Analysis Overview
SHA256
599eb6a50a0c7b170a6d7736433cb408c7f935448efffc6171ced9ec5d25f690
Threat Level: Shows suspicious behavior
The file XrayInject1.2.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Enumerates processes with tasklist
Unsigned PE
Enumerates physical storage devices
Command and Scripting Interpreter: JavaScript
Command and Scripting Interpreter: PowerShell
Program crash
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 20:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
159s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
160s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
122s
Max time network
133s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
119s
Max time network
131s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2560 wrote to memory of 2368 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2560 wrote to memory of 2368 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2560 wrote to memory of 2368 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2560 -s 80
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20241023-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\Replace.js
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
138s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Processes
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\aclocal.ps1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/4904-0-0x00007FFA10103000-0x00007FFA10105000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cxe10ph4.emn.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4904-10-0x000001E3CC940000-0x000001E3CC962000-memory.dmp
memory/4904-11-0x00007FFA10100000-0x00007FFA10BC1000-memory.dmp
memory/4904-12-0x00007FFA10100000-0x00007FFA10BC1000-memory.dmp
memory/4904-13-0x00007FFA10100000-0x00007FFA10BC1000-memory.dmp
memory/4904-16-0x00007FFA10100000-0x00007FFA10BC1000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2656 wrote to memory of 1840 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2656 wrote to memory of 1840 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2656 wrote to memory of 1840 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1840 -ip 1840
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
160s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe303346f8,0x7ffe30334708,0x7ffe30334718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6313773808628162533,5587159570994520213,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6313773808628162533,5587159570994520213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6313773808628162533,5587159570994520213,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6313773808628162533,5587159570994520213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6313773808628162533,5587159570994520213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6313773808628162533,5587159570994520213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6313773808628162533,5587159570994520213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6313773808628162533,5587159570994520213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6313773808628162533,5587159570994520213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6313773808628162533,5587159570994520213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6313773808628162533,5587159570994520213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6313773808628162533,5587159570994520213,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2740 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c2d9eeb3fdd75834f0ac3f9767de8d6f |
| SHA1 | 4d16a7e82190f8490a00008bd53d85fb92e379b0 |
| SHA256 | 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66 |
| SHA512 | d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd |
\??\pipe\LOCAL\crashpad_4504_KQWLXIPINHGKMQDN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e55832d7cd7e868a2c087c4c73678018 |
| SHA1 | ed7a2f6d6437e907218ffba9128802eaf414a0eb |
| SHA256 | a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574 |
| SHA512 | 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 58e19300956af35cc5a548896ff83035 |
| SHA1 | d329c6472a5dec698429318716356fa2d2dd1e1a |
| SHA256 | 958c12f8162465592274f3c8ac2c099a8b55b731a8ba46a6677fea828d4cc52b |
| SHA512 | 8a4bcfc068787bae4e8d067ea65784bcb3cc11591f11145a03e7722339a4f075b86d51db773502d4111872b9c6efba0dce7c3a82d3c370d6b7a29822e5080fc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 77c9ca58a43dc0f830425b599db87512 |
| SHA1 | 393ddf9eb47480fd1a79b01e9f23a1b71d4392e4 |
| SHA256 | 11288695cd24ad3d89fbb06c0fec806ba78dc60cd77e39b3834a5d78ccdeec05 |
| SHA512 | e7dc2529b79d00ec5a0342dbdc21b1e0265f157d0c301df5390efada8d98a9a101f2c382aa8c39322a7d7da516e52610cd2bd55c76f9241081406ae40bffdf55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 607d1bef9629e4eeff0a395f81473900 |
| SHA1 | 7421dc08cb22ae6643f167ca3fa2e1777440dfb6 |
| SHA256 | f31485d022bf1bd6b204d77e7cc3701da2f40c7ef5ec4c05ebd1095c5c410e1c |
| SHA512 | 723a3c969e19c67a5a4a9e5380bdf1f5aa2379d3b1ebcbbd52b243d104531edfeead148ea5922b65b1ea0e1ae43660711b5eeaf669c96b2cf212c5b1cf6b5d6b |
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:27
Platform
win10v2004-20241007-en
Max time kernel
3s
Max time network
11s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\LNpSUHD317.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\LNpSUHD317.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Temp\LNpSUHD317.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\LNpSUHD317.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\LNpSUHD317.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\LNpSUHD317.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Temp\LNpSUHD317.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Temp\LNpSUHD317.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LNpSUHD317.exe
"C:\Users\Admin\AppData\Local\Temp\LNpSUHD317.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "WMIC csproduct get UUID"
C:\Windows\System32\Wbem\WMIC.exe
WMIC csproduct get UUID
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic bios get serialnumber"
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get serialnumber
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell wininit.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell wininit.exe
C:\Windows\system32\wininit.exe
"C:\Windows\system32\wininit.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fsz0edsv.pm2.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1548-15-0x00000236F9130000-0x00000236F9152000-memory.dmp
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\configure.vbs"
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
149s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\tea\configure.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
158s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240729-en
Max time kernel
16s
Max time network
16s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Processes
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\aclocal.ps1
Network
Files
memory/1656-4-0x000007FEF66CE000-0x000007FEF66CF000-memory.dmp
memory/1656-5-0x000000001B5B0000-0x000000001B892000-memory.dmp
memory/1656-6-0x0000000001DA0000-0x0000000001DA8000-memory.dmp
memory/1656-7-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp
memory/1656-8-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp
memory/1656-9-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp
memory/1656-10-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp
memory/1656-11-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp
memory/1656-12-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\tea\configure.vbs"
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
154s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3112 wrote to memory of 3368 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3112 wrote to memory of 3368 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3112 wrote to memory of 3368 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3368 -ip 3368
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
119s
Max time network
122s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 220
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
88s
Max time network
154s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:30
Platform
win7-20241010-en
Max time kernel
7s
Max time network
19s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3016 wrote to memory of 1740 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 3016 wrote to memory of 1740 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 3016 wrote to memory of 1740 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3016 -s 84
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 220
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
120s
Max time network
133s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB3769A1-A1FD-11EF-BF50-D686196AC2C0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000f760544623dcda43745630d393114b096048f38191275567f24424eb0c1c1658000000000e8000000002000020000000aa8f4fa79dd1b82c53db5057f877dae625fdf21ae4094de4d6fd7abcfb751f6f200000006bd5f421902c313ed4bf1b8773ebcf3828e410b0f367773cfc95371b7b57615540000000793d5cc269c59779b9d436fae49d123b1fb9089ed3a04879c30e39e8b03a2e617229cb5cad79e20279bb1d97d92c197337bf70d4156713c937e9de79380cd69a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000035bc74563c4a6b57e37c190129b19fb1ce93a1ce94b43c78233b02104ad4a180000000000e80000000020000200000002cfd406731da94cc2ceb8c1f091524e2c04ce9144307b07054631d4cf8ef7f179000000079ba152711ae1106de4dd8fba9cdcb6ac64c77b2db0f547195dc11ac9406fd1c1e65dd31f1710e0460716a1186782278c7068a1729355818b38485cd8ea3ada2dee8381c5696cda8e2d5ac6488c6cbbd2a65dbe63b2d2265855066888d5a0c59514083f2d9a36b8f5df71ced7759570f83964b692918123aa2cb04df2598eb86f40372d35ca5c0da21150c41bcab2eca400000003a424364574fbbc360c33f98b827eb9c3d6e2ec1066c366cf937ffb8c691f5b98cdc209852a464eeaee4c5c6325ef1c3c0270fa830a06e613baefc5dd93aa870 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437691501" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d04d0d800a36db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2076 wrote to memory of 2136 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2076 wrote to memory of 2136 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2076 wrote to memory of 2136 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2076 wrote to memory of 2136 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabFC99.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarFD49.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ed50bdfa286371f04f1a1be1adb5d8e |
| SHA1 | fe2f69336b4133eab741e5b7d1d31a64dbc8e570 |
| SHA256 | 900037b087741b66641d0de686006d870cb0c24f6d88b52e08d3fec4bc63accf |
| SHA512 | c3784a1fea9f72710c343ea4b15bb32b63965d5572055d79b495085758b4772a7a99e4acb31a2aa3d4f0f2fe1dd8d05ad904d9d30f046145d38b9ec0fba93f82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fdd262ffe88272e9205f1725f92015c |
| SHA1 | 44629935404f9df10f6bc8179507e9e76c698368 |
| SHA256 | c6b60f9f51c30dedc8b408f840c8b8903b88cd47a36b123e80988b0510ebe6c4 |
| SHA512 | 3fd60e28f18b2919b198caec01e1f2feee46cab3d3125e813b21b513012f771ae3a0ec72a7618f3cbb0a4658eae6f69ee1ca8279560c276af0d4cb42cd4a9f38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5358f9d009f27c6692a8d6bb7ebb3d1e |
| SHA1 | ec5676c2b4b579abbe38adb381e6b8625b0bf4e5 |
| SHA256 | 51640cb3a7420c0fc3767e337a67e74b3c5f6602b16a7daaa384c2e165145387 |
| SHA512 | 8edb592d9f4b06005564cc68a1f61f8f4dd12b4bb1f2d1480db82097ee4f5d03c93e5e4731981a253cad0af2a10b4c164fae1ee2ccf5738d421a9b463e096fc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 123666cedf41ee880eac576072f322f5 |
| SHA1 | bd7714f3ffef1813b935582ab667c40ccf69608a |
| SHA256 | 191b1c8f0478db9598053185bee398cfdae72b72b4239bbfba405627d057e1c3 |
| SHA512 | 02f35873499f01b0807d7a365a9fc5d54a1856f903b84e6e3414db6b66573202b462f2747e7b1f32a2ced413cdb5be317bef5eaf40fd4c973b86555edf2254ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db785b88808aff96f0322e47e22034d0 |
| SHA1 | 945abc5147b62b554e4746e7f6d98220cefa0c93 |
| SHA256 | 0e234b683e9fb1213cca62c5b15a4ac864bc62400133b140e7709aa47202274a |
| SHA512 | d86f5c63c82cf0ebd3ae963dd144f2b761e0e26654f84c2fd747b6910d1783f14c03d1300e261643cbd588e8a6ffbcb8bd9eca63aa8e32afa8251a0233d148e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 100d330d987f9754f5111672ca6eb599 |
| SHA1 | f7c962d5a42f38ae9be4e7cec4a71600fa21fc69 |
| SHA256 | 7e47411a2261d0d421d0b73176049e27d28e75dc8527996b58391900f62d3370 |
| SHA512 | 357742305b892d7bd4e8dc2f313c36ce7c4282c6d3ef93b1cddb50968cf0e427f6a7d4563f4f67ead42dbc7352f9c959cc7ebd2c22892b40781b24aa616e1002 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 894ef9d7c40cf5765990a523ce2c9adb |
| SHA1 | 5de3f23357489cc73daf80bf3f3a5b7b1d018d1d |
| SHA256 | afc9297a702afc568f36ee849c23e7bd5546f9554d25e48a2e4c5a7e3dae143a |
| SHA512 | 0334afbc5e5f22785ba724b87eddce4e703eec9d44b3a4b9d13e5f44b1e33d04e7788c2ccb9791ec0040f3c4bf32d15754dfc3c9771048946d04ffefbb86c4c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 877f3066eae0ba68479e525d114021e7 |
| SHA1 | ff1560252f27d790a13ca1ecbe3346059833db4f |
| SHA256 | 6741703e3eb2e803b99a7390d045c9f7c1db1d78b6ddac4845978ec98399e0fb |
| SHA512 | 8036df32a386c38812af48a23155e2593b15ad2bf3ae085995550ae8e4139b8f0466ac02284ea88eb9ae1f0c44c8d17b33972dfda4910834b515a0fcf529a8ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63bdc2b1cef9def5f22bd0d57bea1dc9 |
| SHA1 | 5560a8381f53e33d346e1f3e4015c09d5de10bed |
| SHA256 | 2dd47183e9255448c01adb189f5bafb382d88f316e5922f91107d8381a973b33 |
| SHA512 | 83650b157c3ade32cec26ccf9a5a8f39b23206cbefb11f78b4069bf4d6ad5d559b6525da5dc902efa9ba4acf7fce29f81e561b3456947c166300c7ea01bdddf9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a27f90f0a3575b31a4339d8d0e1fcd1b |
| SHA1 | e80a8d79f0adee3eaea3a8b5b551702c7574cb81 |
| SHA256 | 0c94ac8aeab8e2634055c4f4f8901285590533557a75b55f1364593a100ca389 |
| SHA512 | 336b0ad5e2fb6b02f61bb41711dc2324d14c7c9a25cb3982bf194f47c73bab801eadf5e0041b63558d039e6870e944e25e3b4e0babf98e827f84bfeacf28d2dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 913888fa41e4d8d933a0492e811ffdbc |
| SHA1 | 9484483086491e54715f7debe8cfcf62fcd1c055 |
| SHA256 | af46771d32e785c9d6f2e5348576b942788f2a8b9431f20e27a3ab5d58c7ed26 |
| SHA512 | 9f86ceb5aacc9fe625b400bf096ed760b594a3a5d4e3afd86a14a37f8f498954aeb6e2f22e246d171efbec02515fc567ce07a160caf1f343a3643e78af5f4db2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d6c1dac67659fda939a1689067827ce |
| SHA1 | a02a064de89a9a1f1082f29b35dc8ff3b82af4c4 |
| SHA256 | aa6ca5f7355d9bcac3914a9d491895f305e9beafe62c219b3f6f5d0418b5a0d2 |
| SHA512 | 52199a6b8fcf11f0d5e9c31ccd857883ccbc48889eb148b302327d8a6b62df3ffeed8c31ac1918bc3a66c2d0d7cd5561d05d165627cd75d2e8ca2b4bff2af03a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70261060ebeb3cd1ac3e40770930cc39 |
| SHA1 | 723cba94e86200751a869d386462f482dd553eed |
| SHA256 | d1c0e3e35b0da41274f527ecfcb920a08f261ffd9300c03e116e7a360f923aba |
| SHA512 | f82c0f6a2b9c8aba571d2590a7d2f3bac7ae64b97231ca3f43b63a3e1ce5d09424f3e3fde6a0bd76aab57c758ebe5156176dc0aa0da10895228aa32381aa7f77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47831cca5e77f365f3e17d42d5b6e786 |
| SHA1 | fa521a913975d5a9f061260b2be2aa9b5d98297f |
| SHA256 | 582ab27e2f22e985a9529c5758ec8bc550bd2a78dfa6fe64340c4e0be415d072 |
| SHA512 | f45ff9b3ae6acbde5da79758214cd31392e629bf3b31e28300074716ee5782bfd87c7ee5d9a2b6eba17f20645a5cf6727c4e025f777831b6c2501f5c91869ece |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 528d53bf74d30df90d8ad3050e67d515 |
| SHA1 | 0b13808a3ecc4242a9e36898500d829c2875e00c |
| SHA256 | e0bdf3d0b4191be698123a5eeab264144c3e4a2abf0623fd607328d59314f9ce |
| SHA512 | 7a0ecf49d7f074e78b712e4939a0db0aa6afe0f9f4898249e4ce84aec61ea92095a849eb42fd08f3f1e3e4c95c4507ef14e17b121a9a6956b394fb5b97654488 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31ae83ed1f57e1e4a4cd70b874804f45 |
| SHA1 | e37523bfe3a62c54d25857bd0e892d5123473e31 |
| SHA256 | a35bc34d2ea1379f086816c961eff09de97b5aa185d7515ff77a690e8a82bd71 |
| SHA512 | a0fde1cceb530775f400317296d093696eeec4ed4e4be786ce86f3dd51c04943e75db310dfe158e5881bcd23b81f15d6fbb56d2c66e2e919c7cec34ba4454a42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7737bd8af271872da4cf07f2d5da8e13 |
| SHA1 | 7081272c3d08779cad31b9ef9146080916a1f241 |
| SHA256 | a27535e8414f72f78775a3e1bad5f1b97a34d8d93039963d356ab873ab5c432c |
| SHA512 | 6ee0f3685eecde24b748778e17fbffe2bec0a096146a51fdd37caf94299603c8d9d9147203669fbdaf3b960ab658313d96f48165f25cf7574f9ffcfdfd857878 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e397a1b28bd19a081e46e0b994dd3ea |
| SHA1 | d3d1610683ff938e0673d744031a4a5208ee0faa |
| SHA256 | e3685952fa325cd034ae35b8b5922d8e841ad50c3ec634f365aae449e1077b7e |
| SHA512 | 495c246f4c14a0c29d87e57dc73385d014c3d45d48ddc8972c3824f2ba5d71e74a1e80ff6e586606d3f25a4c942bff5ef7853acbbf647c5363b4b2788f799a39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ac4692f82a8a9f3413679265654dbb5 |
| SHA1 | 66337159f0f486639559a447e594932e73f64ddc |
| SHA256 | a711a1209c014b6a023ff3643bd88cc9a6ca418c97a99f65ef62e41342054c6e |
| SHA512 | 3668333d46e96ce0237d2588c3560cde54bc90683b740c45e7796dba15afcfd323afee10407232a227cdaef17073a88e9af110dcf889b95642c8883343bba2dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5675d190cbe01e017a57a959e100f5d |
| SHA1 | d9afaa8601c0f54515378eb1dbca503908ceae2a |
| SHA256 | b1c209148e34bed71e2f902fa5dd43c152abd554e134a5024a2cdaa8e0e5fba4 |
| SHA512 | 02f8565041562c53d45650e2c85697ddbbb658ecfb9bc591b9c83f3e277572bd46dbc18f16988c41776c1c82e4f04049decd1a82f16a7a25e529885bb73f3f4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18dd38308c66d53f7323c53b9c79c98c |
| SHA1 | 4e550671047eebef9321506861d9e0f7bac364ed |
| SHA256 | 8b1493cf32693bcc7c71adb6f3616984c25055f5c0c829af88c5bd82692a481a |
| SHA512 | 66b9e5687f1e50b94ebf652c81ae1013557102546bbc4cd81736b854dcd87df54a04398bb3cfe01a2dcccb59f08e1a491b1422bd9bf67f7135441626f6dd5520 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
161s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\tea\win\makefile.vbs"
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:27
Platform
win7-20240903-en
Max time kernel
21s
Max time network
26s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe
"C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe"
C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe
C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\nseF143.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nseF143.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\chrome_100_percent.pak
| MD5 | 3c72d78266a90ed10dc0b0da7fdc6790 |
| SHA1 | 6690eb15b179c8790e13956527ebbf3d274eef9b |
| SHA256 | 14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7 |
| SHA512 | b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\chrome_200_percent.pak
| MD5 | 3969308aae1dc1c2105bbd25901bcd01 |
| SHA1 | a32f3c8341944da75e3eed5ef30602a98ec75b48 |
| SHA256 | 20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6 |
| SHA512 | f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\d3dcompiler_47.dll
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\ffmpeg.dll
| MD5 | 60bc255d5ddd8fc9c8be4c82108a2c8b |
| SHA1 | ad1a0606f27d95608e02d6ad0c40b342008d8f24 |
| SHA256 | cd0ccc24489532a6c6e977ea4d25250d9850a395b51c46f90b47ed21ef8044ba |
| SHA512 | fc50c39cdcf60a622cd4b63490c9ef2b4e3897acc05b25e900bff5d351431628e8141048995deb28de270b002d67a3976a4b528a5b50b5d1cac6683f48f1fb38 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\icudtl.dat
| MD5 | ffd67c1e24cb35dc109a24024b1ba7ec |
| SHA1 | 99f545bc396878c7a53e98a79017d9531af7c1f5 |
| SHA256 | 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92 |
| SHA512 | e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\libEGL.dll
| MD5 | 998ccce35f45d91eda0fbf2272923b03 |
| SHA1 | 9c99a7a8e4dec171cc0499e229730a241c164fbf |
| SHA256 | ad75ac7d0fe26ee9665c075e705d290233732feb897173597a18887b3d1cad7b |
| SHA512 | b5cf010ccfe4083d83e5c3c8df144bbf30eef991ac2f91f081562cf7e2b4182447cc4f86508fbd1ec229a6a34ab1907c861276776d8f657f557cea2ff7b3003e |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\libGLESv2.dll
| MD5 | 06d7890e8f5423bf90a02137af53d95b |
| SHA1 | 980f746f895bef998bb78d7adaccddfab6a9aa5b |
| SHA256 | 586a04652de1a392e8f0c4cc69ece9b7370be4953b9fa4019d09207578324e42 |
| SHA512 | bad64ac5761e2db7a9453b731c10ba13409aa8793c7e82d56c48c6231f923debb960f89d92eb69ca2914283b85d4102e8e1ec38cb7bf3d1009fc390b45ccd605 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\LICENSES.chromium.html
| MD5 | f90bec233251fd8b0cec0a2aa45be071 |
| SHA1 | 9af25a284eb14f1a8d5e67fd91d7f963d7a9c3d6 |
| SHA256 | 1479be3660c7ebfa60813d7ce9c5f017d25946ef762b3f1cc571180b25151e48 |
| SHA512 | 23dec29517ff7ab9999462211844d369f5f7e582037914d1be98af3bf43c41417a27c32314507d19d37d87d9acc4c8da085948794cfe32689dba7a2e0a393b04 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources.pak
| MD5 | 8e873d75db7796e02430109a6945b9ba |
| SHA1 | 75c1513cc317619e04aa99e0a8dd66164892a77e |
| SHA256 | da22c6359eb8d7205d8401bb6a5cd2b2bf2ed9487953038232baa6ad8a5e9319 |
| SHA512 | 38a0696a4a6ff0c484ded95f552d89d6bf6324f1759f5c76f32f86cebd1637c25dc87d89c9b3627dd95627ac13c21872d07e045bfa4d576c72b0b8d47798166d |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\v8_context_snapshot.bin
| MD5 | eaf279610dee0e18089fd16e4467b440 |
| SHA1 | caae7ebe351e27d81a6861710d1faba418ba785c |
| SHA256 | 096fc3f5002f5032d5c350200d4948851647262fa44f0a7c3770477f9ce620ce |
| SHA512 | 355a1d0a82a81d46858a9df7c334b91db869d5c0539451351d188aecd785a4c3d5ac29fa347d6f87c2d0e770f039475fe2fd718b4ce6fb9ea5cf05f1cfcc7973 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\snapshot_blob.bin
| MD5 | e039d61d0714fdabb0281425cc4ffbbd |
| SHA1 | fd130b3c9f864f5491e913c3b07a2e0b1b0ca5c1 |
| SHA256 | 803991729117f88eb4d4e64f77c49a1ed40ad1dbf7cce263c9a295bc0a23a975 |
| SHA512 | b7c4a2513a52acfb5e9f3671d86625346fb141ce204cc8f794f0521f3e738d05b5704454a77609c1f0a065820cf05bf52718da40674499ae2eb77ea9e2cb663e |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\vk_swiftshader.dll
| MD5 | a4badb3b16df7c363d00e8b54658a6d2 |
| SHA1 | b1ed12455ba568baf79cdf7c6df3f89ea668c8d3 |
| SHA256 | 809f1914bee43aeb4bc45259893cbd50bdb4c2c54f4381e9ead2cffc048268f6 |
| SHA512 | b86f786b1103f7b3d806646a9377664f1e162e4593cdba83ef3b96d37485957ad846ec65477f88c1cf641bcbeb1f47cd133ddc4512f12b0c739918dce4888b84 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\vulkan-1.dll
| MD5 | ae0ba3c0e27b4c141bb7d8d826ab1417 |
| SHA1 | 903f8a739b03ef53455edfd30b9b6c83732ae645 |
| SHA256 | 81f7ed468a8cb5d8847c111ffed008fea78a517c49e6753aae3ae3ab6f4d8127 |
| SHA512 | 4e4a33463064be6d930950e318535f9f1334f9114ed06dde200851e4dfe9d202f4438e9eed26088edd9c46e741fee64df43311fbf914ae3454166b9ef6ee59f5 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\am.pak
| MD5 | 4ccaf97afc2714724a32e9cd0f528a42 |
| SHA1 | 7a74b02296cc237885d96179f4f81b65d8538299 |
| SHA256 | f5ff8bcffd6222d96bb2c180bea945d9e7f90fe3b4d2123eb3fb6a298f8fc61e |
| SHA512 | f3990073b9f6a3662265bb5f39b942b06913fb3a6a99e3416d1099cc9de4089c9a98209c5e2f633d7eef984c7be155cd9624afc2fa2b0f3a4b735490ce743b84 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\ar.pak
| MD5 | 36039eee6a5822855b838336a05ff45f |
| SHA1 | 5aa6582e72184eeeb5bcf51a4c763871f7d490e9 |
| SHA256 | 9537067ec45eaad411cda478088cdce4bade6fbed5d236c09e1d674db7f8c651 |
| SHA512 | a81046c1085a5c054f9388783fbd49d1b149e20aa5524f43b6de98222329eb5d6dc9e9b22f59df59692d5cfc171c7dd2694cb68d77eec38687bb94f295b2bb82 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\af.pak
| MD5 | 14fd36a0675c7f31b38ae67385ecc35e |
| SHA1 | d6c1c568ba36c5ca612caef828ede54d8525ed0b |
| SHA256 | e2f838c58a05496ea2d9ea60ce3c4069784c22a234af27a09530f00612863e9a |
| SHA512 | c96ac6303b0640279e4c9dcda1cd685bdbd01c941c4779eeb0d4a2a91d72cfcc9e5e148316b70e06a9b41c1a11108b75e6740849c0972a92c521d78c935e2bd4 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\bg.pak
| MD5 | b23e1d286b4332102dded607e667c71e |
| SHA1 | e343facd16bd504714fe102949a3cc06c92d982b |
| SHA256 | bd277988128fec0642d5fb2d922fb6d8dca33eabe2546cdbeef7006ec8b0757a |
| SHA512 | 9037089867a0d99f60a458f61ef4e45d00482f9f0558f908fac6e3c8fdf80fa5029de433cf89dd7f55671fdc6e4c8e8742cf9c53d2f4e40b5ea48347a8f8c3df |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\bn.pak
| MD5 | 4be5823c75fcc1c1156a0c8813ccece8 |
| SHA1 | 123f94f742f5cc20e9da173a611a5f0052253469 |
| SHA256 | 21b1ab4beab7b420234b18c41fa48d6ce4bf26d5da89e8b235d6e56f74fc2e2d |
| SHA512 | fb3263004a4dac70c1d03be6a9ab984d7d04889b5614a1ccf655f3a76961698dab6dff1c059bb6832487530472be29771e01ae8cc665a19aae4b0f6913b56683 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\ca.pak
| MD5 | ff3ae427de1581ca390b0b1f36f39f7d |
| SHA1 | 9f03512629c5042ef5a52e1a20f08ce5efa351aa |
| SHA256 | 3d98926176ea7e250ba58e304a3498d859cf66b9a123498f177300a109f2cf07 |
| SHA512 | c6b458415ad16cbe3c3463deb32ca0a1039447e4e170a37581d0945f2cef07068dd37bcc45df49a5507d26fbe2dc26988f7ec50eb7a26f3c0691602440238ff2 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\cs.pak
| MD5 | c6c7a0107a65fdf86b93aea05f770a47 |
| SHA1 | 4918ad156e75fac0bdc533442a55acfadb0de6fc |
| SHA256 | 3daa3cf19d7b4473394dc35a82781a009eef683ab0f7b1e3db8b84d6dbc4c57e |
| SHA512 | 122151d9d773115ee6ee09e7e4add15ae0d98fc7e6af878b3314e5fc1a4945157d3fa83e189817f88ad81d2738f5f2edd42b97198aed6c98e5ec61938c06d352 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\de.pak
| MD5 | 5fce111d16298b7352dce5e116f18d27 |
| SHA1 | f5097d5d3939870e3399d04a415e339c0d94a2e2 |
| SHA256 | 2505f0b9993eb9acb000678fc4616ef1bf19348ab98ff354683ddd51d5ca43bb |
| SHA512 | 24ad6cf180b4ec132bb57500523462ae9480cee710fe33e71835336ec5f1d06deac27e9d03cebfd09cbf2e46cee0fe93063921bef79087ff51cf99e07afbbda9 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\es-419.pak
| MD5 | b69c517bcc9dcacd327b8601a1ad85fb |
| SHA1 | 0065beafe7e12673010fe1009729baf507565e05 |
| SHA256 | f86e76bda0de5749f30eb7c4eda26d4f4daf7ea307ac4785cad33836e45535e9 |
| SHA512 | f4b2fb7f1d728351a7e98fb888dbdd560d84e6471d50ee700f443f549d958fa059be961d0a7e66de56057699b5c674dfc03996da55b09c48635d26f437f9e338 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\fil.pak
| MD5 | fcba5a4988b87771b4c784fe13209b44 |
| SHA1 | 2781cd227fd305f6a448156c99d742c622a945de |
| SHA256 | 75bd5b252c6629f9eb30c00006c9270e341d12cb94679d334cbff7d35a28d37a |
| SHA512 | bf483c68a6cc236fe5f45ab7982df951f13be571838fef13a5da3a201c98e26dbbaaa3ccb18950d6bc823797590f2fd3caba65b63b6cc9fe11c3123532323286 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\hu.pak
| MD5 | 2f761b20258c04cc9e3335451160b33a |
| SHA1 | 2144a0cf0e994f3b7b030fc8c51584b4c1af11d0 |
| SHA256 | af4b5654ccf418e5bd34e2850c63e4e73c85eb06da1cbe75207743ecb70135b8 |
| SHA512 | b605c0dc34cb070afce84b4d189be63f976f60626f73f0258b52d169dbea59e338a54bb75f801f6c95203dcc179fdb284d3a836cf1420a6f77efa165e1bbb4cb |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\lv.pak
| MD5 | a49f706e800b0679551442f2e98dad4f |
| SHA1 | e3b505f693c111113fb47c436a8637e8f552fe95 |
| SHA256 | ebade538cf0ca8de4878f5ff703a18050d7494dd97e2cba8b0a0f27fe397d468 |
| SHA512 | a1f02ef0682727324b7a4f2eecc4bec3b6e363589c39d3ad63c92d9ef36a6f81c7ebf2ff68922f1966e8635a19aa38d109880526502f9a6c1a240c4272409556 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\ru.pak
| MD5 | 0a7e71f5efb94f8527c2a6750d2d2490 |
| SHA1 | c449c1b7f56fd5a1f7b536672309b2dd98da080e |
| SHA256 | 8558b5ae8a8052b5514ce4dfce04ace907ec54037a0236ee42890f8864a5f92c |
| SHA512 | fc6be5ddd2407a5e59fc47020728b5f3bf85e9ebf7e80e3582f2701752e9dae523cb8a58c1785c52df9b0b169ab8646a9db1eb7cecabb588058bb70cbe113a0e |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\te.pak
| MD5 | 3dedb30de69864333e68f5ee77ef19c1 |
| SHA1 | 859642c33bcb6c8df0fe7d9ae7d947f4c278cbcc |
| SHA256 | 439375bcd7b6533e08c8a73db25dc35e434b0d9fd9e4ace323d6847af7142b2b |
| SHA512 | c15fd0e4bab18f62cae773b85b5d85d66369712d5c5c51f8ef38858de1164bd6f7e11b916eaa5262d7d08eefebf98efd4b3536a9fb1198ca26f38e1881414831 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\zh-TW.pak
| MD5 | 40004fc419866d484f8e05767c57bb7b |
| SHA1 | 8fffde55f401c477c77e1c26ce024ac9d22589a7 |
| SHA256 | 0724dd6f642f15f198780405ffbe08303da6263ea13e73a6cf5ab2ca59e8ec72 |
| SHA512 | 627009933056b71b921f18ee0af567a24d29b1af23b1333b700c15a05ed78e0c0c09b89579108876108a214458951a8d57376c98632a34b2ee59af6adae0deae |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.node
| MD5 | 04bfbfec8db966420fe4c7b85ebb506a |
| SHA1 | 939bb742a354a92e1dcd3661a62d69e48030a335 |
| SHA256 | da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd |
| SHA512 | 4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node
| MD5 | 66a65322c9d362a23cf3d3f7735d5430 |
| SHA1 | ed59f3e4b0b16b759b866ef7293d26a1512b952e |
| SHA256 | f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c |
| SHA512 | 0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h
| MD5 | f2a075d3101c2bf109d94f8c65b4ecb5 |
| SHA1 | d48294aec0b7aeb03cf5d56a9912e704b9e90bf6 |
| SHA256 | e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36 |
| SHA512 | d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h
| MD5 | 0b81c9be1dc0ff314182399cdc301aea |
| SHA1 | 7433b86711d132a4df826bae80e58801a3eb74c9 |
| SHA256 | 605633ba0fb1922c16aa5fbfffed52a097f29bf31cee7190d810c24c02de515b |
| SHA512 | 9cf986538d048a48b9f020fc51f994f25168540db35bdb0314744fdec80a45ba99064bc35fe76b35918753c2886d4466fdd7e36b25838c6039f712e5ac7d81b3 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h
| MD5 | b60768ed9dd86a1116e3bcc95ff9387d |
| SHA1 | c057a7eebba8ce61e27267930a8526ab54920aa3 |
| SHA256 | c25be1861bd8e8457300b218f5fa0bba734f9d1f92b47d3b6ab8ee7c1862ccbe |
| SHA512 | 84e0670128f1d8712e703b6e4b684b904a8081886c9739c63b71962e5d465ac569b16cb0db74cb41dc015a64dcc1e3a9a20b0cf7f54d4320713cc0f49e0f7363 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h
| MD5 | 55a9165c6720727b6ec6cb815b026deb |
| SHA1 | e737e117bdefa5838834f342d2c51e8009011008 |
| SHA256 | 9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f |
| SHA512 | 79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h
| MD5 | de31ab62b7068aea6cffb22b54a435bb |
| SHA1 | 7fd98864c970caa9c60cfc4ce1e77d736b5b5231 |
| SHA256 | 8521f458b206ed8f9bf79e2bd869da0a35054b4be44d6ea8c371db207eccb283 |
| SHA512 | 598491103564b024012da39ac31f54cf39f10da789cd5b17af44e93042d9526b9ffd4867112c5f9755cb4ada398bf5429f01dda6c1bbc5137bea545c3c88453b |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h
| MD5 | 29dd2fca11a4e0776c49140ecac95ce9 |
| SHA1 | 837cfbc391c7faad304e745fc48ae9693afaf433 |
| SHA256 | 556ba9af78010f41bc6b5b806743dc728bc181934bf8a7c6e5d606f9b8c7a2e9 |
| SHA512 | 5785667b9c49d4f4320022c98e0567a412b48a790c99569261c12b8738bde0b4949d3998e2b375540ede2ff1d861cad859780ade796b71d4d1d692e1ed449021 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h
| MD5 | e8c5e5c02d87e6af4455ff2c59c3588b |
| SHA1 | a0de928c621bb9a71ba9cf002e0f0726e4db7c0e |
| SHA256 | cce55c56b41cb493ebd43b232ff8ffc9f5a180f5bab2d10372eca6780eb105f6 |
| SHA512 | ed96889e0d1d5263fb8fed7a4966905b9812c007fbb04b733cadbe84edc7179015b9967ff5f48816ff2c97acf4a5b4792a35cee1f8fce23e5fdc797f8ee0c762 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js
| MD5 | e5c2de3c74bc66d4906bb34591859a5f |
| SHA1 | 37ec527d9798d43898108080506126b4146334e7 |
| SHA256 | d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f |
| SHA512 | e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js
| MD5 | 275019a4199a84cfd18abd0f1ae497aa |
| SHA1 | 8601683f9b6206e525e4a087a7cca40d07828fd8 |
| SHA256 | 8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973 |
| SHA512 | 6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js
| MD5 | 8582b2dcaed9c5a6f3b7cfe150545254 |
| SHA1 | 14667874e0bfbe4ffc951f3e4bec7c5cf44e5a81 |
| SHA256 | 762c7a74d7f92860a3873487b68e89f654a21d2aaeae9524eab5de9c65e66a9c |
| SHA512 | 22ec4df7697322b23ae2e73c692ed5c925d50fde2b7e72bfc2d5dd873e2da51834b920dea7c67cca5733e8a3f5e603805762e8be238c651aa40290452843411d |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp
| MD5 | 0e4d1d898d697ec33a9ad8a27f0483bf |
| SHA1 | 1505f707a17f35723cd268744c189d8df47bb3a3 |
| SHA256 | 8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd |
| SHA512 | c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3440200.tar.gz
| MD5 | c02f40fd4f809ced95096250adc5764a |
| SHA1 | 8398dd159f3a1fd8f1c5edf02c687512eaab69e4 |
| SHA256 | 1c6719a148bc41cf0f2bbbe3926d7ce3f5ca09d878f1246fcc20767b175bb407 |
| SHA512 | 59ad55df15eb84430f5286db2e5ceddd6ca1fc207a6343546a365c0c1baf20258e96c53d2ad48b50385608d03de09a692ae834cb78a39d1a48cb36a05722e402 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js
| MD5 | f0a82a6a6043bf87899114337c67df6c |
| SHA1 | a906c146eb0a359742ff85c1d96a095bd0dd95fd |
| SHA256 | 5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74 |
| SHA512 | d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi
| MD5 | 0ad55ae01864df3767d7b61678bd326e |
| SHA1 | ffedcc19095fd54f8619f00f55074f275ceddfd6 |
| SHA256 | 4d65f2899fb54955218f28ec358a2cad2c2074a7b43f862933c6a35e69ae0632 |
| SHA512 | aaee895d110d67e87ed1e8ed6557b060a0575f466a947a4f59cc9d111381e1af6aa54d432233716c78f146168d548a726fed1eab2b3f09bb71e0ae7f4fdc69e3 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json
| MD5 | 174bf28fccd7fdb6f0766f31fac3060d |
| SHA1 | 655f465658957fbdf935fcb7df0b97c93807147b |
| SHA256 | 91008a93e604674024bd65569670af5b01f1e4caf86cde50835ee58f59a5dc61 |
| SHA512 | fa1be386a3d74767731aa5ad44ff4d89fb456e7feabde2a6e6f238ed4608a80962cadd6b7ff96f15e306a8e819221b66051fa5a7b0658ad52a2efb488492ff83 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE
| MD5 | 79558839a9db3e807e4ae6f8cd100c1c |
| SHA1 | ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2 |
| SHA256 | 7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c |
| SHA512 | b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\main.cpp
| MD5 | 88934cc736b505ada3d07afe22083568 |
| SHA1 | 6d1d112f4e7fc943dc5c9ce5ad2f32154aeb2f3a |
| SHA256 | 1ada21451bab629832372d519e366bfb08c80facfefe5a40c76a4f10a697c905 |
| SHA512 | 9f45386cba32d13a50360916b0c2f240e43cba5983a86ad80f85c75cd8e6ac2c6b931992842a736e84e234b91fc46a7a66824a3a2748f474cf1bbd22ec138a99 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_win.cpp
| MD5 | 4a55597a2c7466278439452bb708b822 |
| SHA1 | eaadcda8f410f2dd1fd9522fd7a2221624dd1713 |
| SHA256 | da37b02fb0babb651244479ea019d229fff1c41ecde74bc06335b5e603d9b30e |
| SHA512 | b20efe8026de41dd8c13c6f844455cacc13fa80bc3dd41fef422fb178054a7c8d6f14af8b1d6928e52648ab95a793aee1f996dc2aceead3aa8d317a99aad23bb |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_not_supported.cpp
| MD5 | c510e65ebcb2fa7c00712e770ec8c692 |
| SHA1 | ca1ea3c8340dcf69f344d5eaa884631eef37472b |
| SHA256 | 7c03cec11c438b6d2512239477d9f1b45d6e16763122a3a36458ab339f50d3c4 |
| SHA512 | b0b312426b4409c80b45a0f3337069be9870e050dc8b55184fb2bc63532c247089c8d35cbd1f12f0bd2bd38d581566faa74a6469b548a1ad7d837285ad37c178 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_addon.h
| MD5 | ea1e5899ec0210d7de4ce325d1d94022 |
| SHA1 | 464da48d40547cb08a67a1ed38cb0ae8369f2f42 |
| SHA256 | 18280b1135123aff82fbf4188a5aadfc9a5d6fffad9309f72f347f380f2da550 |
| SHA512 | 6dae672ea822a7dc5e42914def21c019c0fa8aeaf1c27c155b78312d8a33a63ae9a1910dd32b72760578671780b8c37b91ff5e1f6588f08c7fbaaff80d8fb6fd |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js
| MD5 | 0b33e83d33b01a51625a0fdcbef42ce3 |
| SHA1 | 1c29d999ff7da39426b97f2eb31a3d83db8f5fc7 |
| SHA256 | a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2 |
| SHA512 | 1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\package.json
| MD5 | 83a6b767cd4ade2116654eb0a90fec3c |
| SHA1 | 07a0f29ddb1c8a48947ee05bb4d6ec3d2abe1df9 |
| SHA256 | 59f4704391d2247b2a8d029d7338566d47d2ff0cd7477c49343efe93475f7a12 |
| SHA512 | 404ed15686b7d611ba8aeac12e706af75a876502c51e40e48a598d05a9ac89f88902b2830a5c679f9bb7931f5c33bb10da3a32753fdb8c71a9d7b4346a1be8d0 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\LICENSE
| MD5 | 7bd114b023fa6209fb7b02150a202ccc |
| SHA1 | 4451515f9d7b16ce8983abb4e85609fe4162c4d4 |
| SHA256 | 455dda47a3fc2f58ab06d8e526f490ec43d0fc23a5ea80dd0942644397316d9b |
| SHA512 | 87ee4dc1da13937055eade250f1f8a357f549c709b9659258c137009060080aca5cfd979890a7b2d662083f4c646cce9af6e20774b58541af9e712fb5f4f1c60 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\resources\app.asar
| MD5 | 0aaa8024392a0b4f7ab3a280cd1a131e |
| SHA1 | 47678349f3e727302a93ff83df6f064817744278 |
| SHA256 | 8cd9974eadac6fb9c5e3d46af246af858c9a1ffe950efb5635a5b2b5c4a6c179 |
| SHA512 | 9a8d5e3a2ee00b1101af6c298c6479bd74b0de82672d223683e574f2a303a6f1a01dae319840b79a14a0bc05e5381a81e8b4d2ed3401467388a7d623dc570a12 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\zh-CN.pak
| MD5 | d5ccef2d737df79adbbbfe4843a4a1ef |
| SHA1 | 26c4c4b4eedf1c620737c996b76ecf5d154ab7c0 |
| SHA256 | 1ca7a26aff7c36a98a9d96550a5f77d15f4bbc546b8d16f7160c1531ac028595 |
| SHA512 | 0feee9eba045aa1ea390b7e1ba8d2c3966db295e758ebfb7e912d3e224edb12c5a749247f7d5f6498a69ffde30d140db1b587ae42e58fd47ce153b186e238d2d |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\vi.pak
| MD5 | 5238502d80387898467b5a6564d2e197 |
| SHA1 | 574afdaca5f77f0470c218d0d945f76b38c0c192 |
| SHA256 | 760436664a06f4c716991f45e17e00645738e8d1c46cd04a116dea8d1dedb5aa |
| SHA512 | fea65ff62f13cd42c425c5055813277b9a0565c515c5ca8db4a4c8505b57f56a8df52d8e201355fa33d65b7d243cf2e6b1796e81c2daeee027dfafa7b86b6c55 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\ur.pak
| MD5 | 12cadb58e2cf3d01fb9bf1e9632a7b85 |
| SHA1 | c26507bf4bfd247ad51622314357a2f3ccf0f60c |
| SHA256 | 4ecf19c5a4eadd8909ff709803204cac4607590572b3ae6e3cf23c20e5b7476c |
| SHA512 | 6266f68ccc1b73b3a3944a43615ba23be266cd65f12a080d2331f609a182d8eee2b0553719071ff7f111dc38b92a544bac08f24efc26068032c7ff89da46d50d |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\uk.pak
| MD5 | 8f20598d3c126890390195bb643ece95 |
| SHA1 | f2735743e167f40c4a116c8f6a2ddb4e2cb6e44c |
| SHA256 | 13a00f4232ce3c58ec32b87e3b81207038ae0d1812a4f579151a6e2d8dd1793f |
| SHA512 | 42c70a4170c80c512a264f9193c33e1a8270aeea637f2ded5faf5d7d19efca24bdf97e64a50a21dc92d19311704bd6e058b0d1f212870a52f26058217ecc7efa |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\tr.pak
| MD5 | ef23040bf284ad019f7e85bf1a4b66d5 |
| SHA1 | 7d119fda04b876aff2b3c3dbb8da6410ff1b0122 |
| SHA256 | 25387c543be8057f77d05fb6e19991f954b1d8ff47b369ed15cb23541ac8df6c |
| SHA512 | b5e7e4787f26b9e2ec0672709f2bc06d01075e4b5d298352ff79edba39e3bce2eae60c65a597b051ecb2f964b89061a8f409bb6a4cdbd3383b00d0aa5b81ebb2 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\th.pak
| MD5 | 821e1c0cd7ac4cc96e047df5f9b741d5 |
| SHA1 | cdbe922b53e89c801ed6596392f852f14dbd5be4 |
| SHA256 | 2da181190b745bb7d5f6cb296d86ff87cc6dcf66404e9d991d74434ab47e4bff |
| SHA512 | cd85f3a28c69d0c6d6a2d61eeafb6b24ae991e0ba55cbc5adde966de172111e77c6b11992d6e17c6cd1d1f2f138813cf74eba41b60ed5b3a7a77df9b789ab08f |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\ta.pak
| MD5 | 42ee2510d5a0adaaf7159b1f5ac2f6ac |
| SHA1 | 677a50f6371766400fd5d3c24f3cf4e5271c8fda |
| SHA256 | 5f591d92c509269b7af0501621499e01a411f1f306c014670b562d1e5341bbe3 |
| SHA512 | f2427a67b825263c469d85b99e9ee221c5dd8cd377c7276bf3408a2218dfafd1df1a75ae2f5a7a7e6220003159f55d8709d62301f662df0df2e64514fba15d01 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\sw.pak
| MD5 | 98dd12a836df0e3967b8fcf44b18f8c4 |
| SHA1 | 4762b7f8e5fd1b92c6984b76d4e965c32389cc05 |
| SHA256 | c8f6cd8602059e6fd7a1289b9a268d4ddaa1c2ecdef7a9d05ec4bde9bfd9c444 |
| SHA512 | f2046fe9ece161b6e39bf94c347e920ed3eaac7d05846270ed847011e319cc61d0ba01c4e80b603edd9e5ae4e3461029627a9a913a10180a311d373ad07520fc |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\sv.pak
| MD5 | 52be946c5512d40a8c4e1add4d37ee9a |
| SHA1 | d0b8fdfaa572cd72b7ee15f6d3fe4c5cc0acce72 |
| SHA256 | b49021f35acd74a67af3d77ac9e4d938d9a54918ac3a9ec4e38e192f2cc9af32 |
| SHA512 | 6f0a53a83e2819370fb5ed4e77e08fc01942d141e90d88152f5fb6a4e38de2f2dd07864e00d50ed18d1320d9cf827d22829218837822f6c6f34770a01a10a1af |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\sr.pak
| MD5 | 755d73be3227055ef6cc084cdf8e2c2b |
| SHA1 | b1894b1a8e53393d75907dfb2e88806581fc00a8 |
| SHA256 | 8c31d207616b081e016a5df4e67dabfabe37072f1bcda1cdaa64ea4d935ee694 |
| SHA512 | 79029204f641d07b9d729715ff1cfb0d396353729fbf40bbcb25a7dff3c843a9a054d7e38849aa1c87ef2014d83e864c1cd30b8265a7928778ead690dd4e0a93 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\sl.pak
| MD5 | f0cbfe15d823895ef5443367b906d51a |
| SHA1 | 06706edfd6fd9d3ed04f571cef89fcc3a81c33d9 |
| SHA256 | 8493fae950d7caa3556d0f39fa992ec85c2ab6ab58ae5250a6fedee09f5e89f8 |
| SHA512 | bebc78688aab7fe6cc9b09469410bb49cac32b7f240b499abc5eb9aaa8cb4cef44fa3c71840102a6a854913b6bc3e9a473769487fb51eaee1a0973daf63c9004 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\sk.pak
| MD5 | e61d8cdf7f7fe4dada93a04ed91a9b83 |
| SHA1 | 8553d0345be95d506a21c4e62149858feca51f56 |
| SHA256 | 9b87ea25180bb8dddab69359d41d594f1a594f87ec75eb201f6bca6ac87b488e |
| SHA512 | cf73149982c81e26d1c3bd73cb1cf6d4b1c8ac59d5e0c1777e92d420bc56e78fcaf737da785578cb95d2e8b61c1d8a828a0eead147b5934eb764b64f6e91adc0 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\ro.pak
| MD5 | c93f9732b24292d5b4e9fb5076127107 |
| SHA1 | 9ba57f6ad8437405588d86548efb02945a530f03 |
| SHA256 | d01a6caf125cecb2bc232a00039c4c8422c88b2d5ec374c89a6cb0117e8ef33f |
| SHA512 | c51015b24b1a73540648b4338da33783e7e4685317a60f64566cb3eb2366a4bd27114f96db1541f553e626f15ffbc95bec78f562e93613de935509e76ddc2aee |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\pt-PT.pak
| MD5 | 86a155a0df0c9b5fec50e57546050bb8 |
| SHA1 | e14e1d956da30115ca80c694a5d0c781e085426d |
| SHA256 | 4387bddfbfe69542dbdc3c423362116bc34481cfb20b0311bab65186f571e87c |
| SHA512 | 2719c673b2dc4d8dba8dea6f589c4a43fd771b2783bcc78a1d387549f72fb1355163885dd68eb286d72737d7676df228647d1ad632e8599093aa845800861cee |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\pt-BR.pak
| MD5 | 8634e12029fc824c1d68d4cffce1e523 |
| SHA1 | fb78bb73fb7d1bc9364a6ad509e4e3ef0a965b9c |
| SHA256 | b5ef49a16803eaa39971f54285e8fe4f7ce126ad725edb99f8a521d121dbc517 |
| SHA512 | 18d3209a7c76fed698b7342d875c3c4dab554771fc1c639006c20554d7074655795889c6bb0bdc5413f2b9ce226b8564c3a569280b11199f91eb209a9eb16f6b |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\pl.pak
| MD5 | 1685f404ad1bff6cf94480786edf8dbb |
| SHA1 | 20c6c80a4309b56d2d424adc30c3b91331c8948d |
| SHA256 | de614454a8d36409c4ac9aa03bad2ae0c4d964a12e36362efda2c83a59781e87 |
| SHA512 | b60e5c1b079ca3f46bef5e6ac5dbde1fdde54a6c210db6972b7d595a12d5ba6675192f047b8b067b3f1f9ee98ba5c15a1f069571c9692a5fd199ae93086b2647 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\nl.pak
| MD5 | be1acc31a045ac01087c89bcc3b26328 |
| SHA1 | f6cf150336b5202ed6fa2ad7123e5f82ec1c5106 |
| SHA256 | f3e044dd9bf6cdd0f406b12ba28b492c06937a7c046a801ddeac24750f172a9e |
| SHA512 | f2a47f18ad953437d5bf61ff245a2bb5814f8d9d19c9265ea90d6e01489f997a68d754546700c6429f337760358594049dddcb1123b650eee6f0b0e95e252695 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\nb.pak
| MD5 | 509da8911c1d7564aac0613fa0e73403 |
| SHA1 | b70ed8edaeb574c80c9b59cabe7f5e3f98719e78 |
| SHA256 | a1b1cb1af7ffe3af713e423bffed0e15e475733143c4ba06abc87d6ea0731456 |
| SHA512 | 176fca10ecc65e27439ac8ec35bdd2aa08cc9b674b7bd6c5b1909fec786668a6d8b33d718ca7807de323ff3b8b7107de82c57aa71ac9e7079f2a37610fc0969a |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\ms.pak
| MD5 | 3dd48aca5a1b1f54abee583b28b03da7 |
| SHA1 | d42b7e2252776a7e960a7aef6b849fe6f6c8cbfb |
| SHA256 | 9d1353d27c77b38e18f22e4719f8781dd6c126f86f6a84ff5170d28a202aca7e |
| SHA512 | f190939c13c2d1ab318084dca42d8132b723a4bba775ef547944675f7db37497bfb45c2391b792091ee4416bddff7bef25f3f707ba1346c5f7ebab7fef410c8c |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\mr.pak
| MD5 | 4768c4daf4ce9ffdeb3d11ce64e0f3ec |
| SHA1 | e4eebd9c013f0a7857b6678ddd76e51535f82102 |
| SHA256 | d1332150da50884e0caaf78c36117c0d5958e4b3ea067e3dfe7ae157fec01de3 |
| SHA512 | e60771b5e55defc66df1c6043f4f3214b71cff1509d928029bb3a13bcd3c3b665ddfd1426db300d08c1d978c5f62881ce37d64252c264c495e1b015ff11fe22b |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\ml.pak
| MD5 | 4ada3d6afca7a3536ca56766921a2e11 |
| SHA1 | 22445c79906d71f75486c767e22562fd28fbae24 |
| SHA256 | 901c7e8006d1e73a7e8146b383f54df5d90ea622f0ec4cb5660019acb8433d4a |
| SHA512 | 4ad124e2e57693592403b73d05993fb46b1bc1dfc50d0ab326ae96cd1c1461cd1cd1b4e8ca4445cede3f7ff12278d07b3a138201e9028dddb31e2b4d8b151748 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\lt.pak
| MD5 | ea646ce51bd07999529fb719ddf063d5 |
| SHA1 | 94fee802cc876e5d2b722d1872c7ed927a14c33f |
| SHA256 | af5ea09e52a33451c43dbcee0028ff0a19bce6877c00f2643b8fa1f9d060ef90 |
| SHA512 | 58d0beb8d91825785dd4c0ad08070a04554cbad39b443cb9cc8b2747a8257a5295febfc4484dd3e7a3ede86859bcebbcb176a112016fd07c64be1d856bd39678 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\ko.pak
| MD5 | fa3c8f5c1f1ee523c3f9d566ddb2be24 |
| SHA1 | 171133dfe6c2200157b9f21e1bab690632f2ba64 |
| SHA256 | a02ddb9e195a9aff301f2e23c7abc41baf526e5f14cd4dbf15c55c5c5c78a09d |
| SHA512 | 5482a964ccd9ad951338cd09cd8f2f76acfe8516a73d2bea6390c9fac17d532a2ed47fd50642b6d9d7b1313cb688c3a997068cd71b9b985e423c0054fbcb4daa |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\kn.pak
| MD5 | 58218cff338a420a4ce74a5414559782 |
| SHA1 | 07c944732d5a2cc9b9b8bb90a78be4892630db22 |
| SHA256 | 938bdd9eb4c5e278739a103c7bf435db41c3524de718e30f3d66ae60f8ce02b3 |
| SHA512 | ecd54a261a39843d51bd9198029d141b233a6b7d652c8afdabb5b44019cf869b1d9505d411e0ef3de7365255579e1ae2cda0677d91071a566c6509e09c32efa8 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\ja.pak
| MD5 | f84e728b97f1766e1cd24800a409a411 |
| SHA1 | c42bd9849b5e5510e56dacf06a8ce126bfd00744 |
| SHA256 | 4beeabf6962e1e5b042dedbc45d21d3786c331a3ab1f3f3f51f75fe9ed8811ee |
| SHA512 | 769cd214f19d735a06dc7eef8db23f6b3302e0daeccfbcd6405c9aa251ca24392fe6cdfad9ab9273c8c38ab763a502f2204b48526e10cf2c3439ab6544698f9c |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\it.pak
| MD5 | 7872fe9c01ce9eca8f0358fe718d5582 |
| SHA1 | 7ba1adeda4f2dc7467b9af81f22b00ee9c633ba5 |
| SHA256 | 3f9cf91feacbd3a8e18930aa536ae0c2097e8f3b56da1f356a6243ba27b9df26 |
| SHA512 | 268264a2b7048d52f90e6b3b6704b848980c99d89937326359759411a529b97e024b9dc93bfedf90b84aa642681bc162f566f4fc5f48e8d007897a218496ed36 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\id.pak
| MD5 | c83b246a36389f1087d32e801091559c |
| SHA1 | 8a7d1d417868611ca3706a0d829c3b8f9774fcfc |
| SHA256 | f2761928e6a189ad28183304a5d56fb1c51f03cca5f315112b7b8722b781546f |
| SHA512 | ba39a82fc9a379f0f83f107876dfee73b4bf2f0e35b7c683002015dc3740c52402d0a5d3eb19cba383c17b07abee807c47a7c27e278c0db6847612097ef9161e |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\hr.pak
| MD5 | 6249233aff4a7a2cab1a01681f3b555d |
| SHA1 | 62892f7cc147063bcfd097df52512c4caa39247a |
| SHA256 | a6cc5da8b3b46f2a327de8f39c18a8a9b58031e1a0484321e2cebe397c30f29b |
| SHA512 | 23ae48ea57fcf4a43ac558131ddf6c001104e44840ae44f1324ee7af3f434d6279ed2c7e50fbedd04f419b3f15ae973f6d8ecb0c602faa449e64a62249d6203d |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\hi.pak
| MD5 | fefa6262231aff9dc0d2421990a3b634 |
| SHA1 | 24eaf51449c77164b3128894949317e1d79112be |
| SHA256 | 69277e0864383fd2a975d1dce2df1a3763685ea52acc10401530e31f03c4e7cc |
| SHA512 | 7b31d1b6f9a48a0743c0639d3e7a80687973fe76f3e0717d6721571a696feee53e4af327661e4febb8a6702a42b9d1112e7ab259d8d6dea7827b2d61a67f4149 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\he.pak
| MD5 | a68fa2b08e442b05874dca64b65470da |
| SHA1 | d79593cf29572a491b4f56680ec9f1bcce7f312f |
| SHA256 | ddfc635cf22dd117b28929b196a46554d21656c60a7eb4ce35dde84a80032dc0 |
| SHA512 | b80328e2b4043decd45fc95c6ac4192e550ed21398563c7a8135be50ececa01a0f762cccbabd37265f14c25a0f4d63b6cb7ab98996533cd743fbbff4d195df6c |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\gu.pak
| MD5 | b54152f1794aac7d270f5cfbb7a020d5 |
| SHA1 | d14f3feb7206468be4abec39fcd14cb4d3fbf561 |
| SHA256 | b23b8f24e6a0a5267f4704f82dbbe5bd4ba34a3878a883bdbd9680f6512a2201 |
| SHA512 | 8ec8fefdac754b6049b045985b754a4308ded71d79f43925a302076610fa8a69f29fe764ac5acf65618d684fe73097862f4b9b43c8d21f410ce7e94adf78120a |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\fr.pak
| MD5 | 42433f8f6044f028ce65cd90a0080fbb |
| SHA1 | 7f3036c2def226d9a9cc040b723b07117e72ab3b |
| SHA256 | 784b1588645351fdb98fcba9cffa1afae84961e71fcfbf5b80c0b8cc29cff69f |
| SHA512 | 2363435ec520d0e80599149a628aee0011cbeb8cc8ebd44942a52030c92b72e7077b51edf65057af0c4ea0a56d78b6266edfa62873dfdde09be0356f68cb4aa0 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\fi.pak
| MD5 | 5d693a7021eb7c4aef053bd0954b9fdb |
| SHA1 | 8500954dc82f8212fcb6e58db128e650479bbbe9 |
| SHA256 | c2b0402222e9e877618f908518d9bc62bca45ea4167734ce93f36382cb30f2cd |
| SHA512 | 425f5889fe6b1b3a38eface19419642cba5d03657a33a9a85eb457ac2882075f1e73f58d036ef459f3001e8f717b92df08d761d865711c3b2b560727841a9827 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\fa.pak
| MD5 | d764a7eac41aec2bcd9704f2a3e2122f |
| SHA1 | 88477fb426640c27dd95db6fc3cf4d0150a9b097 |
| SHA256 | 0a174961cacce870d6eec050f1e41dd44155e583db7093f1caa33822d8c471f6 |
| SHA512 | 50f59426fe77d48b79b5f502ffe46a3b7f591b3a7f42b6282b60997f766edba1f756783c40a9d3104a22ad9f7a8f930b9cf72d635ef88401daf272d69e2f69d6 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\et.pak
| MD5 | e2e6b9dca370e0492cecabe8cf284975 |
| SHA1 | fbbeccce405dcf52bd495677a9cd9eca16532977 |
| SHA256 | 2fdcee1405049d9b2e77914cea04bfcebb9013063783a89e10a19e227c566135 |
| SHA512 | 2c88a375d176ec0392f5b73e3f3c1b61ab7361a2ffc7365579698bbf80ad1754a49ff854b5fb268317267b7e367fc8aaa52c012de33812201689426511b925f7 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\es.pak
| MD5 | 17cf466b44a9b3ff9232d298b0d351af |
| SHA1 | 3171e6fb16ec3c3a038d824a6ced6ba89c6a7a98 |
| SHA256 | bfd563b116a85bfcc1f0dd7373ce09f057d0c7a246f1213639f43b26611c4f03 |
| SHA512 | 574d2247745415bcad2a8e43f9db06609dc160a84fa7833311d41260d6364d22663ff8ee55e0ed9184eb7abdd3ec8c251faa66185e9d069f542ae57abf8652e2 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\en-US.pak
| MD5 | 0ea050358326e9ba2fd06751a7b2bad2 |
| SHA1 | 3610b9d4c370af456bf8d1447417ba5194fb6a85 |
| SHA256 | 55fd1b71a47b6d4a81240240fd24e12c3dd7b986924ecc11afd7d21e7717a49f |
| SHA512 | d10d047be9629608f89afbbc115ece521af4ea1a7529832943b67441bff2fcd698feefe6df6296c306b399c55acf84dfa0734447f5f64063f2e1ecebbbc8edf3 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\en-GB.pak
| MD5 | f65acb944ce633180762095ec6a48e31 |
| SHA1 | ba5cc1fa02a1c6055f5a6bebe1aeb993e3844590 |
| SHA256 | 87e534f1d0a4b32bd9ae207e167f87499bdf1e05c5a7c173fc3aacfdcb0073d8 |
| SHA512 | 11655eeedd381c2629c34c72a106da1130dfbe6d50e7c8d32a29feb5c4c677a3606b4615f904e029c1703d6745fa61b959e50e928022f596aeea29bf2d2a65e4 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\el.pak
| MD5 | 5d65998959e4a5ffadd4b59bd95e649d |
| SHA1 | 279668a833a995aa1f86ae3c880b05b874d278fd |
| SHA256 | 73fd71845722470acf551d6c187731bb14886f88f75d257dbd696552c3a83ad3 |
| SHA512 | f530428a41652fa42b3d53116483fc036c69f08d06e77097846f0227447ecb2a91b4e1aced743302b3f688869f611c498bd4ccfa980f5588093321181ae141e3 |
C:\Users\Admin\AppData\Local\Temp\nseF143.tmp\7z-out\locales\da.pak
| MD5 | 200a10ca45a629d1d0ee59c8700c3626 |
| SHA1 | 380e3d3ab0a7f210d32e3ed0ae566f9db3802fcf |
| SHA256 | a8fc454536f58e34d3aa379596b3641b68b92989c2c2000f573c834503d47f24 |
| SHA512 | d5855ed1d2bf9992c7945cb30a133c3e6547a6f22f714baa17a1292d85c64e383bec301b77c01243b561a015b24803f93b384a1fe66dcd8a25cfc855b10b743a |
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
157s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
149s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\Replace.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
120s
Max time network
129s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
140s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\configure.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
139s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\ltmain.sh
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:27
Platform
win10v2004-20241007-en
Max time kernel
12s
Max time network
24s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe
"C:\Users\Admin\AppData\Local\Temp\XrayInject1.2.exe"
C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe
C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\LNpSUHD317.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "WMIC csproduct get UUID"
C:\Windows\System32\Wbem\WMIC.exe
WMIC csproduct get UUID
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic bios get serialnumber"
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get serialnumber
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell wininit.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell wininit.exe
C:\Windows\system32\wininit.exe
"C:\Windows\system32\wininit.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2olYxu8i09iVXw5fJuy7NIyuOY9\chrome_100_percent.pak
| MD5 | 3c72d78266a90ed10dc0b0da7fdc6790 |
| SHA1 | 6690eb15b179c8790e13956527ebbf3d274eef9b |
| SHA256 | 14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7 |
| SHA512 | b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\chrome_200_percent.pak
| MD5 | 3969308aae1dc1c2105bbd25901bcd01 |
| SHA1 | a32f3c8341944da75e3eed5ef30602a98ec75b48 |
| SHA256 | 20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6 |
| SHA512 | f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\d3dcompiler_47.dll
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\ffmpeg.dll
| MD5 | 60bc255d5ddd8fc9c8be4c82108a2c8b |
| SHA1 | ad1a0606f27d95608e02d6ad0c40b342008d8f24 |
| SHA256 | cd0ccc24489532a6c6e977ea4d25250d9850a395b51c46f90b47ed21ef8044ba |
| SHA512 | fc50c39cdcf60a622cd4b63490c9ef2b4e3897acc05b25e900bff5d351431628e8141048995deb28de270b002d67a3976a4b528a5b50b5d1cac6683f48f1fb38 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\icudtl.dat
| MD5 | ffd67c1e24cb35dc109a24024b1ba7ec |
| SHA1 | 99f545bc396878c7a53e98a79017d9531af7c1f5 |
| SHA256 | 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92 |
| SHA512 | e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\libGLESv2.dll
| MD5 | 06d7890e8f5423bf90a02137af53d95b |
| SHA1 | 980f746f895bef998bb78d7adaccddfab6a9aa5b |
| SHA256 | 586a04652de1a392e8f0c4cc69ece9b7370be4953b9fa4019d09207578324e42 |
| SHA512 | bad64ac5761e2db7a9453b731c10ba13409aa8793c7e82d56c48c6231f923debb960f89d92eb69ca2914283b85d4102e8e1ec38cb7bf3d1009fc390b45ccd605 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\libEGL.dll
| MD5 | 998ccce35f45d91eda0fbf2272923b03 |
| SHA1 | 9c99a7a8e4dec171cc0499e229730a241c164fbf |
| SHA256 | ad75ac7d0fe26ee9665c075e705d290233732feb897173597a18887b3d1cad7b |
| SHA512 | b5cf010ccfe4083d83e5c3c8df144bbf30eef991ac2f91f081562cf7e2b4182447cc4f86508fbd1ec229a6a34ab1907c861276776d8f657f557cea2ff7b3003e |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\LICENSES.chromium.html
| MD5 | f90bec233251fd8b0cec0a2aa45be071 |
| SHA1 | 9af25a284eb14f1a8d5e67fd91d7f963d7a9c3d6 |
| SHA256 | 1479be3660c7ebfa60813d7ce9c5f017d25946ef762b3f1cc571180b25151e48 |
| SHA512 | 23dec29517ff7ab9999462211844d369f5f7e582037914d1be98af3bf43c41417a27c32314507d19d37d87d9acc4c8da085948794cfe32689dba7a2e0a393b04 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\snapshot_blob.bin
| MD5 | e039d61d0714fdabb0281425cc4ffbbd |
| SHA1 | fd130b3c9f864f5491e913c3b07a2e0b1b0ca5c1 |
| SHA256 | 803991729117f88eb4d4e64f77c49a1ed40ad1dbf7cce263c9a295bc0a23a975 |
| SHA512 | b7c4a2513a52acfb5e9f3671d86625346fb141ce204cc8f794f0521f3e738d05b5704454a77609c1f0a065820cf05bf52718da40674499ae2eb77ea9e2cb663e |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources.pak
| MD5 | 8e873d75db7796e02430109a6945b9ba |
| SHA1 | 75c1513cc317619e04aa99e0a8dd66164892a77e |
| SHA256 | da22c6359eb8d7205d8401bb6a5cd2b2bf2ed9487953038232baa6ad8a5e9319 |
| SHA512 | 38a0696a4a6ff0c484ded95f552d89d6bf6324f1759f5c76f32f86cebd1637c25dc87d89c9b3627dd95627ac13c21872d07e045bfa4d576c72b0b8d47798166d |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\vulkan-1.dll
| MD5 | ae0ba3c0e27b4c141bb7d8d826ab1417 |
| SHA1 | 903f8a739b03ef53455edfd30b9b6c83732ae645 |
| SHA256 | 81f7ed468a8cb5d8847c111ffed008fea78a517c49e6753aae3ae3ab6f4d8127 |
| SHA512 | 4e4a33463064be6d930950e318535f9f1334f9114ed06dde200851e4dfe9d202f4438e9eed26088edd9c46e741fee64df43311fbf914ae3454166b9ef6ee59f5 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\vk_swiftshader.dll
| MD5 | a4badb3b16df7c363d00e8b54658a6d2 |
| SHA1 | b1ed12455ba568baf79cdf7c6df3f89ea668c8d3 |
| SHA256 | 809f1914bee43aeb4bc45259893cbd50bdb4c2c54f4381e9ead2cffc048268f6 |
| SHA512 | b86f786b1103f7b3d806646a9377664f1e162e4593cdba83ef3b96d37485957ad846ec65477f88c1cf641bcbeb1f47cd133ddc4512f12b0c739918dce4888b84 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\v8_context_snapshot.bin
| MD5 | eaf279610dee0e18089fd16e4467b440 |
| SHA1 | caae7ebe351e27d81a6861710d1faba418ba785c |
| SHA256 | 096fc3f5002f5032d5c350200d4948851647262fa44f0a7c3770477f9ce620ce |
| SHA512 | 355a1d0a82a81d46858a9df7c334b91db869d5c0539451351d188aecd785a4c3d5ac29fa347d6f87c2d0e770f039475fe2fd718b4ce6fb9ea5cf05f1cfcc7973 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\af.pak
| MD5 | 14fd36a0675c7f31b38ae67385ecc35e |
| SHA1 | d6c1c568ba36c5ca612caef828ede54d8525ed0b |
| SHA256 | e2f838c58a05496ea2d9ea60ce3c4069784c22a234af27a09530f00612863e9a |
| SHA512 | c96ac6303b0640279e4c9dcda1cd685bdbd01c941c4779eeb0d4a2a91d72cfcc9e5e148316b70e06a9b41c1a11108b75e6740849c0972a92c521d78c935e2bd4 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\am.pak
| MD5 | 4ccaf97afc2714724a32e9cd0f528a42 |
| SHA1 | 7a74b02296cc237885d96179f4f81b65d8538299 |
| SHA256 | f5ff8bcffd6222d96bb2c180bea945d9e7f90fe3b4d2123eb3fb6a298f8fc61e |
| SHA512 | f3990073b9f6a3662265bb5f39b942b06913fb3a6a99e3416d1099cc9de4089c9a98209c5e2f633d7eef984c7be155cd9624afc2fa2b0f3a4b735490ce743b84 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\ar.pak
| MD5 | 36039eee6a5822855b838336a05ff45f |
| SHA1 | 5aa6582e72184eeeb5bcf51a4c763871f7d490e9 |
| SHA256 | 9537067ec45eaad411cda478088cdce4bade6fbed5d236c09e1d674db7f8c651 |
| SHA512 | a81046c1085a5c054f9388783fbd49d1b149e20aa5524f43b6de98222329eb5d6dc9e9b22f59df59692d5cfc171c7dd2694cb68d77eec38687bb94f295b2bb82 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\bg.pak
| MD5 | b23e1d286b4332102dded607e667c71e |
| SHA1 | e343facd16bd504714fe102949a3cc06c92d982b |
| SHA256 | bd277988128fec0642d5fb2d922fb6d8dca33eabe2546cdbeef7006ec8b0757a |
| SHA512 | 9037089867a0d99f60a458f61ef4e45d00482f9f0558f908fac6e3c8fdf80fa5029de433cf89dd7f55671fdc6e4c8e8742cf9c53d2f4e40b5ea48347a8f8c3df |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\cs.pak
| MD5 | c6c7a0107a65fdf86b93aea05f770a47 |
| SHA1 | 4918ad156e75fac0bdc533442a55acfadb0de6fc |
| SHA256 | 3daa3cf19d7b4473394dc35a82781a009eef683ab0f7b1e3db8b84d6dbc4c57e |
| SHA512 | 122151d9d773115ee6ee09e7e4add15ae0d98fc7e6af878b3314e5fc1a4945157d3fa83e189817f88ad81d2738f5f2edd42b97198aed6c98e5ec61938c06d352 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\da.pak
| MD5 | 200a10ca45a629d1d0ee59c8700c3626 |
| SHA1 | 380e3d3ab0a7f210d32e3ed0ae566f9db3802fcf |
| SHA256 | a8fc454536f58e34d3aa379596b3641b68b92989c2c2000f573c834503d47f24 |
| SHA512 | d5855ed1d2bf9992c7945cb30a133c3e6547a6f22f714baa17a1292d85c64e383bec301b77c01243b561a015b24803f93b384a1fe66dcd8a25cfc855b10b743a |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\ca.pak
| MD5 | ff3ae427de1581ca390b0b1f36f39f7d |
| SHA1 | 9f03512629c5042ef5a52e1a20f08ce5efa351aa |
| SHA256 | 3d98926176ea7e250ba58e304a3498d859cf66b9a123498f177300a109f2cf07 |
| SHA512 | c6b458415ad16cbe3c3463deb32ca0a1039447e4e170a37581d0945f2cef07068dd37bcc45df49a5507d26fbe2dc26988f7ec50eb7a26f3c0691602440238ff2 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\bn.pak
| MD5 | 4be5823c75fcc1c1156a0c8813ccece8 |
| SHA1 | 123f94f742f5cc20e9da173a611a5f0052253469 |
| SHA256 | 21b1ab4beab7b420234b18c41fa48d6ce4bf26d5da89e8b235d6e56f74fc2e2d |
| SHA512 | fb3263004a4dac70c1d03be6a9ab984d7d04889b5614a1ccf655f3a76961698dab6dff1c059bb6832487530472be29771e01ae8cc665a19aae4b0f6913b56683 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\de.pak
| MD5 | 5fce111d16298b7352dce5e116f18d27 |
| SHA1 | f5097d5d3939870e3399d04a415e339c0d94a2e2 |
| SHA256 | 2505f0b9993eb9acb000678fc4616ef1bf19348ab98ff354683ddd51d5ca43bb |
| SHA512 | 24ad6cf180b4ec132bb57500523462ae9480cee710fe33e71835336ec5f1d06deac27e9d03cebfd09cbf2e46cee0fe93063921bef79087ff51cf99e07afbbda9 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\en-US.pak
| MD5 | 0ea050358326e9ba2fd06751a7b2bad2 |
| SHA1 | 3610b9d4c370af456bf8d1447417ba5194fb6a85 |
| SHA256 | 55fd1b71a47b6d4a81240240fd24e12c3dd7b986924ecc11afd7d21e7717a49f |
| SHA512 | d10d047be9629608f89afbbc115ece521af4ea1a7529832943b67441bff2fcd698feefe6df6296c306b399c55acf84dfa0734447f5f64063f2e1ecebbbc8edf3 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\es.pak
| MD5 | 17cf466b44a9b3ff9232d298b0d351af |
| SHA1 | 3171e6fb16ec3c3a038d824a6ced6ba89c6a7a98 |
| SHA256 | bfd563b116a85bfcc1f0dd7373ce09f057d0c7a246f1213639f43b26611c4f03 |
| SHA512 | 574d2247745415bcad2a8e43f9db06609dc160a84fa7833311d41260d6364d22663ff8ee55e0ed9184eb7abdd3ec8c251faa66185e9d069f542ae57abf8652e2 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\et.pak
| MD5 | e2e6b9dca370e0492cecabe8cf284975 |
| SHA1 | fbbeccce405dcf52bd495677a9cd9eca16532977 |
| SHA256 | 2fdcee1405049d9b2e77914cea04bfcebb9013063783a89e10a19e227c566135 |
| SHA512 | 2c88a375d176ec0392f5b73e3f3c1b61ab7361a2ffc7365579698bbf80ad1754a49ff854b5fb268317267b7e367fc8aaa52c012de33812201689426511b925f7 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\es-419.pak
| MD5 | b69c517bcc9dcacd327b8601a1ad85fb |
| SHA1 | 0065beafe7e12673010fe1009729baf507565e05 |
| SHA256 | f86e76bda0de5749f30eb7c4eda26d4f4daf7ea307ac4785cad33836e45535e9 |
| SHA512 | f4b2fb7f1d728351a7e98fb888dbdd560d84e6471d50ee700f443f549d958fa059be961d0a7e66de56057699b5c674dfc03996da55b09c48635d26f437f9e338 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\en-GB.pak
| MD5 | f65acb944ce633180762095ec6a48e31 |
| SHA1 | ba5cc1fa02a1c6055f5a6bebe1aeb993e3844590 |
| SHA256 | 87e534f1d0a4b32bd9ae207e167f87499bdf1e05c5a7c173fc3aacfdcb0073d8 |
| SHA512 | 11655eeedd381c2629c34c72a106da1130dfbe6d50e7c8d32a29feb5c4c677a3606b4615f904e029c1703d6745fa61b959e50e928022f596aeea29bf2d2a65e4 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\el.pak
| MD5 | 5d65998959e4a5ffadd4b59bd95e649d |
| SHA1 | 279668a833a995aa1f86ae3c880b05b874d278fd |
| SHA256 | 73fd71845722470acf551d6c187731bb14886f88f75d257dbd696552c3a83ad3 |
| SHA512 | f530428a41652fa42b3d53116483fc036c69f08d06e77097846f0227447ecb2a91b4e1aced743302b3f688869f611c498bd4ccfa980f5588093321181ae141e3 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\fil.pak
| MD5 | fcba5a4988b87771b4c784fe13209b44 |
| SHA1 | 2781cd227fd305f6a448156c99d742c622a945de |
| SHA256 | 75bd5b252c6629f9eb30c00006c9270e341d12cb94679d334cbff7d35a28d37a |
| SHA512 | bf483c68a6cc236fe5f45ab7982df951f13be571838fef13a5da3a201c98e26dbbaaa3ccb18950d6bc823797590f2fd3caba65b63b6cc9fe11c3123532323286 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\he.pak
| MD5 | a68fa2b08e442b05874dca64b65470da |
| SHA1 | d79593cf29572a491b4f56680ec9f1bcce7f312f |
| SHA256 | ddfc635cf22dd117b28929b196a46554d21656c60a7eb4ce35dde84a80032dc0 |
| SHA512 | b80328e2b4043decd45fc95c6ac4192e550ed21398563c7a8135be50ececa01a0f762cccbabd37265f14c25a0f4d63b6cb7ab98996533cd743fbbff4d195df6c |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\gu.pak
| MD5 | b54152f1794aac7d270f5cfbb7a020d5 |
| SHA1 | d14f3feb7206468be4abec39fcd14cb4d3fbf561 |
| SHA256 | b23b8f24e6a0a5267f4704f82dbbe5bd4ba34a3878a883bdbd9680f6512a2201 |
| SHA512 | 8ec8fefdac754b6049b045985b754a4308ded71d79f43925a302076610fa8a69f29fe764ac5acf65618d684fe73097862f4b9b43c8d21f410ce7e94adf78120a |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\fr.pak
| MD5 | 42433f8f6044f028ce65cd90a0080fbb |
| SHA1 | 7f3036c2def226d9a9cc040b723b07117e72ab3b |
| SHA256 | 784b1588645351fdb98fcba9cffa1afae84961e71fcfbf5b80c0b8cc29cff69f |
| SHA512 | 2363435ec520d0e80599149a628aee0011cbeb8cc8ebd44942a52030c92b72e7077b51edf65057af0c4ea0a56d78b6266edfa62873dfdde09be0356f68cb4aa0 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\fi.pak
| MD5 | 5d693a7021eb7c4aef053bd0954b9fdb |
| SHA1 | 8500954dc82f8212fcb6e58db128e650479bbbe9 |
| SHA256 | c2b0402222e9e877618f908518d9bc62bca45ea4167734ce93f36382cb30f2cd |
| SHA512 | 425f5889fe6b1b3a38eface19419642cba5d03657a33a9a85eb457ac2882075f1e73f58d036ef459f3001e8f717b92df08d761d865711c3b2b560727841a9827 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\fa.pak
| MD5 | d764a7eac41aec2bcd9704f2a3e2122f |
| SHA1 | 88477fb426640c27dd95db6fc3cf4d0150a9b097 |
| SHA256 | 0a174961cacce870d6eec050f1e41dd44155e583db7093f1caa33822d8c471f6 |
| SHA512 | 50f59426fe77d48b79b5f502ffe46a3b7f591b3a7f42b6282b60997f766edba1f756783c40a9d3104a22ad9f7a8f930b9cf72d635ef88401daf272d69e2f69d6 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\hi.pak
| MD5 | fefa6262231aff9dc0d2421990a3b634 |
| SHA1 | 24eaf51449c77164b3128894949317e1d79112be |
| SHA256 | 69277e0864383fd2a975d1dce2df1a3763685ea52acc10401530e31f03c4e7cc |
| SHA512 | 7b31d1b6f9a48a0743c0639d3e7a80687973fe76f3e0717d6721571a696feee53e4af327661e4febb8a6702a42b9d1112e7ab259d8d6dea7827b2d61a67f4149 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\hu.pak
| MD5 | 2f761b20258c04cc9e3335451160b33a |
| SHA1 | 2144a0cf0e994f3b7b030fc8c51584b4c1af11d0 |
| SHA256 | af4b5654ccf418e5bd34e2850c63e4e73c85eb06da1cbe75207743ecb70135b8 |
| SHA512 | b605c0dc34cb070afce84b4d189be63f976f60626f73f0258b52d169dbea59e338a54bb75f801f6c95203dcc179fdb284d3a836cf1420a6f77efa165e1bbb4cb |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\ja.pak
| MD5 | f84e728b97f1766e1cd24800a409a411 |
| SHA1 | c42bd9849b5e5510e56dacf06a8ce126bfd00744 |
| SHA256 | 4beeabf6962e1e5b042dedbc45d21d3786c331a3ab1f3f3f51f75fe9ed8811ee |
| SHA512 | 769cd214f19d735a06dc7eef8db23f6b3302e0daeccfbcd6405c9aa251ca24392fe6cdfad9ab9273c8c38ab763a502f2204b48526e10cf2c3439ab6544698f9c |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\kn.pak
| MD5 | 58218cff338a420a4ce74a5414559782 |
| SHA1 | 07c944732d5a2cc9b9b8bb90a78be4892630db22 |
| SHA256 | 938bdd9eb4c5e278739a103c7bf435db41c3524de718e30f3d66ae60f8ce02b3 |
| SHA512 | ecd54a261a39843d51bd9198029d141b233a6b7d652c8afdabb5b44019cf869b1d9505d411e0ef3de7365255579e1ae2cda0677d91071a566c6509e09c32efa8 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\it.pak
| MD5 | 7872fe9c01ce9eca8f0358fe718d5582 |
| SHA1 | 7ba1adeda4f2dc7467b9af81f22b00ee9c633ba5 |
| SHA256 | 3f9cf91feacbd3a8e18930aa536ae0c2097e8f3b56da1f356a6243ba27b9df26 |
| SHA512 | 268264a2b7048d52f90e6b3b6704b848980c99d89937326359759411a529b97e024b9dc93bfedf90b84aa642681bc162f566f4fc5f48e8d007897a218496ed36 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\id.pak
| MD5 | c83b246a36389f1087d32e801091559c |
| SHA1 | 8a7d1d417868611ca3706a0d829c3b8f9774fcfc |
| SHA256 | f2761928e6a189ad28183304a5d56fb1c51f03cca5f315112b7b8722b781546f |
| SHA512 | ba39a82fc9a379f0f83f107876dfee73b4bf2f0e35b7c683002015dc3740c52402d0a5d3eb19cba383c17b07abee807c47a7c27e278c0db6847612097ef9161e |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\hr.pak
| MD5 | 6249233aff4a7a2cab1a01681f3b555d |
| SHA1 | 62892f7cc147063bcfd097df52512c4caa39247a |
| SHA256 | a6cc5da8b3b46f2a327de8f39c18a8a9b58031e1a0484321e2cebe397c30f29b |
| SHA512 | 23ae48ea57fcf4a43ac558131ddf6c001104e44840ae44f1324ee7af3f434d6279ed2c7e50fbedd04f419b3f15ae973f6d8ecb0c602faa449e64a62249d6203d |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\lt.pak
| MD5 | ea646ce51bd07999529fb719ddf063d5 |
| SHA1 | 94fee802cc876e5d2b722d1872c7ed927a14c33f |
| SHA256 | af5ea09e52a33451c43dbcee0028ff0a19bce6877c00f2643b8fa1f9d060ef90 |
| SHA512 | 58d0beb8d91825785dd4c0ad08070a04554cbad39b443cb9cc8b2747a8257a5295febfc4484dd3e7a3ede86859bcebbcb176a112016fd07c64be1d856bd39678 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\mr.pak
| MD5 | 4768c4daf4ce9ffdeb3d11ce64e0f3ec |
| SHA1 | e4eebd9c013f0a7857b6678ddd76e51535f82102 |
| SHA256 | d1332150da50884e0caaf78c36117c0d5958e4b3ea067e3dfe7ae157fec01de3 |
| SHA512 | e60771b5e55defc66df1c6043f4f3214b71cff1509d928029bb3a13bcd3c3b665ddfd1426db300d08c1d978c5f62881ce37d64252c264c495e1b015ff11fe22b |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\ml.pak
| MD5 | 4ada3d6afca7a3536ca56766921a2e11 |
| SHA1 | 22445c79906d71f75486c767e22562fd28fbae24 |
| SHA256 | 901c7e8006d1e73a7e8146b383f54df5d90ea622f0ec4cb5660019acb8433d4a |
| SHA512 | 4ad124e2e57693592403b73d05993fb46b1bc1dfc50d0ab326ae96cd1c1461cd1cd1b4e8ca4445cede3f7ff12278d07b3a138201e9028dddb31e2b4d8b151748 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\lv.pak
| MD5 | a49f706e800b0679551442f2e98dad4f |
| SHA1 | e3b505f693c111113fb47c436a8637e8f552fe95 |
| SHA256 | ebade538cf0ca8de4878f5ff703a18050d7494dd97e2cba8b0a0f27fe397d468 |
| SHA512 | a1f02ef0682727324b7a4f2eecc4bec3b6e363589c39d3ad63c92d9ef36a6f81c7ebf2ff68922f1966e8635a19aa38d109880526502f9a6c1a240c4272409556 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\ko.pak
| MD5 | fa3c8f5c1f1ee523c3f9d566ddb2be24 |
| SHA1 | 171133dfe6c2200157b9f21e1bab690632f2ba64 |
| SHA256 | a02ddb9e195a9aff301f2e23c7abc41baf526e5f14cd4dbf15c55c5c5c78a09d |
| SHA512 | 5482a964ccd9ad951338cd09cd8f2f76acfe8516a73d2bea6390c9fac17d532a2ed47fd50642b6d9d7b1313cb688c3a997068cd71b9b985e423c0054fbcb4daa |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\nb.pak
| MD5 | 509da8911c1d7564aac0613fa0e73403 |
| SHA1 | b70ed8edaeb574c80c9b59cabe7f5e3f98719e78 |
| SHA256 | a1b1cb1af7ffe3af713e423bffed0e15e475733143c4ba06abc87d6ea0731456 |
| SHA512 | 176fca10ecc65e27439ac8ec35bdd2aa08cc9b674b7bd6c5b1909fec786668a6d8b33d718ca7807de323ff3b8b7107de82c57aa71ac9e7079f2a37610fc0969a |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\ms.pak
| MD5 | 3dd48aca5a1b1f54abee583b28b03da7 |
| SHA1 | d42b7e2252776a7e960a7aef6b849fe6f6c8cbfb |
| SHA256 | 9d1353d27c77b38e18f22e4719f8781dd6c126f86f6a84ff5170d28a202aca7e |
| SHA512 | f190939c13c2d1ab318084dca42d8132b723a4bba775ef547944675f7db37497bfb45c2391b792091ee4416bddff7bef25f3f707ba1346c5f7ebab7fef410c8c |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\pl.pak
| MD5 | 1685f404ad1bff6cf94480786edf8dbb |
| SHA1 | 20c6c80a4309b56d2d424adc30c3b91331c8948d |
| SHA256 | de614454a8d36409c4ac9aa03bad2ae0c4d964a12e36362efda2c83a59781e87 |
| SHA512 | b60e5c1b079ca3f46bef5e6ac5dbde1fdde54a6c210db6972b7d595a12d5ba6675192f047b8b067b3f1f9ee98ba5c15a1f069571c9692a5fd199ae93086b2647 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\nl.pak
| MD5 | be1acc31a045ac01087c89bcc3b26328 |
| SHA1 | f6cf150336b5202ed6fa2ad7123e5f82ec1c5106 |
| SHA256 | f3e044dd9bf6cdd0f406b12ba28b492c06937a7c046a801ddeac24750f172a9e |
| SHA512 | f2a47f18ad953437d5bf61ff245a2bb5814f8d9d19c9265ea90d6e01489f997a68d754546700c6429f337760358594049dddcb1123b650eee6f0b0e95e252695 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\sk.pak
| MD5 | e61d8cdf7f7fe4dada93a04ed91a9b83 |
| SHA1 | 8553d0345be95d506a21c4e62149858feca51f56 |
| SHA256 | 9b87ea25180bb8dddab69359d41d594f1a594f87ec75eb201f6bca6ac87b488e |
| SHA512 | cf73149982c81e26d1c3bd73cb1cf6d4b1c8ac59d5e0c1777e92d420bc56e78fcaf737da785578cb95d2e8b61c1d8a828a0eead147b5934eb764b64f6e91adc0 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\ru.pak
| MD5 | 0a7e71f5efb94f8527c2a6750d2d2490 |
| SHA1 | c449c1b7f56fd5a1f7b536672309b2dd98da080e |
| SHA256 | 8558b5ae8a8052b5514ce4dfce04ace907ec54037a0236ee42890f8864a5f92c |
| SHA512 | fc6be5ddd2407a5e59fc47020728b5f3bf85e9ebf7e80e3582f2701752e9dae523cb8a58c1785c52df9b0b169ab8646a9db1eb7cecabb588058bb70cbe113a0e |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\ro.pak
| MD5 | c93f9732b24292d5b4e9fb5076127107 |
| SHA1 | 9ba57f6ad8437405588d86548efb02945a530f03 |
| SHA256 | d01a6caf125cecb2bc232a00039c4c8422c88b2d5ec374c89a6cb0117e8ef33f |
| SHA512 | c51015b24b1a73540648b4338da33783e7e4685317a60f64566cb3eb2366a4bd27114f96db1541f553e626f15ffbc95bec78f562e93613de935509e76ddc2aee |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\pt-PT.pak
| MD5 | 86a155a0df0c9b5fec50e57546050bb8 |
| SHA1 | e14e1d956da30115ca80c694a5d0c781e085426d |
| SHA256 | 4387bddfbfe69542dbdc3c423362116bc34481cfb20b0311bab65186f571e87c |
| SHA512 | 2719c673b2dc4d8dba8dea6f589c4a43fd771b2783bcc78a1d387549f72fb1355163885dd68eb286d72737d7676df228647d1ad632e8599093aa845800861cee |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\pt-BR.pak
| MD5 | 8634e12029fc824c1d68d4cffce1e523 |
| SHA1 | fb78bb73fb7d1bc9364a6ad509e4e3ef0a965b9c |
| SHA256 | b5ef49a16803eaa39971f54285e8fe4f7ce126ad725edb99f8a521d121dbc517 |
| SHA512 | 18d3209a7c76fed698b7342d875c3c4dab554771fc1c639006c20554d7074655795889c6bb0bdc5413f2b9ce226b8564c3a569280b11199f91eb209a9eb16f6b |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\sv.pak
| MD5 | 52be946c5512d40a8c4e1add4d37ee9a |
| SHA1 | d0b8fdfaa572cd72b7ee15f6d3fe4c5cc0acce72 |
| SHA256 | b49021f35acd74a67af3d77ac9e4d938d9a54918ac3a9ec4e38e192f2cc9af32 |
| SHA512 | 6f0a53a83e2819370fb5ed4e77e08fc01942d141e90d88152f5fb6a4e38de2f2dd07864e00d50ed18d1320d9cf827d22829218837822f6c6f34770a01a10a1af |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\sr.pak
| MD5 | 755d73be3227055ef6cc084cdf8e2c2b |
| SHA1 | b1894b1a8e53393d75907dfb2e88806581fc00a8 |
| SHA256 | 8c31d207616b081e016a5df4e67dabfabe37072f1bcda1cdaa64ea4d935ee694 |
| SHA512 | 79029204f641d07b9d729715ff1cfb0d396353729fbf40bbcb25a7dff3c843a9a054d7e38849aa1c87ef2014d83e864c1cd30b8265a7928778ead690dd4e0a93 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\sl.pak
| MD5 | f0cbfe15d823895ef5443367b906d51a |
| SHA1 | 06706edfd6fd9d3ed04f571cef89fcc3a81c33d9 |
| SHA256 | 8493fae950d7caa3556d0f39fa992ec85c2ab6ab58ae5250a6fedee09f5e89f8 |
| SHA512 | bebc78688aab7fe6cc9b09469410bb49cac32b7f240b499abc5eb9aaa8cb4cef44fa3c71840102a6a854913b6bc3e9a473769487fb51eaee1a0973daf63c9004 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\th.pak
| MD5 | 821e1c0cd7ac4cc96e047df5f9b741d5 |
| SHA1 | cdbe922b53e89c801ed6596392f852f14dbd5be4 |
| SHA256 | 2da181190b745bb7d5f6cb296d86ff87cc6dcf66404e9d991d74434ab47e4bff |
| SHA512 | cd85f3a28c69d0c6d6a2d61eeafb6b24ae991e0ba55cbc5adde966de172111e77c6b11992d6e17c6cd1d1f2f138813cf74eba41b60ed5b3a7a77df9b789ab08f |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\ur.pak
| MD5 | 12cadb58e2cf3d01fb9bf1e9632a7b85 |
| SHA1 | c26507bf4bfd247ad51622314357a2f3ccf0f60c |
| SHA256 | 4ecf19c5a4eadd8909ff709803204cac4607590572b3ae6e3cf23c20e5b7476c |
| SHA512 | 6266f68ccc1b73b3a3944a43615ba23be266cd65f12a080d2331f609a182d8eee2b0553719071ff7f111dc38b92a544bac08f24efc26068032c7ff89da46d50d |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\vi.pak
| MD5 | 5238502d80387898467b5a6564d2e197 |
| SHA1 | 574afdaca5f77f0470c218d0d945f76b38c0c192 |
| SHA256 | 760436664a06f4c716991f45e17e00645738e8d1c46cd04a116dea8d1dedb5aa |
| SHA512 | fea65ff62f13cd42c425c5055813277b9a0565c515c5ca8db4a4c8505b57f56a8df52d8e201355fa33d65b7d243cf2e6b1796e81c2daeee027dfafa7b86b6c55 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\uk.pak
| MD5 | 8f20598d3c126890390195bb643ece95 |
| SHA1 | f2735743e167f40c4a116c8f6a2ddb4e2cb6e44c |
| SHA256 | 13a00f4232ce3c58ec32b87e3b81207038ae0d1812a4f579151a6e2d8dd1793f |
| SHA512 | 42c70a4170c80c512a264f9193c33e1a8270aeea637f2ded5faf5d7d19efca24bdf97e64a50a21dc92d19311704bd6e058b0d1f212870a52f26058217ecc7efa |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\tr.pak
| MD5 | ef23040bf284ad019f7e85bf1a4b66d5 |
| SHA1 | 7d119fda04b876aff2b3c3dbb8da6410ff1b0122 |
| SHA256 | 25387c543be8057f77d05fb6e19991f954b1d8ff47b369ed15cb23541ac8df6c |
| SHA512 | b5e7e4787f26b9e2ec0672709f2bc06d01075e4b5d298352ff79edba39e3bce2eae60c65a597b051ecb2f964b89061a8f409bb6a4cdbd3383b00d0aa5b81ebb2 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\te.pak
| MD5 | 3dedb30de69864333e68f5ee77ef19c1 |
| SHA1 | 859642c33bcb6c8df0fe7d9ae7d947f4c278cbcc |
| SHA256 | 439375bcd7b6533e08c8a73db25dc35e434b0d9fd9e4ace323d6847af7142b2b |
| SHA512 | c15fd0e4bab18f62cae773b85b5d85d66369712d5c5c51f8ef38858de1164bd6f7e11b916eaa5262d7d08eefebf98efd4b3536a9fb1198ca26f38e1881414831 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\ta.pak
| MD5 | 42ee2510d5a0adaaf7159b1f5ac2f6ac |
| SHA1 | 677a50f6371766400fd5d3c24f3cf4e5271c8fda |
| SHA256 | 5f591d92c509269b7af0501621499e01a411f1f306c014670b562d1e5341bbe3 |
| SHA512 | f2427a67b825263c469d85b99e9ee221c5dd8cd377c7276bf3408a2218dfafd1df1a75ae2f5a7a7e6220003159f55d8709d62301f662df0df2e64514fba15d01 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\sw.pak
| MD5 | 98dd12a836df0e3967b8fcf44b18f8c4 |
| SHA1 | 4762b7f8e5fd1b92c6984b76d4e965c32389cc05 |
| SHA256 | c8f6cd8602059e6fd7a1289b9a268d4ddaa1c2ecdef7a9d05ec4bde9bfd9c444 |
| SHA512 | f2046fe9ece161b6e39bf94c347e920ed3eaac7d05846270ed847011e319cc61d0ba01c4e80b603edd9e5ae4e3461029627a9a913a10180a311d373ad07520fc |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar
| MD5 | 0aaa8024392a0b4f7ab3a280cd1a131e |
| SHA1 | 47678349f3e727302a93ff83df6f064817744278 |
| SHA256 | 8cd9974eadac6fb9c5e3d46af246af858c9a1ffe950efb5635a5b2b5c4a6c179 |
| SHA512 | 9a8d5e3a2ee00b1101af6c298c6479bd74b0de82672d223683e574f2a303a6f1a01dae319840b79a14a0bc05e5381a81e8b4d2ed3401467388a7d623dc570a12 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\zh-TW.pak
| MD5 | 40004fc419866d484f8e05767c57bb7b |
| SHA1 | 8fffde55f401c477c77e1c26ce024ac9d22589a7 |
| SHA256 | 0724dd6f642f15f198780405ffbe08303da6263ea13e73a6cf5ab2ca59e8ec72 |
| SHA512 | 627009933056b71b921f18ee0af567a24d29b1af23b1333b700c15a05ed78e0c0c09b89579108876108a214458951a8d57376c98632a34b2ee59af6adae0deae |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\locales\zh-CN.pak
| MD5 | d5ccef2d737df79adbbbfe4843a4a1ef |
| SHA1 | 26c4c4b4eedf1c620737c996b76ecf5d154ab7c0 |
| SHA256 | 1ca7a26aff7c36a98a9d96550a5f77d15f4bbc546b8d16f7160c1531ac028595 |
| SHA512 | 0feee9eba045aa1ea390b7e1ba8d2c3966db295e758ebfb7e912d3e224edb12c5a749247f7d5f6498a69ffde30d140db1b587ae42e58fd47ce153b186e238d2d |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js
| MD5 | 0b33e83d33b01a51625a0fdcbef42ce3 |
| SHA1 | 1c29d999ff7da39426b97f2eb31a3d83db8f5fc7 |
| SHA256 | a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2 |
| SHA512 | 1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\package.json
| MD5 | 83a6b767cd4ade2116654eb0a90fec3c |
| SHA1 | 07a0f29ddb1c8a48947ee05bb4d6ec3d2abe1df9 |
| SHA256 | 59f4704391d2247b2a8d029d7338566d47d2ff0cd7477c49343efe93475f7a12 |
| SHA512 | 404ed15686b7d611ba8aeac12e706af75a876502c51e40e48a598d05a9ac89f88902b2830a5c679f9bb7931f5c33bb10da3a32753fdb8c71a9d7b4346a1be8d0 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\LICENSE
| MD5 | 7bd114b023fa6209fb7b02150a202ccc |
| SHA1 | 4451515f9d7b16ce8983abb4e85609fe4162c4d4 |
| SHA256 | 455dda47a3fc2f58ab06d8e526f490ec43d0fc23a5ea80dd0942644397316d9b |
| SHA512 | 87ee4dc1da13937055eade250f1f8a357f549c709b9659258c137009060080aca5cfd979890a7b2d662083f4c646cce9af6e20774b58541af9e712fb5f4f1c60 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.node
| MD5 | 04bfbfec8db966420fe4c7b85ebb506a |
| SHA1 | 939bb742a354a92e1dcd3661a62d69e48030a335 |
| SHA256 | da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd |
| SHA512 | 4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\main.cpp
| MD5 | 88934cc736b505ada3d07afe22083568 |
| SHA1 | 6d1d112f4e7fc943dc5c9ce5ad2f32154aeb2f3a |
| SHA256 | 1ada21451bab629832372d519e366bfb08c80facfefe5a40c76a4f10a697c905 |
| SHA512 | 9f45386cba32d13a50360916b0c2f240e43cba5983a86ad80f85c75cd8e6ac2c6b931992842a736e84e234b91fc46a7a66824a3a2748f474cf1bbd22ec138a99 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_win.cpp
| MD5 | 4a55597a2c7466278439452bb708b822 |
| SHA1 | eaadcda8f410f2dd1fd9522fd7a2221624dd1713 |
| SHA256 | da37b02fb0babb651244479ea019d229fff1c41ecde74bc06335b5e603d9b30e |
| SHA512 | b20efe8026de41dd8c13c6f844455cacc13fa80bc3dd41fef422fb178054a7c8d6f14af8b1d6928e52648ab95a793aee1f996dc2aceead3aa8d317a99aad23bb |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_not_supported.cpp
| MD5 | c510e65ebcb2fa7c00712e770ec8c692 |
| SHA1 | ca1ea3c8340dcf69f344d5eaa884631eef37472b |
| SHA256 | 7c03cec11c438b6d2512239477d9f1b45d6e16763122a3a36458ab339f50d3c4 |
| SHA512 | b0b312426b4409c80b45a0f3337069be9870e050dc8b55184fb2bc63532c247089c8d35cbd1f12f0bd2bd38d581566faa74a6469b548a1ad7d837285ad37c178 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_addon.h
| MD5 | ea1e5899ec0210d7de4ce325d1d94022 |
| SHA1 | 464da48d40547cb08a67a1ed38cb0ae8369f2f42 |
| SHA256 | 18280b1135123aff82fbf4188a5aadfc9a5d6fffad9309f72f347f380f2da550 |
| SHA512 | 6dae672ea822a7dc5e42914def21c019c0fa8aeaf1c27c155b78312d8a33a63ae9a1910dd32b72760578671780b8c37b91ff5e1f6588f08c7fbaaff80d8fb6fd |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json
| MD5 | 174bf28fccd7fdb6f0766f31fac3060d |
| SHA1 | 655f465658957fbdf935fcb7df0b97c93807147b |
| SHA256 | 91008a93e604674024bd65569670af5b01f1e4caf86cde50835ee58f59a5dc61 |
| SHA512 | fa1be386a3d74767731aa5ad44ff4d89fb456e7feabde2a6e6f238ed4608a80962cadd6b7ff96f15e306a8e819221b66051fa5a7b0658ad52a2efb488492ff83 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE
| MD5 | 79558839a9db3e807e4ae6f8cd100c1c |
| SHA1 | ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2 |
| SHA256 | 7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c |
| SHA512 | b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3440200.tar.gz
| MD5 | c02f40fd4f809ced95096250adc5764a |
| SHA1 | 8398dd159f3a1fd8f1c5edf02c687512eaab69e4 |
| SHA256 | 1c6719a148bc41cf0f2bbbe3926d7ce3f5ca09d878f1246fcc20767b175bb407 |
| SHA512 | 59ad55df15eb84430f5286db2e5ceddd6ca1fc207a6343546a365c0c1baf20258e96c53d2ad48b50385608d03de09a692ae834cb78a39d1a48cb36a05722e402 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js
| MD5 | f0a82a6a6043bf87899114337c67df6c |
| SHA1 | a906c146eb0a359742ff85c1d96a095bd0dd95fd |
| SHA256 | 5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74 |
| SHA512 | d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi
| MD5 | 0ad55ae01864df3767d7b61678bd326e |
| SHA1 | ffedcc19095fd54f8619f00f55074f275ceddfd6 |
| SHA256 | 4d65f2899fb54955218f28ec358a2cad2c2074a7b43f862933c6a35e69ae0632 |
| SHA512 | aaee895d110d67e87ed1e8ed6557b060a0575f466a947a4f59cc9d111381e1af6aa54d432233716c78f146168d548a726fed1eab2b3f09bb71e0ae7f4fdc69e3 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node
| MD5 | 66a65322c9d362a23cf3d3f7735d5430 |
| SHA1 | ed59f3e4b0b16b759b866ef7293d26a1512b952e |
| SHA256 | f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c |
| SHA512 | 0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp
| MD5 | 0e4d1d898d697ec33a9ad8a27f0483bf |
| SHA1 | 1505f707a17f35723cd268744c189d8df47bb3a3 |
| SHA256 | 8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd |
| SHA512 | c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js
| MD5 | 275019a4199a84cfd18abd0f1ae497aa |
| SHA1 | 8601683f9b6206e525e4a087a7cca40d07828fd8 |
| SHA256 | 8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973 |
| SHA512 | 6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js
| MD5 | e5c2de3c74bc66d4906bb34591859a5f |
| SHA1 | 37ec527d9798d43898108080506126b4146334e7 |
| SHA256 | d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f |
| SHA512 | e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js
| MD5 | 8582b2dcaed9c5a6f3b7cfe150545254 |
| SHA1 | 14667874e0bfbe4ffc951f3e4bec7c5cf44e5a81 |
| SHA256 | 762c7a74d7f92860a3873487b68e89f654a21d2aaeae9524eab5de9c65e66a9c |
| SHA512 | 22ec4df7697322b23ae2e73c692ed5c925d50fde2b7e72bfc2d5dd873e2da51834b920dea7c67cca5733e8a3f5e603805762e8be238c651aa40290452843411d |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h
| MD5 | 0b81c9be1dc0ff314182399cdc301aea |
| SHA1 | 7433b86711d132a4df826bae80e58801a3eb74c9 |
| SHA256 | 605633ba0fb1922c16aa5fbfffed52a097f29bf31cee7190d810c24c02de515b |
| SHA512 | 9cf986538d048a48b9f020fc51f994f25168540db35bdb0314744fdec80a45ba99064bc35fe76b35918753c2886d4466fdd7e36b25838c6039f712e5ac7d81b3 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h
| MD5 | b60768ed9dd86a1116e3bcc95ff9387d |
| SHA1 | c057a7eebba8ce61e27267930a8526ab54920aa3 |
| SHA256 | c25be1861bd8e8457300b218f5fa0bba734f9d1f92b47d3b6ab8ee7c1862ccbe |
| SHA512 | 84e0670128f1d8712e703b6e4b684b904a8081886c9739c63b71962e5d465ac569b16cb0db74cb41dc015a64dcc1e3a9a20b0cf7f54d4320713cc0f49e0f7363 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h
| MD5 | f2a075d3101c2bf109d94f8c65b4ecb5 |
| SHA1 | d48294aec0b7aeb03cf5d56a9912e704b9e90bf6 |
| SHA256 | e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36 |
| SHA512 | d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h
| MD5 | 55a9165c6720727b6ec6cb815b026deb |
| SHA1 | e737e117bdefa5838834f342d2c51e8009011008 |
| SHA256 | 9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f |
| SHA512 | 79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h
| MD5 | de31ab62b7068aea6cffb22b54a435bb |
| SHA1 | 7fd98864c970caa9c60cfc4ce1e77d736b5b5231 |
| SHA256 | 8521f458b206ed8f9bf79e2bd869da0a35054b4be44d6ea8c371db207eccb283 |
| SHA512 | 598491103564b024012da39ac31f54cf39f10da789cd5b17af44e93042d9526b9ffd4867112c5f9755cb4ada398bf5429f01dda6c1bbc5137bea545c3c88453b |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h
| MD5 | 29dd2fca11a4e0776c49140ecac95ce9 |
| SHA1 | 837cfbc391c7faad304e745fc48ae9693afaf433 |
| SHA256 | 556ba9af78010f41bc6b5b806743dc728bc181934bf8a7c6e5d606f9b8c7a2e9 |
| SHA512 | 5785667b9c49d4f4320022c98e0567a412b48a790c99569261c12b8738bde0b4949d3998e2b375540ede2ff1d861cad859780ade796b71d4d1d692e1ed449021 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h
| MD5 | e8c5e5c02d87e6af4455ff2c59c3588b |
| SHA1 | a0de928c621bb9a71ba9cf002e0f0726e4db7c0e |
| SHA256 | cce55c56b41cb493ebd43b232ff8ffc9f5a180f5bab2d10372eca6780eb105f6 |
| SHA512 | ed96889e0d1d5263fb8fed7a4966905b9812c007fbb04b733cadbe84edc7179015b9967ff5f48816ff2c97acf4a5b4792a35cee1f8fce23e5fdc797f8ee0c762 |
C:\Users\Admin\AppData\Local\Temp\nsgD533.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_d2lao4e1.y0e.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4884-729-0x000001DB7A060000-0x000001DB7A082000-memory.dmp
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
159s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
154s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20241010-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2880 wrote to memory of 2940 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2880 wrote to memory of 2940 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2880 wrote to memory of 2940 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2940 wrote to memory of 2488 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2940 wrote to memory of 2488 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2940 wrote to memory of 2488 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2940 wrote to memory of 2488 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\ltmain.sh
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\ltmain.sh
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\ltmain.sh"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | 627c9f4fa3c0b9a3e7108a4c24d8fdb6 |
| SHA1 | 5472ff9c5647ba96109903a7473972919db29667 |
| SHA256 | aa982986e8fe17933585a3b5d028f0b9d986953bb28734b5b84ea8cd723054a6 |
| SHA512 | be432b4bbb0b66a651ceb9f2028afced860742770547432bc7d153dec8c47d6423cd299b0835a1e402682b9009ed62c4860ecf3524a0ffacb98e2511fba463ee |