Analysis Overview
SHA256
b8449d9181e868eafab6cdb2bfec26a30ca1547215668f637a60901aac7ef399
Threat Level: Shows suspicious behavior
The file Setup.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Obfuscated Files or Information: Command Obfuscation
Unsigned PE
Program crash
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 20:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:28
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
152s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe
C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe
C:\Windows\System32\Wbem\wmic.exe
wmic /NAMESPACE:\\root\CIMV2 /NODE:'localhost' path Win32_VideoController get CurrentRefreshRate /FORMAT:rawxml
C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe
"C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\so" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1800,i,1046865100841476313,12981373680162876665,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe
"C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\so" --mojo-platform-channel-handle=2152 --field-trial-handle=1800,i,1046865100841476313,12981373680162876665,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | readonlymemory.xyz | udp |
| NL | 192.236.232.25:443 | readonlymemory.xyz | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.232.236.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\chrome_100_percent.pak
| MD5 | 8626e1d68e87f86c5b4dabdf66591913 |
| SHA1 | 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c |
| SHA256 | 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59 |
| SHA512 | 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\chrome_200_percent.pak
| MD5 | 48515d600258d60019c6b9c6421f79f6 |
| SHA1 | 0ef0b44641d38327a360aa6954b3b6e5aab2af16 |
| SHA256 | 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce |
| SHA512 | b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\ffmpeg.dll
| MD5 | d49e7a8f096ad4722bd0f6963e0efc08 |
| SHA1 | 6835f12391023c0c7e3c8cc37b0496e3a93a5985 |
| SHA256 | f11576bf7ffbc3669d1a5364378f35a1ed0811b7831528b6c4c55b0cdc7dc014 |
| SHA512 | ca50c28d6aac75f749ed62eec8acbb53317f6bdcef8794759af3fad861446de5b7fa31622ce67a347949abb1098eccb32689b4f1c54458a125bc46574ad51575 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\icudtl.dat
| MD5 | adfd2a259608207f256aeadb48635645 |
| SHA1 | 300bb0ae3d6b6514fb144788643d260b602ac6a4 |
| SHA256 | 7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050 |
| SHA512 | 8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\libEGL.dll
| MD5 | 09134e6b407083baaedf9a8c0bce68f2 |
| SHA1 | 8847344cceeab35c1cdf8637af9bd59671b4e97d |
| SHA256 | d2107ba0f4e28e35b22837c3982e53784d15348795b399ad6292d0f727986577 |
| SHA512 | 6ff3adcb8be48d0b505a3c44e6550d30a8feaf4aa108982a7992ed1820c06f49e0ad48d9bd92685fb82783dfd643629bd1fe4073300b61346b63320cbdb051ba |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\libGLESv2.dll
| MD5 | a5f1921e6dcde9eaf42e2ccc82b3d353 |
| SHA1 | 1f6f4df99ae475acec4a7d3910badb26c15919d1 |
| SHA256 | 50c4dc73d69b6c0189eab56d27470ee15f99bbbc12bfd87ebe9963a7f9ba404e |
| SHA512 | 0c24ae7d75404adf8682868d0ebf05f02bbf603f7ddd177cf2af5726802d0a5afcf539dc5d68e10dab3fcfba58903871c9c81054560cf08799af1cc88f33c702 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\LICENSES.chromium.html
| MD5 | 180f8acc70405077badc751453d13625 |
| SHA1 | 35dc54acad60a98aeec47c7ade3e6a8c81f06883 |
| SHA256 | 0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c |
| SHA512 | 40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources.pak
| MD5 | 7971a016aed2fb453c87eb1b8e3f5eb2 |
| SHA1 | 92b91e352be8209fadcf081134334dea147e23b8 |
| SHA256 | 9cfd5d29cde3de2f042e5e1da629743a7c95c1211e1b0b001e4eebc0f0741e06 |
| SHA512 | 42082ac0c033655f2edae876425a320d96cdaee6423b85449032c63fc0f7d30914aa3531e65428451c07912265b85f5fee2ed0bbdb362994d3a1fa7b14186013 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\snapshot_blob.bin
| MD5 | 8fef5a96dbcc46887c3ff392cbdb1b48 |
| SHA1 | ed592d75222b7828b7b7aab97b83516f60772351 |
| SHA256 | 4de0f720c416776423add7ada621da95d0d188d574f08e36e822ad10d85c3ece |
| SHA512 | e52c7820c69863ecc1e3b552b7f20da2ad5492b52cac97502152ebff45e7a45b00e6925679fd7477cdc79c68b081d6572eeed7aed773416d42c9200accc7230e |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\vulkan-1.dll
| MD5 | 0e4e0f481b261ea59f196e5076025f77 |
| SHA1 | c73c1f33b5b42e9d67d819226db69e60d2262d7b |
| SHA256 | f681844896c084d2140ac210a974d8db099138fe75edb4df80e233d4b287196a |
| SHA512 | e6127d778ec73acbeb182d42e5cf36c8da76448fbdab49971de88ec4eb13ce63140a2a83fc3a1b116e41f87508ff546c0d7c042b8f4cdd9e07963801f3156ba2 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\vk_swiftshader.dll
| MD5 | a0845e0774702da9550222ab1b4fded7 |
| SHA1 | 65d5bd6c64090f0774fd0a4c9b215a868b48e19b |
| SHA256 | 6150a413ebe00f92f38737bdccf493d19921ef6329fcd48e53de9dbde4780810 |
| SHA512 | 4be0cb1e3c942a1695bae7b45d21c5f70e407132ecc65efb5b085a50cdab3c33c26e90bd7c86198ec40fb2b18d026474b6c649776a3ca2ca5bff6f922de2319b |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\v8_context_snapshot.bin
| MD5 | a373d83d4c43ba957693ad57172a251b |
| SHA1 | 8e0fdb714df2f4cb058beb46c06aa78f77e5ff86 |
| SHA256 | 43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c |
| SHA512 | 07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\bg.pak
| MD5 | 38bcabb6a0072b3a5f8b86b693eb545d |
| SHA1 | d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89 |
| SHA256 | 898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1 |
| SHA512 | 002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\ca.pak
| MD5 | 4cd6b3a91669ddcfcc9eef9b679ab65c |
| SHA1 | 43c41cb00067de68d24f72e0f5c77d3b50b71f83 |
| SHA256 | 56efff228ee3e112357d6121b2256a2c3acd718769c89413de82c9d4305459c6 |
| SHA512 | 699be9962d8aae241abd1d1f35cd8468ffbd6157bcd6bdf2c599d902768351b247baad6145b9826d87271fd4a19744eb11bf7065db7fefb01d66d2f1f39015a9 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\bn.pak
| MD5 | 9340520696e7cb3c2495a78893e50add |
| SHA1 | eed5aeef46131e4c70cd578177c527b656d08586 |
| SHA256 | 1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39 |
| SHA512 | 62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\ar.pak
| MD5 | fdbad4c84ac66ee78a5c8dd16d259c43 |
| SHA1 | 3ce3cd751bb947b19d004bd6916b67e8db5017ac |
| SHA256 | a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b |
| SHA512 | 376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\am.pak
| MD5 | 2c933f084d960f8094e24bee73fa826c |
| SHA1 | 91dfddc2cff764275872149d454a8397a1a20ab1 |
| SHA256 | fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450 |
| SHA512 | 3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\af.pak
| MD5 | 464e5eeaba5eff8bc93995ba2cb2d73f |
| SHA1 | 3b216e0c5246c874ad0ad7d3e1636384dad2255d |
| SHA256 | 0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1 |
| SHA512 | 726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\cs.pak
| MD5 | eeee212072ea6589660c9eb216855318 |
| SHA1 | d50f9e6ca528725ced8ac186072174b99b48ea05 |
| SHA256 | de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43 |
| SHA512 | ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\es-419.pak
| MD5 | 7da3e8aa47ba35d014e1d2a32982a5bb |
| SHA1 | 8e35320b16305ad9f16cb0f4c881a89818cd75bb |
| SHA256 | 7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c |
| SHA512 | 1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\id.pak
| MD5 | b6fcd5160a3a1ae1f65b0540347a13f2 |
| SHA1 | 4cf37346318efb67908bba7380dbad30229c4d3d |
| SHA256 | 7fd715914e3b0cf2048d4429f3236e0660d5bd5e61623c8fef9b8e474c2ac313 |
| SHA512 | a8b4a96e8f9a528b2df3bd1251b72ab14feccf491dd254a7c6ecba831dfaba328adb0fd0b4acddb89584f58f94b123e97caa420f9d7b34131cc51bdbdbf3ed73 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\lt.pak
| MD5 | 64b08ffc40a605fe74ecc24c3024ee3b |
| SHA1 | 516296e8a3114ddbf77601a11faf4326a47975ab |
| SHA256 | 8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e |
| SHA512 | 05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\ko.pak
| MD5 | d6194fc52e962534b360558061de2a25 |
| SHA1 | 98ed833f8c4beac685e55317c452249579610ff8 |
| SHA256 | 1a5884bd6665b2f404b7328de013522ee7c41130e57a53038fc991ec38290d21 |
| SHA512 | 5207a07426c6ceb78f0504613b6d2b8dadf9f31378e67a61091f16d72287adbc7768d1b7f2a923369197e732426d15a872c091cf88680686581d48a7f94988ab |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\kn.pak
| MD5 | caab4deb1c40507848f9610d849834cf |
| SHA1 | 1bc87ff70817ba1e1fdd1b5cb961213418680cbe |
| SHA256 | 7a34483e6272f9b8881f0f5a725b477540166561c75b9e7ab627815d4be1a8a4 |
| SHA512 | dc4b63e5a037479bb831b0771aec0fe6eb016723bcd920b41ab87ef11505626632877073ce4e5e0755510fe19ba134a7b5899332ecef854008b15639f915860c |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\ja.pak
| MD5 | 38cd3ef9b7dff9efbbe086fa39541333 |
| SHA1 | 321ef69a298d2f9830c14140b0b3b0b50bd95cb0 |
| SHA256 | d8fab5714dafecb89b3e5fce4c4d75d2b72893e685e148e9b60f7c096e5b3337 |
| SHA512 | 40785871032b222a758f29e0c6ec696fbe0f6f5f3274cc80085961621bec68d7e0fb47c764649c4dd0c27c6ee02460407775fae9d3a2a8a59362d25a39266ce0 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\it.pak
| MD5 | 745f16ca860ee751f70517c299c4ab0e |
| SHA1 | 54d933ad839c961dd63a47c92a5b935eef208119 |
| SHA256 | 10e65f42ce01ba19ebf4b074e8b2456213234482eadf443dfad6105faf6cde4c |
| SHA512 | 238343d6c80b82ae900f5abf4347e542c9ea016d75fb787b93e41e3c9c471ab33f6b4584387e5ee76950424e25486dd74b9901e7f72876960c0916c8b9cee9a6 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\hu.pak
| MD5 | 2aa0a175df21583a68176742400c6508 |
| SHA1 | 3c25ba31c2b698e0c88e7d01b2cc241f0916e79a |
| SHA256 | b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72 |
| SHA512 | 03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\hr.pak
| MD5 | 255f808210dbf995446d10ff436e0946 |
| SHA1 | 1785d3293595f0b13648fb28aec6936c48ea3111 |
| SHA256 | 4df972b7f6d81aa7bdc39e2441310a37f746ae5015146b4e434a878d1244375b |
| SHA512 | 8b1a4d487b0782055717b718d58cd21e815b874e2686cdfd2087876b70ae75f9182f783c70bf747cf4ca17a3afc68517a9db4c99449fa09bef658b5e68087f2a |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\hi.pak
| MD5 | b5dfce8e3ba0aec2721cc1692b0ad698 |
| SHA1 | c5d6fa21a9ba3d526f3e998e3f627afb8d1eecf3 |
| SHA256 | b1c7fb6909c8a416b513d6de21eea0b5a6b13c7f0a94cabd0d9154b5834a5e8b |
| SHA512 | facf0a9b81af6bb35d0fc5e69809d5c986a2c91a166e507784bdad115644b96697fe504b8d70d9bbb06f0c558f746c085d37e385eef41f0a1c29729d3d97980f |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\he.pak
| MD5 | fc84ea7dc7b9408d1eea11beeb72b296 |
| SHA1 | de9118194952c2d9f614f8e0868fb273ddfac255 |
| SHA256 | 15951767dafa7bdbedac803d842686820de9c6df478416f34c476209b19d2d8c |
| SHA512 | 49d13976dddb6a58c6fdcd9588e243d705d99dc1325c1d9e411a1d68d8ee47314dfcb661d36e2c4963c249a1542f95715f658427810afcabdf9253aa27eb3b24 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\gu.pak
| MD5 | 308619d65b677d99f48b74ccfe060567 |
| SHA1 | 9f834df93fd48f4fb4ca30c4058e23288cf7d35e |
| SHA256 | e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4 |
| SHA512 | 3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\fr.pak
| MD5 | 3ee48a860ecf45bafa63c9284dfd63e2 |
| SHA1 | 1cb51d14964f4dced8dea883bf9c4b84a78f8eb6 |
| SHA256 | 1923e0edf1ef6935a4a718e3e2fc9a0a541ea0b4f3b27553802308f9fd4fc807 |
| SHA512 | eb6105faca13c191fef0c51c651a406b1da66326bb5705615770135d834e58dee9bed82aa36f2dfb0fe020e695c192c224ec76bb5c21a1c716e5f26dfe02f763 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\fil.pak
| MD5 | d7df2ea381f37d6c92e4f18290c6ffe0 |
| SHA1 | 7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4 |
| SHA256 | db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a |
| SHA512 | 96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\fi.pak
| MD5 | 21e534869b90411b4f9ea9120ffb71c8 |
| SHA1 | cc91ffbd19157189e44172392b2752c5f73984c5 |
| SHA256 | 2d337924139ffe77804d2742eda8e58d4e548e65349f827840368e43d567810b |
| SHA512 | 3ca3c0adaf743f92277452b7bd82db4cf3f347de5568a20379d8c9364ff122713befd547fbd3096505ec293ae6771ada4cd3dadac93cc686129b9e5aacf363bd |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\fa.pak
| MD5 | 2e37fd4e23a1707a1eccea3264508dff |
| SHA1 | e00e58ed06584b19b18e9d28b1d52dbfc36d70f3 |
| SHA256 | b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e |
| SHA512 | 7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\et.pak
| MD5 | ccc71f88984a7788c8d01add2252d019 |
| SHA1 | 6a87752eac3044792a93599428f31d25debea369 |
| SHA256 | d69489a723b304e305cb1767e6c8da5d5d1d237e50f6ddc76e941dcb01684944 |
| SHA512 | d35ccd639f2c199862e178a9fab768d7db10d5a654bc3bc1fab45d00ceb35a01119a5b4d199e2db3c3576f512b108f4a1df7faf6624d961c0fc4bca5af5f0e07 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\es.pak
| MD5 | 04a9ba7316dc81766098e238a667de87 |
| SHA1 | 24d7eb4388ecdfecada59c6a791c754181d114de |
| SHA256 | 7fa148369c64bc59c2832d617357879b095357fe970bab9e0042175c9ba7cb03 |
| SHA512 | 650856b6187df41a50f9bed29681c19b4502de6af8177b47bad0bf12e86a25e92aa728311310c28041a18e4d9f48ef66d5ad5d977b6662c44b49bfd1da84522b |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\en-US.pak
| MD5 | 19d18f8181a4201d542c7195b1e9ff81 |
| SHA1 | 7debd3cf27bbe200c6a90b34adacb7394cb5929c |
| SHA256 | 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb |
| SHA512 | af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\en-GB.pak
| MD5 | 825ed4c70c942939ffb94e77a4593903 |
| SHA1 | 7a3faee9bf4c915b0f116cb90cec961dda770468 |
| SHA256 | e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16 |
| SHA512 | 41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\el.pak
| MD5 | e66a75680f21ce281995f37099045714 |
| SHA1 | d553e80658ee1eea5b0912db1ecc4e27b0ed4790 |
| SHA256 | 21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f |
| SHA512 | d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\de.pak
| MD5 | cf22ec11a33be744a61f7de1a1e4514f |
| SHA1 | 73e84848c6d9f1a2abe62020eb8c6797e4c49b36 |
| SHA256 | 7cc213e2c9a2d2e2e463083dd030b86da6bba545d5cee4c04df8f80f9a01a641 |
| SHA512 | c10c8446e3041d7c0195da184a53cfbd58288c06eaf8885546d2d188b59667c270d647fa7259f5ce140ec6400031a7fc060d0f2348ab627485e2207569154495 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\da.pak
| MD5 | e7ba94c827c2b04e925a76cb5bdd262c |
| SHA1 | abba6c7fcec8b6c396a6374331993c8502c80f91 |
| SHA256 | d8da7ab28992c8299484bc116641e19b448c20adf6a8b187383e2dba5cd29a0b |
| SHA512 | 1f44fce789cf41fd62f4d387b7b8c9d80f1e391edd2c8c901714dd0a6e3af32266e9d3c915c15ad47c95ece4c7d627aa7339f33eea838d1af9901e48edb0187e |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\ms.pak
| MD5 | aee105366a1870b9d10f0f897e9295db |
| SHA1 | eee9d789a8eeafe593ce77a7c554f92a26a2296f |
| SHA256 | c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939 |
| SHA512 | 240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\mr.pak
| MD5 | 2cf9f07ddf7a3a70a48e8b524a5aed43 |
| SHA1 | 974c1a01f651092f78d2d20553c3462267ddf4e9 |
| SHA256 | 23058c0f71d9e40f927775d980524d866f70322e0ef215aa5748c239707451e7 |
| SHA512 | 0b21570deefa41defc3c25c57b3171635bcb5593761d48a8116888ce8be34c1499ff79c7a3ebbe13b5a565c90027d294c6835e92e6254d582a86750640fe90f2 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\ml.pak
| MD5 | 1c81104ac2cbf7f7739af62eb77d20d5 |
| SHA1 | 0f0d564f1860302f171356ea35b3a6306c051c10 |
| SHA256 | 66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108 |
| SHA512 | 969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\lv.pak
| MD5 | a8cbd741a764f40b16afea275f240e7e |
| SHA1 | 317d30bbad8fd0c30de383998ea5be4eec0bb246 |
| SHA256 | a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086 |
| SHA512 | 3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\nb.pak
| MD5 | 55d5ad4eacb12824cfcd89470664c856 |
| SHA1 | f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673 |
| SHA256 | 4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261 |
| SHA512 | 555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\nl.pak
| MD5 | 0f04bac280035fab018f634bcb5f53ae |
| SHA1 | 4cad76eaecd924b12013e98c3a0e99b192be8936 |
| SHA256 | be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b |
| SHA512 | 1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\te.pak
| MD5 | a17f16d7a038b0fa3a87d7b1b8095766 |
| SHA1 | b2f845e52b32c513e6565248f91901ab6874e117 |
| SHA256 | d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e |
| SHA512 | 371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\ta.pak
| MD5 | 18ec8ff3c0701a6a8c48f341d368bab5 |
| SHA1 | 8bff8aee26b990cf739a29f83efdf883817e59d8 |
| SHA256 | 052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9 |
| SHA512 | a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\sw.pak
| MD5 | 67a443a5c2eaad32625edb5f8deb7852 |
| SHA1 | a6137841e8e7736c5ede1d0dc0ce3a44dc41013f |
| SHA256 | 41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd |
| SHA512 | e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\sv.pak
| MD5 | 272f8a8b517c7283eab83ba6993eea63 |
| SHA1 | ad4175331b948bd4f1f323a4938863472d9b700c |
| SHA256 | d15b46bc9b5e31449b11251df19cd2ba4920c759bd6d4fa8ca93fd3361fdd968 |
| SHA512 | 3a0930b7f228a779f727ebfb6ae8820ab5cc2c9e04c986bce7b0f49f9bf124f349248ecdf108edf8870f96b06d58dea93a3e0e2f2da90537632f2109e1aa65f0 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\sr.pak
| MD5 | c68c235d8e696c098cf66191e648196b |
| SHA1 | 5c967fbbd90403a755d6c4b2411e359884dc8317 |
| SHA256 | ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b |
| SHA512 | 34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\th.pak
| MD5 | a32ba63feeed9b91f6d6800b51e5aeae |
| SHA1 | 2fbf6783996e8315a4fb94b7d859564350ee5918 |
| SHA256 | e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6 |
| SHA512 | adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\sl.pak
| MD5 | ca763e801de642e4d68510900ff6fabb |
| SHA1 | c32a871831ce486514f621b3ab09387548ee1cff |
| SHA256 | 340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de |
| SHA512 | e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\sk.pak
| MD5 | b7e97cc98b104053e5f1d6a671c703b7 |
| SHA1 | 0f7293f1744ae2cd858eb3431ee016641478ae7d |
| SHA256 | b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f |
| SHA512 | ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\ru.pak
| MD5 | 2885bde990ee3b30f2c54a4067421b68 |
| SHA1 | ae16c4d534b120fdd68d33c091a0ec89fd58793f |
| SHA256 | 9fcda0d1fab7fff7e2f27980de8d94ff31e14287f58bd5d35929de5dd9cbcdca |
| SHA512 | f7781f5c07fbf128399b88245f35055964ff0cde1cc6b35563abc64f520971ce9916827097ca18855b46ec6397639f5416a6e8386a9390afba4332d47d21693f |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\ro.pak
| MD5 | d2758f6adbaeea7cd5d95f4ad6dde954 |
| SHA1 | d7476db23d8b0e11bbabf6a59fde7609586bdc8a |
| SHA256 | 2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c |
| SHA512 | 8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\pt-PT.pak
| MD5 | b4954b064e3f6a9ba546dda5fa625927 |
| SHA1 | 584686c6026518932991f7de611e2266d8523f9d |
| SHA256 | ee1e014550b85e3d18fb5128984a713d9f6de2258001b50ddd18391e7307b4a1 |
| SHA512 | cb3b465b311f83b972eca1c66862b2c5d6ea6ac15282e0094aea455123ddf32e85df24a94a0aedbe1b925ff3ed005ba1e00d5ee820676d7a5a366153ade90ef7 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\pt-BR.pak
| MD5 | 8e931ffbded8933891fb27d2cca7f37d |
| SHA1 | ab0a49b86079d3e0eb9b684ca36eb98d1d1fd473 |
| SHA256 | 6632bd12f04a5385012b5cdebe8c0dad4a06750dc91c974264d8fe60e8b6951d |
| SHA512 | cf0f6485a65c13cf5ddd6457d34cdea222708b0bb5ca57034ed2c4900fd22765385547af2e2391e78f02dcf00b7a2b3ac42a3509dd4237581cfb87b8f389e48d |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\pl.pak
| MD5 | f1d48a7dcd4880a27e39b7561b6eb0ab |
| SHA1 | 353c3ba213cd2e1f7423c6ba857a8d8be40d8302 |
| SHA256 | 2593c8b59849fbc690cbd513f06685ea3292cd0187fcf6b9069cbf3c9b0e8a85 |
| SHA512 | 132da2d3c1a4dad5ccb399b107d7b6d9203a4b264ef8a65add11c5e8c75859115443e1c65ece2e690c046a82687829f54ec855f99d4843f859ab1dd7c71f35a5 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\ur.pak
| MD5 | 1ca4fa13bd0089d65da7cd2376feb4c6 |
| SHA1 | b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c |
| SHA256 | 3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f |
| SHA512 | d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\uk.pak
| MD5 | 361a0e1f665b9082a457d36209b92a25 |
| SHA1 | 3c89e1b70b51820bb6baa64365c64da6a9898e2f |
| SHA256 | bd02966f6c6258b66eae7ff014710925e53fe26e8254d7db4e9147266025cc3a |
| SHA512 | d4d25fc58053f8cce4c073846706dc1ecbc0dc19308ba35501e19676f3e7ed855d7b57ae22a5637f81cefc1aa032bf8770d0737df1924f3504813349387c08cf |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\tr.pak
| MD5 | 5ff2e5c95067a339e3d6b8985156ec1f |
| SHA1 | 7525b25c7b07f54b63b6459a0d8c8c720bd8a398 |
| SHA256 | 14a131ba318274cf10de533a19776db288f08a294cf7e564b7769fd41c7f2582 |
| SHA512 | 2414386df8d7ab75dcbd6ca2b9ae62ba8e953ddb8cd8661a9f984eb5e573637740c7a79050b2b303af3d5b1d4d1bb21dc658283638718fdd04fc6e5891949d1b |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\vi.pak
| MD5 | db0eb3183007de5aae10f934fffacc59 |
| SHA1 | e9ea7aeffe2b3f5cf75ab78630da342c6f8b7fd9 |
| SHA256 | ddabb225b671b989789e9c2ccd1b5a8f22141a7d9364d4e6ee9b8648305e7897 |
| SHA512 | 703efd12fcace8172c873006161712de1919572c58d98b11de7834c5628444229f5143d231c41da5b9cf729e32de58dee3603cb3d18c6cdd94aa9aa36fbf5de0 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\zh-TW.pak
| MD5 | 2456bf42275f15e016689da166df9008 |
| SHA1 | 70f7de47e585dfea3f5597b5bba1f436510decd7 |
| SHA256 | adf8df051b55507e5a79fa47ae88c7f38707d02dfac0cc4a3a7e8e17b58c6479 |
| SHA512 | 7e622afa15c70785aaf7c19604d281efe0984f621d6599058c97c19d3c0379b2ee2e03b3a7ec597040a4eee250a782d7ec55c335274dd7db7c7ca97ddcfd378a |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\locales\zh-CN.pak
| MD5 | 82326e465e3015c64ca1db77dc6a56bc |
| SHA1 | e8abe12a8dd2cc741b9637fa8f0e646043bbfe3d |
| SHA256 | 6655fd9dcdfaf2abf814ffb6c524d67495aed4d923a69924c65abeab30bc74fb |
| SHA512 | 4989789c0b2439666dda4c4f959dffc0ddcb77595b1f817c13a95ed97619c270151597160320b3f2327a7daffc8b521b68878f9e5e5fb3870eb0c43619060407 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\app.asar
| MD5 | 9d2b9769081059613cb3c9034ac85691 |
| SHA1 | 0dff6ab58d4e167232644c9a91a14dabe41995a8 |
| SHA256 | 3507d98e73391e43d6043f29a814050d023f6e3149d24daeddd9947e26090f46 |
| SHA512 | d281ad2bd5cdaa9b9ab14c366203c44f352610738fc7456693d4120747ef7ccd50001915073c3fce8d4923eeddbb086aa812846e7b009d2ef19393a3c9813b5c |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\hwfc.bat
| MD5 | c3c18b9b46139b0b0ffc85a529dfa998 |
| SHA1 | 5093fd99472f1010375e7b2663443fc0e76cbf95 |
| SHA256 | f94a372b77ae4e76863aa84f06886f08b0146597d487525d780a03c4bdaa22c6 |
| SHA512 | 3e506144ac7b9f8637be581a21807b37ed2aab6ee72a25ef5647033281408c2550325b67fed44a35b2f4f2e3a3000ff70be1dde87ce4ed773fc225dd510275e1 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\adm-zip.js
| MD5 | bdfd080ce2336c36b0d32debeaf902a7 |
| SHA1 | 5f02b44e6171ae1f284323cf1381035fadc0c2c0 |
| SHA256 | df672570a7e00f2e5b4fecf3da019dbce2bd0d4dd48fd70599bde7de284b7002 |
| SHA512 | 7316d88f0a1581d00454fe9e40f1f5029e5c45e416515f0bad138407a525cc6231440929d7822f6eb7e6fa517de79ad83033142cd2f1dc96382520bbbef492ae |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\LICENSE
| MD5 | 1b2c86bae496d433e02149f8854e8678 |
| SHA1 | c4a238b9a8988c9370809dbc90e9584c768f5434 |
| SHA256 | 6bb5b2d4c07d793ca928daa63a8899c6914fafb5ac3aa04ec10cae07f3d57dca |
| SHA512 | b0cf5f8924894cefb5aa98bc4c21ced662e9ebdc19af8de5af5fa70ac1f9735870e3ab52898df6e2a89da3bbd14500164d283cf0c3d050756de46606bf0f04f7 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\package.json
| MD5 | 3bfdfeb5c0a045de48ba5058fc9b3146 |
| SHA1 | 43db64e3a8c2b55006232ac27d792c1789282cbe |
| SHA256 | a49b413076c5becc6110bb89d689fb031951fbf3c6233e174b33e58ca494726a |
| SHA512 | c310689a67d5e7c41a7b24466cffea22d4d1c88be9ea39418327256d2607c020b905ef2bab38cf30a3da34dbdb55bd47de13541a7f44f4475a6dfe51a4a4488d |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\zipEntry.js
| MD5 | 3a100eb5cfd76f5da2a1bcc0c761272a |
| SHA1 | acc17eb0e7c23e278f34af514bdceb9815dcc3e6 |
| SHA256 | 3538cf9f414325c661f2ad774acf320d6eabbeb053a49ce1585c6a990b0255e4 |
| SHA512 | 786e4c43c74f54e0859705e2444364a205181b23fe55f10d3d83aa9120e5e9ca8a2906a2344b7541da13d6ab4b4476ddd0ef3de3aacd830cee8cf5a3b560a2d4 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\README.md
| MD5 | 28cb971006d09af9e71970186d5b8ebe |
| SHA1 | b5bbb30187940e9c4186d2974dc09868b6730eda |
| SHA256 | a9fb6e9ea2154a3a76573c817169e0bd539ae4e72dbb40368c9d0910bbe544f4 |
| SHA512 | 3b3712beff3886ed3995aef6da7155755e7c987cb83ac982879cf7e0ae889932134cb162843b64d040a5cf914610967839e8c7a3142bd4195e1ad4446bf7b967 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\zipFile.js
| MD5 | 807457ef9e350b63ea1a375c4dc8d261 |
| SHA1 | 54b9bbc9fe7aa9897f85ab11c088685afa5ff413 |
| SHA256 | 108207c59b107fbee6d9ed5034456f83ca14d6807948691b4f4df7f99cf29965 |
| SHA512 | e4b806eaffa454d5429729534b25229cdb2bb48b0d2afb4afb39e31fd4bacab08656d73282d7312d15f5bd54047146085df70136f56e3ec4c11c99235d3bca0b |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\headers\index.js
| MD5 | 64bc889b89f1c8a04a698a8f74e24e5b |
| SHA1 | 68781da04cf1ebc4f03434ea5b2b65f10cca07e6 |
| SHA256 | 536e4b5bf009a3d9f6eccfbbc4157cb6de663d889e0826ea5f6e5fa17aaeb8bf |
| SHA512 | 9eb207fa61862aebd9cc5a89f85757313c7f163ea0f5a15c16250f79845b9caa1d8109bc3e634a9ed3fb0616c71aed3005ace48eff0941518c778c3063613975 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\headers\entryHeader.js
| MD5 | 934371cb21b6cee8419b83aa8357ff14 |
| SHA1 | 16474dcd3f1f439d307284426c004b2e29f7ae86 |
| SHA256 | 79c6167b5f5bfa0b3ea8c57c2d67e57eab0193d05b414eba2c9a12c625e3d0b7 |
| SHA512 | 864c116dceeedc8100654f01266997a9ada2b49918b560accbd4d18fd7f051a08357cb65dd1dbb796943ea67086304a66db858edd23cbc4db226819bafc33105 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\headers\mainHeader.js
| MD5 | 8a9ea5dcd1a15e2d2c6e80708deb77b5 |
| SHA1 | 07fd2dd5b88a2956186ad16177a2586e36683c9e |
| SHA256 | 2fa88533066e07b9d8c08aac78d379bda9fcabcb4ae9fdaf55d28c31071f0a55 |
| SHA512 | 529a21a45bb354ccb7969cf4671456dc0a300c87f520bcb4e513100eef44ad4610a7a45b62d637f2983bd0212885a8af08a10686e4f69b5d93852fb9d28e58fc |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\methods\deflater.js
| MD5 | 41fd6791497f7d74ee56a7753e08da66 |
| SHA1 | bd62d07bfe703da89172fcfeaa8848d6ba5c68b4 |
| SHA256 | 6dc41b2460594cfa5136b797653c166b2f7403820a40f2fca17cca35a5de1b5f |
| SHA512 | 5f16aeb477321470986a8c9807ebf3b75e979e5fb34156028ef56f44f38c4f4d72d9d086784e9dfedeffa61f91f973b6ac7e7ba1730eebd86bb549de2dbb4761 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\methods\index.js
| MD5 | 74d54dda1e050cad9b31da325f92fb01 |
| SHA1 | 683b0412f3bdb3ae54cd809e37f456dade4d046a |
| SHA256 | d67714f1a04be942f90be77069af3ff4214aa8ee84b26edeff3a87eb0d8e2dc0 |
| SHA512 | 88ff974e69207c427ce1c9161489a275c4328ba392da65b268614fd5c66ef9feb10dafe1464dcc5873221de61bdb045dcf47092760c973ec06825158978df3e6 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\methods\zipcrypto.js
| MD5 | 3b56c94c2ed7c7ac5aa472e6c9a54f5d |
| SHA1 | 79246b6644135ffc9e0b4b7a00bee0e64412c448 |
| SHA256 | 92b3b09a81764e4f012c2bafa0f36b109229ef7d97d4460989c885a169a2200b |
| SHA512 | 5fb3f79da745408375c792cd1b34fd2aa28de20fe47c8552a01146e6a4e354cb9e43b9fb10e466f5c967248417bef968d359beba09438258568b14c236a83099 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\util\errors.js
| MD5 | 2e4dc5475c47794c086bed7934746175 |
| SHA1 | ca74ae8081d2184efa87a8e6e8724926c659b3fd |
| SHA256 | e128738cd9140b44de639482cb10cbb38de1e87b8118abea1d1d3a555d375271 |
| SHA512 | 03359ef8ff2dc85573ef2a71179879b750863c3b97bd0c139fa919cfde5bf3878e15c47189245abb47b625c39b71c48da9a6e7f8a66807f2031b2fe13fa89c3f |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\util\constants.js
| MD5 | 9557c90a448baec12cf2cb2f97e2c5a2 |
| SHA1 | 19ece17c4aed05723601ec510ad2020fb462cf52 |
| SHA256 | 208e943a2e5faad056047f3c7991cce3cde637d8e272a564f2546210ebdf2069 |
| SHA512 | 433a683e049a8d2fa321e9cf6932c2f5075c83f1713a9d0514956310174ef2959d0c8378a039d27d0a34f321262f6cf7eee40066ca54da1b57c5483b6d00f089 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\methods\inflater.js
| MD5 | c2bd839327d3c2f2f3b113484820a793 |
| SHA1 | 93f0554d43968d02625736c571a048422401ff8a |
| SHA256 | c5e4531a11385050d77a5069487b0be8e85c8e44fe6b214d68def321e74528ce |
| SHA512 | c9d57670318cb3bcdefa01366f8fa6e5a7ed54af6653a104f8a300814a46b46cd9a05da316ddfb7f7d72c8df4aa42290f77ee6ac6494299093776a0c8bf4ba46 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\util\fattr.js
| MD5 | 943088ca25b0e25de119778524c8d91c |
| SHA1 | 6cbf8576406db664ea30c0ce8085cc590a248202 |
| SHA256 | cecf4e89cd49c408dacf19894756926cb73bae801f4f44e66011826230ef1975 |
| SHA512 | 9892ad5a63788aa2e2a50927990caf7371b3432cf0a7633d6dba3d6f861d1e59eb8a43f6b5ad7127c16cdf153ad0aef1f9163d2c59af9058f427cb55c70662b0 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\util\fileSystem.js
| MD5 | 85d7973afdda48fd2333b486d4b4afaf |
| SHA1 | dd0ab76f06f12996cdb07bc8613d7f56aed7f0ac |
| SHA256 | c0e0fdf6ca6d8dd98041adc6d8674f6bb02b94145abc98f08f24f1d0e4a8b5ad |
| SHA512 | ea038e326f763da409672e4e1d87170220aa8c1fab1144a3d5f62d1a5db44f2be2c456a08ca4d1c3f776f9c5020e9573b6b146a28a74c329dd51daa961d6cbfe |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\util\index.js
| MD5 | 6eadaab125a2caf89f2e762259d16df4 |
| SHA1 | 680d2665f43dd5074b5eb34d7a22f337d39659dc |
| SHA256 | a231e422e9f88464dbaf2ca91c0b7acd141f84e475de7847538d3f53890fd274 |
| SHA512 | feb0b65be5cf28c68fcd414a4ba0d659e9298a3a029c1ddef0b5f0d4ac77a355ddb6592aa9c3808b6f40266232c244456a28d49f24700941c6505adc81086eb8 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\adm-zip\util\utils.js
| MD5 | b7a147df232c33b9733089d358e8919f |
| SHA1 | 62f476f4fd0f58d0f6affedadc39da4eed9622e0 |
| SHA256 | 476362e756eeab1eb18548732f27ed8786cea36d6c33aa27d75a74fb70b4a2e0 |
| SHA512 | e0c2641d2b2626c145fd829d48c2154431179011946898714aca55be10209c816649ae79cf0fdadf76933079c28114b2c9000ebcd557a5e324448561cbd62b72 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\axios\dist\axios.js
| MD5 | bfa54c02f00dd15aa289c6612574ba4e |
| SHA1 | 0f6a986f81a6c3fe9d1751511bfe902aaeee59e2 |
| SHA256 | c52af035caee76a6320e13ca3b7397b49b3e7c19dd2d3464052702a5395afc98 |
| SHA512 | bc73477a97905b0020809961124f77da3452e6c35d9ff367e05fb0e13a575b9740fb4e2a9ddddeed8a5f5e8e9ab968451bacf715586649c1b8a2fb45faa61e67 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\axios\dist\axios.js.map
| MD5 | c4278b4f0a062223fc5ffacc08d611a2 |
| SHA1 | 43f19892a8781bd7cd6966a09b58ccdea2f00a08 |
| SHA256 | 8883b6cec467a2607b119fcc8805e80e6852e33ee23ecd12bdad3a1aa316aadc |
| SHA512 | 86e030eaf6df292a7da5bad768c2a063ff549c3c4c284d3a33cbe0722e43e0443bc89d628b08ef64bd3b810e7855091e8068a80804277b8a122b1bc68f7a1222 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\axios\dist\axios.min.js
| MD5 | 99714d221df650b50da3b7bf97e2987d |
| SHA1 | 493b74178a63429fff2aab081b3a1ca73d362085 |
| SHA256 | 8ad11c4cb079bba93156727270f510292eedcc0716c6f21725074a59ec8b9b96 |
| SHA512 | 2520851e12838a54d14577bd6a4fc5276f1d729389c7341a09ddd783c33217a5c58ce0e1cbf60c08cf075b44c50dc90d1d651ec16fa47ef8629f8de12ad27103 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\axios\dist\axios.min.js.map
| MD5 | 3bcef563c61961a5d885343a30a7c8e5 |
| SHA1 | e48138e089ae29ebf4ccb0fb4d8d80ee6228689e |
| SHA256 | f38326abde26902252def3daced5861ecf56aac3bcc909da1cee086acd3054e4 |
| SHA512 | 4d1499b11f7c6f43bb920c2f3b6d0a639dced9384abd4182ca7d38f18532040b0e2b94084eb8550510d6f1f0beba1b79faf373328584c50649df0d123e04ba51 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\axios\dist\browser\axios.cjs.map
| MD5 | 24791e7571e903304b4666c042e61632 |
| SHA1 | 69f8293e89a30249674a974de62e280c66bb54f0 |
| SHA256 | 71c51d2e2e9024721ca0f580593e91d6b69d279a6aa5a8d3f11c29d986ee80db |
| SHA512 | 58c7b6eaac0067e6b0e1d49db1dfbc6d997aa2471355b1b1f158f59da197048f0c262d754e2576b7dd27a666a9e70c661c549b6dcdf08dafcdfba7550e8c20f0 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\axios\dist\browser\axios.cjs
| MD5 | bb1965b9e787877a4e1c51d05a270e96 |
| SHA1 | 05f21f2cdfeb2fbd6e1acbf1f903715d14db2830 |
| SHA256 | ceda4e1f08cf9f1d571974d08dd5952eb71877415ebd73eaf89095a37e312229 |
| SHA512 | 5c69f84a857ff822ec864280f181b02e0db1b6c06260c40e86c3c762fe1ead91bf4dee0aba45ec16f7263a2fff240fcfbeb752e6a5c19e29e04c211bd9154960 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\axios\dist\esm\axios.js
| MD5 | f018f2bd28f84e97bb240973256ddae0 |
| SHA1 | 5e0a341781677b053bbd5625db7084e37bffdf91 |
| SHA256 | 9455880fadf382b3e397d098fa01bc699f26a943108b9f12be3f719ad7394ef0 |
| SHA512 | 66d80632b4f24210cb1b9425a3d1837ffeda2c97d819f712f6a598468e1a1d771fb734af4dbdb89a722048b743eb8b20ca3104e1d4e945d67204de0ee4002e29 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\axios\dist\esm\axios.js.map
| MD5 | 85566134a5a1b4b22fe49718bcd8b4f5 |
| SHA1 | cb3e6c3f0aa93a122f7b0d842c337a231a5a4e28 |
| SHA256 | a3e72529bbc26d63f207f13aa528d87ab273f79b272df93f677b514528f9c865 |
| SHA512 | 64dabd21da254a16a2fc35a230373c78c90a9ed1d3604a4f1843d3a90b1d98883ad5f40f86f5b8ebb19c5fcff233f41611292bfa7e15023a23edb15ba8a1fe84 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\axios\dist\esm\axios.min.js
| MD5 | b9f1305c04d321446e4edd70a5e84ab2 |
| SHA1 | 20b5d6ecf93eeee32a3b00d9c35800f5b8f987ec |
| SHA256 | c3cc839c6fd6dae19fa094a89577cd83bc1afab2db02cdc5b5a7983d1b92a0c9 |
| SHA512 | 8d5ce9386c3e9adbfd163594c377122d94f31da7397b31b973015bddcc5f17c7f3149f9ba9f3cd1dce63779b18483ad354ac5c94b9e2cc460c012f10afe7c710 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\axios\dist\esm\axios.min.js.map
| MD5 | 76a7fc2ce89031a77f314ff860945e5f |
| SHA1 | 631348567a4b3a32170d9048f8db1610c085f949 |
| SHA256 | c5d4132ccfb080f11462370e0a636adabeac4eae1d9a7cb050e381ebad95ba9a |
| SHA512 | 9b6dc20e949ce2deda941f84c4adb7d6c80995ef455dd1a0ed3f94daae729930331d10fe25c583f8ddb1d6536d1afd4c13f7fd404d092bd394811c8d0c1dc0e3 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\axios\dist\node\axios.cjs.map
| MD5 | 3b2850dfb8ef1b1585fe2f64e63bf73e |
| SHA1 | 4ba677f17979a093c6b29a5048d764639d878c17 |
| SHA256 | 5f15acee4dd54e7ed80fdf667898b0ef492eccdb9b037677fdc590e85170cff9 |
| SHA512 | 8d5310c013a7ceb68321afdb6e276e6634a5d2538b9a686401e086e6ae65b0e49a1e8133c116c9807ac6c31aba98b9e79fbfae1e1e91159cfba0ba0097889cd7 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\7z-out\resources\node_modules\axios\dist\node\axios.cjs
| MD5 | e32b6ba895a4dd454997874085cea3cb |
| SHA1 | 1630e31aec94f40c4bbc4d184dafe102412718d9 |
| SHA256 | ae1c12ee98ab5eb179d4e5f9c5e54556acbce46dd1eb963ea271914b15aa1d4f |
| SHA512 | a6d060a04373660f28764d5e5cc34082b1e1073c609f04989a884f3c49f867d37cd0f78f857436f2639fefaab4b7e519c1b9fda83442d3ee2fb47ea0945af616 |
C:\Users\Admin\AppData\Local\Temp\nsaBAC5.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
155s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\headers\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
91s
Max time network
138s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\methods\deflater.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
141s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3348 wrote to memory of 3716 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3348 wrote to memory of 3716 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3348 wrote to memory of 3716 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3716 -ip 3716
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20241010-en
Max time kernel
75s
Max time network
151s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437691484" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00eb72750a36db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000072fec9d8eaca17bcbaba076bb7066393d4f504b9adef556b2e1fd633ab623824000000000e8000000002000020000000acd00fb1206fb079a27f47fe8a00f9c5b627e5fecbc674cd082e5eefa72d9bcb20000000b2c4406acdbeb3cf962c7734cb8ee65e0eacb700344c865e2e019f2b8b4d7d0a4000000094fccb91e8aab9dc8066ea494e82166f5d39ca9110b664807caef33bdd867f011ccbc64ebc26c6d86f16be8547683792a664ec7536b23551d928189393df1523 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9F566D71-A1FD-11EF-A7E1-668826FBEB66} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000e46bf64a6fc2a095d8cd968a2a3a3b839f386c002d11dd71da2924b6feaa7533000000000e8000000002000020000000d37b5659f2b19d9ad2773c9d1a32d4d50ead5a8ba058cf97e184d1b7f43ce3ce90000000c0e4416efe905b8017b966791626686c10cdfc64a6628868dd37c385031059b240f073f8dab131832778af9e18d885ba2e65dca92c27f47765dc0ec87f99b5f447e38f2f1a6d88b075f60ef5bb611da9a44392b72bfcfa6d0500c044c37e68903a2183f0140ccb1e51038f3c704ad49c8c301909941ad5be7bcf02c68c30779de3587c9ac064acd6ee79121e5d7c86c6400000008d39b7530a5f86a9a3de94c25f5dbfd1a1e335a52b67319c3c6d1e6dd5566c05318663ab02bb7043ed46087e73823444210fbeb4c884ce3667ec4a7fe6c0140f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1516 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1516 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1516 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1516 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1516 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab914A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar91F9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 517a8a260928e56f5a0a8cf5ddcedd28 |
| SHA1 | 1c48e43e6ddbac0a077f731ac8f04149f0ecfa88 |
| SHA256 | 879c210a5adfb56bc99231fbfc2e3e9e1a3fac3e70153a436b6896ea51052c4a |
| SHA512 | d15b566ca30581cbc4818d5dfc31d01efd213f0a0b6316d6732ffd73893288e38ae8ace0876232917e7d899f9a385c9adb1ef8525d6295c5fde86c29d57b8cc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fedfddb0f53c2d901b701d8be59b6a4 |
| SHA1 | e7bcd6b6f148d18aceba3eca1a67665eaaa45e29 |
| SHA256 | 85aec9c49044b5d7fe6aa2494775388cb5076e22d2b493b5c91fb0a05aba042b |
| SHA512 | ec43774ba8270d6a738a6a9a17d864445c2225dac395f9a3f760221775a2929102d9e6be6c5bf42a539dd1d65823dc8b2389715886aea9df294fb7551df51865 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5d461f16555509ade18079f5cbf447c |
| SHA1 | e1b14ac3b642b24622b90692c89f893c5b285e0b |
| SHA256 | 6070c4532eb3602da731ade19e6078b01ecb470b09098e4f3265b10a97ac8a53 |
| SHA512 | e6e721c5014e16cb3c1a64d6c34290cdebc3b17e79f297d18e34a6abdc5550117d80281df759f76d117eeb314845bbfea06580cc2a88d38429f3febd4354206c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54fb2fcb905f74061b859f49c0374371 |
| SHA1 | 78deed9424c90cd3d5154c055101dc3d636beaf0 |
| SHA256 | 42db5e5e91eb50b900c3a344a0fc2f1115ef0f5d675e49cad919b7b224ceac6a |
| SHA512 | 3371a00b6aebcf7ecfd64a803890d919d47206b16b1e3a91681131fa128bfd92bd3eb424d3647a5343818c142ef35dff8857a39eaaf9918535f82c85ee29b867 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c99c01d0f243c4e72c26da6b97a6a07a |
| SHA1 | d5e7335fb9a0c080e6a4f764ff88008ffcf1c6d7 |
| SHA256 | ba8bf6ed326ce30e8e4969695fb4a0b37c323780da3b84551a23f808f9e0e3f2 |
| SHA512 | 20198d792d938482afdbc066eb6e4dd6c621d8744f938d46df99ebc8b6d4f4bccc3786ee98bf790211bbb4e4c9f93f6db56f5041c364233c8168a7ece06af373 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 468cb9292e0d98f906d0c011e5973d1b |
| SHA1 | 76a61494d8262c25ff1d408f07e6092b48686ee7 |
| SHA256 | acfc77c3c109ec5340d6b66e6341268d84974728a8802f7a5bebb75fd0da79fa |
| SHA512 | 4563eca9f78be2d7539307c016976906c1f08e3e1d006c4a190b65a48f6853463fc6b2857fa19487ec33a9362ada5d1c056cef56392ff09088d88a4021be1b75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37a73134b3d664f352615843afd78155 |
| SHA1 | f038bdeece01afe90f8212b855215f0fd8347ed3 |
| SHA256 | 3cc248576e57f8492334a63c7879253107bdd556a518622e178ee6ce98567d15 |
| SHA512 | 37d0170e862fba8674b8a9bdf60a71bce6998810de6f8a486bcf501ad39b1ff82a48e28b41a9d3b8c1ed2f63c2ed4773e3b4cdf42f65372a2c091768e70e381c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db35540a011be3ae210a7291cb12c5b4 |
| SHA1 | 88ef7c5c96265988b9c9b35ab54ec37d18356802 |
| SHA256 | cfa74c94cb8ae28e7740be9672338f9cc1a2093d8c8c850946589897dfe0b4f1 |
| SHA512 | a15ba48f04bd034d892c3bec8c8d561974ee3f6945df4e455fc302ba0d25a6c1e0259b04d63340d8844fea365a7dd5c220054721fdccda009748328c24e28fe1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7268ca05661392063b4b8eb78b417b8a |
| SHA1 | 8d57efaf4a31060ae742c8d22d431b7f8a480af9 |
| SHA256 | ba8ae64cab0306725bc1fa2618734cc032b265b916ba1afcbd9fe86a2f4c702d |
| SHA512 | 309cef976ce7d8c6c6324097e133a7ae89fc1ec526fa3c21a25b2d4351426cf565e4719e75aa9369bf32d41596a35444fcb3269d7559637f83489e763ce865fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fb98fe9f5e3a477aad9ed280de951b0 |
| SHA1 | fd65028b1d86834d868545cc3013a848f0469df1 |
| SHA256 | 3c569b651b077b65367bb5eee7e6eac0feaa04de413357e212687c31149406c8 |
| SHA512 | 1ec3e5b76065993279f3ac3fd45f7ebae8b532d090d121c18d7006e49c98c8039fbde3a40bf0d055d93b94a01e70c999e87a7a6b13865274299dd2dfb9814889 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d5e2dcbcd6df06cc767632b2ec605cf |
| SHA1 | 0f7e6b9c1ba7237a23033d82e2a615cc0272c470 |
| SHA256 | 93a0f5ba0a2057737510281b70165898c6585a14d6a7c9d3289304b5ad3ca529 |
| SHA512 | cc69293585114b857e10f052e3efb1bddda4ce5e1c8d1a12404eea6e2cd9279763504d664fe68e4c997a6e8c379f60afef140c7dabfba6933f763c2efd01476c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d869a39561233e15e05b11f652ae84c2 |
| SHA1 | bf0a42ca1195cff307e788ade74f7d099da41797 |
| SHA256 | 686049648880672e3ee97ee4a6f5fc73b7c49a20fadb415a99de093f838bb461 |
| SHA512 | 8326f67d7ac8e8ff3e8c0d4f9a3dd02d9f922caef3e44af01f90a04bdd71ba860a5c632fed725bb3120d3eac7cdcc548c268ad9cc42e0bba93c8f316cfd391a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ccd13af8ae94c11b9a67b93b074fefd |
| SHA1 | 62b9bf048502382ce0fd651a9080b949473b6fa5 |
| SHA256 | 943aa98dbf17a47c8f6e0a0abca24779ebbccdf53725cfd064fc3006444a0232 |
| SHA512 | ef26aacf539df5c68b51186763e7ea5567602e36c586f9d5d921e4a6c452848c726f3c465de6d805a7ecc6dac137f5cc3b4e80c739457d190babb09cc63ebc2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d2f10b38461630cc46616f7d7d3cf75 |
| SHA1 | 4464f1c7bc9d8570aac250b5d72dfd5a0d57220a |
| SHA256 | 47eff28d1cdf5a7848a20d5d9ba75ac146d11305f106554ba8559138003f5346 |
| SHA512 | 6bef71e6a9e3b62d06f244a45ffeb373de87a011c3092b8b50496803f90dd8ed3f9d1baa70ec59b7acb45c547583b3323e88d1562e67770caa1906f7292b73b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a721301675d84f68121a760b7bb4bc93 |
| SHA1 | 0327ba86abe5962afc853560a15848f05ac9fb84 |
| SHA256 | 2a18d6eeb60a4ca4ecc07c261bcc729421e14dc65da4e2ee58257071b8117988 |
| SHA512 | aaebebc9b136bdce18ae53c54e16d93f479e0ef51db3023110303ea22d8edc93d9a72f445ae26341463b395041b5e363afd8d1b3ae7d9459add1ce8565960317 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8d21a4151c99624456df46759bb7b29 |
| SHA1 | 2440105db57587c1117d79e77b9185bad3082383 |
| SHA256 | deae54c888df7a757cdb5baa40b8799d570249a6e6db289bbf9e7be0b4f887ba |
| SHA512 | 3f6e220d18de23667f85c3027e882c4b444d4ec20af348ca39327fca333dcd0ac7a0f3b39dd6923179c6e61b862c86a31ea3451a603543d9cef3a5272cb24567 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93a2a9f935b867ba6dd6db3d5f348419 |
| SHA1 | 1efb7876858c9b960e4a85e17bae4fe567a739de |
| SHA256 | c183538460ebd86af01c3b0a442e8a655a06c66d8ca7217582d3b07318ba9b73 |
| SHA512 | 06bd1598914c46f7e039375638264bdd44730d289f4dcc56a9474423391b66c5934c2feaf0b201f316ed39c15bd6df8372ece6c5c518d2fa1bc6a05082009b8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b43fb996087c1e8d20d5dc0442c81643 |
| SHA1 | 255c3387119ba5a2ea1d2c4aa71131d8fea1c189 |
| SHA256 | 6aa02cecda9c1e7c5f84e6b52ce1e3a1769678b6df90c8b00c3be680ad2bab72 |
| SHA512 | 9dd3773fb9554c5767c5e745dd7213ab66385a0f8c5eafd56bb3bb6056d0eec0072aa80f0e7ec129db307df046b175a90ea4faec04dbf5dc53bff1e35594c36b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a910f317c5ed84c614932542bdfff727 |
| SHA1 | 67d71ee1fb6c3a51217ac9883a25de20b2ecefc3 |
| SHA256 | 7b1754401b206f49c418ab81d3e710afd4bfb4c843175541cc3971a8f04e0228 |
| SHA512 | b0db8011006ab9f2c511496d26bc296fa32a91560f35533c6c9da9f3fad3d4c8459263e09b963b4563fa2caab6b22bf02c4b98c6d51e8a694f771c17198f1d49 |
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
157s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\headers\entryHeader.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
91s
Max time network
138s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2848 wrote to memory of 4168 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2848 wrote to memory of 4168 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2848 wrote to memory of 4168 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4168 -ip 4168
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 636
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 220
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
159s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\README.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\adm-zip.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\headers\mainHeader.js
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240708-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.js
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\adm-zip.js
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
154s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8db1b46f8,0x7ff8db1b4708,0x7ff8db1b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3542887193879809269,7721926968344332987,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3542887193879809269,7721926968344332987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,3542887193879809269,7721926968344332987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3542887193879809269,7721926968344332987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3542887193879809269,7721926968344332987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3542887193879809269,7721926968344332987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3542887193879809269,7721926968344332987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3542887193879809269,7721926968344332987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3542887193879809269,7721926968344332987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3542887193879809269,7721926968344332987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3542887193879809269,7721926968344332987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3542887193879809269,7721926968344332987,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_2380_KYCVFKGJZCSIRQMK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6a29a43c76dda086520746e7f19b4923 |
| SHA1 | b71e99d8f21011266b59c6b30bba7f9553f6511b |
| SHA256 | ff33c09f34de49fcb0a6635f7625f5afac191e073f50b6986c4573893b9b588c |
| SHA512 | e273baee3d83b18a011650f67b7595818e9ddf24fb93afea10e098caab18dbeff11f9cf890b8c2bdfc5dc66e07613d9fd62b0af18e25d05d2fd778613dd30dc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7b3ca4093a62454d0453aab0b42f75c3 |
| SHA1 | 3872225af07a503556eb7385841b53e658febcff |
| SHA256 | 92a3260af05a00b1796d6663182369c4076060d28786dec016fa26f24cf9b9a8 |
| SHA512 | 038a70c87f0c397158f61dfc0153f2d0f4bc90e81f9b730d66d125f7511c63c6eb963993f2586a6b0a2e94a665fa6f30c9497050f7ed39d475c142a9d5b3d53d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d46c186bd24badeebd8c4a05197f590 |
| SHA1 | f4611150db3771aa3379e42348bd467eed28a613 |
| SHA256 | 5c79775041f9da0b7f25841e57bab38f10ae1d6e419ad9e692740f778de8e1e9 |
| SHA512 | f00efaadedd5b7374f1e38d3235069751ffe7f637b12b1c55ce14c302ad399a8192066469e8e0cfd85bd3294e083b09252eb6b1f6d165c72cc1a30ad929e4e02 |
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
135s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20241010-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\headers\index.js
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:28
Platform
win7-20240708-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1504 wrote to memory of 2612 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe |
| PID 1504 wrote to memory of 2612 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe |
| PID 1504 wrote to memory of 2612 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe |
| PID 1504 wrote to memory of 2612 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe
C:\Users\Admin\AppData\Local\Temp\2oblXXfFqceIXve35mBawCTA5fV\so.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x144
Network
Files
\Users\Admin\AppData\Local\Temp\nsjE06.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsjE06.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\chrome_100_percent.pak
| MD5 | 8626e1d68e87f86c5b4dabdf66591913 |
| SHA1 | 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c |
| SHA256 | 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59 |
| SHA512 | 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\chrome_200_percent.pak
| MD5 | 48515d600258d60019c6b9c6421f79f6 |
| SHA1 | 0ef0b44641d38327a360aa6954b3b6e5aab2af16 |
| SHA256 | 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce |
| SHA512 | b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\ffmpeg.dll
| MD5 | d49e7a8f096ad4722bd0f6963e0efc08 |
| SHA1 | 6835f12391023c0c7e3c8cc37b0496e3a93a5985 |
| SHA256 | f11576bf7ffbc3669d1a5364378f35a1ed0811b7831528b6c4c55b0cdc7dc014 |
| SHA512 | ca50c28d6aac75f749ed62eec8acbb53317f6bdcef8794759af3fad861446de5b7fa31622ce67a347949abb1098eccb32689b4f1c54458a125bc46574ad51575 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\icudtl.dat
| MD5 | adfd2a259608207f256aeadb48635645 |
| SHA1 | 300bb0ae3d6b6514fb144788643d260b602ac6a4 |
| SHA256 | 7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050 |
| SHA512 | 8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\libEGL.dll
| MD5 | 09134e6b407083baaedf9a8c0bce68f2 |
| SHA1 | 8847344cceeab35c1cdf8637af9bd59671b4e97d |
| SHA256 | d2107ba0f4e28e35b22837c3982e53784d15348795b399ad6292d0f727986577 |
| SHA512 | 6ff3adcb8be48d0b505a3c44e6550d30a8feaf4aa108982a7992ed1820c06f49e0ad48d9bd92685fb82783dfd643629bd1fe4073300b61346b63320cbdb051ba |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\libGLESv2.dll
| MD5 | a5f1921e6dcde9eaf42e2ccc82b3d353 |
| SHA1 | 1f6f4df99ae475acec4a7d3910badb26c15919d1 |
| SHA256 | 50c4dc73d69b6c0189eab56d27470ee15f99bbbc12bfd87ebe9963a7f9ba404e |
| SHA512 | 0c24ae7d75404adf8682868d0ebf05f02bbf603f7ddd177cf2af5726802d0a5afcf539dc5d68e10dab3fcfba58903871c9c81054560cf08799af1cc88f33c702 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\LICENSES.chromium.html
| MD5 | 180f8acc70405077badc751453d13625 |
| SHA1 | 35dc54acad60a98aeec47c7ade3e6a8c81f06883 |
| SHA256 | 0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c |
| SHA512 | 40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\snapshot_blob.bin
| MD5 | 8fef5a96dbcc46887c3ff392cbdb1b48 |
| SHA1 | ed592d75222b7828b7b7aab97b83516f60772351 |
| SHA256 | 4de0f720c416776423add7ada621da95d0d188d574f08e36e822ad10d85c3ece |
| SHA512 | e52c7820c69863ecc1e3b552b7f20da2ad5492b52cac97502152ebff45e7a45b00e6925679fd7477cdc79c68b081d6572eeed7aed773416d42c9200accc7230e |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources.pak
| MD5 | 7971a016aed2fb453c87eb1b8e3f5eb2 |
| SHA1 | 92b91e352be8209fadcf081134334dea147e23b8 |
| SHA256 | 9cfd5d29cde3de2f042e5e1da629743a7c95c1211e1b0b001e4eebc0f0741e06 |
| SHA512 | 42082ac0c033655f2edae876425a320d96cdaee6423b85449032c63fc0f7d30914aa3531e65428451c07912265b85f5fee2ed0bbdb362994d3a1fa7b14186013 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\v8_context_snapshot.bin
| MD5 | a373d83d4c43ba957693ad57172a251b |
| SHA1 | 8e0fdb714df2f4cb058beb46c06aa78f77e5ff86 |
| SHA256 | 43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c |
| SHA512 | 07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\vk_swiftshader.dll
| MD5 | a0845e0774702da9550222ab1b4fded7 |
| SHA1 | 65d5bd6c64090f0774fd0a4c9b215a868b48e19b |
| SHA256 | 6150a413ebe00f92f38737bdccf493d19921ef6329fcd48e53de9dbde4780810 |
| SHA512 | 4be0cb1e3c942a1695bae7b45d21c5f70e407132ecc65efb5b085a50cdab3c33c26e90bd7c86198ec40fb2b18d026474b6c649776a3ca2ca5bff6f922de2319b |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\vulkan-1.dll
| MD5 | 0e4e0f481b261ea59f196e5076025f77 |
| SHA1 | c73c1f33b5b42e9d67d819226db69e60d2262d7b |
| SHA256 | f681844896c084d2140ac210a974d8db099138fe75edb4df80e233d4b287196a |
| SHA512 | e6127d778ec73acbeb182d42e5cf36c8da76448fbdab49971de88ec4eb13ce63140a2a83fc3a1b116e41f87508ff546c0d7c042b8f4cdd9e07963801f3156ba2 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\af.pak
| MD5 | 464e5eeaba5eff8bc93995ba2cb2d73f |
| SHA1 | 3b216e0c5246c874ad0ad7d3e1636384dad2255d |
| SHA256 | 0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1 |
| SHA512 | 726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\am.pak
| MD5 | 2c933f084d960f8094e24bee73fa826c |
| SHA1 | 91dfddc2cff764275872149d454a8397a1a20ab1 |
| SHA256 | fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450 |
| SHA512 | 3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\ar.pak
| MD5 | fdbad4c84ac66ee78a5c8dd16d259c43 |
| SHA1 | 3ce3cd751bb947b19d004bd6916b67e8db5017ac |
| SHA256 | a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b |
| SHA512 | 376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\bg.pak
| MD5 | 38bcabb6a0072b3a5f8b86b693eb545d |
| SHA1 | d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89 |
| SHA256 | 898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1 |
| SHA512 | 002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\bn.pak
| MD5 | 9340520696e7cb3c2495a78893e50add |
| SHA1 | eed5aeef46131e4c70cd578177c527b656d08586 |
| SHA256 | 1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39 |
| SHA512 | 62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\ca.pak
| MD5 | 4cd6b3a91669ddcfcc9eef9b679ab65c |
| SHA1 | 43c41cb00067de68d24f72e0f5c77d3b50b71f83 |
| SHA256 | 56efff228ee3e112357d6121b2256a2c3acd718769c89413de82c9d4305459c6 |
| SHA512 | 699be9962d8aae241abd1d1f35cd8468ffbd6157bcd6bdf2c599d902768351b247baad6145b9826d87271fd4a19744eb11bf7065db7fefb01d66d2f1f39015a9 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\cs.pak
| MD5 | eeee212072ea6589660c9eb216855318 |
| SHA1 | d50f9e6ca528725ced8ac186072174b99b48ea05 |
| SHA256 | de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43 |
| SHA512 | ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\da.pak
| MD5 | e7ba94c827c2b04e925a76cb5bdd262c |
| SHA1 | abba6c7fcec8b6c396a6374331993c8502c80f91 |
| SHA256 | d8da7ab28992c8299484bc116641e19b448c20adf6a8b187383e2dba5cd29a0b |
| SHA512 | 1f44fce789cf41fd62f4d387b7b8c9d80f1e391edd2c8c901714dd0a6e3af32266e9d3c915c15ad47c95ece4c7d627aa7339f33eea838d1af9901e48edb0187e |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\de.pak
| MD5 | cf22ec11a33be744a61f7de1a1e4514f |
| SHA1 | 73e84848c6d9f1a2abe62020eb8c6797e4c49b36 |
| SHA256 | 7cc213e2c9a2d2e2e463083dd030b86da6bba545d5cee4c04df8f80f9a01a641 |
| SHA512 | c10c8446e3041d7c0195da184a53cfbd58288c06eaf8885546d2d188b59667c270d647fa7259f5ce140ec6400031a7fc060d0f2348ab627485e2207569154495 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\el.pak
| MD5 | e66a75680f21ce281995f37099045714 |
| SHA1 | d553e80658ee1eea5b0912db1ecc4e27b0ed4790 |
| SHA256 | 21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f |
| SHA512 | d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\en-GB.pak
| MD5 | 825ed4c70c942939ffb94e77a4593903 |
| SHA1 | 7a3faee9bf4c915b0f116cb90cec961dda770468 |
| SHA256 | e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16 |
| SHA512 | 41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\en-US.pak
| MD5 | 19d18f8181a4201d542c7195b1e9ff81 |
| SHA1 | 7debd3cf27bbe200c6a90b34adacb7394cb5929c |
| SHA256 | 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb |
| SHA512 | af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\es-419.pak
| MD5 | 7da3e8aa47ba35d014e1d2a32982a5bb |
| SHA1 | 8e35320b16305ad9f16cb0f4c881a89818cd75bb |
| SHA256 | 7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c |
| SHA512 | 1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\es.pak
| MD5 | 04a9ba7316dc81766098e238a667de87 |
| SHA1 | 24d7eb4388ecdfecada59c6a791c754181d114de |
| SHA256 | 7fa148369c64bc59c2832d617357879b095357fe970bab9e0042175c9ba7cb03 |
| SHA512 | 650856b6187df41a50f9bed29681c19b4502de6af8177b47bad0bf12e86a25e92aa728311310c28041a18e4d9f48ef66d5ad5d977b6662c44b49bfd1da84522b |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\et.pak
| MD5 | ccc71f88984a7788c8d01add2252d019 |
| SHA1 | 6a87752eac3044792a93599428f31d25debea369 |
| SHA256 | d69489a723b304e305cb1767e6c8da5d5d1d237e50f6ddc76e941dcb01684944 |
| SHA512 | d35ccd639f2c199862e178a9fab768d7db10d5a654bc3bc1fab45d00ceb35a01119a5b4d199e2db3c3576f512b108f4a1df7faf6624d961c0fc4bca5af5f0e07 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\fa.pak
| MD5 | 2e37fd4e23a1707a1eccea3264508dff |
| SHA1 | e00e58ed06584b19b18e9d28b1d52dbfc36d70f3 |
| SHA256 | b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e |
| SHA512 | 7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\fi.pak
| MD5 | 21e534869b90411b4f9ea9120ffb71c8 |
| SHA1 | cc91ffbd19157189e44172392b2752c5f73984c5 |
| SHA256 | 2d337924139ffe77804d2742eda8e58d4e548e65349f827840368e43d567810b |
| SHA512 | 3ca3c0adaf743f92277452b7bd82db4cf3f347de5568a20379d8c9364ff122713befd547fbd3096505ec293ae6771ada4cd3dadac93cc686129b9e5aacf363bd |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\fil.pak
| MD5 | d7df2ea381f37d6c92e4f18290c6ffe0 |
| SHA1 | 7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4 |
| SHA256 | db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a |
| SHA512 | 96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\fr.pak
| MD5 | 3ee48a860ecf45bafa63c9284dfd63e2 |
| SHA1 | 1cb51d14964f4dced8dea883bf9c4b84a78f8eb6 |
| SHA256 | 1923e0edf1ef6935a4a718e3e2fc9a0a541ea0b4f3b27553802308f9fd4fc807 |
| SHA512 | eb6105faca13c191fef0c51c651a406b1da66326bb5705615770135d834e58dee9bed82aa36f2dfb0fe020e695c192c224ec76bb5c21a1c716e5f26dfe02f763 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\gu.pak
| MD5 | 308619d65b677d99f48b74ccfe060567 |
| SHA1 | 9f834df93fd48f4fb4ca30c4058e23288cf7d35e |
| SHA256 | e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4 |
| SHA512 | 3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\he.pak
| MD5 | fc84ea7dc7b9408d1eea11beeb72b296 |
| SHA1 | de9118194952c2d9f614f8e0868fb273ddfac255 |
| SHA256 | 15951767dafa7bdbedac803d842686820de9c6df478416f34c476209b19d2d8c |
| SHA512 | 49d13976dddb6a58c6fdcd9588e243d705d99dc1325c1d9e411a1d68d8ee47314dfcb661d36e2c4963c249a1542f95715f658427810afcabdf9253aa27eb3b24 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\hi.pak
| MD5 | b5dfce8e3ba0aec2721cc1692b0ad698 |
| SHA1 | c5d6fa21a9ba3d526f3e998e3f627afb8d1eecf3 |
| SHA256 | b1c7fb6909c8a416b513d6de21eea0b5a6b13c7f0a94cabd0d9154b5834a5e8b |
| SHA512 | facf0a9b81af6bb35d0fc5e69809d5c986a2c91a166e507784bdad115644b96697fe504b8d70d9bbb06f0c558f746c085d37e385eef41f0a1c29729d3d97980f |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\hr.pak
| MD5 | 255f808210dbf995446d10ff436e0946 |
| SHA1 | 1785d3293595f0b13648fb28aec6936c48ea3111 |
| SHA256 | 4df972b7f6d81aa7bdc39e2441310a37f746ae5015146b4e434a878d1244375b |
| SHA512 | 8b1a4d487b0782055717b718d58cd21e815b874e2686cdfd2087876b70ae75f9182f783c70bf747cf4ca17a3afc68517a9db4c99449fa09bef658b5e68087f2a |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\hu.pak
| MD5 | 2aa0a175df21583a68176742400c6508 |
| SHA1 | 3c25ba31c2b698e0c88e7d01b2cc241f0916e79a |
| SHA256 | b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72 |
| SHA512 | 03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\id.pak
| MD5 | b6fcd5160a3a1ae1f65b0540347a13f2 |
| SHA1 | 4cf37346318efb67908bba7380dbad30229c4d3d |
| SHA256 | 7fd715914e3b0cf2048d4429f3236e0660d5bd5e61623c8fef9b8e474c2ac313 |
| SHA512 | a8b4a96e8f9a528b2df3bd1251b72ab14feccf491dd254a7c6ecba831dfaba328adb0fd0b4acddb89584f58f94b123e97caa420f9d7b34131cc51bdbdbf3ed73 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\it.pak
| MD5 | 745f16ca860ee751f70517c299c4ab0e |
| SHA1 | 54d933ad839c961dd63a47c92a5b935eef208119 |
| SHA256 | 10e65f42ce01ba19ebf4b074e8b2456213234482eadf443dfad6105faf6cde4c |
| SHA512 | 238343d6c80b82ae900f5abf4347e542c9ea016d75fb787b93e41e3c9c471ab33f6b4584387e5ee76950424e25486dd74b9901e7f72876960c0916c8b9cee9a6 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\ja.pak
| MD5 | 38cd3ef9b7dff9efbbe086fa39541333 |
| SHA1 | 321ef69a298d2f9830c14140b0b3b0b50bd95cb0 |
| SHA256 | d8fab5714dafecb89b3e5fce4c4d75d2b72893e685e148e9b60f7c096e5b3337 |
| SHA512 | 40785871032b222a758f29e0c6ec696fbe0f6f5f3274cc80085961621bec68d7e0fb47c764649c4dd0c27c6ee02460407775fae9d3a2a8a59362d25a39266ce0 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\kn.pak
| MD5 | caab4deb1c40507848f9610d849834cf |
| SHA1 | 1bc87ff70817ba1e1fdd1b5cb961213418680cbe |
| SHA256 | 7a34483e6272f9b8881f0f5a725b477540166561c75b9e7ab627815d4be1a8a4 |
| SHA512 | dc4b63e5a037479bb831b0771aec0fe6eb016723bcd920b41ab87ef11505626632877073ce4e5e0755510fe19ba134a7b5899332ecef854008b15639f915860c |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\ko.pak
| MD5 | d6194fc52e962534b360558061de2a25 |
| SHA1 | 98ed833f8c4beac685e55317c452249579610ff8 |
| SHA256 | 1a5884bd6665b2f404b7328de013522ee7c41130e57a53038fc991ec38290d21 |
| SHA512 | 5207a07426c6ceb78f0504613b6d2b8dadf9f31378e67a61091f16d72287adbc7768d1b7f2a923369197e732426d15a872c091cf88680686581d48a7f94988ab |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\lt.pak
| MD5 | 64b08ffc40a605fe74ecc24c3024ee3b |
| SHA1 | 516296e8a3114ddbf77601a11faf4326a47975ab |
| SHA256 | 8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e |
| SHA512 | 05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\lv.pak
| MD5 | a8cbd741a764f40b16afea275f240e7e |
| SHA1 | 317d30bbad8fd0c30de383998ea5be4eec0bb246 |
| SHA256 | a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086 |
| SHA512 | 3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\ml.pak
| MD5 | 1c81104ac2cbf7f7739af62eb77d20d5 |
| SHA1 | 0f0d564f1860302f171356ea35b3a6306c051c10 |
| SHA256 | 66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108 |
| SHA512 | 969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\mr.pak
| MD5 | 2cf9f07ddf7a3a70a48e8b524a5aed43 |
| SHA1 | 974c1a01f651092f78d2d20553c3462267ddf4e9 |
| SHA256 | 23058c0f71d9e40f927775d980524d866f70322e0ef215aa5748c239707451e7 |
| SHA512 | 0b21570deefa41defc3c25c57b3171635bcb5593761d48a8116888ce8be34c1499ff79c7a3ebbe13b5a565c90027d294c6835e92e6254d582a86750640fe90f2 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\ms.pak
| MD5 | aee105366a1870b9d10f0f897e9295db |
| SHA1 | eee9d789a8eeafe593ce77a7c554f92a26a2296f |
| SHA256 | c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939 |
| SHA512 | 240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\nb.pak
| MD5 | 55d5ad4eacb12824cfcd89470664c856 |
| SHA1 | f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673 |
| SHA256 | 4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261 |
| SHA512 | 555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\nl.pak
| MD5 | 0f04bac280035fab018f634bcb5f53ae |
| SHA1 | 4cad76eaecd924b12013e98c3a0e99b192be8936 |
| SHA256 | be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b |
| SHA512 | 1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\pl.pak
| MD5 | f1d48a7dcd4880a27e39b7561b6eb0ab |
| SHA1 | 353c3ba213cd2e1f7423c6ba857a8d8be40d8302 |
| SHA256 | 2593c8b59849fbc690cbd513f06685ea3292cd0187fcf6b9069cbf3c9b0e8a85 |
| SHA512 | 132da2d3c1a4dad5ccb399b107d7b6d9203a4b264ef8a65add11c5e8c75859115443e1c65ece2e690c046a82687829f54ec855f99d4843f859ab1dd7c71f35a5 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\pt-BR.pak
| MD5 | 8e931ffbded8933891fb27d2cca7f37d |
| SHA1 | ab0a49b86079d3e0eb9b684ca36eb98d1d1fd473 |
| SHA256 | 6632bd12f04a5385012b5cdebe8c0dad4a06750dc91c974264d8fe60e8b6951d |
| SHA512 | cf0f6485a65c13cf5ddd6457d34cdea222708b0bb5ca57034ed2c4900fd22765385547af2e2391e78f02dcf00b7a2b3ac42a3509dd4237581cfb87b8f389e48d |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\pt-PT.pak
| MD5 | b4954b064e3f6a9ba546dda5fa625927 |
| SHA1 | 584686c6026518932991f7de611e2266d8523f9d |
| SHA256 | ee1e014550b85e3d18fb5128984a713d9f6de2258001b50ddd18391e7307b4a1 |
| SHA512 | cb3b465b311f83b972eca1c66862b2c5d6ea6ac15282e0094aea455123ddf32e85df24a94a0aedbe1b925ff3ed005ba1e00d5ee820676d7a5a366153ade90ef7 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\ro.pak
| MD5 | d2758f6adbaeea7cd5d95f4ad6dde954 |
| SHA1 | d7476db23d8b0e11bbabf6a59fde7609586bdc8a |
| SHA256 | 2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c |
| SHA512 | 8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\ru.pak
| MD5 | 2885bde990ee3b30f2c54a4067421b68 |
| SHA1 | ae16c4d534b120fdd68d33c091a0ec89fd58793f |
| SHA256 | 9fcda0d1fab7fff7e2f27980de8d94ff31e14287f58bd5d35929de5dd9cbcdca |
| SHA512 | f7781f5c07fbf128399b88245f35055964ff0cde1cc6b35563abc64f520971ce9916827097ca18855b46ec6397639f5416a6e8386a9390afba4332d47d21693f |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\sk.pak
| MD5 | b7e97cc98b104053e5f1d6a671c703b7 |
| SHA1 | 0f7293f1744ae2cd858eb3431ee016641478ae7d |
| SHA256 | b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f |
| SHA512 | ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\sl.pak
| MD5 | ca763e801de642e4d68510900ff6fabb |
| SHA1 | c32a871831ce486514f621b3ab09387548ee1cff |
| SHA256 | 340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de |
| SHA512 | e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\sr.pak
| MD5 | c68c235d8e696c098cf66191e648196b |
| SHA1 | 5c967fbbd90403a755d6c4b2411e359884dc8317 |
| SHA256 | ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b |
| SHA512 | 34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\sv.pak
| MD5 | 272f8a8b517c7283eab83ba6993eea63 |
| SHA1 | ad4175331b948bd4f1f323a4938863472d9b700c |
| SHA256 | d15b46bc9b5e31449b11251df19cd2ba4920c759bd6d4fa8ca93fd3361fdd968 |
| SHA512 | 3a0930b7f228a779f727ebfb6ae8820ab5cc2c9e04c986bce7b0f49f9bf124f349248ecdf108edf8870f96b06d58dea93a3e0e2f2da90537632f2109e1aa65f0 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\sw.pak
| MD5 | 67a443a5c2eaad32625edb5f8deb7852 |
| SHA1 | a6137841e8e7736c5ede1d0dc0ce3a44dc41013f |
| SHA256 | 41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd |
| SHA512 | e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\ta.pak
| MD5 | 18ec8ff3c0701a6a8c48f341d368bab5 |
| SHA1 | 8bff8aee26b990cf739a29f83efdf883817e59d8 |
| SHA256 | 052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9 |
| SHA512 | a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\te.pak
| MD5 | a17f16d7a038b0fa3a87d7b1b8095766 |
| SHA1 | b2f845e52b32c513e6565248f91901ab6874e117 |
| SHA256 | d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e |
| SHA512 | 371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\th.pak
| MD5 | a32ba63feeed9b91f6d6800b51e5aeae |
| SHA1 | 2fbf6783996e8315a4fb94b7d859564350ee5918 |
| SHA256 | e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6 |
| SHA512 | adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\tr.pak
| MD5 | 5ff2e5c95067a339e3d6b8985156ec1f |
| SHA1 | 7525b25c7b07f54b63b6459a0d8c8c720bd8a398 |
| SHA256 | 14a131ba318274cf10de533a19776db288f08a294cf7e564b7769fd41c7f2582 |
| SHA512 | 2414386df8d7ab75dcbd6ca2b9ae62ba8e953ddb8cd8661a9f984eb5e573637740c7a79050b2b303af3d5b1d4d1bb21dc658283638718fdd04fc6e5891949d1b |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\uk.pak
| MD5 | 361a0e1f665b9082a457d36209b92a25 |
| SHA1 | 3c89e1b70b51820bb6baa64365c64da6a9898e2f |
| SHA256 | bd02966f6c6258b66eae7ff014710925e53fe26e8254d7db4e9147266025cc3a |
| SHA512 | d4d25fc58053f8cce4c073846706dc1ecbc0dc19308ba35501e19676f3e7ed855d7b57ae22a5637f81cefc1aa032bf8770d0737df1924f3504813349387c08cf |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\ur.pak
| MD5 | 1ca4fa13bd0089d65da7cd2376feb4c6 |
| SHA1 | b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c |
| SHA256 | 3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f |
| SHA512 | d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\vi.pak
| MD5 | db0eb3183007de5aae10f934fffacc59 |
| SHA1 | e9ea7aeffe2b3f5cf75ab78630da342c6f8b7fd9 |
| SHA256 | ddabb225b671b989789e9c2ccd1b5a8f22141a7d9364d4e6ee9b8648305e7897 |
| SHA512 | 703efd12fcace8172c873006161712de1919572c58d98b11de7834c5628444229f5143d231c41da5b9cf729e32de58dee3603cb3d18c6cdd94aa9aa36fbf5de0 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\zh-CN.pak
| MD5 | 82326e465e3015c64ca1db77dc6a56bc |
| SHA1 | e8abe12a8dd2cc741b9637fa8f0e646043bbfe3d |
| SHA256 | 6655fd9dcdfaf2abf814ffb6c524d67495aed4d923a69924c65abeab30bc74fb |
| SHA512 | 4989789c0b2439666dda4c4f959dffc0ddcb77595b1f817c13a95ed97619c270151597160320b3f2327a7daffc8b521b68878f9e5e5fb3870eb0c43619060407 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\locales\zh-TW.pak
| MD5 | 2456bf42275f15e016689da166df9008 |
| SHA1 | 70f7de47e585dfea3f5597b5bba1f436510decd7 |
| SHA256 | adf8df051b55507e5a79fa47ae88c7f38707d02dfac0cc4a3a7e8e17b58c6479 |
| SHA512 | 7e622afa15c70785aaf7c19604d281efe0984f621d6599058c97c19d3c0379b2ee2e03b3a7ec597040a4eee250a782d7ec55c335274dd7db7c7ca97ddcfd378a |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\app.asar
| MD5 | 9d2b9769081059613cb3c9034ac85691 |
| SHA1 | 0dff6ab58d4e167232644c9a91a14dabe41995a8 |
| SHA256 | 3507d98e73391e43d6043f29a814050d023f6e3149d24daeddd9947e26090f46 |
| SHA512 | d281ad2bd5cdaa9b9ab14c366203c44f352610738fc7456693d4120747ef7ccd50001915073c3fce8d4923eeddbb086aa812846e7b009d2ef19393a3c9813b5c |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\hwfc.bat
| MD5 | c3c18b9b46139b0b0ffc85a529dfa998 |
| SHA1 | 5093fd99472f1010375e7b2663443fc0e76cbf95 |
| SHA256 | f94a372b77ae4e76863aa84f06886f08b0146597d487525d780a03c4bdaa22c6 |
| SHA512 | 3e506144ac7b9f8637be581a21807b37ed2aab6ee72a25ef5647033281408c2550325b67fed44a35b2f4f2e3a3000ff70be1dde87ce4ed773fc225dd510275e1 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\adm-zip.js
| MD5 | bdfd080ce2336c36b0d32debeaf902a7 |
| SHA1 | 5f02b44e6171ae1f284323cf1381035fadc0c2c0 |
| SHA256 | df672570a7e00f2e5b4fecf3da019dbce2bd0d4dd48fd70599bde7de284b7002 |
| SHA512 | 7316d88f0a1581d00454fe9e40f1f5029e5c45e416515f0bad138407a525cc6231440929d7822f6eb7e6fa517de79ad83033142cd2f1dc96382520bbbef492ae |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\LICENSE
| MD5 | 1b2c86bae496d433e02149f8854e8678 |
| SHA1 | c4a238b9a8988c9370809dbc90e9584c768f5434 |
| SHA256 | 6bb5b2d4c07d793ca928daa63a8899c6914fafb5ac3aa04ec10cae07f3d57dca |
| SHA512 | b0cf5f8924894cefb5aa98bc4c21ced662e9ebdc19af8de5af5fa70ac1f9735870e3ab52898df6e2a89da3bbd14500164d283cf0c3d050756de46606bf0f04f7 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\package.json
| MD5 | 3bfdfeb5c0a045de48ba5058fc9b3146 |
| SHA1 | 43db64e3a8c2b55006232ac27d792c1789282cbe |
| SHA256 | a49b413076c5becc6110bb89d689fb031951fbf3c6233e174b33e58ca494726a |
| SHA512 | c310689a67d5e7c41a7b24466cffea22d4d1c88be9ea39418327256d2607c020b905ef2bab38cf30a3da34dbdb55bd47de13541a7f44f4475a6dfe51a4a4488d |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\README.md
| MD5 | 28cb971006d09af9e71970186d5b8ebe |
| SHA1 | b5bbb30187940e9c4186d2974dc09868b6730eda |
| SHA256 | a9fb6e9ea2154a3a76573c817169e0bd539ae4e72dbb40368c9d0910bbe544f4 |
| SHA512 | 3b3712beff3886ed3995aef6da7155755e7c987cb83ac982879cf7e0ae889932134cb162843b64d040a5cf914610967839e8c7a3142bd4195e1ad4446bf7b967 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\zipEntry.js
| MD5 | 3a100eb5cfd76f5da2a1bcc0c761272a |
| SHA1 | acc17eb0e7c23e278f34af514bdceb9815dcc3e6 |
| SHA256 | 3538cf9f414325c661f2ad774acf320d6eabbeb053a49ce1585c6a990b0255e4 |
| SHA512 | 786e4c43c74f54e0859705e2444364a205181b23fe55f10d3d83aa9120e5e9ca8a2906a2344b7541da13d6ab4b4476ddd0ef3de3aacd830cee8cf5a3b560a2d4 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\zipFile.js
| MD5 | 807457ef9e350b63ea1a375c4dc8d261 |
| SHA1 | 54b9bbc9fe7aa9897f85ab11c088685afa5ff413 |
| SHA256 | 108207c59b107fbee6d9ed5034456f83ca14d6807948691b4f4df7f99cf29965 |
| SHA512 | e4b806eaffa454d5429729534b25229cdb2bb48b0d2afb4afb39e31fd4bacab08656d73282d7312d15f5bd54047146085df70136f56e3ec4c11c99235d3bca0b |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\headers\entryHeader.js
| MD5 | 934371cb21b6cee8419b83aa8357ff14 |
| SHA1 | 16474dcd3f1f439d307284426c004b2e29f7ae86 |
| SHA256 | 79c6167b5f5bfa0b3ea8c57c2d67e57eab0193d05b414eba2c9a12c625e3d0b7 |
| SHA512 | 864c116dceeedc8100654f01266997a9ada2b49918b560accbd4d18fd7f051a08357cb65dd1dbb796943ea67086304a66db858edd23cbc4db226819bafc33105 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\headers\index.js
| MD5 | 64bc889b89f1c8a04a698a8f74e24e5b |
| SHA1 | 68781da04cf1ebc4f03434ea5b2b65f10cca07e6 |
| SHA256 | 536e4b5bf009a3d9f6eccfbbc4157cb6de663d889e0826ea5f6e5fa17aaeb8bf |
| SHA512 | 9eb207fa61862aebd9cc5a89f85757313c7f163ea0f5a15c16250f79845b9caa1d8109bc3e634a9ed3fb0616c71aed3005ace48eff0941518c778c3063613975 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\headers\mainHeader.js
| MD5 | 8a9ea5dcd1a15e2d2c6e80708deb77b5 |
| SHA1 | 07fd2dd5b88a2956186ad16177a2586e36683c9e |
| SHA256 | 2fa88533066e07b9d8c08aac78d379bda9fcabcb4ae9fdaf55d28c31071f0a55 |
| SHA512 | 529a21a45bb354ccb7969cf4671456dc0a300c87f520bcb4e513100eef44ad4610a7a45b62d637f2983bd0212885a8af08a10686e4f69b5d93852fb9d28e58fc |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\methods\deflater.js
| MD5 | 41fd6791497f7d74ee56a7753e08da66 |
| SHA1 | bd62d07bfe703da89172fcfeaa8848d6ba5c68b4 |
| SHA256 | 6dc41b2460594cfa5136b797653c166b2f7403820a40f2fca17cca35a5de1b5f |
| SHA512 | 5f16aeb477321470986a8c9807ebf3b75e979e5fb34156028ef56f44f38c4f4d72d9d086784e9dfedeffa61f91f973b6ac7e7ba1730eebd86bb549de2dbb4761 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\methods\index.js
| MD5 | 74d54dda1e050cad9b31da325f92fb01 |
| SHA1 | 683b0412f3bdb3ae54cd809e37f456dade4d046a |
| SHA256 | d67714f1a04be942f90be77069af3ff4214aa8ee84b26edeff3a87eb0d8e2dc0 |
| SHA512 | 88ff974e69207c427ce1c9161489a275c4328ba392da65b268614fd5c66ef9feb10dafe1464dcc5873221de61bdb045dcf47092760c973ec06825158978df3e6 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\methods\inflater.js
| MD5 | c2bd839327d3c2f2f3b113484820a793 |
| SHA1 | 93f0554d43968d02625736c571a048422401ff8a |
| SHA256 | c5e4531a11385050d77a5069487b0be8e85c8e44fe6b214d68def321e74528ce |
| SHA512 | c9d57670318cb3bcdefa01366f8fa6e5a7ed54af6653a104f8a300814a46b46cd9a05da316ddfb7f7d72c8df4aa42290f77ee6ac6494299093776a0c8bf4ba46 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\methods\zipcrypto.js
| MD5 | 3b56c94c2ed7c7ac5aa472e6c9a54f5d |
| SHA1 | 79246b6644135ffc9e0b4b7a00bee0e64412c448 |
| SHA256 | 92b3b09a81764e4f012c2bafa0f36b109229ef7d97d4460989c885a169a2200b |
| SHA512 | 5fb3f79da745408375c792cd1b34fd2aa28de20fe47c8552a01146e6a4e354cb9e43b9fb10e466f5c967248417bef968d359beba09438258568b14c236a83099 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\util\constants.js
| MD5 | 9557c90a448baec12cf2cb2f97e2c5a2 |
| SHA1 | 19ece17c4aed05723601ec510ad2020fb462cf52 |
| SHA256 | 208e943a2e5faad056047f3c7991cce3cde637d8e272a564f2546210ebdf2069 |
| SHA512 | 433a683e049a8d2fa321e9cf6932c2f5075c83f1713a9d0514956310174ef2959d0c8378a039d27d0a34f321262f6cf7eee40066ca54da1b57c5483b6d00f089 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\util\errors.js
| MD5 | 2e4dc5475c47794c086bed7934746175 |
| SHA1 | ca74ae8081d2184efa87a8e6e8724926c659b3fd |
| SHA256 | e128738cd9140b44de639482cb10cbb38de1e87b8118abea1d1d3a555d375271 |
| SHA512 | 03359ef8ff2dc85573ef2a71179879b750863c3b97bd0c139fa919cfde5bf3878e15c47189245abb47b625c39b71c48da9a6e7f8a66807f2031b2fe13fa89c3f |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\util\fattr.js
| MD5 | 943088ca25b0e25de119778524c8d91c |
| SHA1 | 6cbf8576406db664ea30c0ce8085cc590a248202 |
| SHA256 | cecf4e89cd49c408dacf19894756926cb73bae801f4f44e66011826230ef1975 |
| SHA512 | 9892ad5a63788aa2e2a50927990caf7371b3432cf0a7633d6dba3d6f861d1e59eb8a43f6b5ad7127c16cdf153ad0aef1f9163d2c59af9058f427cb55c70662b0 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\util\fileSystem.js
| MD5 | 85d7973afdda48fd2333b486d4b4afaf |
| SHA1 | dd0ab76f06f12996cdb07bc8613d7f56aed7f0ac |
| SHA256 | c0e0fdf6ca6d8dd98041adc6d8674f6bb02b94145abc98f08f24f1d0e4a8b5ad |
| SHA512 | ea038e326f763da409672e4e1d87170220aa8c1fab1144a3d5f62d1a5db44f2be2c456a08ca4d1c3f776f9c5020e9573b6b146a28a74c329dd51daa961d6cbfe |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\util\index.js
| MD5 | 6eadaab125a2caf89f2e762259d16df4 |
| SHA1 | 680d2665f43dd5074b5eb34d7a22f337d39659dc |
| SHA256 | a231e422e9f88464dbaf2ca91c0b7acd141f84e475de7847538d3f53890fd274 |
| SHA512 | feb0b65be5cf28c68fcd414a4ba0d659e9298a3a029c1ddef0b5f0d4ac77a355ddb6592aa9c3808b6f40266232c244456a28d49f24700941c6505adc81086eb8 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\adm-zip\util\utils.js
| MD5 | b7a147df232c33b9733089d358e8919f |
| SHA1 | 62f476f4fd0f58d0f6affedadc39da4eed9622e0 |
| SHA256 | 476362e756eeab1eb18548732f27ed8786cea36d6c33aa27d75a74fb70b4a2e0 |
| SHA512 | e0c2641d2b2626c145fd829d48c2154431179011946898714aca55be10209c816649ae79cf0fdadf76933079c28114b2c9000ebcd557a5e324448561cbd62b72 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\axios\dist\axios.js
| MD5 | bfa54c02f00dd15aa289c6612574ba4e |
| SHA1 | 0f6a986f81a6c3fe9d1751511bfe902aaeee59e2 |
| SHA256 | c52af035caee76a6320e13ca3b7397b49b3e7c19dd2d3464052702a5395afc98 |
| SHA512 | bc73477a97905b0020809961124f77da3452e6c35d9ff367e05fb0e13a575b9740fb4e2a9ddddeed8a5f5e8e9ab968451bacf715586649c1b8a2fb45faa61e67 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\axios\dist\axios.js.map
| MD5 | c4278b4f0a062223fc5ffacc08d611a2 |
| SHA1 | 43f19892a8781bd7cd6966a09b58ccdea2f00a08 |
| SHA256 | 8883b6cec467a2607b119fcc8805e80e6852e33ee23ecd12bdad3a1aa316aadc |
| SHA512 | 86e030eaf6df292a7da5bad768c2a063ff549c3c4c284d3a33cbe0722e43e0443bc89d628b08ef64bd3b810e7855091e8068a80804277b8a122b1bc68f7a1222 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\axios\dist\axios.min.js
| MD5 | 99714d221df650b50da3b7bf97e2987d |
| SHA1 | 493b74178a63429fff2aab081b3a1ca73d362085 |
| SHA256 | 8ad11c4cb079bba93156727270f510292eedcc0716c6f21725074a59ec8b9b96 |
| SHA512 | 2520851e12838a54d14577bd6a4fc5276f1d729389c7341a09ddd783c33217a5c58ce0e1cbf60c08cf075b44c50dc90d1d651ec16fa47ef8629f8de12ad27103 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\axios\dist\axios.min.js.map
| MD5 | 3bcef563c61961a5d885343a30a7c8e5 |
| SHA1 | e48138e089ae29ebf4ccb0fb4d8d80ee6228689e |
| SHA256 | f38326abde26902252def3daced5861ecf56aac3bcc909da1cee086acd3054e4 |
| SHA512 | 4d1499b11f7c6f43bb920c2f3b6d0a639dced9384abd4182ca7d38f18532040b0e2b94084eb8550510d6f1f0beba1b79faf373328584c50649df0d123e04ba51 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\axios\dist\browser\axios.cjs
| MD5 | bb1965b9e787877a4e1c51d05a270e96 |
| SHA1 | 05f21f2cdfeb2fbd6e1acbf1f903715d14db2830 |
| SHA256 | ceda4e1f08cf9f1d571974d08dd5952eb71877415ebd73eaf89095a37e312229 |
| SHA512 | 5c69f84a857ff822ec864280f181b02e0db1b6c06260c40e86c3c762fe1ead91bf4dee0aba45ec16f7263a2fff240fcfbeb752e6a5c19e29e04c211bd9154960 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\axios\dist\browser\axios.cjs.map
| MD5 | 24791e7571e903304b4666c042e61632 |
| SHA1 | 69f8293e89a30249674a974de62e280c66bb54f0 |
| SHA256 | 71c51d2e2e9024721ca0f580593e91d6b69d279a6aa5a8d3f11c29d986ee80db |
| SHA512 | 58c7b6eaac0067e6b0e1d49db1dfbc6d997aa2471355b1b1f158f59da197048f0c262d754e2576b7dd27a666a9e70c661c549b6dcdf08dafcdfba7550e8c20f0 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\axios\dist\esm\axios.js
| MD5 | f018f2bd28f84e97bb240973256ddae0 |
| SHA1 | 5e0a341781677b053bbd5625db7084e37bffdf91 |
| SHA256 | 9455880fadf382b3e397d098fa01bc699f26a943108b9f12be3f719ad7394ef0 |
| SHA512 | 66d80632b4f24210cb1b9425a3d1837ffeda2c97d819f712f6a598468e1a1d771fb734af4dbdb89a722048b743eb8b20ca3104e1d4e945d67204de0ee4002e29 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\axios\dist\esm\axios.js.map
| MD5 | 85566134a5a1b4b22fe49718bcd8b4f5 |
| SHA1 | cb3e6c3f0aa93a122f7b0d842c337a231a5a4e28 |
| SHA256 | a3e72529bbc26d63f207f13aa528d87ab273f79b272df93f677b514528f9c865 |
| SHA512 | 64dabd21da254a16a2fc35a230373c78c90a9ed1d3604a4f1843d3a90b1d98883ad5f40f86f5b8ebb19c5fcff233f41611292bfa7e15023a23edb15ba8a1fe84 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\axios\dist\esm\axios.min.js
| MD5 | b9f1305c04d321446e4edd70a5e84ab2 |
| SHA1 | 20b5d6ecf93eeee32a3b00d9c35800f5b8f987ec |
| SHA256 | c3cc839c6fd6dae19fa094a89577cd83bc1afab2db02cdc5b5a7983d1b92a0c9 |
| SHA512 | 8d5ce9386c3e9adbfd163594c377122d94f31da7397b31b973015bddcc5f17c7f3149f9ba9f3cd1dce63779b18483ad354ac5c94b9e2cc460c012f10afe7c710 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\axios\dist\esm\axios.min.js.map
| MD5 | 76a7fc2ce89031a77f314ff860945e5f |
| SHA1 | 631348567a4b3a32170d9048f8db1610c085f949 |
| SHA256 | c5d4132ccfb080f11462370e0a636adabeac4eae1d9a7cb050e381ebad95ba9a |
| SHA512 | 9b6dc20e949ce2deda941f84c4adb7d6c80995ef455dd1a0ed3f94daae729930331d10fe25c583f8ddb1d6536d1afd4c13f7fd404d092bd394811c8d0c1dc0e3 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\axios\dist\node\axios.cjs
| MD5 | e32b6ba895a4dd454997874085cea3cb |
| SHA1 | 1630e31aec94f40c4bbc4d184dafe102412718d9 |
| SHA256 | ae1c12ee98ab5eb179d4e5f9c5e54556acbce46dd1eb963ea271914b15aa1d4f |
| SHA512 | a6d060a04373660f28764d5e5cc34082b1e1073c609f04989a884f3c49f867d37cd0f78f857436f2639fefaab4b7e519c1b9fda83442d3ee2fb47ea0945af616 |
C:\Users\Admin\AppData\Local\Temp\nsjE06.tmp\7z-out\resources\node_modules\axios\dist\node\axios.cjs.map
| MD5 | 3b2850dfb8ef1b1585fe2f64e63bf73e |
| SHA1 | 4ba677f17979a093c6b29a5048d764639d878c17 |
| SHA256 | 5f15acee4dd54e7ed80fdf667898b0ef492eccdb9b037677fdc590e85170cff9 |
| SHA512 | 8d5310c013a7ceb68321afdb6e276e6634a5d2538b9a686401e086e6ae65b0e49a1e8133c116c9807ac6c31aba98b9e79fbfae1e1e91159cfba0ba0097889cd7 |
\Users\Admin\AppData\Local\Temp\nsjE06.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240729-en
Max time kernel
119s
Max time network
125s
Command Line
Signatures
Obfuscated Files or Information: Command Obfuscation
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\resources\hwfc.bat"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoExit -encodedCommand ZgB1AG4AYwB0AGkAbwBuACAASABpAGQAZQAtAEMAbwBuAHMAbwBsAGUAVwBpAG4AZABvAHcAKAApACAAewANAAoAIAAgACQAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAQwBvAGQAZQAgAD0AIAAnAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHUAcwBlAHIAMwAyAC4AZABsAGwAIgApAF0AIABwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABiAG8AbwBsACAAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAKABJAG4AdABQAHQAcgAgAGgAVwBuAGQALAAgAGkAbgB0ACAAbgBDAG0AZABTAGgAbwB3ACkAOwAnAA0ACgAgACAAJABTAGgAbwB3AFcAaQBuAGQAbwB3AEEAcwB5AG4AYwAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAE0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAFMAaABvAHcAVwBpAG4AZABvAHcAQQBzAHkAbgBjAEMAbwBkAGUAIAAtAG4AYQBtAGUAIABXAGkAbgAzADIAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBQAGEAcwBzAFQAaAByAHUADQAKAA0ACgAgACAAJABoAHcAbgBkACAAPQAgACgARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBQAEkARAAgACQAcABpAGQAKQAuAE0AYQBpAG4AVwBpAG4AZABvAHcASABhAG4AZABsAGUADQAKACAAIABpAGYAIAAoACQAaAB3AG4AZAAgAC0AbgBlACAAWwBTAHkAcwB0AGUAbQAuAEkAbgB0AFAAdAByAF0AOgA6AFoAZQByAG8AKQAgAHsADQAKACAAIAAgACAAJABTAGgAbwB3AFcAaQBuAGQAbwB3AEEAcwB5AG4AYwA6ADoAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAKAAkAGgAdwBuAGQALAAgADAAKQANAAoAIAAgAH0AIABlAGwAcwBlACAAewANAAoAIAAgACAAIAAkAFUAbgBpAHEAdQBlAFcAaQBuAGQAbwB3AFQAaQB0AGwAZQAgAD0AIABOAGUAdwAtAEcAdQBpAGQADQAKACAAIAAgACAAJABIAG8AcwB0AC4AVQBJAC4AUgBhAHcAVQBJAC4AVwBpAG4AZABvAHcAVABpAHQAbABlACAAPQAgACQAVQBuAGkAcQB1AGUAVwBpAG4AZABvAHcAVABpAHQAbABlAA0ACgAgACAAIAAgACQAUwB0AHIAaQBuAGcAQgB1AGkAbABkAGUAcgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4AUwB0AHIAaQBuAGcAQgB1AGkAbABkAGUAcgAgADEAMAAyADQADQAKAA0ACgAgACAAIAAgACQAVABlAHIAbQBpAG4AYQBsAFAAcgBvAGMAZQBzAHMAIAA9ACAAKABHAGUAdAAtAFAAcgBvAGMAZQBzAHMAIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACAAJABfAC4ATQBhAGkAbgBXAGkAbgBkAG8AdwBUAGkAdABsAGUAIAAtAGUAcQAgACQAVQBuAGkAcQB1AGUAVwBpAG4AZABvAHcAVABpAHQAbABlACAAfQApAA0ACgAgACAAIAAgACQAaAB3AG4AZAAgAD0AIAAkAFQAZQByAG0AaQBuAGEAbABQAHIAbwBjAGUAcwBzAC4ATQBhAGkAbgBXAGkAbgBkAG8AdwBIAGEAbgBkAGwAZQANAAoAIAAgACAAIABpAGYAIAAoACQAaAB3AG4AZAAgAC0AbgBlACAAWwBTAHkAcwB0AGUAbQAuAEkAbgB0AFAAdAByAF0AOgA6AFoAZQByAG8AKQAgAHsADQAKACAAIAAgACAAIAAgACQAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAOgA6AFMAaABvAHcAVwBpAG4AZABvAHcAQQBzAHkAbgBjACgAJABoAHcAbgBkACwAIAAwACkADQAKACAAIAAgACAAfQAgAGUAbABzAGUAIAB7AA0ACgAgACAAIAAgACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAIgBGAGEAaQBsAGUAZAAgAHQAbwAgAGgAaQBkAGUAIAB0AGgAZQAgAGMAbwBuAHMAbwBsAGUAIAB3AGkAbgBkAG8AdwAuACIADQAKACAAIAAgACAAfQANAAoAIAAgAH0ADQAKAH0ADQAKAA0ACgBIAGkAZABlAC0AQwBvAG4AcwBvAGwAZQBXAGkAbgBkAG8AdwA=
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zc9fscht.cmdline"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES13A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC139.tmp"
Network
Files
memory/1804-4-0x000007FEF648E000-0x000007FEF648F000-memory.dmp
memory/1804-5-0x000000001B690000-0x000000001B972000-memory.dmp
memory/1804-6-0x0000000001D10000-0x0000000001D18000-memory.dmp
memory/1804-7-0x000007FEF61D0000-0x000007FEF6B6D000-memory.dmp
memory/1804-8-0x000007FEF61D0000-0x000007FEF6B6D000-memory.dmp
memory/1804-9-0x000007FEF61D0000-0x000007FEF6B6D000-memory.dmp
memory/1804-10-0x000007FEF61D0000-0x000007FEF6B6D000-memory.dmp
memory/1804-11-0x000007FEF61D0000-0x000007FEF6B6D000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\zc9fscht.cmdline
| MD5 | 4a19178089273cc729b3e770e4b97cfe |
| SHA1 | 945d89bd51a0cf686efb3733968b1384da371f17 |
| SHA256 | 2a86d6c376ca4e6458d5fc83975aa175e333ecfbe25486a9f3ecf00c50a214bb |
| SHA512 | 8416400d355d9b0ec69448a1c8c723464c4500410b91f9fc18b72d644668ed17f80aaafc9164a4ceac45dec7ea8db01e5c89ed1c1a57b861b680a522e12c8dab |
\??\c:\Users\Admin\AppData\Local\Temp\zc9fscht.0.cs
| MD5 | a6e80541a483188dbce2f3d843fcbe4d |
| SHA1 | a1f2e13a3314ab6a676751936c7b3b9a9fb9103e |
| SHA256 | d5b10c7f3cbb62cbf4772a7b178c578c8abaa3fe9a7420decbff18d81f08ccd9 |
| SHA512 | 6f60f86688dc256a668b6e3e8529820cf8253c47c6a1126f3097576f36b5c220f32febabce65e25dfa5b824dc2200b7ca7aca2c3bc3b8314cadb734a589b6337 |
memory/2256-17-0x000007FEF61D0000-0x000007FEF6B6D000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\CSC139.tmp
| MD5 | 886ed956c568175e69f81f6bd757e066 |
| SHA1 | b504a53e5e59e636ccc8e15b2ed74f84c2d4e43d |
| SHA256 | 74bbee61daa04a5497aa30b9a0efd0255ea71d38af358c3f7bb8f33c4527309c |
| SHA512 | 8435ec9d9c059e7c8aa3dd1afe8f3243b36f13b4aa3b3582c1411c823f39d2156246a5d790ec4330f852a6864f0338871e47e8b902f9043f7dad2850aebeceee |
C:\Users\Admin\AppData\Local\Temp\RES13A.tmp
| MD5 | 8d39379510577ea1f52b7842257fae69 |
| SHA1 | 195cd6a0ac1be57064c5875eab0d44797c80b1ee |
| SHA256 | fa59a5a45fb87904229af8ea0d0927a7ede25cee070d9902f27fa55f6c3179d5 |
| SHA512 | abbb5ad7a85240a16732125375404d2c54477b7c596dfccca8dc8f2e3eef7ac9f9f2bca51af0a384da84beb728e1cac7ec7cb9cb87703ddfcb6d549198da8852 |
memory/2256-25-0x000007FEF61D0000-0x000007FEF6B6D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zc9fscht.pdb
| MD5 | a8f663fd7d5944e4ed1804de96ae0299 |
| SHA1 | 43a7fcd0ffec781305821a6de31a4b18a01eac1c |
| SHA256 | 5fc206ad9bcf947102118dc6c44bbb071d02101592b853450eb98bb4e758ae77 |
| SHA512 | 6e85028065d609e482ec6faedea82726f8aaa7edb082c63eaece885bf507e44f7334cb5cb83d18e9edb9e49009261578eea7467e66bafebf7feebaf0d2993f12 |
memory/1804-27-0x00000000022D0000-0x00000000022D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zc9fscht.dll
| MD5 | eca620a4c38a7c7a997d50386b32c1bc |
| SHA1 | 3b52fa34068118053dc7fc64a998a0fcf6c7b160 |
| SHA256 | 252d04896c2a353472f9ab6ac607b81b65ee2bf0ffcba0c2869cb76ade991a11 |
| SHA512 | 0192129cde6606e777840363d63c7124ae331906c63f041ad74b8791ecbda50a1d698a9ab7e48e0ecdcf980ab616493d8e3358cb40075d52fbb6ab151a88e86d |
memory/1804-30-0x000007FEF61D0000-0x000007FEF6B6D000-memory.dmp
memory/1804-31-0x000007FEF648E000-0x000007FEF648F000-memory.dmp
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Obfuscated Files or Information: Command Obfuscation
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3692 wrote to memory of 2416 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| PID 3692 wrote to memory of 2416 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| PID 2416 wrote to memory of 4380 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
| PID 2416 wrote to memory of 4380 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
| PID 4380 wrote to memory of 3860 | N/A | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
| PID 4380 wrote to memory of 3860 | N/A | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\hwfc.bat"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoExit -encodedCommand ZgB1AG4AYwB0AGkAbwBuACAASABpAGQAZQAtAEMAbwBuAHMAbwBsAGUAVwBpAG4AZABvAHcAKAApACAAewANAAoAIAAgACQAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAQwBvAGQAZQAgAD0AIAAnAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHUAcwBlAHIAMwAyAC4AZABsAGwAIgApAF0AIABwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABiAG8AbwBsACAAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAKABJAG4AdABQAHQAcgAgAGgAVwBuAGQALAAgAGkAbgB0ACAAbgBDAG0AZABTAGgAbwB3ACkAOwAnAA0ACgAgACAAJABTAGgAbwB3AFcAaQBuAGQAbwB3AEEAcwB5AG4AYwAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAE0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAFMAaABvAHcAVwBpAG4AZABvAHcAQQBzAHkAbgBjAEMAbwBkAGUAIAAtAG4AYQBtAGUAIABXAGkAbgAzADIAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBQAGEAcwBzAFQAaAByAHUADQAKAA0ACgAgACAAJABoAHcAbgBkACAAPQAgACgARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBQAEkARAAgACQAcABpAGQAKQAuAE0AYQBpAG4AVwBpAG4AZABvAHcASABhAG4AZABsAGUADQAKACAAIABpAGYAIAAoACQAaAB3AG4AZAAgAC0AbgBlACAAWwBTAHkAcwB0AGUAbQAuAEkAbgB0AFAAdAByAF0AOgA6AFoAZQByAG8AKQAgAHsADQAKACAAIAAgACAAJABTAGgAbwB3AFcAaQBuAGQAbwB3AEEAcwB5AG4AYwA6ADoAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAKAAkAGgAdwBuAGQALAAgADAAKQANAAoAIAAgAH0AIABlAGwAcwBlACAAewANAAoAIAAgACAAIAAkAFUAbgBpAHEAdQBlAFcAaQBuAGQAbwB3AFQAaQB0AGwAZQAgAD0AIABOAGUAdwAtAEcAdQBpAGQADQAKACAAIAAgACAAJABIAG8AcwB0AC4AVQBJAC4AUgBhAHcAVQBJAC4AVwBpAG4AZABvAHcAVABpAHQAbABlACAAPQAgACQAVQBuAGkAcQB1AGUAVwBpAG4AZABvAHcAVABpAHQAbABlAA0ACgAgACAAIAAgACQAUwB0AHIAaQBuAGcAQgB1AGkAbABkAGUAcgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4AUwB0AHIAaQBuAGcAQgB1AGkAbABkAGUAcgAgADEAMAAyADQADQAKAA0ACgAgACAAIAAgACQAVABlAHIAbQBpAG4AYQBsAFAAcgBvAGMAZQBzAHMAIAA9ACAAKABHAGUAdAAtAFAAcgBvAGMAZQBzAHMAIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACAAJABfAC4ATQBhAGkAbgBXAGkAbgBkAG8AdwBUAGkAdABsAGUAIAAtAGUAcQAgACQAVQBuAGkAcQB1AGUAVwBpAG4AZABvAHcAVABpAHQAbABlACAAfQApAA0ACgAgACAAIAAgACQAaAB3AG4AZAAgAD0AIAAkAFQAZQByAG0AaQBuAGEAbABQAHIAbwBjAGUAcwBzAC4ATQBhAGkAbgBXAGkAbgBkAG8AdwBIAGEAbgBkAGwAZQANAAoAIAAgACAAIABpAGYAIAAoACQAaAB3AG4AZAAgAC0AbgBlACAAWwBTAHkAcwB0AGUAbQAuAEkAbgB0AFAAdAByAF0AOgA6AFoAZQByAG8AKQAgAHsADQAKACAAIAAgACAAIAAgACQAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAOgA6AFMAaABvAHcAVwBpAG4AZABvAHcAQQBzAHkAbgBjACgAJABoAHcAbgBkACwAIAAwACkADQAKACAAIAAgACAAfQAgAGUAbABzAGUAIAB7AA0ACgAgACAAIAAgACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAIgBGAGEAaQBsAGUAZAAgAHQAbwAgAGgAaQBkAGUAIAB0AGgAZQAgAGMAbwBuAHMAbwBsAGUAIAB3AGkAbgBkAG8AdwAuACIADQAKACAAIAAgACAAfQANAAoAIAAgAH0ADQAKAH0ADQAKAA0ACgBIAGkAZABlAC0AQwBvAG4AcwBvAGwAZQBXAGkAbgBkAG8AdwA=
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ktgx3ehz\ktgx3ehz.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC553.tmp" "c:\Users\Admin\AppData\Local\Temp\ktgx3ehz\CSC5E38AAB1DC9F4FF993644AF7A7AA7EBB.TMP"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
memory/2416-0-0x00007FFC7AF03000-0x00007FFC7AF05000-memory.dmp
memory/2416-1-0x000001C1CE5D0000-0x000001C1CE5F2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_t01oszut.mhm.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2416-11-0x00007FFC7AF00000-0x00007FFC7B9C1000-memory.dmp
memory/2416-12-0x00007FFC7AF00000-0x00007FFC7B9C1000-memory.dmp
memory/2416-13-0x000001C1D0A50000-0x000001C1D0A94000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\ktgx3ehz\ktgx3ehz.cmdline
| MD5 | d08c9eb20777b7dad48e7aa183ad24b0 |
| SHA1 | 73bcad50936a4cb4d20207a27047bd59e9b6ecef |
| SHA256 | 96bcc8c462961b4e729181529c3d00c279625702c1fdd62c0593a99a4db6af17 |
| SHA512 | 13c9ae391e7549763eb59be7cd845ac82e1b3ce01bbcc8567bbe07488bf4b520c2c0ae6da61611d9c8499bfc657e73cd29a4184209a61b51f577b51ed121631b |
\??\c:\Users\Admin\AppData\Local\Temp\ktgx3ehz\ktgx3ehz.0.cs
| MD5 | a6e80541a483188dbce2f3d843fcbe4d |
| SHA1 | a1f2e13a3314ab6a676751936c7b3b9a9fb9103e |
| SHA256 | d5b10c7f3cbb62cbf4772a7b178c578c8abaa3fe9a7420decbff18d81f08ccd9 |
| SHA512 | 6f60f86688dc256a668b6e3e8529820cf8253c47c6a1126f3097576f36b5c220f32febabce65e25dfa5b824dc2200b7ca7aca2c3bc3b8314cadb734a589b6337 |
\??\c:\Users\Admin\AppData\Local\Temp\ktgx3ehz\CSC5E38AAB1DC9F4FF993644AF7A7AA7EBB.TMP
| MD5 | 20c44ca0bd48364189782d998bdb6d77 |
| SHA1 | a364f64166a252aacccc90244817c82a351a62eb |
| SHA256 | f871168c6962ca71c6df4453f38ef177ee7711fd80f589c14316c49f8e98d069 |
| SHA512 | 6bbde176aef27ed990ea0c9b65710de4232dbe4f4d1d3cefa47769f9cafd9644de5b07c9e733bd42bb2c5551676713ab1ed165b5873cea1a6bcda81d26b8eb4d |
C:\Users\Admin\AppData\Local\Temp\RESC553.tmp
| MD5 | e0e4358235da2c747528be803be7edb3 |
| SHA1 | 132d598fe143df997f548bf8d560266811de57ed |
| SHA256 | e67e6b0df7f5ddae72c4d944dfdb4e99360e39430f66264cb8f9f0cd3d6b0249 |
| SHA512 | 71369fae8e41801da3eee538a0f10f9f01dcb4c56c55a90c996a7d48ad00860ad026588ce1d3feb41b0f8e463499b7a1e40a599089798ec55b3bc0472a775095 |
C:\Users\Admin\AppData\Local\Temp\ktgx3ehz\ktgx3ehz.dll
| MD5 | b517fb3dc2a120dda96a866ad2d862ac |
| SHA1 | 09c9de4f2cf9d86983071149c5fa1550ca2d8a82 |
| SHA256 | faab049647287877cd729cb3365ddad401454a4b333b04aa2af21729b5fb01af |
| SHA512 | bf621c08cf041fd8dbf796e598e7952eab2f02ef51f100822cecfabd963e06d4fed251dbcc42061218813c1932b1233c7fa99a9d4d8036ccdd0bb0825c165136 |
memory/2416-26-0x000001C1CE650000-0x000001C1CE658000-memory.dmp
memory/2416-28-0x00007FFC7AF00000-0x00007FFC7B9C1000-memory.dmp
memory/2416-29-0x00007FFC7AF00000-0x00007FFC7B9C1000-memory.dmp
memory/2416-30-0x000001C1D0D90000-0x000001C1D0E06000-memory.dmp
memory/2416-31-0x00007FFC7AF03000-0x00007FFC7AF05000-memory.dmp
memory/2416-32-0x00007FFC7AF00000-0x00007FFC7B9C1000-memory.dmp
memory/2416-33-0x00007FFC7AF00000-0x00007FFC7B9C1000-memory.dmp
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\headers\entryHeader.js
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 220
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
144s
Max time network
157s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
157s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20241010-en
Max time kernel
121s
Max time network
136s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\README.js
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\headers\mainHeader.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20240903-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\methods\deflater.js
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-13 20:23
Reported
2024-11-13 20:29
Platform
win7-20241010-en
Max time kernel
120s
Max time network
136s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\node_modules\adm-zip\methods\index.js