dd55ed271704a062e4372fdd133eb359a558
SHA512 c3acfc1c902c651e5fc0501a7a77358cbb99daa020597f7f6be9fc81ee53509dcb0d63c6bbc5ae308c88d95dace7099f024d698b6f364dc7db4ae2a7660e5b31

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\sw.pak

MD5 be2bc09130635406f560b95e789f9a81
SHA1 f189cd6eb6c844e2d96ffaeda66fe4d5f1453130
SHA256 f0fccf2e3ad332846736d816e254028569f5f84918573872442987a8bc9bba58
SHA512 f651ea959066a5966f35493788b9833597dff653f649a5bc8b09a8ed748bcf086bd0586a36e1f4ecddd361d04774253e21d67801760d0988f3e17f0c6e1121cd

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\sv.pak

MD5 819b5e4f2b7734ea4677f6d579d72f84
SHA1 aff3048d8e35fabf68a756513b67efedba59f85b
SHA256 105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e
SHA512 3e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\sr.pak

MD5 eb8ec452c7079ef7dc24bc7975513ed9
SHA1 4787250292b8f2040c7ec0b265f60edcfd1ffcd6
SHA256 4cea4c83b5e887463dadbf470a9953b8175149f31fd07b83406a6fc59acfde41
SHA512 3ab2eafd3f09627efed8263cc2d59d5780b6a856a6d1299be511bbb5c1350fa05f98b0e77c53c3707ada17e7e44b8801b191802e2cf5129548e279703983a8ba

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\sl.pak

MD5 6c71fa576a41711dcb351abf92a65ea4
SHA1 a0281f6b9dc363628e7d6045f7dc2904149c9dad
SHA256 458b15bf249c1e6fe9843725c42443274ef6e09dcb15f5288c916c0561aefc47
SHA512 258e49b51ee65bf508d05a5b3286a8937d3a876a876635b59b97752c5171e89458b9d23d9d7178153aa16b6fc908cc011a8e855c6d3a0152c919b40349cdf4fc

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\sk.pak

MD5 5d41e75bf42cb12d7674986f4e5dcba4
SHA1 7c3375226997e3f69e3c9a3a5ed762ec40d24973
SHA256 89f984a67cea3997c704005fbfbacd3f6f5652248626945c2ab1c3bcf24e6623
SHA512 a2b91c888ea3dc2e618bf8faf7ac9f0fe562ff16c85d03afac0778ed671b1868a665b892aeb2d588e7f5bf32a7eba57b75e2e15f2c51fc9264e0db2f95d804d0

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\ro.pak

MD5 cfd7cb2444248216e12193689ba56c10
SHA1 0a9d65fdbc68688bf1624a8c98fd42673961e0d2
SHA256 655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9
SHA512 7ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\ta.pak

MD5 52ee28471f2f9d01ef3f57233496554b
SHA1 abd7dd9989fac90636626a41f007eb6aa5ec7a2e
SHA256 1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242
SHA512 af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\te.pak

MD5 3a71904057869c23d1bc108f1e8d0d31
SHA1 6fb6e60c80bc332a2bb66d02a1e3db69961a9c41
SHA256 8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e
SHA512 7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\uk.pak

MD5 241fc33569b22647e7d2c4189a8ee7bf
SHA1 f56a73cc81b1e96560b74ee5e73d7af792720ada
SHA256 13e40208e2c9f4f4b83dcf422610dc82314a8f99ba50acdbd286c508f92eb232
SHA512 ad16f84482f0c7c3d3c3fb98caa3dbd0048138f361aa6eba2b6338ff6e25da4c3ab39450354f2a86a53d655cad99e92fab2c030b5771d7e6a25190617f1a9385

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\tr.pak

MD5 414b557adfe76e3564d43cb93f513c5a
SHA1 f775095f7c55e834a777c7f25fdfb81f1e63ca08
SHA256 f58ed19be62706fb4fd797a6bfd3af5c6ad4b39aef994a577cd28968fcac0291
SHA512 8b1be522ef23888d46c13888a18229f4c9cb6e1c6e6730cca79d9b13d71eb86ecd3d0c172ade6f70ff63a7fb5242e4de7d9742b93376669d13c77de0cb622f94

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\th.pak

MD5 879a881174501e22c3de65b9f80bc19b
SHA1 a2e020d5ed1be7dee50a495a2f8581e751cbf735
SHA256 647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d
SHA512 b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\zh-CN.pak

MD5 3fe312d9859b299c3a332373172c33f8
SHA1 ce6a99d79dcfc363bcf68bdb1ddd4e6862236020
SHA256 f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b
SHA512 488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\zh-TW.pak

MD5 e302e1102f3f5a21860f38f41b3c30f8
SHA1 78b5d1c451cf674a7641dfcc815f966fc920cf57
SHA256 d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b
SHA512 1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app-update.yml

MD5 4dd45d9de32f1a1a9aaae5d05314e29c
SHA1 80e458fe95becbdbdc82b1c06c92ae4f3781f497
SHA256 f2063da30e10724592fa8e42767f066c34520c4fc8302b6647a1d2a0a039d71f
SHA512 f5b0ade03d39d867ba3d7db972f999b92696beab9c20d1eb0440d3a0aaf66fc6459f0d6100f3ee8d9dbaacb5d6d78b8d3e0f8abcef8dd76f05719b7f896a7c40

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\vi.pak

MD5 565abf3f9b296fcff95fa5b169a7d598
SHA1 24de1221b2adec13b5bcc23c4a54b8e987e9f12e
SHA256 fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257
SHA512 53bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\locales\ur.pak

MD5 fb978b7d211112a0774ce09ca54ca96f
SHA1 fb0c69801230437dcd20e3803db81ee60fc042b0
SHA256 60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a
SHA512 abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\@next\swc-win32-x64-msvc\package.json

MD5 704b387859cdf10e134ba4c181773747
SHA1 626f9cd6f668b8f310a4c11f331b96cb4289e44b
SHA256 f6b59292c52960efe68cc3813a78bc505d80cae11d632006770059380173cd53
SHA512 5416f7ac6d243bd04f32d5a776b596b94db1858cbf904357d8eb4733a22ddc94bcfbc116437e86799ccf402493212117f65289308f4ae16f3d39083693f9ae66

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\.prettierrc.json

MD5 e502800d651a7ef3ff58d918c68aa81a
SHA1 c3b456549821510c5729648bfd93886491df1db8
SHA256 37055c98043228133ffcc5cad7bba5ef6c8f24698a551cae547b90f51d22e519
SHA512 9892bb44616c6c2761027562371e5c72a355ce1b519072ce5733ea1d4971ffb8c9b3e83f935a18120e0702aae644d07274ad4b09214459fc13679a8ed6051e7c

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\jsconfig.json

MD5 21cfa078a36c66a3d1f4f2caf729fd56
SHA1 8849b6bf237cf4464a4628f0c2e163e866dead8f
SHA256 87cd1d700216892ba7d388d04f42e373e1abda0b5d407c54a60e67b5dde48ab2
SHA512 92f7960fe79d8e5813372d7a7833bf883c3dce6eddb083302314a2d9ff52d800178f8ddcbf071c169267b346dfbc5d59b1dc0f95a70671bd63453e56e18846d7

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\LICENSE

MD5 9b54883148dfd5ff6b9f1a23f9470a30
SHA1 f062e421fa2d8f722e9ccb2b0b4be9502a7386ad
SHA256 0fa6b5d2902f7ac42db390dfd2cb3b4ce82ed45cb5ad5dea41c11d1d67e0934d
SHA512 d2af503c12f0fda687293452af39f98f5c3987eb8a57cf12c47da5aed67c761349e5186c15371a96f5d490c140e8dd0d5e8bd6a6164139dde0562d6ee46db90b

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\package.json

MD5 d973ee4a6969bc5e14e93d99d4680c16
SHA1 22ad20391ccb50fb6343931a1312751b2f7e049f
SHA256 f0051785c8178f10c2b5ebe86edd6949eb9db7b293d9abbb51a857f7e62500aa
SHA512 2f8c64f04b3fe023d296899b16f6596f42cd69c1b8230c5bee561c18af6bbf44697966b45b50d718eff75cbffab37054a6de7b57bebc16b2d85a5a0e307dfa9d

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\nodemon.js

MD5 30894042a167528293c057f833e7b6f2
SHA1 ec993fedf1f1a22c77b985c72d8b0074811ea680
SHA256 9bb0e59dfd1cc00fc40bed0ccf10d88414d915d79875b9dee5c1d5009f4e89cf
SHA512 2b544b29e44e0471a9da5474209bc15cb81a44a38448a74a7a67f4ed3ca7d1926cef4b2b13d3269fb785a468d00f1cfc042d2a7d6b4d563725da65028e2df15f

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

MD5 de5ecb14c8a2212beb309284b5a62aae
SHA1 cf89d1cbd52f3183590b33bd6be591f95a6f5291
SHA256 d35c0d3af8f66984b1ead5cb56744049c1d71ef0791383250ad1086c0e21f865
SHA512 fea8a49538f5fd4cb8c262c1619f9f8e906edeef7d3c791bd3b85f032a0499aa5f18b4370a00e1f4dab9698e1958b042cab467103598f1bdaa583eb1fb918c07

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\authors.txt

MD5 b5c019895f49ad741cd49e6291aad090
SHA1 03567a03c8346dd89516e2e03957bb674af91408
SHA256 e1e0dfdaaed1f025c106731aff67d664b849635cc6cd3b9b08674db8dbcbc5e7
SHA512 ff13c9416d29d9a3fe636e14fd63e5424129a6e72366c06b1bae3c5a06f60cbbf3520d868c492d472450e35e547881be93955b29eed63e66979592da576f8bef

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\config.txt

MD5 73ea33e660552d101eca031a0baf6be3
SHA1 3d3384db49a197a8a616a274598bc18a25ade114
SHA256 032c4ca3b1814a39579d7a0a00154a3772d89aece9884d135fdef782f36e27c1
SHA512 c7b9a4bf4de7d13bb45b4db857511cb411a7927ee4db759af263905e01cfda8d95477d2e2d6ad6c51c9f301710e20ef64b54a4d15082f5054680da9cfbca1146

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\logo.txt

MD5 f55be3331bb0e69fc47994610da41ada
SHA1 d8415b399bd3853ef658a5f2057812404598b5c2
SHA256 cb0c73fe1bc7676104d6a92ca91250cd562b7f37a564edc260de01a3fc636b6d
SHA512 505d427c6d0add618e0c54f8079e4303fee73e0ccd9c4edfa67b44660ce5d5deab4fac09601002f73cfd00f445640a69ce9fe9a39b8a0f3039b200f5bff058e7

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\options.txt

MD5 016f8e569786ff8f5f6c321a735e2323
SHA1 b7a7a46bf03f4564d6e47fa55a4fc6b9be1e39fc
SHA256 3c8ec4fa239f82b2b9f427925ac2f75af2af9147eaecc706b1990540b95ae94b
SHA512 6b8372648371ea46ac98dc49ec93cb2efb9cc81f75e8ee7a5e1f0a01b7bf209ca92e07649c22630722370b1f254e956ea7ffe4be68d0f9ef419766f90dc80fe7

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\help.txt

MD5 0034cf996f84911ff0646b717ae47ee4
SHA1 5aeef8ef12d8023fe208c0492174a960e57c643e
SHA256 d98c56a3cb9643b399fa04c422da35204dc91cd869c47019e9783fb4f7289adc
SHA512 b1f174300ee58e16676ee8ccfae4e48794ed5412d89e0cc0d8a134ec055dfbdb596d0ab43ab376f46adbf76cf970210455bf46ed666839d69357d0ded8c057af

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\topics.txt

MD5 57a5e0be8307585fffdbe867f0d047da
SHA1 0185976215d973431c6810571b21d6804bf64632
SHA256 5f8f41620ccdc1d7298df4ab786abc7edcf049fa7e06fc69bb26b38cbd453643
SHA512 4c05c95f21225be793051bf799255f6e021145e17ca384697877aa9dad66303d8bdb6e47751433eaf17b22dc766758cb799034a34e1e7851a8328a95b6784273

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\usage.txt

MD5 1448d12c8524497e0abecc6089aa5a99
SHA1 183f63e7726b128a36e247e6bb506ced31272e49
SHA256 844e2d826c59dbd72ad383fe8a23b24373d83e9b184b437f7f04c42487cd5759
SHA512 e14e41721ee4bba6deeedcc5786a113042cd595024eb411ea7d874f282547c5943dbdf1eb7674d752ebbac16ac4e1c98149b957ed5cf3623e85a561a42354e45

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\whoami.txt

MD5 5a53b8ff8c3670ff035f6490a24a0789
SHA1 e079a16d67475a83eea085058af0cd704da97393
SHA256 4e7d19dfe1603ca93a0421b1abd4b19cfa5324ef458ff549809c5e66a2efc596
SHA512 e906ef44ff0273e4df3397ba719c173c87a9919b7f9d2580e2c3354fba22f69b0c0a020eb049d276934dbc66f497b279d15c135fa0e12e04acd39802fc5dfefe

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\index.js

MD5 5250f6ffce08844c0f9f139fd707243c
SHA1 b5646886daa1c00461042d1a35c1a83675f8c8ed
SHA256 95111d84575ab36b697d760e130d722daea3d322cf56612f2ae67c7b3e8cef19
SHA512 49dc989edab7b4ce7477bbc5c678e1b1f4aca0f77e0ad6323d3c251164ed28b59f4d18d5b0280d53108b93e133eb2dab5469093ecbb2f1fe2bb32b758f59e729

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\nodemon.js

MD5 392a1c2f9f7dec3e4f64bb738f21785d
SHA1 02d0364639bbc6483d727e5e24e6c6b39c8f0ae2
SHA256 3bb0b111682da4977e265b0bc746cd57191e294e0c25bf667f129771897dace4
SHA512 48b0517f41013b024dd5a674b88a9e53590113f664482b0420236babb9ecbf0428c40c9f708b204bcb1f2d59789ef6383641eb8efcc7a7ac506d4345c78358d6

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\spawn.js

MD5 ad2e1e41a1aaf8c0d0b622a27bc6bf9e
SHA1 139625411959345da513904bcb7d73d7c312b63d
SHA256 7804d7450f305b9142af45967be5c96f52be8350dba2a403f4bf79d5e092bc60
SHA512 e43ecd8af261ad4cbed89f549c18c18df9cfae6338c0719c1e5c06361c6cee4598d080ee32dfda56cc742e23fad5db56a842ef8511d9d5e2c28b7f7eb4eac091

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\version.js

MD5 7232bc938db18583ac3447bebc844430
SHA1 55051c267076fa3bd3764864ee77d4c41c4b3233
SHA256 5071083e2e09969b2741a46cdedbbfcb2608fa35c1d1237e3bcf134749fb5ecd
SHA512 9167690b0ad72c815c3d8c7227ba8d3574acbab95236de0ddea28c73f6a2899dd700ef9083b06d2badad19c21659a93ab101ecc439a42292d2540ed8c2ff3c5e

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

MD5 05d07534c94e2d589bcc02e96e1b9503
SHA1 3c3712ecff74a1099c4d65e4eefd9cf2e38f1119
SHA256 5c5b008f28d9aa1d6f8c30a30de037b95b50141a20ad0f029d0d79bcd75caa4d
SHA512 7c7526f2b4e685cc7e20689ebe5abf7630b738d2d15ab7b5e94765e0e6f221492e9e029f715f5b3ac156d3d11ffd907e070d2d7f968b5f5fb401aa9c7ec84ea5

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

MD5 63db540f7184a372ac611fc3d7f21136
SHA1 0b3a8e70600a6705297a532849b7470c34f8c19e
SHA256 93b9bbbc19e6f0456185d7c9e9ce11e994f41c01e46067959c5168bd345b0313
SHA512 1f56bbc4856fbefd21f6de0738712157b91f1388a71a957c37444b617ee161885822b21fcf4e7efe14d5af54b9706d8181acbb286dbd7525c91a56b53dc391be

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

MD5 efcab0a70d5e71fb513734cf92f2a201
SHA1 aa55660d5d6a38e2ea632d4de0640ad2b1b7fc5a
SHA256 fcd713c63326ff75fc44afdcbd2bf63991c3c76169a26a2646defab46ce24155
SHA512 260a468807d297c2fe85ce8341ae10be64a7833a8249f2932c6a93e6ade07438ca4bd26222326a1b0e3203ba0c80a6a6fb78e90015b667feda8f68538e1011ad

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

MD5 2e6f9c975170db8136c9ca5c5ecf2a0c
SHA1 404a2c64977cae3407aa138c23a2f841546f713d
SHA256 2b577f3fd8e3d03d64c1ee07ef13db89df04d0a9cf7b69ebf2c17041f7251104
SHA512 15bfa9fad522ddc043383704cac725c8cc2b4565708b891e9e03d889237cd528ee4d347e54a983c801550856c2d1ac1269dcc127edfa6d63bf3d2aa0a19eb358

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

MD5 90c1aa9f031e818373c2f2f7ed6b9dbe
SHA1 b6476cdfa45ab967436ba9bb32aac1d65e531a9f
SHA256 50f10478098f06b77a58b351a93bb8fe7a7572bfbfb3e6f0bf668460865da3a7
SHA512 4ee766da766530bb372d8e04b058edd6b28ca5d77f603b175336e9b5e8f5c677e77e0ea4afc07a642c07c48e0c209716dbd9cef4f6ab97864a9ea51af2b49bbc

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

MD5 ac3af2f96d2e824bc37e36e30cb35cad
SHA1 d04e50eb9464ee715a940819ac7af1b612884bb4
SHA256 be155df5dbc29c88c67c936f2840d2bb3abd09981fdb6db6480d54beeb27e9fe
SHA512 060bc19e10d8b9cd959869866b4ac5e0739edd72ca1e61a230a5f3c735feda6fb75ae7a8ea13349013082bedbcd40e30219ca09ccfaad43571059a765bcaee8c

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

MD5 3379b8830f56cd13355114f157e57857
SHA1 cec1a9f2c8ca7f666cb4efc2f3eb99317ea59602
SHA256 7329c732d39f8e884c0ec197e1133c536545bf4137417e6d664bbec962990e29
SHA512 0690be21833aa598da0d7d20312ee8a2e2ecaf164981c94c3bb12036cea40a206e1b25e839209db78419d6262ae87e29a5c94f583ddd9b45e05bc5a107842d22

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\help\index.js

MD5 e47db45cd167c663151a07e6a3396427
SHA1 f3002a966b346ef937a47576d754787e4bddabff
SHA256 1c1678d18dc75f67bbfae8c92836543af6990bce6b1cf1ad3acfb52285dac393
SHA512 3f8e10d09fcb527e1c1753d50c9bcef2b8fb70586f34e600c0d60ed27a295f077f380e1df2fdadc78b0d468a54f32a5351fb5c4cb638e3012c96358094d31dea

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\index.js

MD5 532b43e5038c9f6a6d65d40ca44375f0
SHA1 c7fa3f4fbab77df0eee87d08d428cc06d18faf76
SHA256 cc16aeb163da6cc7746bf5ced2d11f1436e458c7ee803241e9a9fa1d107450fd
SHA512 809479d0b075c9bcb3eef6670cdd652a6caf39ec7f93f1d7dde0eee8a792d518238cfa9f78a2ec1a11ebbfeb00d2a117d25b198718af668c7f356bc3f93ebc1c

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\match.js

MD5 65475ff22153cb7e1cdcd5322341c398
SHA1 c026de2f4276472496755344bea58e11e6b38748
SHA256 d09e469209e55541c8c67fa7ab25b7d4e051ce26d36f737c6264d4ade4b26d63
SHA512 8010e71be183c4b1a02ced648f083be4c8e4be9ac474e1405d91d9925887b00fed0aa07d15b994846417a48ebf768c5402f5d0b004cf9107cb44149bac3da655

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\run.js

MD5 47603d83844b08ba9fc39ac940d78f50
SHA1 4b8dfa2ec30dbd1146a9908b10c858ecbd73521a
SHA256 d93e994fddfcf6c7683976452a3d877a51e68f56ce2a49b821240c93cca86d13
SHA512 52f33cfc03dda936f4641f1ef8b3f14659247053a701b8990f0713742fb90016ba5d51d1e1f44fde84dd883c92166e77e908d586c527858bd3c0a416b9c9d256

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\signals.js

MD5 0b71010f098a8cbf8ea47a83a699693a
SHA1 456a713c6a78b49bbf6d613ff9cfc4bc9f01f589
SHA256 5c16e2e5f7101eea3f13c19da7c7a9e6fa02f7d1098b170e71f07d14f915e394
SHA512 95a382907ac465d95db0cc41055038e839ed9164d4010003c08e6ba4456c19b50158c908b8d287eea09a153e38fdcc7f9a8c0052f35eb069243628e0968750fb

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\watch.js

MD5 a0bccf8a21d0c4332643a758c666f725
SHA1 1aa6968e927afd86a3f056126f31d2eb6420573f
SHA256 efb0a3f37d9a6279614b29fdbca3f29c1a6d47f2d26067be1c86bb56fbaefcf1
SHA512 bf4dc9c5b4f3b0a01ca161feee0ed13e6f1db24b0a64bbf01b325d0a2788380516da7da7654ee983818f3e0684983302242fe790bbb384dcc126ac4c394c41b8

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\add.js

MD5 4739ea852e85157f1ab60544ea5ce663
SHA1 d83c88f7f8bd7ec5d1b36f86009ac7eba9ca1bbb
SHA256 3cc60361f99b1080c66fce4d6ea0390a38c2a49e821e7f21dc43ed2fafa31277
SHA512 780001095f33fe4a18fa06c3311f3505949dfa762da5f1c0c6665b5501190b6e6c45eb69633c99e02b8b59d01813abfce2baa611509f2a0e65364ccf71965bc6

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\index.js

MD5 0691f1f2acabdb82da7d67e05479ca5a
SHA1 dcff01be935756a732591d61fab8e64e530ddeee
SHA256 3e64a2a35a97e41ff8c073299f07c3754d99b0a6e7d42faef7dc02d61d67757f
SHA512 85ac8207410deba52d3b58fcf30e468ee46b1073544b61376b4b015e588a52973fefa192a027bfe8019b6cfedefc3c4c1cb4fb0ee88e7c2ef88da1c7ed0f9eb0

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\parse.js

MD5 078e15305c8688746d2e6933d291babf
SHA1 80f0b4201c45af197cae63c9d93a88525cd5c5d3
SHA256 9259995d8e1ca1737ff36cf4f97c80e55d812726ec4ead43b6c0829ce9679df9
SHA512 83ea7a6d31845542cf03f4b27be92087e417ba5f995ec740824440ddf92932d3623576b7a1022ade20deeff2f1741d617e32dfeda52efb5fb85e9be28de27df6

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\bus.js

MD5 e469c4cef4116cf230f86394586c5775
SHA1 8849ab04de5836797a3839989d4325906bea9dff
SHA256 8ebae78d8d75951b714acaa3e1a3d7f15b382a92b90c8040423e9866d97f1ad9
SHA512 923ecfd5103fc6e266e53dbb1d35e11f4058893177fa00cc392a628524dcdbe616c90015a24e15b987f971c5eabe0e53a3b107878bc41bc73aacf1e370d660f2

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\clone.js

MD5 9ef3c7b72b1d63f5e3a7975ff67bdfeb
SHA1 a406bd661839b5efeff4929af9fcfa991e51be12
SHA256 5062a7c87599935fec99e505f3f463c3e0872455da73f8c8054ce0788c513ba2
SHA512 eca4c0784695d43435573725f659409ec33a3acd3a5695665935439cca28122a6d8fdc1eaeb8ac6fbdb921893ad4226467777e8c35e3b9b0b672b2196f4e12d6

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\colour.js

MD5 a85f32c2180651cc03bb1f293271bfc4
SHA1 0d04f9086ace00f08c628c1af25c728eab897d66
SHA256 a4969a552701982cd415005d5ce162f955cf26c205229d2f4c75ed4a75bceceb
SHA512 b32f6f7c1bd75a3a23aa5f170e5356cbe1ba7eb031f6eced706aeff8c15d8b37fc771c29a82580a48a95c65334d8e41b0ddb551409164a43bff29def7277c89b

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\index.js

MD5 2f2a9c006f17f892a78a9381932918c6
SHA1 80905883f8b96a2265d60202f61de419e8c6d3e9
SHA256 c69735d5a8d259dbc87614ae268de4f6581fcadcf6f931dd20b36bc09c0a502c
SHA512 702966aebbf2a8f98a89da8640a3e0f610fdbd063a19bd4c7ce2097dff7ca1d49a2c8040885ca3b31f85662e6a8b86769ea9224e8f64a03bcd0bdcfb71873b35

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\merge.js

MD5 b5932e306173a01da5d3f814bedcf4b8
SHA1 d3ffa9ab328864682cbf2f5e9c5e5f6437d92541
SHA256 c4598a00e91b93b7964bb874e8ceed6d614436335a7fd81aff7f504499e210dd
SHA512 cf565fea7c0b2453b8276fc25b5e0b546b0ef79eebdea4022aedcfdeb7866687c925d95cb4d56de413d53db51d03168b8302383ca9f8b04c3b5e501fd3be0fab

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\log.js

MD5 fa4ca8a08fd35bba58f2af0f046320e7
SHA1 5f672b1e8d504a468b7946514e854425fe938d29
SHA256 dabbcccb1bf0089d96ce9592a575cb64139926d6b899091c1dbd37632e9269c4
SHA512 70cdae1e1983fc7bed3bee24f50196ec281752e7567d5c4d5aa2859172141422f3eb6a7ffe9165c408d5e3354d7c139fd90382c73f7ac0de16a5840221dee399

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js

MD5 927d799c0c996a865d11a78f04198211
SHA1 f5898b61159f1f56ebd3cd439b498a177d413c0a
SHA256 7f69b31efa09c6e7d442d6229e82e65f38faeafeda1fbed7c5e54324aff062e6
SHA512 97e1061700f32af28dbc946e2f3be0358234689f9d3482b37429dc28697516916cf1ff6c7891a29b835cdd775705f432ff7f437bb67ba87d7ae81d62453407b2

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js

MD5 e5053e64fdc67009804a42cc8baebf90
SHA1 8814ef33fe018ed0a1817e77c7ed7ddb16076137
SHA256 5e591255fa35fb3650502e648ff51d6d7c7e57ada312bd33058da03cc412efb3
SHA512 60f941a6814dc3efea6a65c6dced552d4248273e1ce57222b428f813e0ab655d13546a0951ad3c0b22adffc7fc40542d7667ce70d315052308ea0fa1195526f5

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE

MD5 216384c4c084ff996a55be20cbd26ef3
SHA1 0510d5fdf8e7bf002b8396958f2240222dbb2a5a
SHA256 fe0982bd7d38ee4cb08b2f111067bdeedb9732a6621c761bcf7dd01aa6211c5a
SHA512 eed68402c44f099b181ebbf43ff7efd1dcf6791f7f35f6d386d66202bae0da6e7f0108fe9c3d62af0f69989d92286fd0c307d2192db0113b9fc857746dd01abe

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json

MD5 2ac7232223dd7c39ae2e82220d9a767d
SHA1 cacf598ea739460d281587549421ce95546b3048
SHA256 0f49b6c0282be08a5dba3e98024401a921167974a516b630ce9f9a9f2301df08
SHA512 249f93debdc2f2aabc8a1d977f2c1a9a54cbc0e3580e4dae06a1193ff83c801518a7cfb7919f98c3b943eea7c7b99d85c8148292b0b96b3bce4788277b956b56

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js

MD5 92a4c6dc39d38ac078ec80977508feac
SHA1 edc8d81988e99c77105abb1455ea224fde97d212
SHA256 c12583530edc83dcc7cacef4a428eaefa84c10bfe4b62c0c9707de015e338859
SHA512 3833af1f274d3bb89776a8dc6b9ff015f5d219ebec47f5e98bf88670e523517ad8a493b0959dd41dd6e658c230335338325e8c2befea61f2f22f8e83822ccab2

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE

MD5 7cb552557240a921e34ad313a224d17d
SHA1 92ad1627269adefd696ac5a67131e4af575a2cfb
SHA256 7d355d1a2324c2073059ffe7ea4d96852c873e718bcc197374440dc3efc3f7ba
SHA512 b4bf90a3cd77805fc149a4112f822ee47b4f13404ee92455ecab9dd12d796ffe81d664bf21042ae3ad6419abf6a9de6df231328be6bd8ca2426e3432d456921e

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h

MD5 349864c2d1fbc9c7788cdf95c541ff52
SHA1 fa968f5bd6560675c26078de4e7d52b454c778f7
SHA256 7340eea1def3c1d832a6f40c5022725f1704a783f7f992b71d5f3ba2dcaeb34c
SHA512 5e1910c23dc08e79199fc80ab8e0c7b300e2e1bd2678d0d9171a73d8f328adbd32021146e5e43485f64f25fcc6bd8413ce1ce3846afd7fcf49ffe3a04d0efbf6

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h

MD5 a5a0f8294daad33a66bf30c329157a2d
SHA1 02b5d7fab93d942033fe9ae2620d1a2363914469
SHA256 4955fbf455cc29d63f5dc777d3aa5172d6e1e6df221a33808a913bdebf5a1277
SHA512 f583116ada3f281c208a98d053fe6b580187d6922e2ceae69917770a46f56c16444267172db2cb0bdef3b8012088706ba1a2203631f9ff79d2814714b25fa78b

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node

MD5 8a50b5876633dd9bb73612fea622a521
SHA1 27fb94a39849fe6ba1ce7b983c0d9e4ca4e62ae8
SHA256 053c3100121939dfa1fb936718c6088e4490e72faa3c713310b556ea90155278
SHA512 958d901f7c72773a2f9439842f422048a8cfa941ef943f5f9e61c5e9d48b4d9ebbbaf72acb2a07138ae66f925b46dd98717656a58719902d417a14ba1e5aacaf

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node

MD5 0b3ffb5b756beae28d8d9da67c288283
SHA1 7c2a0be0a5ab1b936c4752254927f5ed066abe5a
SHA256 462e527de86494f96ed0d42a80c261e46bb57352e86d6175607186c1dcdfc7b0
SHA512 a1568e7d02bd34992236c587cd77404e4cc9c25011a075dc0cbe52b59ae254eea65cc31ee7fdf26898386e370a752df8bbb2ce70592244d6f24b10d39f9f7854

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h

MD5 6f621ba192a6fe2228ef9965757f0bc9
SHA1 e3625cddde946f5ea21e4c00be95cad214da4016
SHA256 2b561b980e0a01191a6c7cc1cf94c8d5c061f9f299ea256f1e7ca17250ae08bb
SHA512 ab90bc30f2c23a3032334d30294aa02007e0db180c82c6c8f0d84781203be7c342134cc17bb2ac0c7bd89c1e5902c852afb2d09b0c7d4dba27f5101577491f4f

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\node_modules\language-server\en-us.json

MD5 de2ac61fe7207c1b2f304b05fae4e39f
SHA1 72a4623fde7103eebcff4a55ccb8eb6acf6bbee8
SHA256 c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647
SHA512 4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\node_modules\language-server\globalTypes.d.luau

MD5 6fb690ee838bebdf6591733bdaf632e5
SHA1 658ccef6ada0551d661d78706266ff6ad2797858
SHA256 ae99b7b676e4becb10e6a9b77229e99bdd60e5a91d2e6bbb141c85721962313f
SHA512 7218ebc8c64a7bbec231989ac7d2221be63f29302f6f16bfc0bd67ed5e9c5ddfcb50ae781f6ef73a3d891a70ca73ecc62bbbe6c5a4a218225b24c0d19c7737ff

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\node_modules\language-server\wave-luau.exe

MD5 12fd29fcaf6f6518b8bf9e976928fa38
SHA1 1f9352e217518eaceefdd041e3f085ffbb93acb0
SHA256 d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4
SHA512 b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\7z-out\resources\node_modules\language-server\wave.d.luau

MD5 7e477f85c45cfca5731e0e45ca63f8d5
SHA1 35390d8d2c0dd00e3c60dd6fd7f1727e36874566
SHA256 e58e8b24642a8693b1b1ebad703a7efab1cece9a1b12dcf353c4b4432f23062d
SHA512 dd3d9b149dffd31ba4e94b9c84ed0fda1fb67f1f7d633900688cc9e4e40c26f55048c1730f205e5c22b5030362683f0abce86033816f1e089c3b67cc3853ca70

C:\Users\Admin\AppData\Local\Temp\nsyA8E3.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

memory/4328-1321-0x00007FFB51260000-0x00007FFB51261000-memory.dmp

memory/4328-1320-0x00007FFB50720000-0x00007FFB50721000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe

MD5 104981cb101bd19e37763cebd753928d
SHA1 df7f64cb7ea7045f5d19060af8686f8c66432b37
SHA256 0ee218fde47582841e22fb4f2c866ec8bdcbeb00f8d636876677b2ecfde50792
SHA512 3b3e8dfa2fee7a3c083d8fb370b68ff89c209d36a3e09bf677559e67c3afba275955dbf85b89d483b26151fe91e5ba6ce0907ef786464ac4a8a16f1d3f490c2f

C:\Users\Admin\AppData\Roaming\Wave\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\Wave\Preferences~RFe58072f.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

memory/4328-1365-0x000001BF46760000-0x000001BF4680C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State

MD5 a49f2aa585c67ddacbdde04d945ca900
SHA1 7aa35364063b8772da1c3c92bf5b9f089ac056bc
SHA256 7b98556acf2ac9f4f37508ce93b32c03469cf5c2fbcb9014b0f0767ff7fc955a
SHA512 f4c0d449413e0b68fa04f4e99a98e18f45b31b245ac64f109920ee3accd84cfee2cb65ac09e7d570f18d0e1cae53a6c0435c2a5a59d6584f0c0ae0f9130f4357

C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State~RFe58f6ee.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/2840-1395-0x000001F76DC30000-0x000001F76DC31000-memory.dmp

memory/2840-1397-0x000001F76DC30000-0x000001F76DC31000-memory.dmp

memory/2840-1396-0x000001F76DC30000-0x000001F76DC31000-memory.dmp

memory/2840-1401-0x000001F76DC30000-0x000001F76DC31000-memory.dmp

memory/2840-1405-0x000001F76DC30000-0x000001F76DC31000-memory.dmp

memory/2840-1407-0x000001F76DC30000-0x000001F76DC31000-memory.dmp

memory/2840-1406-0x000001F76DC30000-0x000001F76DC31000-memory.dmp

memory/2840-1404-0x000001F76DC30000-0x000001F76DC31000-memory.dmp

memory/2840-1403-0x000001F76DC30000-0x000001F76DC31000-memory.dmp

memory/2840-1402-0x000001F76DC30000-0x000001F76DC31000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:32

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

139s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4332 wrote to memory of 3636 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4332 wrote to memory of 3636 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4332 wrote to memory of 3636 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3636 -ip 3636

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win10v2004-20241007-en

Max time kernel

147s

Max time network

159s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2256 wrote to memory of 4952 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2256 wrote to memory of 4952 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2256 wrote to memory of 4952 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4952 -ip 4952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:34

Platform

debian9-armhf-20240611-en

Max time kernel

2s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/node N/A

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /usr/local/sbin/node N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

109s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /usr/local/sbin/node N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

Country Destination Domain Proto
US 151.101.193.91:443 tcp
N/A 224.0.0.251:5353 udp
GB 89.187.167.4:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win7-20240903-en

Max time kernel

120s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-13 19:26

Reported

2024-11-13 19:33

Platform

win10v2004-20241007-en

Max time kernel

142s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A