Malware Analysis Report

2025-04-03 19:13

Sample ID 241120-n5xwqa1lbj
Target Wave-Setup.exe
SHA256 2ad8902417ff3f3d730c8aa0127266ebf4551b07cefc43f64402c9678caef14d
Tags
execution discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2ad8902417ff3f3d730c8aa0127266ebf4551b07cefc43f64402c9678caef14d

Threat Level: Shows suspicious behavior

The file Wave-Setup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

execution discovery antivm

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks for any installed AV software in registry

Enumerates processes with tasklist

Reads CPU attributes

Checks CPU configuration

Command and Scripting Interpreter: JavaScript

Program crash

Reads runtime system information

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Command and Scripting Interpreter: JavaScript

Enumerates kernel/hardware configuration

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-20 12:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:31

Platform

win10v2004-20241007-en

Max time kernel

142s

Max time network

158s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win10v2004-20241007-en

Max time kernel

151s

Max time network

163s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\KasperskyLab C:\Windows\system32\reg.exe N/A

Checks installed software on the system

discovery

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4728 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 4728 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 4728 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2800 wrote to memory of 3192 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2800 wrote to memory of 3192 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2800 wrote to memory of 3192 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2800 wrote to memory of 4780 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2800 wrote to memory of 4780 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2800 wrote to memory of 4780 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Windows\system32\fsutil.exe
PID 4836 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Windows\system32\fsutil.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 4836 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv

C:\Windows\SysWOW64\find.exe

"C:\Windows\system32\find.exe" "Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,13180379036749878017,18247292082209197967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1824 /prefetch:2

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --field-trial-handle=2012,i,13180379036749878017,18247292082209197967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2004 /prefetch:3

C:\Windows\system32\fsutil.exe

fsutil dirty query C:

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2964,i,13180379036749878017,18247292082209197967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2960 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe

C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\en-us.json

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session

C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe

C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3888,i,13180379036749878017,18247292082209197967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3288 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 172.67.73.56:443 cdn.getwave.gg tcp
US 8.8.8.8:53 56.73.67.172.in-addr.arpa udp
US 8.8.8.8:53 scriptblox.com udp
US 104.26.11.174:443 scriptblox.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 174.11.26.104.in-addr.arpa udp
GB 23.73.139.17:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 17.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 172.67.73.56:443 cdn.getwave.gg tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 72.239.69.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Programs\Wave\chrome_100_percent.pak

MD5 cb4f128469cd84711ed1c9c02212c7a8
SHA1 8ae60303be80b74163d5c4132de4a465a1eafc52
SHA256 7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3
SHA512 0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\chrome_200_percent.pak

MD5 e9c1423fe5d139a4c88ba8b107573536
SHA1 46d3efe892044761f19844c4c4b8f9576f9ca43e
SHA256 2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa
SHA512 abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\ffmpeg.dll

MD5 9691e33909895bfb5bb0355b6f439c81
SHA1 7fca2dfcb9aca4ed92c644e8f7ceb98f87116a52
SHA256 223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7
SHA512 9ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources.pak

MD5 3a87e8d6dc2d7dab0c3c37fe4a74308d
SHA1 5ddd587a6541e034203f24ee329796dfa316656f
SHA256 61216fee0360053988d5be52ab626c89173c86da1cf0b5a697bc32944282fe14
SHA512 7ba1bc093f25cec2539fb462084cb1fc32b17841f79be95679c90f4c735772d1dbe652471e52f4be254b10e650d31e3460ebebc82d89efa6a9ef801e5d98ea6b

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\vk_swiftshader.dll

MD5 337b0322f328251f01bd0fda8948217f
SHA1 6e59fb5df7773c8668e8f18755e62b532a9071c3
SHA256 11f24457eb9af084eb845780f3fdc1989605766c2749fce6fb003dd988d5ff65
SHA512 3540b2f5df1f20b5cbb6e61caa005fe7da5d1cfbe58f639ae0c40f6a4e7a9d8786f3db4691dfee9a001a2a87ac7b0bf39b7f308c14f809874a89f86b18ff8fbc

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\vulkan-1.dll

MD5 6db4abe9370ef778e93cfc6bd6dbd292
SHA1 0d7bd9d21524780b6f8904a82c3ce09ae5d03f97
SHA256 52bf439424759a84cdcb6d379ed88582a6d6ba58127c44adf1b8379f0e88e5ec
SHA512 1ec07916d82d78243d9a144db3e947c95ca92fce1350708484c45fca2f953bb76728889b8d9a02c041849bcf005f998804d7066a90359fa180d94c237d014317

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\v8_context_snapshot.bin

MD5 a62fbbb671bf975ed46b42d9cf437bcd
SHA1 408b595b1dc6658533e0db1d35f509ab9ee70525
SHA256 a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae
SHA512 87c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\snapshot_blob.bin

MD5 62b9e00c46ed829e06d0c2494aa994af
SHA1 988882632b95bb78d80db60e4787c576e48338e4
SHA256 22a46de643045805a3e588f9a18ebaa377f9fba3dee46b2d60f3ae300a09cc4e
SHA512 03b7c57782923ca3a011fcb85f74e865bb7ff9976c89152758770be3bd3d40684ebd216fe34f0d0050936b536c8bab5eafcaa35fc26e893d30a108e36687876f

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\libGLESv2.dll

MD5 02374701c3dc3b26088763fd3cc11bc9
SHA1 84e582496c53ce139d9efd219b762ad38a50d011
SHA256 8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41
SHA512 09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\libEGL.dll

MD5 09d3bc8a5c6104d78566cd6e51c5a6a8
SHA1 d1db4f83bad27dc0caf75f77d510f2eb62dd84c4
SHA256 1307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85
SHA512 198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\LICENSES.chromium.html

MD5 ae174699b663bd90d8d06c68c6952477
SHA1 8c76eda61d320779909adc541593b8e26b24815a
SHA256 c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18
SHA512 3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\icudtl.dat

MD5 ffd67c1e24cb35dc109a24024b1ba7ec
SHA1 99f545bc396878c7a53e98a79017d9531af7c1f5
SHA256 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512 e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\af.pak

MD5 e48860fe82ef022ffab38cbc4c96dffc
SHA1 a832fa66bfddabf3ae7f219cf379f66d2903162a
SHA256 e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13
SHA512 e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\am.pak

MD5 d6e8c344b2b40a9c671304f6f252d51b
SHA1 c59ddcaad921b6d2d3f70b7ab07026c35e5d1e08
SHA256 4e15946e86a578eeff41feda808bb291d81e240fbdfc96cbe2efe692ad35eef5
SHA512 018ce2bf4beb4ce066703b2ac7413c6517759be68f889f27990de5d6694e9f84b4027f9861901ea4b15abdd1bb570e5a16651c935713feafc4d16cd57be0b911

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\ar.pak

MD5 f6ca56d15814dd5afd5e7ff985257880
SHA1 ef236d7027cb50a188c1e771527e6628702311ea
SHA256 5cc02570e5f61cbca791309985df3a29584e41583b3344f1d9fb6b04ce423e6f
SHA512 46c0436c110d6f1a8f3ebe962226c51af525228262cd56744e4d89aeb05d1eda614801a294bbfd2e08598e355750d7a2d200b3e7b594da03dd26ece4cdd31e3d

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\bg.pak

MD5 e6608ecc589e87a6f78f9ce553ec2609
SHA1 9fdb2ff6291549df773ba243b3a92b984b15bdf6
SHA256 97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768
SHA512 25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\bn.pak

MD5 57eab375114893a5ed0de36a516e8252
SHA1 16f23ab3eb62bc7a2525a7a5d86139fa88670b89
SHA256 1aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587
SHA512 895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\ca.pak

MD5 7474c8e0c3285b97f1f12792964b6824
SHA1 8b9381be0754fc3df2f4f13f8575bd4abab90e9d
SHA256 b3d5dfae25427596b1f14a8e13d6bcb58532c82554229c2367779ff5c42b28bb
SHA512 4ad524fd530bfc72d72edf04ba4890e06ca0a20cc1d5c2c3d95cda746b1d884a62ec2d4463ad7be9cd01c7529b41bef65f9e669c62719808a83d3c70f9475d43

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\cs.pak

MD5 582fde87aac61961e4f7955f16d31769
SHA1 3a8eb832317dd7e07efaaeeb5885c32b9d381622
SHA256 7d7b701ce510b2e4a18e957e500086db590aad8bf5acd37f82263a676f0b556c
SHA512 adb04ccce5471d80182f7ca73bf1a2e4ce63a4980d455837fb378bf679a0022d4ee6f9fbe148d6932fad83f458c76ac229229542092e0cb9b271c8d44639b11b

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\el.pak

MD5 34c6150acccd20c7f260b269bce06930
SHA1 277b6d2387f600c84263847d6fb2342fd4746cfb
SHA256 162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840
SHA512 58308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\de.pak

MD5 d1a513308f9de55b6c7bbeef7c4fe90b
SHA1 a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d
SHA256 662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b
SHA512 9756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\da.pak

MD5 5f8f09aa98ec3a4c8122d64c5bc6610e
SHA1 08a6dfaa3a11d8c994da90460e78ce0a4fcfb644
SHA256 3430c0f1946901dfa24190ca3989f72171ec564bc7c523853e6a1f531b61b5ee
SHA512 9c643eb6415cad6aca0584d62211aed5ed21a0f8d71ac4f692bd420a4a190a9781add7c874d0f56bb5c1c0f65d543d932d0f50caf127e8d014c05d015ae61ca3

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\gu.pak

MD5 e884bbc8ded4f5f059211fbbb85ed351
SHA1 8f4ecb45ca73902791ff5e56e0b272252c08508e
SHA256 087e99953eef9b5fd736e3dbd98d702fdb01dc614593a4c575cb619159688118
SHA512 50837daec40a2624097cf36dfd7beebba4db748fd9cc470bf71b526e612c1aa6c88ead7511ba751e370f6f5d28ad9d6338dcb3581d7e3d53e2672741915b952f

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\fr.pak

MD5 79d945ef9b8ebc7d39fd03d05d9b2f27
SHA1 6fbcb748515f97056689d4a747e4df3a830fe049
SHA256 1f6cc56e04bcbd6b6ecbe500bcb0a5702551ec80d79e624642d0c7d9758d4424
SHA512 f1a26715ad9399052b664c71fb60b6eb6f965fa80d6d8d6c47e0b96ad0d4a4d2028c3e19dad49e008bbc29edc24e656777ce073da008d3f4dfdee4c8f2212a07

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\fil.pak

MD5 c744b92c8feff1c026034f214da59aca
SHA1 95780d3374841efdbc0d8a46cddc46bb860a26e0
SHA256 d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745
SHA512 eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\hu.pak

MD5 2515bb367f56f282657b3dd3b9ffcbc3
SHA1 8cc350e359f1cfefdf0ce3b016109dd483d45a8e
SHA256 b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a
SHA512 779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\hr.pak

MD5 1973723b9c45b9d971c97229e7a441cb
SHA1 2bfa4922bf2084486681af45cd7f7dedf95b2d66
SHA256 afed35643df24709c8c5cc9b8158b3d9a2266fbfeed132e98ff254ced4086c5f
SHA512 6a1f35435b01ab187cd93b376b76444dff575284632fbf37bf8b08e6cfe7783f985d0fad2425df3d3c332aad2278971412455a748e83c2d6fabd0f6afc3dc292

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\hi.pak

MD5 66ab509000cac52c805d6871ca6c1f25
SHA1 e3d3e7bacbcfaa7538ca89d9d26218eca06c01f1
SHA256 9c6d8d93278a6e375405142df9829adefbcc8ae9797a4f589591b9784b2b71c8
SHA512 356642a19f044c6e192f658ca2bf8764431129cdf7c9891b5b5bf4e99f6b990a1428c1e483487b619865e7f2d31cb5c9bbb3b49ed25fa81c4374de3e8e65519b

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\he.pak

MD5 ad6af80367f0b5d408bbe2c7b32ade48
SHA1 9dd4e4e5a63e50e9d3715667b8149edd8d07a52c
SHA256 20b1c80f8b2bd5130a1fb372814fb9c9ceac15305da3da0cb29923960a94a934
SHA512 95df5ce7f7885d0e72b2d89e1794a3796a1ab407fb27174219db22c668f74a8c3ba1f680cbf990be533c35ca0b2136b1917c0cb92d4556e3ff2ef3447c55efbf

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\fi.pak

MD5 6d7aaddb1365b3efee94d4c510a3002e
SHA1 2a970204894c5ac163c980ec0fac2dbd1711e5b5
SHA256 11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274
SHA512 f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\fa.pak

MD5 7851efacda8438c041c9a511f4097de2
SHA1 64cba381a17ef0ffae2dff5135d57fd1f9300ab1
SHA256 f1a7351bf0d8cad475d2761b9edf970c3098836e38aa98106a5e04a41002b7c8
SHA512 d94fb1d04630cc292296ad6033c6beed1a00dcd4c11eaca04a7eacb50c238269b21e4d2a4002836f4d41e0f6d951624beefc95beaae23530eccded4569ff1869

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\et.pak

MD5 3cad945e9ae6e31cfe66c89365e5d353
SHA1 43758cb523d60d936b9a417123f337b8e123481c
SHA256 ba4ec85d2306a1f1f178a017fef4d340b77b33e10bbee07bd359a8e0ff8ea461
SHA512 ac07e7f72b670a2e8b7a46a672fefedc58d9384d4773a6f220c231c619c1134613ff68c0ccb0dc9e03eb5f47dea7ac57de318af5f3f242d6be7ae43071e2d947

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\es.pak

MD5 f90d43351ffdc63bcef25bf634c1fd35
SHA1 f80df8034cb64df1ef62e586891275a74868ab6c
SHA256 0385e6776de5a0d8a3b30b7bad44308ac4cb04e2bcebd573d3c7938b68036573
SHA512 7bfa70a5de14652063d261c28ffd3df89ea5e38877cc7977ab27f7280c48084a4ab1e5bdad0c2f624a7434a5d975feb9d8d221c010e24963d3c42921f5a36e65

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\es-419.pak

MD5 15d1e262602e54d76de8bac02dada000
SHA1 54e93995675bcebc595befaed6b73c9ff5e6e735
SHA256 ec922f8ca16b7e7642fc73369ba7b75ec950cafb1dcadc6c88426c034382d483
SHA512 a232eb97021f17fde322697db2c00423cd70e9741772912c5f7a41849b35dcf3e2fe84001ff0a7902b2b54305d1f805f53988e421e192be0d5abd157bf8b5f1f

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\en-US.pak

MD5 5c52a86b21633b55b383c20f16859b2f
SHA1 126585e68cb17f241351004e21c1d30e65de1cf6
SHA256 41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078
SHA512 2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\ms.pak

MD5 9fb7c18f376b46b254ef9a960e08655f
SHA1 31cb060fc606d011151f1b5464e2a469372113a2
SHA256 2f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2
SHA512 23ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\nb.pak

MD5 de04250ff403e9af66a1351598d2a64d
SHA1 4b7a5a2bf48d988f95aac6e85b11a8c2b2fd007e
SHA256 887a0278971d6ba61e2f24c62029a3087a46c4962c4357412c28ede12ed6da15
SHA512 71527c025205bbcd63351283b7b123d8807c05bc68f2f7555f10386e330e052d031b9986ae2c1f0398bd174e67962657e0b8d4a57a07d167c233390a4e6c5556

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\mr.pak

MD5 649e76b6666096a2258b942745ff9fe1
SHA1 82edf8ca68dff0caa36b17901c1e12a17172fa51
SHA256 039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4
SHA512 92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\ml.pak

MD5 39d4a5ed8cf7c8e0df946220fbfc0f68
SHA1 70794849b41d00f2b895f1211a6baaae3fa7d261
SHA256 87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6
SHA512 ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\lv.pak

MD5 a999e734f9addcf07c080f9861c3c170
SHA1 522bb12a0cd4e5232570001684aed84f421abcd0
SHA256 33fdf706f6d3f06b485c5115a7c73a571296dac41c582fc9d0dbb371d86e8653
SHA512 ecb92c4ddf7b252a3216059e63b387c6847f6eccde532c300b74e6b04ab56da0208c2ecbd00ab1d5e48acced909db74b1aabf88e34d0d5928b89320f45200dc8

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\lt.pak

MD5 20906aec4a21bcbb8bc8bab067075ba6
SHA1 369da9c1567d4376852cebdb87cd9213dc4bd321
SHA256 a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58
SHA512 8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\ko.pak

MD5 965ac0d213ccdfd83ac4970de23a8f11
SHA1 8326841ab80c40a7ca8b13589a3f5ff54fc15827
SHA256 3fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07
SHA512 5eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\kn.pak

MD5 a11d186b8eec7362a280abec3859107f
SHA1 966065cc6f69c3a222751d2191a0efeb6049cbdd
SHA256 a6ecf1dfe4d99f6ba0926c696b5b23b77d234fa8fd03da9825b074ecc640d508
SHA512 099e73977453a5dca329b1d8a8cbc612dd2739bb3db034b7509af35877ede6ee12450875302ff3f9351fc7096b60be1b2d8ccbec89ace3145eb264f25946d46c

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\ja.pak

MD5 412bef3ec11f53c2aa6511ca139b1f35
SHA1 8b42655c2b62edc13c61a4625f55c961cefd1c49
SHA256 c5692ca739c31569ae2431fd58f1028e6c8c01af278b76656ee0bb65b79e9985
SHA512 85760c2a0dd4404a2d41f0d957c9cf8962d6b80389df838cd2d85b6a31a54f4e50c5f19ee73d2ee66e3e61a8809aeb5b493e7170aceeef9bda53e135ae02bc42

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\it.pak

MD5 591113bc491e5c388ee3876de4aab3a1
SHA1 a63c2a18eb92fd03445bd237a5755d557e1cb593
SHA256 33652aae78a486dc3ce4e5affd1b7f72e1248f6f9f3e62188afe3b5d73bd148e
SHA512 66f1e79c9bf179f19942352258181858268a991b42d4a79747ca580df3fa219c2be71ab6597cec4ba7bd4c691a5e1328aa03a565b3eef442c6e2216f0d82653c

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\id.pak

MD5 91bad2312491410c7f0393be512b895f
SHA1 6e4e9cc985c5b96eaaad91787f8bb7f72cddb604
SHA256 a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059
SHA512 5c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\en-GB.pak

MD5 56bdf77ab3487e28d354a8b0f9ba8d2e
SHA1 b10ee918320a50a417b1ee6a28cd4b05a5f77238
SHA256 7df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb
SHA512 8d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\th.pak

MD5 879a881174501e22c3de65b9f80bc19b
SHA1 a2e020d5ed1be7dee50a495a2f8581e751cbf735
SHA256 647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d
SHA512 b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\zh-CN.pak

MD5 3fe312d9859b299c3a332373172c33f8
SHA1 ce6a99d79dcfc363bcf68bdb1ddd4e6862236020
SHA256 f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b
SHA512 488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app-update.yml

MD5 4dd45d9de32f1a1a9aaae5d05314e29c
SHA1 80e458fe95becbdbdc82b1c06c92ae4f3781f497
SHA256 f2063da30e10724592fa8e42767f066c34520c4fc8302b6647a1d2a0a039d71f
SHA512 f5b0ade03d39d867ba3d7db972f999b92696beab9c20d1eb0440d3a0aaf66fc6459f0d6100f3ee8d9dbaacb5d6d78b8d3e0f8abcef8dd76f05719b7f896a7c40

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\zh-TW.pak

MD5 e302e1102f3f5a21860f38f41b3c30f8
SHA1 78b5d1c451cf674a7641dfcc815f966fc920cf57
SHA256 d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b
SHA512 1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\vi.pak

MD5 565abf3f9b296fcff95fa5b169a7d598
SHA1 24de1221b2adec13b5bcc23c4a54b8e987e9f12e
SHA256 fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257
SHA512 53bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\ur.pak

MD5 fb978b7d211112a0774ce09ca54ca96f
SHA1 fb0c69801230437dcd20e3803db81ee60fc042b0
SHA256 60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a
SHA512 abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\uk.pak

MD5 241fc33569b22647e7d2c4189a8ee7bf
SHA1 f56a73cc81b1e96560b74ee5e73d7af792720ada
SHA256 13e40208e2c9f4f4b83dcf422610dc82314a8f99ba50acdbd286c508f92eb232
SHA512 ad16f84482f0c7c3d3c3fb98caa3dbd0048138f361aa6eba2b6338ff6e25da4c3ab39450354f2a86a53d655cad99e92fab2c030b5771d7e6a25190617f1a9385

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\tr.pak

MD5 414b557adfe76e3564d43cb93f513c5a
SHA1 f775095f7c55e834a777c7f25fdfb81f1e63ca08
SHA256 f58ed19be62706fb4fd797a6bfd3af5c6ad4b39aef994a577cd28968fcac0291
SHA512 8b1be522ef23888d46c13888a18229f4c9cb6e1c6e6730cca79d9b13d71eb86ecd3d0c172ade6f70ff63a7fb5242e4de7d9742b93376669d13c77de0cb622f94

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\te.pak

MD5 3a71904057869c23d1bc108f1e8d0d31
SHA1 6fb6e60c80bc332a2bb66d02a1e3db69961a9c41
SHA256 8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e
SHA512 7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\ta.pak

MD5 52ee28471f2f9d01ef3f57233496554b
SHA1 abd7dd9989fac90636626a41f007eb6aa5ec7a2e
SHA256 1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242
SHA512 af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\sw.pak

MD5 be2bc09130635406f560b95e789f9a81
SHA1 f189cd6eb6c844e2d96ffaeda66fe4d5f1453130
SHA256 f0fccf2e3ad332846736d816e254028569f5f84918573872442987a8bc9bba58
SHA512 f651ea959066a5966f35493788b9833597dff653f649a5bc8b09a8ed748bcf086bd0586a36e1f4ecddd361d04774253e21d67801760d0988f3e17f0c6e1121cd

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\sv.pak

MD5 819b5e4f2b7734ea4677f6d579d72f84
SHA1 aff3048d8e35fabf68a756513b67efedba59f85b
SHA256 105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e
SHA512 3e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\sr.pak

MD5 eb8ec452c7079ef7dc24bc7975513ed9
SHA1 4787250292b8f2040c7ec0b265f60edcfd1ffcd6
SHA256 4cea4c83b5e887463dadbf470a9953b8175149f31fd07b83406a6fc59acfde41
SHA512 3ab2eafd3f09627efed8263cc2d59d5780b6a856a6d1299be511bbb5c1350fa05f98b0e77c53c3707ada17e7e44b8801b191802e2cf5129548e279703983a8ba

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\sl.pak

MD5 6c71fa576a41711dcb351abf92a65ea4
SHA1 a0281f6b9dc363628e7d6045f7dc2904149c9dad
SHA256 458b15bf249c1e6fe9843725c42443274ef6e09dcb15f5288c916c0561aefc47
SHA512 258e49b51ee65bf508d05a5b3286a8937d3a876a876635b59b97752c5171e89458b9d23d9d7178153aa16b6fc908cc011a8e855c6d3a0152c919b40349cdf4fc

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\sk.pak

MD5 5d41e75bf42cb12d7674986f4e5dcba4
SHA1 7c3375226997e3f69e3c9a3a5ed762ec40d24973
SHA256 89f984a67cea3997c704005fbfbacd3f6f5652248626945c2ab1c3bcf24e6623
SHA512 a2b91c888ea3dc2e618bf8faf7ac9f0fe562ff16c85d03afac0778ed671b1868a665b892aeb2d588e7f5bf32a7eba57b75e2e15f2c51fc9264e0db2f95d804d0

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\ru.pak

MD5 46fb61aa9515e97293969683fc330764
SHA1 5bcc41716976eefb65870ba2a2b230238f7e53d3
SHA256 4babe5f20caafca33867ee263aa9dd55ed271704a062e4372fdd133eb359a558
SHA512 c3acfc1c902c651e5fc0501a7a77358cbb99daa020597f7f6be9fc81ee53509dcb0d63c6bbc5ae308c88d95dace7099f024d698b6f364dc7db4ae2a7660e5b31

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\ro.pak

MD5 cfd7cb2444248216e12193689ba56c10
SHA1 0a9d65fdbc68688bf1624a8c98fd42673961e0d2
SHA256 655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9
SHA512 7ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\pt-PT.pak

MD5 03138b2e4fb822b03713f6c4f0fc67cf
SHA1 8f6f6585743676177eaff5a582d18691e3386bbc
SHA256 02ea290fac25b414a1d4ed78cdc159cf6c73fe5350824c2f36f032e426a23364
SHA512 b000f1b8fc952849d1ada21aab665cbb97989fc28e892a75077ae9a24c4ef1d15b7d5cf1c5aca89d27d40a01c64f343a08f790049249fcfed43a1a430b4fef9b

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\pt-BR.pak

MD5 b4183914f46fd63a7bd32d715b8629f5
SHA1 d0295b556e55a74e357f932473f9dd2bb1cd2f51
SHA256 5ff219be32f9178fee40e8966ac5deff2be1f2ff259a66cb9cdce81c2e90a7e8
SHA512 3bcd37cc49a827c03fb5b3a97a5eeb863ebb6f071fb2af697ebfc4f57dda676227533cc6a2fdb00505cb2395aae685dae087970ce13af113260d856b845a985a

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\pl.pak

MD5 8d4db26e2ee5181afdfdd513053f3c17
SHA1 0da427a085927a5c02d2a67c424ea99cbf5e6b02
SHA256 f2a7dcb69a433c2a898866c555b82c26e3515c089f500e7748b9b11ec3047786
SHA512 bf441f501d746f1fd996c21e5e2cde643b9031bf58bac31474e68a72ea6993447f8bfad3284351bffc94d6a088e183e0b24d109398d65dac0edee8826076ee21

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\locales\nl.pak

MD5 d59fed8986eee2b9d406ad52d88cbcf5
SHA1 f7e409e17723e21174361bc81e54bcef269f40f7
SHA256 619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e
SHA512 234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\@next\swc-win32-x64-msvc\package.json

MD5 704b387859cdf10e134ba4c181773747
SHA1 626f9cd6f668b8f310a4c11f331b96cb4289e44b
SHA256 f6b59292c52960efe68cc3813a78bc505d80cae11d632006770059380173cd53
SHA512 5416f7ac6d243bd04f32d5a776b596b94db1858cbf904357d8eb4733a22ddc94bcfbc116437e86799ccf402493212117f65289308f4ae16f3d39083693f9ae66

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\jsconfig.json

MD5 21cfa078a36c66a3d1f4f2caf729fd56
SHA1 8849b6bf237cf4464a4628f0c2e163e866dead8f
SHA256 87cd1d700216892ba7d388d04f42e373e1abda0b5d407c54a60e67b5dde48ab2
SHA512 92f7960fe79d8e5813372d7a7833bf883c3dce6eddb083302314a2d9ff52d800178f8ddcbf071c169267b346dfbc5d59b1dc0f95a70671bd63453e56e18846d7

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\LICENSE

MD5 9b54883148dfd5ff6b9f1a23f9470a30
SHA1 f062e421fa2d8f722e9ccb2b0b4be9502a7386ad
SHA256 0fa6b5d2902f7ac42db390dfd2cb3b4ce82ed45cb5ad5dea41c11d1d67e0934d
SHA512 d2af503c12f0fda687293452af39f98f5c3987eb8a57cf12c47da5aed67c761349e5186c15371a96f5d490c140e8dd0d5e8bd6a6164139dde0562d6ee46db90b

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\.prettierrc.json

MD5 e502800d651a7ef3ff58d918c68aa81a
SHA1 c3b456549821510c5729648bfd93886491df1db8
SHA256 37055c98043228133ffcc5cad7bba5ef6c8f24698a551cae547b90f51d22e519
SHA512 9892bb44616c6c2761027562371e5c72a355ce1b519072ce5733ea1d4971ffb8c9b3e83f935a18120e0702aae644d07274ad4b09214459fc13679a8ed6051e7c

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\package.json

MD5 d973ee4a6969bc5e14e93d99d4680c16
SHA1 22ad20391ccb50fb6343931a1312751b2f7e049f
SHA256 f0051785c8178f10c2b5ebe86edd6949eb9db7b293d9abbb51a857f7e62500aa
SHA512 2f8c64f04b3fe023d296899b16f6596f42cd69c1b8230c5bee561c18af6bbf44697966b45b50d718eff75cbffab37054a6de7b57bebc16b2d85a5a0e307dfa9d

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\nodemon.js

MD5 30894042a167528293c057f833e7b6f2
SHA1 ec993fedf1f1a22c77b985c72d8b0074811ea680
SHA256 9bb0e59dfd1cc00fc40bed0ccf10d88414d915d79875b9dee5c1d5009f4e89cf
SHA512 2b544b29e44e0471a9da5474209bc15cb81a44a38448a74a7a67f4ed3ca7d1926cef4b2b13d3269fb785a468d00f1cfc042d2a7d6b4d563725da65028e2df15f

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

MD5 de5ecb14c8a2212beb309284b5a62aae
SHA1 cf89d1cbd52f3183590b33bd6be591f95a6f5291
SHA256 d35c0d3af8f66984b1ead5cb56744049c1d71ef0791383250ad1086c0e21f865
SHA512 fea8a49538f5fd4cb8c262c1619f9f8e906edeef7d3c791bd3b85f032a0499aa5f18b4370a00e1f4dab9698e1958b042cab467103598f1bdaa583eb1fb918c07

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\authors.txt

MD5 b5c019895f49ad741cd49e6291aad090
SHA1 03567a03c8346dd89516e2e03957bb674af91408
SHA256 e1e0dfdaaed1f025c106731aff67d664b849635cc6cd3b9b08674db8dbcbc5e7
SHA512 ff13c9416d29d9a3fe636e14fd63e5424129a6e72366c06b1bae3c5a06f60cbbf3520d868c492d472450e35e547881be93955b29eed63e66979592da576f8bef

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\config.txt

MD5 73ea33e660552d101eca031a0baf6be3
SHA1 3d3384db49a197a8a616a274598bc18a25ade114
SHA256 032c4ca3b1814a39579d7a0a00154a3772d89aece9884d135fdef782f36e27c1
SHA512 c7b9a4bf4de7d13bb45b4db857511cb411a7927ee4db759af263905e01cfda8d95477d2e2d6ad6c51c9f301710e20ef64b54a4d15082f5054680da9cfbca1146

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\help.txt

MD5 0034cf996f84911ff0646b717ae47ee4
SHA1 5aeef8ef12d8023fe208c0492174a960e57c643e
SHA256 d98c56a3cb9643b399fa04c422da35204dc91cd869c47019e9783fb4f7289adc
SHA512 b1f174300ee58e16676ee8ccfae4e48794ed5412d89e0cc0d8a134ec055dfbdb596d0ab43ab376f46adbf76cf970210455bf46ed666839d69357d0ded8c057af

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\logo.txt

MD5 f55be3331bb0e69fc47994610da41ada
SHA1 d8415b399bd3853ef658a5f2057812404598b5c2
SHA256 cb0c73fe1bc7676104d6a92ca91250cd562b7f37a564edc260de01a3fc636b6d
SHA512 505d427c6d0add618e0c54f8079e4303fee73e0ccd9c4edfa67b44660ce5d5deab4fac09601002f73cfd00f445640a69ce9fe9a39b8a0f3039b200f5bff058e7

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\whoami.txt

MD5 5a53b8ff8c3670ff035f6490a24a0789
SHA1 e079a16d67475a83eea085058af0cd704da97393
SHA256 4e7d19dfe1603ca93a0421b1abd4b19cfa5324ef458ff549809c5e66a2efc596
SHA512 e906ef44ff0273e4df3397ba719c173c87a9919b7f9d2580e2c3354fba22f69b0c0a020eb049d276934dbc66f497b279d15c135fa0e12e04acd39802fc5dfefe

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\version.js

MD5 7232bc938db18583ac3447bebc844430
SHA1 55051c267076fa3bd3764864ee77d4c41c4b3233
SHA256 5071083e2e09969b2741a46cdedbbfcb2608fa35c1d1237e3bcf134749fb5ecd
SHA512 9167690b0ad72c815c3d8c7227ba8d3574acbab95236de0ddea28c73f6a2899dd700ef9083b06d2badad19c21659a93ab101ecc439a42292d2540ed8c2ff3c5e

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

MD5 3379b8830f56cd13355114f157e57857
SHA1 cec1a9f2c8ca7f666cb4efc2f3eb99317ea59602
SHA256 7329c732d39f8e884c0ec197e1133c536545bf4137417e6d664bbec962990e29
SHA512 0690be21833aa598da0d7d20312ee8a2e2ecaf164981c94c3bb12036cea40a206e1b25e839209db78419d6262ae87e29a5c94f583ddd9b45e05bc5a107842d22

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

MD5 efcab0a70d5e71fb513734cf92f2a201
SHA1 aa55660d5d6a38e2ea632d4de0640ad2b1b7fc5a
SHA256 fcd713c63326ff75fc44afdcbd2bf63991c3c76169a26a2646defab46ce24155
SHA512 260a468807d297c2fe85ce8341ae10be64a7833a8249f2932c6a93e6ade07438ca4bd26222326a1b0e3203ba0c80a6a6fb78e90015b667feda8f68538e1011ad

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\match.js

MD5 65475ff22153cb7e1cdcd5322341c398
SHA1 c026de2f4276472496755344bea58e11e6b38748
SHA256 d09e469209e55541c8c67fa7ab25b7d4e051ce26d36f737c6264d4ade4b26d63
SHA512 8010e71be183c4b1a02ced648f083be4c8e4be9ac474e1405d91d9925887b00fed0aa07d15b994846417a48ebf768c5402f5d0b004cf9107cb44149bac3da655

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\watch.js

MD5 a0bccf8a21d0c4332643a758c666f725
SHA1 1aa6968e927afd86a3f056126f31d2eb6420573f
SHA256 efb0a3f37d9a6279614b29fdbca3f29c1a6d47f2d26067be1c86bb56fbaefcf1
SHA512 bf4dc9c5b4f3b0a01ca161feee0ed13e6f1db24b0a64bbf01b325d0a2788380516da7da7654ee983818f3e0684983302242fe790bbb384dcc126ac4c394c41b8

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\signals.js

MD5 0b71010f098a8cbf8ea47a83a699693a
SHA1 456a713c6a78b49bbf6d613ff9cfc4bc9f01f589
SHA256 5c16e2e5f7101eea3f13c19da7c7a9e6fa02f7d1098b170e71f07d14f915e394
SHA512 95a382907ac465d95db0cc41055038e839ed9164d4010003c08e6ba4456c19b50158c908b8d287eea09a153e38fdcc7f9a8c0052f35eb069243628e0968750fb

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\run.js

MD5 47603d83844b08ba9fc39ac940d78f50
SHA1 4b8dfa2ec30dbd1146a9908b10c858ecbd73521a
SHA256 d93e994fddfcf6c7683976452a3d877a51e68f56ce2a49b821240c93cca86d13
SHA512 52f33cfc03dda936f4641f1ef8b3f14659247053a701b8990f0713742fb90016ba5d51d1e1f44fde84dd883c92166e77e908d586c527858bd3c0a416b9c9d256

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\index.js

MD5 532b43e5038c9f6a6d65d40ca44375f0
SHA1 c7fa3f4fbab77df0eee87d08d428cc06d18faf76
SHA256 cc16aeb163da6cc7746bf5ced2d11f1436e458c7ee803241e9a9fa1d107450fd
SHA512 809479d0b075c9bcb3eef6670cdd652a6caf39ec7f93f1d7dde0eee8a792d518238cfa9f78a2ec1a11ebbfeb00d2a117d25b198718af668c7f356bc3f93ebc1c

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\help\index.js

MD5 e47db45cd167c663151a07e6a3396427
SHA1 f3002a966b346ef937a47576d754787e4bddabff
SHA256 1c1678d18dc75f67bbfae8c92836543af6990bce6b1cf1ad3acfb52285dac393
SHA512 3f8e10d09fcb527e1c1753d50c9bcef2b8fb70586f34e600c0d60ed27a295f077f380e1df2fdadc78b0d468a54f32a5351fb5c4cb638e3012c96358094d31dea

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\parse.js

MD5 078e15305c8688746d2e6933d291babf
SHA1 80f0b4201c45af197cae63c9d93a88525cd5c5d3
SHA256 9259995d8e1ca1737ff36cf4f97c80e55d812726ec4ead43b6c0829ce9679df9
SHA512 83ea7a6d31845542cf03f4b27be92087e417ba5f995ec740824440ddf92932d3623576b7a1022ade20deeff2f1741d617e32dfeda52efb5fb85e9be28de27df6

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\index.js

MD5 0691f1f2acabdb82da7d67e05479ca5a
SHA1 dcff01be935756a732591d61fab8e64e530ddeee
SHA256 3e64a2a35a97e41ff8c073299f07c3754d99b0a6e7d42faef7dc02d61d67757f
SHA512 85ac8207410deba52d3b58fcf30e468ee46b1073544b61376b4b015e588a52973fefa192a027bfe8019b6cfedefc3c4c1cb4fb0ee88e7c2ef88da1c7ed0f9eb0

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\add.js

MD5 4739ea852e85157f1ab60544ea5ce663
SHA1 d83c88f7f8bd7ec5d1b36f86009ac7eba9ca1bbb
SHA256 3cc60361f99b1080c66fce4d6ea0390a38c2a49e821e7f21dc43ed2fafa31277
SHA512 780001095f33fe4a18fa06c3311f3505949dfa762da5f1c0c6665b5501190b6e6c45eb69633c99e02b8b59d01813abfce2baa611509f2a0e65364ccf71965bc6

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

MD5 ac3af2f96d2e824bc37e36e30cb35cad
SHA1 d04e50eb9464ee715a940819ac7af1b612884bb4
SHA256 be155df5dbc29c88c67c936f2840d2bb3abd09981fdb6db6480d54beeb27e9fe
SHA512 060bc19e10d8b9cd959869866b4ac5e0739edd72ca1e61a230a5f3c735feda6fb75ae7a8ea13349013082bedbcd40e30219ca09ccfaad43571059a765bcaee8c

C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

MD5 63db540f7184a372ac611fc3d7f21136
SHA1 0b3a8e70600a6705297a532849b7470c34f8c19e
SHA256 93b9bbbc19e6f0456185d7c9e9ce11e994f41c01e46067959c5168bd345b0313
SHA512 1f56bbc4856fbefd21f6de0738712157b91f1388a71a957c37444b617ee161885822b21fcf4e7efe14d5af54b9706d8181acbb286dbd7525c91a56b53dc391be

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

MD5 2e6f9c975170db8136c9ca5c5ecf2a0c
SHA1 404a2c64977cae3407aa138c23a2f841546f713d
SHA256 2b577f3fd8e3d03d64c1ee07ef13db89df04d0a9cf7b69ebf2c17041f7251104
SHA512 15bfa9fad522ddc043383704cac725c8cc2b4565708b891e9e03d889237cd528ee4d347e54a983c801550856c2d1ac1269dcc127edfa6d63bf3d2aa0a19eb358

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

MD5 90c1aa9f031e818373c2f2f7ed6b9dbe
SHA1 b6476cdfa45ab967436ba9bb32aac1d65e531a9f
SHA256 50f10478098f06b77a58b351a93bb8fe7a7572bfbfb3e6f0bf668460865da3a7
SHA512 4ee766da766530bb372d8e04b058edd6b28ca5d77f603b175336e9b5e8f5c677e77e0ea4afc07a642c07c48e0c209716dbd9cef4f6ab97864a9ea51af2b49bbc

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\spawn.js

MD5 ad2e1e41a1aaf8c0d0b622a27bc6bf9e
SHA1 139625411959345da513904bcb7d73d7c312b63d
SHA256 7804d7450f305b9142af45967be5c96f52be8350dba2a403f4bf79d5e092bc60
SHA512 e43ecd8af261ad4cbed89f549c18c18df9cfae6338c0719c1e5c06361c6cee4598d080ee32dfda56cc742e23fad5db56a842ef8511d9d5e2c28b7f7eb4eac091

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

MD5 05d07534c94e2d589bcc02e96e1b9503
SHA1 3c3712ecff74a1099c4d65e4eefd9cf2e38f1119
SHA256 5c5b008f28d9aa1d6f8c30a30de037b95b50141a20ad0f029d0d79bcd75caa4d
SHA512 7c7526f2b4e685cc7e20689ebe5abf7630b738d2d15ab7b5e94765e0e6f221492e9e029f715f5b3ac156d3d11ffd907e070d2d7f968b5f5fb401aa9c7ec84ea5

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\nodemon.js

MD5 392a1c2f9f7dec3e4f64bb738f21785d
SHA1 02d0364639bbc6483d727e5e24e6c6b39c8f0ae2
SHA256 3bb0b111682da4977e265b0bc746cd57191e294e0c25bf667f129771897dace4
SHA512 48b0517f41013b024dd5a674b88a9e53590113f664482b0420236babb9ecbf0428c40c9f708b204bcb1f2d59789ef6383641eb8efcc7a7ac506d4345c78358d6

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\index.js

MD5 5250f6ffce08844c0f9f139fd707243c
SHA1 b5646886daa1c00461042d1a35c1a83675f8c8ed
SHA256 95111d84575ab36b697d760e130d722daea3d322cf56612f2ae67c7b3e8cef19
SHA512 49dc989edab7b4ce7477bbc5c678e1b1f4aca0f77e0ad6323d3c251164ed28b59f4d18d5b0280d53108b93e133eb2dab5469093ecbb2f1fe2bb32b758f59e729

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\usage.txt

MD5 1448d12c8524497e0abecc6089aa5a99
SHA1 183f63e7726b128a36e247e6bb506ced31272e49
SHA256 844e2d826c59dbd72ad383fe8a23b24373d83e9b184b437f7f04c42487cd5759
SHA512 e14e41721ee4bba6deeedcc5786a113042cd595024eb411ea7d874f282547c5943dbdf1eb7674d752ebbac16ac4e1c98149b957ed5cf3623e85a561a42354e45

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\topics.txt

MD5 57a5e0be8307585fffdbe867f0d047da
SHA1 0185976215d973431c6810571b21d6804bf64632
SHA256 5f8f41620ccdc1d7298df4ab786abc7edcf049fa7e06fc69bb26b38cbd453643
SHA512 4c05c95f21225be793051bf799255f6e021145e17ca384697877aa9dad66303d8bdb6e47751433eaf17b22dc766758cb799034a34e1e7851a8328a95b6784273

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\options.txt

MD5 016f8e569786ff8f5f6c321a735e2323
SHA1 b7a7a46bf03f4564d6e47fa55a4fc6b9be1e39fc
SHA256 3c8ec4fa239f82b2b9f427925ac2f75af2af9147eaecc706b1990540b95ae94b
SHA512 6b8372648371ea46ac98dc49ec93cb2efb9cc81f75e8ee7a5e1f0a01b7bf209ca92e07649c22630722370b1f254e956ea7ffe4be68d0f9ef419766f90dc80fe7

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\bus.js

MD5 e469c4cef4116cf230f86394586c5775
SHA1 8849ab04de5836797a3839989d4325906bea9dff
SHA256 8ebae78d8d75951b714acaa3e1a3d7f15b382a92b90c8040423e9866d97f1ad9
SHA512 923ecfd5103fc6e266e53dbb1d35e11f4058893177fa00cc392a628524dcdbe616c90015a24e15b987f971c5eabe0e53a3b107878bc41bc73aacf1e370d660f2

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\clone.js

MD5 9ef3c7b72b1d63f5e3a7975ff67bdfeb
SHA1 a406bd661839b5efeff4929af9fcfa991e51be12
SHA256 5062a7c87599935fec99e505f3f463c3e0872455da73f8c8054ce0788c513ba2
SHA512 eca4c0784695d43435573725f659409ec33a3acd3a5695665935439cca28122a6d8fdc1eaeb8ac6fbdb921893ad4226467777e8c35e3b9b0b672b2196f4e12d6

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\colour.js

MD5 a85f32c2180651cc03bb1f293271bfc4
SHA1 0d04f9086ace00f08c628c1af25c728eab897d66
SHA256 a4969a552701982cd415005d5ce162f955cf26c205229d2f4c75ed4a75bceceb
SHA512 b32f6f7c1bd75a3a23aa5f170e5356cbe1ba7eb031f6eced706aeff8c15d8b37fc771c29a82580a48a95c65334d8e41b0ddb551409164a43bff29def7277c89b

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\index.js

MD5 2f2a9c006f17f892a78a9381932918c6
SHA1 80905883f8b96a2265d60202f61de419e8c6d3e9
SHA256 c69735d5a8d259dbc87614ae268de4f6581fcadcf6f931dd20b36bc09c0a502c
SHA512 702966aebbf2a8f98a89da8640a3e0f610fdbd063a19bd4c7ce2097dff7ca1d49a2c8040885ca3b31f85662e6a8b86769ea9224e8f64a03bcd0bdcfb71873b35

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\log.js

MD5 fa4ca8a08fd35bba58f2af0f046320e7
SHA1 5f672b1e8d504a468b7946514e854425fe938d29
SHA256 dabbcccb1bf0089d96ce9592a575cb64139926d6b899091c1dbd37632e9269c4
SHA512 70cdae1e1983fc7bed3bee24f50196ec281752e7567d5c4d5aa2859172141422f3eb6a7ffe9165c408d5e3354d7c139fd90382c73f7ac0de16a5840221dee399

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\merge.js

MD5 b5932e306173a01da5d3f814bedcf4b8
SHA1 d3ffa9ab328864682cbf2f5e9c5e5f6437d92541
SHA256 c4598a00e91b93b7964bb874e8ceed6d614436335a7fd81aff7f504499e210dd
SHA512 cf565fea7c0b2453b8276fc25b5e0b546b0ef79eebdea4022aedcfdeb7866687c925d95cb4d56de413d53db51d03168b8302383ca9f8b04c3b5e501fd3be0fab

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js

MD5 927d799c0c996a865d11a78f04198211
SHA1 f5898b61159f1f56ebd3cd439b498a177d413c0a
SHA256 7f69b31efa09c6e7d442d6229e82e65f38faeafeda1fbed7c5e54324aff062e6
SHA512 97e1061700f32af28dbc946e2f3be0358234689f9d3482b37429dc28697516916cf1ff6c7891a29b835cdd775705f432ff7f437bb67ba87d7ae81d62453407b2

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js

MD5 e5053e64fdc67009804a42cc8baebf90
SHA1 8814ef33fe018ed0a1817e77c7ed7ddb16076137
SHA256 5e591255fa35fb3650502e648ff51d6d7c7e57ada312bd33058da03cc412efb3
SHA512 60f941a6814dc3efea6a65c6dced552d4248273e1ce57222b428f813e0ab655d13546a0951ad3c0b22adffc7fc40542d7667ce70d315052308ea0fa1195526f5

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE

MD5 216384c4c084ff996a55be20cbd26ef3
SHA1 0510d5fdf8e7bf002b8396958f2240222dbb2a5a
SHA256 fe0982bd7d38ee4cb08b2f111067bdeedb9732a6621c761bcf7dd01aa6211c5a
SHA512 eed68402c44f099b181ebbf43ff7efd1dcf6791f7f35f6d386d66202bae0da6e7f0108fe9c3d62af0f69989d92286fd0c307d2192db0113b9fc857746dd01abe

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json

MD5 2ac7232223dd7c39ae2e82220d9a767d
SHA1 cacf598ea739460d281587549421ce95546b3048
SHA256 0f49b6c0282be08a5dba3e98024401a921167974a516b630ce9f9a9f2301df08
SHA512 249f93debdc2f2aabc8a1d977f2c1a9a54cbc0e3580e4dae06a1193ff83c801518a7cfb7919f98c3b943eea7c7b99d85c8148292b0b96b3bce4788277b956b56

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js

MD5 92a4c6dc39d38ac078ec80977508feac
SHA1 edc8d81988e99c77105abb1455ea224fde97d212
SHA256 c12583530edc83dcc7cacef4a428eaefa84c10bfe4b62c0c9707de015e338859
SHA512 3833af1f274d3bb89776a8dc6b9ff015f5d219ebec47f5e98bf88670e523517ad8a493b0959dd41dd6e658c230335338325e8c2befea61f2f22f8e83822ccab2

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE

MD5 7cb552557240a921e34ad313a224d17d
SHA1 92ad1627269adefd696ac5a67131e4af575a2cfb
SHA256 7d355d1a2324c2073059ffe7ea4d96852c873e718bcc197374440dc3efc3f7ba
SHA512 b4bf90a3cd77805fc149a4112f822ee47b4f13404ee92455ecab9dd12d796ffe81d664bf21042ae3ad6419abf6a9de6df231328be6bd8ca2426e3432d456921e

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h

MD5 349864c2d1fbc9c7788cdf95c541ff52
SHA1 fa968f5bd6560675c26078de4e7d52b454c778f7
SHA256 7340eea1def3c1d832a6f40c5022725f1704a783f7f992b71d5f3ba2dcaeb34c
SHA512 5e1910c23dc08e79199fc80ab8e0c7b300e2e1bd2678d0d9171a73d8f328adbd32021146e5e43485f64f25fcc6bd8413ce1ce3846afd7fcf49ffe3a04d0efbf6

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h

MD5 a5a0f8294daad33a66bf30c329157a2d
SHA1 02b5d7fab93d942033fe9ae2620d1a2363914469
SHA256 4955fbf455cc29d63f5dc777d3aa5172d6e1e6df221a33808a913bdebf5a1277
SHA512 f583116ada3f281c208a98d053fe6b580187d6922e2ceae69917770a46f56c16444267172db2cb0bdef3b8012088706ba1a2203631f9ff79d2814714b25fa78b

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node

MD5 8a50b5876633dd9bb73612fea622a521
SHA1 27fb94a39849fe6ba1ce7b983c0d9e4ca4e62ae8
SHA256 053c3100121939dfa1fb936718c6088e4490e72faa3c713310b556ea90155278
SHA512 958d901f7c72773a2f9439842f422048a8cfa941ef943f5f9e61c5e9d48b4d9ebbbaf72acb2a07138ae66f925b46dd98717656a58719902d417a14ba1e5aacaf

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node

MD5 0b3ffb5b756beae28d8d9da67c288283
SHA1 7c2a0be0a5ab1b936c4752254927f5ed066abe5a
SHA256 462e527de86494f96ed0d42a80c261e46bb57352e86d6175607186c1dcdfc7b0
SHA512 a1568e7d02bd34992236c587cd77404e4cc9c25011a075dc0cbe52b59ae254eea65cc31ee7fdf26898386e370a752df8bbb2ce70592244d6f24b10d39f9f7854

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h

MD5 6f621ba192a6fe2228ef9965757f0bc9
SHA1 e3625cddde946f5ea21e4c00be95cad214da4016
SHA256 2b561b980e0a01191a6c7cc1cf94c8d5c061f9f299ea256f1e7ca17250ae08bb
SHA512 ab90bc30f2c23a3032334d30294aa02007e0db180c82c6c8f0d84781203be7c342134cc17bb2ac0c7bd89c1e5902c852afb2d09b0c7d4dba27f5101577491f4f

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\node_modules\language-server\en-us.json

MD5 de2ac61fe7207c1b2f304b05fae4e39f
SHA1 72a4623fde7103eebcff4a55ccb8eb6acf6bbee8
SHA256 c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647
SHA512 4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\node_modules\language-server\globalTypes.d.luau

MD5 6fb690ee838bebdf6591733bdaf632e5
SHA1 658ccef6ada0551d661d78706266ff6ad2797858
SHA256 ae99b7b676e4becb10e6a9b77229e99bdd60e5a91d2e6bbb141c85721962313f
SHA512 7218ebc8c64a7bbec231989ac7d2221be63f29302f6f16bfc0bd67ed5e9c5ddfcb50ae781f6ef73a3d891a70ca73ecc62bbbe6c5a4a218225b24c0d19c7737ff

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\node_modules\language-server\wave.d.luau

MD5 7e477f85c45cfca5731e0e45ca63f8d5
SHA1 35390d8d2c0dd00e3c60dd6fd7f1727e36874566
SHA256 e58e8b24642a8693b1b1ebad703a7efab1cece9a1b12dcf353c4b4432f23062d
SHA512 dd3d9b149dffd31ba4e94b9c84ed0fda1fb67f1f7d633900688cc9e4e40c26f55048c1730f205e5c22b5030362683f0abce86033816f1e089c3b67cc3853ca70

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\7z-out\resources\node_modules\language-server\wave-luau.exe

MD5 12fd29fcaf6f6518b8bf9e976928fa38
SHA1 1f9352e217518eaceefdd041e3f085ffbb93acb0
SHA256 d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4
SHA512 b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b

C:\Users\Admin\AppData\Local\Temp\nsyA847.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/224-1329-0x00007FFDFC2D0000-0x00007FFDFC2D1000-memory.dmp

memory/224-1328-0x00007FFDFAF90000-0x00007FFDFAF91000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe

MD5 104981cb101bd19e37763cebd753928d
SHA1 df7f64cb7ea7045f5d19060af8686f8c66432b37
SHA256 0ee218fde47582841e22fb4f2c866ec8bdcbeb00f8d636876677b2ecfde50792
SHA512 3b3e8dfa2fee7a3c083d8fb370b68ff89c209d36a3e09bf677559e67c3afba275955dbf85b89d483b26151fe91e5ba6ce0907ef786464ac4a8a16f1d3f490c2f

C:\Users\Admin\AppData\Roaming\Wave\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\Wave\Preferences~RFe582cd7.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State

MD5 510756e10851fbe8d2d7db607532a84b
SHA1 65043b38654ecef03ae261bc0a815d6eb1322f45
SHA256 5cfd1a3cddd4ffc836e5d72591e1cebc189505f94c75742ad2935806a0aeed0c
SHA512 8396e58f3ab883958542ef669bb9cbbc106de8aba054ed59c04060bb04f37952297b2893db18f53d22c213ceb220db37d4f4bc8ba2858cd74a47f79d7c7a1b14

C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State~RFe591f27.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/8-1384-0x00000202747B0000-0x00000202747B1000-memory.dmp

memory/8-1386-0x00000202747B0000-0x00000202747B1000-memory.dmp

memory/8-1385-0x00000202747B0000-0x00000202747B1000-memory.dmp

memory/8-1391-0x00000202747B0000-0x00000202747B1000-memory.dmp

memory/8-1392-0x00000202747B0000-0x00000202747B1000-memory.dmp

memory/8-1396-0x00000202747B0000-0x00000202747B1000-memory.dmp

memory/8-1395-0x00000202747B0000-0x00000202747B1000-memory.dmp

memory/8-1394-0x00000202747B0000-0x00000202747B1000-memory.dmp

memory/8-1393-0x00000202747B0000-0x00000202747B1000-memory.dmp

memory/8-1390-0x00000202747B0000-0x00000202747B1000-memory.dmp

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win10v2004-20241007-en

Max time kernel

141s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:31

Platform

win7-20241010-en

Max time kernel

120s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 220

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win7-20241010-en

Max time kernel

121s

Max time network

136s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 224

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:32

Platform

debian9-armhf-20240611-en

Max time kernel

2s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/node N/A

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win7-20240903-en

Max time kernel

118s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win10v2004-20241007-en

Max time kernel

137s

Max time network

165s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:31

Platform

win7-20241010-en

Max time kernel

122s

Max time network

148s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

170s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4564 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4564 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5a2846f8,0x7ffe5a284708,0x7ffe5a284718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,11178848120382353969,2889293288358224002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,11178848120382353969,2889293288358224002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,11178848120382353969,2889293288358224002,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11178848120382353969,2889293288358224002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11178848120382353969,2889293288358224002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,11178848120382353969,2889293288358224002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,11178848120382353969,2889293288358224002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11178848120382353969,2889293288358224002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11178848120382353969,2889293288358224002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11178848120382353969,2889293288358224002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11178848120382353969,2889293288358224002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,11178848120382353969,2889293288358224002,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_4564_MBTGEMUKTMMNJPBD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7a1fbe37cf1b193df01ca5671d4084e4
SHA1 b3b0cbbfe4672aa7272920eef85aebda377fb5bf
SHA256 b10e0dfcdb57b440a86ec71b5177ab6ad68a91335d3858e5b264bd758565ceac
SHA512 b08b4f73c8cf216f33a0b7b324238dcde0e552b859943a8fbc1954ef252eb05054d586a45719ebb4fdd943117ea0ad2a852d644b2f20ddfdc9dd5239f9297aab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d4e86eb77ae2b5675f892a066f3f0a59
SHA1 8bf7e6f3bcfc785abf26e616699796ab70243c38
SHA256 61cda5d6bec06d14bdf004fb257fa0cc4705612e9e3b421afa88ffae331b2e80
SHA512 1ff20acd7394905959975c942fdc8c563433adae06e41e404fc17997163e54d95bec4be2ff032b53f09a2e0f521539983dba61da33486f57c915b79621fee0e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 65e0241fe9e582054fa6e9cc674b8e43
SHA1 273cb34f82fc21f056966d9782b873a003db30e0
SHA256 3d37c0a7aeed67e2581258502f971d139f41a1c101bd851a5ac450a236524a6a
SHA512 6b466b6c32df661255d7f311222119cf7fc36956df7c2f5d56bbbc83724a12ed2f8788834bbcfdb8303ccbe3fb17d4b1e7c45d7bf1d4cf842f028e8312dc9fcb

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win10v2004-20241007-en

Max time kernel

142s

Max time network

163s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2304 wrote to memory of 2036 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2304 wrote to memory of 2036 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2304 wrote to memory of 2036 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2036 -ip 2036

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 66.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 10.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:33

Platform

debian9-mipsbe-20240611-en

Max time kernel

13s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /bin/node N/A
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /sbin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win10v2004-20241007-en

Max time kernel

138s

Max time network

167s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:28

Platform

win7-20240729-en

Max time kernel

41s

Max time network

31s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A

Checks installed software on the system

discovery

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv

C:\Windows\SysWOW64\find.exe

"C:\Windows\system32\find.exe" "Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nstB38.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nstB38.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nstB38.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

\Users\Admin\AppData\Local\Temp\nstB38.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

\Users\Admin\AppData\Local\Temp\nstB38.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\chrome_100_percent.pak

MD5 cb4f128469cd84711ed1c9c02212c7a8
SHA1 8ae60303be80b74163d5c4132de4a465a1eafc52
SHA256 7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3
SHA512 0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\chrome_200_percent.pak

MD5 e9c1423fe5d139a4c88ba8b107573536
SHA1 46d3efe892044761f19844c4c4b8f9576f9ca43e
SHA256 2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa
SHA512 abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\ffmpeg.dll

MD5 9691e33909895bfb5bb0355b6f439c81
SHA1 7fca2dfcb9aca4ed92c644e8f7ceb98f87116a52
SHA256 223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7
SHA512 9ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\icudtl.dat

MD5 ffd67c1e24cb35dc109a24024b1ba7ec
SHA1 99f545bc396878c7a53e98a79017d9531af7c1f5
SHA256 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512 e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\libEGL.dll

MD5 09d3bc8a5c6104d78566cd6e51c5a6a8
SHA1 d1db4f83bad27dc0caf75f77d510f2eb62dd84c4
SHA256 1307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85
SHA512 198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\libGLESv2.dll

MD5 02374701c3dc3b26088763fd3cc11bc9
SHA1 84e582496c53ce139d9efd219b762ad38a50d011
SHA256 8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41
SHA512 09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\LICENSES.chromium.html

MD5 ae174699b663bd90d8d06c68c6952477
SHA1 8c76eda61d320779909adc541593b8e26b24815a
SHA256 c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18
SHA512 3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\snapshot_blob.bin

MD5 62b9e00c46ed829e06d0c2494aa994af
SHA1 988882632b95bb78d80db60e4787c576e48338e4
SHA256 22a46de643045805a3e588f9a18ebaa377f9fba3dee46b2d60f3ae300a09cc4e
SHA512 03b7c57782923ca3a011fcb85f74e865bb7ff9976c89152758770be3bd3d40684ebd216fe34f0d0050936b536c8bab5eafcaa35fc26e893d30a108e36687876f

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources.pak

MD5 3a87e8d6dc2d7dab0c3c37fe4a74308d
SHA1 5ddd587a6541e034203f24ee329796dfa316656f
SHA256 61216fee0360053988d5be52ab626c89173c86da1cf0b5a697bc32944282fe14
SHA512 7ba1bc093f25cec2539fb462084cb1fc32b17841f79be95679c90f4c735772d1dbe652471e52f4be254b10e650d31e3460ebebc82d89efa6a9ef801e5d98ea6b

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\v8_context_snapshot.bin

MD5 a62fbbb671bf975ed46b42d9cf437bcd
SHA1 408b595b1dc6658533e0db1d35f509ab9ee70525
SHA256 a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae
SHA512 87c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\vulkan-1.dll

MD5 6db4abe9370ef778e93cfc6bd6dbd292
SHA1 0d7bd9d21524780b6f8904a82c3ce09ae5d03f97
SHA256 52bf439424759a84cdcb6d379ed88582a6d6ba58127c44adf1b8379f0e88e5ec
SHA512 1ec07916d82d78243d9a144db3e947c95ca92fce1350708484c45fca2f953bb76728889b8d9a02c041849bcf005f998804d7066a90359fa180d94c237d014317

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\vk_swiftshader.dll

MD5 337b0322f328251f01bd0fda8948217f
SHA1 6e59fb5df7773c8668e8f18755e62b532a9071c3
SHA256 11f24457eb9af084eb845780f3fdc1989605766c2749fce6fb003dd988d5ff65
SHA512 3540b2f5df1f20b5cbb6e61caa005fe7da5d1cfbe58f639ae0c40f6a4e7a9d8786f3db4691dfee9a001a2a87ac7b0bf39b7f308c14f809874a89f86b18ff8fbc

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\af.pak

MD5 e48860fe82ef022ffab38cbc4c96dffc
SHA1 a832fa66bfddabf3ae7f219cf379f66d2903162a
SHA256 e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13
SHA512 e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\am.pak

MD5 d6e8c344b2b40a9c671304f6f252d51b
SHA1 c59ddcaad921b6d2d3f70b7ab07026c35e5d1e08
SHA256 4e15946e86a578eeff41feda808bb291d81e240fbdfc96cbe2efe692ad35eef5
SHA512 018ce2bf4beb4ce066703b2ac7413c6517759be68f889f27990de5d6694e9f84b4027f9861901ea4b15abdd1bb570e5a16651c935713feafc4d16cd57be0b911

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\ar.pak

MD5 f6ca56d15814dd5afd5e7ff985257880
SHA1 ef236d7027cb50a188c1e771527e6628702311ea
SHA256 5cc02570e5f61cbca791309985df3a29584e41583b3344f1d9fb6b04ce423e6f
SHA512 46c0436c110d6f1a8f3ebe962226c51af525228262cd56744e4d89aeb05d1eda614801a294bbfd2e08598e355750d7a2d200b3e7b594da03dd26ece4cdd31e3d

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\bg.pak

MD5 e6608ecc589e87a6f78f9ce553ec2609
SHA1 9fdb2ff6291549df773ba243b3a92b984b15bdf6
SHA256 97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768
SHA512 25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\bn.pak

MD5 57eab375114893a5ed0de36a516e8252
SHA1 16f23ab3eb62bc7a2525a7a5d86139fa88670b89
SHA256 1aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587
SHA512 895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\ca.pak

MD5 7474c8e0c3285b97f1f12792964b6824
SHA1 8b9381be0754fc3df2f4f13f8575bd4abab90e9d
SHA256 b3d5dfae25427596b1f14a8e13d6bcb58532c82554229c2367779ff5c42b28bb
SHA512 4ad524fd530bfc72d72edf04ba4890e06ca0a20cc1d5c2c3d95cda746b1d884a62ec2d4463ad7be9cd01c7529b41bef65f9e669c62719808a83d3c70f9475d43

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\cs.pak

MD5 582fde87aac61961e4f7955f16d31769
SHA1 3a8eb832317dd7e07efaaeeb5885c32b9d381622
SHA256 7d7b701ce510b2e4a18e957e500086db590aad8bf5acd37f82263a676f0b556c
SHA512 adb04ccce5471d80182f7ca73bf1a2e4ce63a4980d455837fb378bf679a0022d4ee6f9fbe148d6932fad83f458c76ac229229542092e0cb9b271c8d44639b11b

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\el.pak

MD5 34c6150acccd20c7f260b269bce06930
SHA1 277b6d2387f600c84263847d6fb2342fd4746cfb
SHA256 162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840
SHA512 58308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\de.pak

MD5 d1a513308f9de55b6c7bbeef7c4fe90b
SHA1 a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d
SHA256 662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b
SHA512 9756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\en-GB.pak

MD5 56bdf77ab3487e28d354a8b0f9ba8d2e
SHA1 b10ee918320a50a417b1ee6a28cd4b05a5f77238
SHA256 7df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb
SHA512 8d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\en-US.pak

MD5 5c52a86b21633b55b383c20f16859b2f
SHA1 126585e68cb17f241351004e21c1d30e65de1cf6
SHA256 41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078
SHA512 2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\es-419.pak

MD5 15d1e262602e54d76de8bac02dada000
SHA1 54e93995675bcebc595befaed6b73c9ff5e6e735
SHA256 ec922f8ca16b7e7642fc73369ba7b75ec950cafb1dcadc6c88426c034382d483
SHA512 a232eb97021f17fde322697db2c00423cd70e9741772912c5f7a41849b35dcf3e2fe84001ff0a7902b2b54305d1f805f53988e421e192be0d5abd157bf8b5f1f

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\fa.pak

MD5 7851efacda8438c041c9a511f4097de2
SHA1 64cba381a17ef0ffae2dff5135d57fd1f9300ab1
SHA256 f1a7351bf0d8cad475d2761b9edf970c3098836e38aa98106a5e04a41002b7c8
SHA512 d94fb1d04630cc292296ad6033c6beed1a00dcd4c11eaca04a7eacb50c238269b21e4d2a4002836f4d41e0f6d951624beefc95beaae23530eccded4569ff1869

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\he.pak

MD5 ad6af80367f0b5d408bbe2c7b32ade48
SHA1 9dd4e4e5a63e50e9d3715667b8149edd8d07a52c
SHA256 20b1c80f8b2bd5130a1fb372814fb9c9ceac15305da3da0cb29923960a94a934
SHA512 95df5ce7f7885d0e72b2d89e1794a3796a1ab407fb27174219db22c668f74a8c3ba1f680cbf990be533c35ca0b2136b1917c0cb92d4556e3ff2ef3447c55efbf

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\ja.pak

MD5 412bef3ec11f53c2aa6511ca139b1f35
SHA1 8b42655c2b62edc13c61a4625f55c961cefd1c49
SHA256 c5692ca739c31569ae2431fd58f1028e6c8c01af278b76656ee0bb65b79e9985
SHA512 85760c2a0dd4404a2d41f0d957c9cf8962d6b80389df838cd2d85b6a31a54f4e50c5f19ee73d2ee66e3e61a8809aeb5b493e7170aceeef9bda53e135ae02bc42

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\ml.pak

MD5 39d4a5ed8cf7c8e0df946220fbfc0f68
SHA1 70794849b41d00f2b895f1211a6baaae3fa7d261
SHA256 87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6
SHA512 ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\nl.pak

MD5 d59fed8986eee2b9d406ad52d88cbcf5
SHA1 f7e409e17723e21174361bc81e54bcef269f40f7
SHA256 619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e
SHA512 234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\ru.pak

MD5 46fb61aa9515e97293969683fc330764
SHA1 5bcc41716976eefb65870ba2a2b230238f7e53d3
SHA256 4babe5f20caafca33867ee263aa9dd55ed271704a062e4372fdd133eb359a558
SHA512 c3acfc1c902c651e5fc0501a7a77358cbb99daa020597f7f6be9fc81ee53509dcb0d63c6bbc5ae308c88d95dace7099f024d698b6f364dc7db4ae2a7660e5b31

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\sw.pak

MD5 be2bc09130635406f560b95e789f9a81
SHA1 f189cd6eb6c844e2d96ffaeda66fe4d5f1453130
SHA256 f0fccf2e3ad332846736d816e254028569f5f84918573872442987a8bc9bba58
SHA512 f651ea959066a5966f35493788b9833597dff653f649a5bc8b09a8ed748bcf086bd0586a36e1f4ecddd361d04774253e21d67801760d0988f3e17f0c6e1121cd

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\zh-CN.pak

MD5 3fe312d9859b299c3a332373172c33f8
SHA1 ce6a99d79dcfc363bcf68bdb1ddd4e6862236020
SHA256 f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b
SHA512 488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app-update.yml

MD5 4dd45d9de32f1a1a9aaae5d05314e29c
SHA1 80e458fe95becbdbdc82b1c06c92ae4f3781f497
SHA256 f2063da30e10724592fa8e42767f066c34520c4fc8302b6647a1d2a0a039d71f
SHA512 f5b0ade03d39d867ba3d7db972f999b92696beab9c20d1eb0440d3a0aaf66fc6459f0d6100f3ee8d9dbaacb5d6d78b8d3e0f8abcef8dd76f05719b7f896a7c40

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\zh-TW.pak

MD5 e302e1102f3f5a21860f38f41b3c30f8
SHA1 78b5d1c451cf674a7641dfcc815f966fc920cf57
SHA256 d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b
SHA512 1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\vi.pak

MD5 565abf3f9b296fcff95fa5b169a7d598
SHA1 24de1221b2adec13b5bcc23c4a54b8e987e9f12e
SHA256 fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257
SHA512 53bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\ur.pak

MD5 fb978b7d211112a0774ce09ca54ca96f
SHA1 fb0c69801230437dcd20e3803db81ee60fc042b0
SHA256 60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a
SHA512 abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\uk.pak

MD5 241fc33569b22647e7d2c4189a8ee7bf
SHA1 f56a73cc81b1e96560b74ee5e73d7af792720ada
SHA256 13e40208e2c9f4f4b83dcf422610dc82314a8f99ba50acdbd286c508f92eb232
SHA512 ad16f84482f0c7c3d3c3fb98caa3dbd0048138f361aa6eba2b6338ff6e25da4c3ab39450354f2a86a53d655cad99e92fab2c030b5771d7e6a25190617f1a9385

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\tr.pak

MD5 414b557adfe76e3564d43cb93f513c5a
SHA1 f775095f7c55e834a777c7f25fdfb81f1e63ca08
SHA256 f58ed19be62706fb4fd797a6bfd3af5c6ad4b39aef994a577cd28968fcac0291
SHA512 8b1be522ef23888d46c13888a18229f4c9cb6e1c6e6730cca79d9b13d71eb86ecd3d0c172ade6f70ff63a7fb5242e4de7d9742b93376669d13c77de0cb622f94

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\th.pak

MD5 879a881174501e22c3de65b9f80bc19b
SHA1 a2e020d5ed1be7dee50a495a2f8581e751cbf735
SHA256 647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d
SHA512 b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\te.pak

MD5 3a71904057869c23d1bc108f1e8d0d31
SHA1 6fb6e60c80bc332a2bb66d02a1e3db69961a9c41
SHA256 8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e
SHA512 7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\ta.pak

MD5 52ee28471f2f9d01ef3f57233496554b
SHA1 abd7dd9989fac90636626a41f007eb6aa5ec7a2e
SHA256 1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242
SHA512 af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\sv.pak

MD5 819b5e4f2b7734ea4677f6d579d72f84
SHA1 aff3048d8e35fabf68a756513b67efedba59f85b
SHA256 105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e
SHA512 3e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\sr.pak

MD5 eb8ec452c7079ef7dc24bc7975513ed9
SHA1 4787250292b8f2040c7ec0b265f60edcfd1ffcd6
SHA256 4cea4c83b5e887463dadbf470a9953b8175149f31fd07b83406a6fc59acfde41
SHA512 3ab2eafd3f09627efed8263cc2d59d5780b6a856a6d1299be511bbb5c1350fa05f98b0e77c53c3707ada17e7e44b8801b191802e2cf5129548e279703983a8ba

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\sl.pak

MD5 6c71fa576a41711dcb351abf92a65ea4
SHA1 a0281f6b9dc363628e7d6045f7dc2904149c9dad
SHA256 458b15bf249c1e6fe9843725c42443274ef6e09dcb15f5288c916c0561aefc47
SHA512 258e49b51ee65bf508d05a5b3286a8937d3a876a876635b59b97752c5171e89458b9d23d9d7178153aa16b6fc908cc011a8e855c6d3a0152c919b40349cdf4fc

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\sk.pak

MD5 5d41e75bf42cb12d7674986f4e5dcba4
SHA1 7c3375226997e3f69e3c9a3a5ed762ec40d24973
SHA256 89f984a67cea3997c704005fbfbacd3f6f5652248626945c2ab1c3bcf24e6623
SHA512 a2b91c888ea3dc2e618bf8faf7ac9f0fe562ff16c85d03afac0778ed671b1868a665b892aeb2d588e7f5bf32a7eba57b75e2e15f2c51fc9264e0db2f95d804d0

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\ro.pak

MD5 cfd7cb2444248216e12193689ba56c10
SHA1 0a9d65fdbc68688bf1624a8c98fd42673961e0d2
SHA256 655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9
SHA512 7ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\pt-PT.pak

MD5 03138b2e4fb822b03713f6c4f0fc67cf
SHA1 8f6f6585743676177eaff5a582d18691e3386bbc
SHA256 02ea290fac25b414a1d4ed78cdc159cf6c73fe5350824c2f36f032e426a23364
SHA512 b000f1b8fc952849d1ada21aab665cbb97989fc28e892a75077ae9a24c4ef1d15b7d5cf1c5aca89d27d40a01c64f343a08f790049249fcfed43a1a430b4fef9b

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\package.json

MD5 d973ee4a6969bc5e14e93d99d4680c16
SHA1 22ad20391ccb50fb6343931a1312751b2f7e049f
SHA256 f0051785c8178f10c2b5ebe86edd6949eb9db7b293d9abbb51a857f7e62500aa
SHA512 2f8c64f04b3fe023d296899b16f6596f42cd69c1b8230c5bee561c18af6bbf44697966b45b50d718eff75cbffab37054a6de7b57bebc16b2d85a5a0e307dfa9d

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\logo.txt

MD5 f55be3331bb0e69fc47994610da41ada
SHA1 d8415b399bd3853ef658a5f2057812404598b5c2
SHA256 cb0c73fe1bc7676104d6a92ca91250cd562b7f37a564edc260de01a3fc636b6d
SHA512 505d427c6d0add618e0c54f8079e4303fee73e0ccd9c4edfa67b44660ce5d5deab4fac09601002f73cfd00f445640a69ce9fe9a39b8a0f3039b200f5bff058e7

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

MD5 05d07534c94e2d589bcc02e96e1b9503
SHA1 3c3712ecff74a1099c4d65e4eefd9cf2e38f1119
SHA256 5c5b008f28d9aa1d6f8c30a30de037b95b50141a20ad0f029d0d79bcd75caa4d
SHA512 7c7526f2b4e685cc7e20689ebe5abf7630b738d2d15ab7b5e94765e0e6f221492e9e029f715f5b3ac156d3d11ffd907e070d2d7f968b5f5fb401aa9c7ec84ea5

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

MD5 3379b8830f56cd13355114f157e57857
SHA1 cec1a9f2c8ca7f666cb4efc2f3eb99317ea59602
SHA256 7329c732d39f8e884c0ec197e1133c536545bf4137417e6d664bbec962990e29
SHA512 0690be21833aa598da0d7d20312ee8a2e2ecaf164981c94c3bb12036cea40a206e1b25e839209db78419d6262ae87e29a5c94f583ddd9b45e05bc5a107842d22

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\signals.js

MD5 0b71010f098a8cbf8ea47a83a699693a
SHA1 456a713c6a78b49bbf6d613ff9cfc4bc9f01f589
SHA256 5c16e2e5f7101eea3f13c19da7c7a9e6fa02f7d1098b170e71f07d14f915e394
SHA512 95a382907ac465d95db0cc41055038e839ed9164d4010003c08e6ba4456c19b50158c908b8d287eea09a153e38fdcc7f9a8c0052f35eb069243628e0968750fb

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\parse.js

MD5 078e15305c8688746d2e6933d291babf
SHA1 80f0b4201c45af197cae63c9d93a88525cd5c5d3
SHA256 9259995d8e1ca1737ff36cf4f97c80e55d812726ec4ead43b6c0829ce9679df9
SHA512 83ea7a6d31845542cf03f4b27be92087e417ba5f995ec740824440ddf92932d3623576b7a1022ade20deeff2f1741d617e32dfeda52efb5fb85e9be28de27df6

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\colour.js

MD5 a85f32c2180651cc03bb1f293271bfc4
SHA1 0d04f9086ace00f08c628c1af25c728eab897d66
SHA256 a4969a552701982cd415005d5ce162f955cf26c205229d2f4c75ed4a75bceceb
SHA512 b32f6f7c1bd75a3a23aa5f170e5356cbe1ba7eb031f6eced706aeff8c15d8b37fc771c29a82580a48a95c65334d8e41b0ddb551409164a43bff29def7277c89b

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\merge.js

MD5 b5932e306173a01da5d3f814bedcf4b8
SHA1 d3ffa9ab328864682cbf2f5e9c5e5f6437d92541
SHA256 c4598a00e91b93b7964bb874e8ceed6d614436335a7fd81aff7f504499e210dd
SHA512 cf565fea7c0b2453b8276fc25b5e0b546b0ef79eebdea4022aedcfdeb7866687c925d95cb4d56de413d53db51d03168b8302383ca9f8b04c3b5e501fd3be0fab

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js

MD5 927d799c0c996a865d11a78f04198211
SHA1 f5898b61159f1f56ebd3cd439b498a177d413c0a
SHA256 7f69b31efa09c6e7d442d6229e82e65f38faeafeda1fbed7c5e54324aff062e6
SHA512 97e1061700f32af28dbc946e2f3be0358234689f9d3482b37429dc28697516916cf1ff6c7891a29b835cdd775705f432ff7f437bb67ba87d7ae81d62453407b2

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE

MD5 216384c4c084ff996a55be20cbd26ef3
SHA1 0510d5fdf8e7bf002b8396958f2240222dbb2a5a
SHA256 fe0982bd7d38ee4cb08b2f111067bdeedb9732a6621c761bcf7dd01aa6211c5a
SHA512 eed68402c44f099b181ebbf43ff7efd1dcf6791f7f35f6d386d66202bae0da6e7f0108fe9c3d62af0f69989d92286fd0c307d2192db0113b9fc857746dd01abe

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json

MD5 2ac7232223dd7c39ae2e82220d9a767d
SHA1 cacf598ea739460d281587549421ce95546b3048
SHA256 0f49b6c0282be08a5dba3e98024401a921167974a516b630ce9f9a9f2301df08
SHA512 249f93debdc2f2aabc8a1d977f2c1a9a54cbc0e3580e4dae06a1193ff83c801518a7cfb7919f98c3b943eea7c7b99d85c8148292b0b96b3bce4788277b956b56

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js

MD5 e5053e64fdc67009804a42cc8baebf90
SHA1 8814ef33fe018ed0a1817e77c7ed7ddb16076137
SHA256 5e591255fa35fb3650502e648ff51d6d7c7e57ada312bd33058da03cc412efb3
SHA512 60f941a6814dc3efea6a65c6dced552d4248273e1ce57222b428f813e0ab655d13546a0951ad3c0b22adffc7fc40542d7667ce70d315052308ea0fa1195526f5

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\log.js

MD5 fa4ca8a08fd35bba58f2af0f046320e7
SHA1 5f672b1e8d504a468b7946514e854425fe938d29
SHA256 dabbcccb1bf0089d96ce9592a575cb64139926d6b899091c1dbd37632e9269c4
SHA512 70cdae1e1983fc7bed3bee24f50196ec281752e7567d5c4d5aa2859172141422f3eb6a7ffe9165c408d5e3354d7c139fd90382c73f7ac0de16a5840221dee399

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\index.js

MD5 2f2a9c006f17f892a78a9381932918c6
SHA1 80905883f8b96a2265d60202f61de419e8c6d3e9
SHA256 c69735d5a8d259dbc87614ae268de4f6581fcadcf6f931dd20b36bc09c0a502c
SHA512 702966aebbf2a8f98a89da8640a3e0f610fdbd063a19bd4c7ce2097dff7ca1d49a2c8040885ca3b31f85662e6a8b86769ea9224e8f64a03bcd0bdcfb71873b35

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\clone.js

MD5 9ef3c7b72b1d63f5e3a7975ff67bdfeb
SHA1 a406bd661839b5efeff4929af9fcfa991e51be12
SHA256 5062a7c87599935fec99e505f3f463c3e0872455da73f8c8054ce0788c513ba2
SHA512 eca4c0784695d43435573725f659409ec33a3acd3a5695665935439cca28122a6d8fdc1eaeb8ac6fbdb921893ad4226467777e8c35e3b9b0b672b2196f4e12d6

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\bus.js

MD5 e469c4cef4116cf230f86394586c5775
SHA1 8849ab04de5836797a3839989d4325906bea9dff
SHA256 8ebae78d8d75951b714acaa3e1a3d7f15b382a92b90c8040423e9866d97f1ad9
SHA512 923ecfd5103fc6e266e53dbb1d35e11f4058893177fa00cc392a628524dcdbe616c90015a24e15b987f971c5eabe0e53a3b107878bc41bc73aacf1e370d660f2

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\index.js

MD5 0691f1f2acabdb82da7d67e05479ca5a
SHA1 dcff01be935756a732591d61fab8e64e530ddeee
SHA256 3e64a2a35a97e41ff8c073299f07c3754d99b0a6e7d42faef7dc02d61d67757f
SHA512 85ac8207410deba52d3b58fcf30e468ee46b1073544b61376b4b015e588a52973fefa192a027bfe8019b6cfedefc3c4c1cb4fb0ee88e7c2ef88da1c7ed0f9eb0

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\add.js

MD5 4739ea852e85157f1ab60544ea5ce663
SHA1 d83c88f7f8bd7ec5d1b36f86009ac7eba9ca1bbb
SHA256 3cc60361f99b1080c66fce4d6ea0390a38c2a49e821e7f21dc43ed2fafa31277
SHA512 780001095f33fe4a18fa06c3311f3505949dfa762da5f1c0c6665b5501190b6e6c45eb69633c99e02b8b59d01813abfce2baa611509f2a0e65364ccf71965bc6

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\watch.js

MD5 a0bccf8a21d0c4332643a758c666f725
SHA1 1aa6968e927afd86a3f056126f31d2eb6420573f
SHA256 efb0a3f37d9a6279614b29fdbca3f29c1a6d47f2d26067be1c86bb56fbaefcf1
SHA512 bf4dc9c5b4f3b0a01ca161feee0ed13e6f1db24b0a64bbf01b325d0a2788380516da7da7654ee983818f3e0684983302242fe790bbb384dcc126ac4c394c41b8

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\run.js

MD5 47603d83844b08ba9fc39ac940d78f50
SHA1 4b8dfa2ec30dbd1146a9908b10c858ecbd73521a
SHA256 d93e994fddfcf6c7683976452a3d877a51e68f56ce2a49b821240c93cca86d13
SHA512 52f33cfc03dda936f4641f1ef8b3f14659247053a701b8990f0713742fb90016ba5d51d1e1f44fde84dd883c92166e77e908d586c527858bd3c0a416b9c9d256

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\match.js

MD5 65475ff22153cb7e1cdcd5322341c398
SHA1 c026de2f4276472496755344bea58e11e6b38748
SHA256 d09e469209e55541c8c67fa7ab25b7d4e051ce26d36f737c6264d4ade4b26d63
SHA512 8010e71be183c4b1a02ced648f083be4c8e4be9ac474e1405d91d9925887b00fed0aa07d15b994846417a48ebf768c5402f5d0b004cf9107cb44149bac3da655

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\index.js

MD5 532b43e5038c9f6a6d65d40ca44375f0
SHA1 c7fa3f4fbab77df0eee87d08d428cc06d18faf76
SHA256 cc16aeb163da6cc7746bf5ced2d11f1436e458c7ee803241e9a9fa1d107450fd
SHA512 809479d0b075c9bcb3eef6670cdd652a6caf39ec7f93f1d7dde0eee8a792d518238cfa9f78a2ec1a11ebbfeb00d2a117d25b198718af668c7f356bc3f93ebc1c

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js

MD5 92a4c6dc39d38ac078ec80977508feac
SHA1 edc8d81988e99c77105abb1455ea224fde97d212
SHA256 c12583530edc83dcc7cacef4a428eaefa84c10bfe4b62c0c9707de015e338859
SHA512 3833af1f274d3bb89776a8dc6b9ff015f5d219ebec47f5e98bf88670e523517ad8a493b0959dd41dd6e658c230335338325e8c2befea61f2f22f8e83822ccab2

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\help\index.js

MD5 e47db45cd167c663151a07e6a3396427
SHA1 f3002a966b346ef937a47576d754787e4bddabff
SHA256 1c1678d18dc75f67bbfae8c92836543af6990bce6b1cf1ad3acfb52285dac393
SHA512 3f8e10d09fcb527e1c1753d50c9bcef2b8fb70586f34e600c0d60ed27a295f077f380e1df2fdadc78b0d468a54f32a5351fb5c4cb638e3012c96358094d31dea

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

MD5 ac3af2f96d2e824bc37e36e30cb35cad
SHA1 d04e50eb9464ee715a940819ac7af1b612884bb4
SHA256 be155df5dbc29c88c67c936f2840d2bb3abd09981fdb6db6480d54beeb27e9fe
SHA512 060bc19e10d8b9cd959869866b4ac5e0739edd72ca1e61a230a5f3c735feda6fb75ae7a8ea13349013082bedbcd40e30219ca09ccfaad43571059a765bcaee8c

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

MD5 efcab0a70d5e71fb513734cf92f2a201
SHA1 aa55660d5d6a38e2ea632d4de0640ad2b1b7fc5a
SHA256 fcd713c63326ff75fc44afdcbd2bf63991c3c76169a26a2646defab46ce24155
SHA512 260a468807d297c2fe85ce8341ae10be64a7833a8249f2932c6a93e6ade07438ca4bd26222326a1b0e3203ba0c80a6a6fb78e90015b667feda8f68538e1011ad

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

MD5 2e6f9c975170db8136c9ca5c5ecf2a0c
SHA1 404a2c64977cae3407aa138c23a2f841546f713d
SHA256 2b577f3fd8e3d03d64c1ee07ef13db89df04d0a9cf7b69ebf2c17041f7251104
SHA512 15bfa9fad522ddc043383704cac725c8cc2b4565708b891e9e03d889237cd528ee4d347e54a983c801550856c2d1ac1269dcc127edfa6d63bf3d2aa0a19eb358

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

MD5 90c1aa9f031e818373c2f2f7ed6b9dbe
SHA1 b6476cdfa45ab967436ba9bb32aac1d65e531a9f
SHA256 50f10478098f06b77a58b351a93bb8fe7a7572bfbfb3e6f0bf668460865da3a7
SHA512 4ee766da766530bb372d8e04b058edd6b28ca5d77f603b175336e9b5e8f5c677e77e0ea4afc07a642c07c48e0c209716dbd9cef4f6ab97864a9ea51af2b49bbc

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

MD5 63db540f7184a372ac611fc3d7f21136
SHA1 0b3a8e70600a6705297a532849b7470c34f8c19e
SHA256 93b9bbbc19e6f0456185d7c9e9ce11e994f41c01e46067959c5168bd345b0313
SHA512 1f56bbc4856fbefd21f6de0738712157b91f1388a71a957c37444b617ee161885822b21fcf4e7efe14d5af54b9706d8181acbb286dbd7525c91a56b53dc391be

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\version.js

MD5 7232bc938db18583ac3447bebc844430
SHA1 55051c267076fa3bd3764864ee77d4c41c4b3233
SHA256 5071083e2e09969b2741a46cdedbbfcb2608fa35c1d1237e3bcf134749fb5ecd
SHA512 9167690b0ad72c815c3d8c7227ba8d3574acbab95236de0ddea28c73f6a2899dd700ef9083b06d2badad19c21659a93ab101ecc439a42292d2540ed8c2ff3c5e

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\spawn.js

MD5 ad2e1e41a1aaf8c0d0b622a27bc6bf9e
SHA1 139625411959345da513904bcb7d73d7c312b63d
SHA256 7804d7450f305b9142af45967be5c96f52be8350dba2a403f4bf79d5e092bc60
SHA512 e43ecd8af261ad4cbed89f549c18c18df9cfae6338c0719c1e5c06361c6cee4598d080ee32dfda56cc742e23fad5db56a842ef8511d9d5e2c28b7f7eb4eac091

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\nodemon.js

MD5 392a1c2f9f7dec3e4f64bb738f21785d
SHA1 02d0364639bbc6483d727e5e24e6c6b39c8f0ae2
SHA256 3bb0b111682da4977e265b0bc746cd57191e294e0c25bf667f129771897dace4
SHA512 48b0517f41013b024dd5a674b88a9e53590113f664482b0420236babb9ecbf0428c40c9f708b204bcb1f2d59789ef6383641eb8efcc7a7ac506d4345c78358d6

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\index.js

MD5 5250f6ffce08844c0f9f139fd707243c
SHA1 b5646886daa1c00461042d1a35c1a83675f8c8ed
SHA256 95111d84575ab36b697d760e130d722daea3d322cf56612f2ae67c7b3e8cef19
SHA512 49dc989edab7b4ce7477bbc5c678e1b1f4aca0f77e0ad6323d3c251164ed28b59f4d18d5b0280d53108b93e133eb2dab5469093ecbb2f1fe2bb32b758f59e729

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\whoami.txt

MD5 5a53b8ff8c3670ff035f6490a24a0789
SHA1 e079a16d67475a83eea085058af0cd704da97393
SHA256 4e7d19dfe1603ca93a0421b1abd4b19cfa5324ef458ff549809c5e66a2efc596
SHA512 e906ef44ff0273e4df3397ba719c173c87a9919b7f9d2580e2c3354fba22f69b0c0a020eb049d276934dbc66f497b279d15c135fa0e12e04acd39802fc5dfefe

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\usage.txt

MD5 1448d12c8524497e0abecc6089aa5a99
SHA1 183f63e7726b128a36e247e6bb506ced31272e49
SHA256 844e2d826c59dbd72ad383fe8a23b24373d83e9b184b437f7f04c42487cd5759
SHA512 e14e41721ee4bba6deeedcc5786a113042cd595024eb411ea7d874f282547c5943dbdf1eb7674d752ebbac16ac4e1c98149b957ed5cf3623e85a561a42354e45

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\topics.txt

MD5 57a5e0be8307585fffdbe867f0d047da
SHA1 0185976215d973431c6810571b21d6804bf64632
SHA256 5f8f41620ccdc1d7298df4ab786abc7edcf049fa7e06fc69bb26b38cbd453643
SHA512 4c05c95f21225be793051bf799255f6e021145e17ca384697877aa9dad66303d8bdb6e47751433eaf17b22dc766758cb799034a34e1e7851a8328a95b6784273

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\options.txt

MD5 016f8e569786ff8f5f6c321a735e2323
SHA1 b7a7a46bf03f4564d6e47fa55a4fc6b9be1e39fc
SHA256 3c8ec4fa239f82b2b9f427925ac2f75af2af9147eaecc706b1990540b95ae94b
SHA512 6b8372648371ea46ac98dc49ec93cb2efb9cc81f75e8ee7a5e1f0a01b7bf209ca92e07649c22630722370b1f254e956ea7ffe4be68d0f9ef419766f90dc80fe7

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\help.txt

MD5 0034cf996f84911ff0646b717ae47ee4
SHA1 5aeef8ef12d8023fe208c0492174a960e57c643e
SHA256 d98c56a3cb9643b399fa04c422da35204dc91cd869c47019e9783fb4f7289adc
SHA512 b1f174300ee58e16676ee8ccfae4e48794ed5412d89e0cc0d8a134ec055dfbdb596d0ab43ab376f46adbf76cf970210455bf46ed666839d69357d0ded8c057af

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\config.txt

MD5 73ea33e660552d101eca031a0baf6be3
SHA1 3d3384db49a197a8a616a274598bc18a25ade114
SHA256 032c4ca3b1814a39579d7a0a00154a3772d89aece9884d135fdef782f36e27c1
SHA512 c7b9a4bf4de7d13bb45b4db857511cb411a7927ee4db759af263905e01cfda8d95477d2e2d6ad6c51c9f301710e20ef64b54a4d15082f5054680da9cfbca1146

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\authors.txt

MD5 b5c019895f49ad741cd49e6291aad090
SHA1 03567a03c8346dd89516e2e03957bb674af91408
SHA256 e1e0dfdaaed1f025c106731aff67d664b849635cc6cd3b9b08674db8dbcbc5e7
SHA512 ff13c9416d29d9a3fe636e14fd63e5424129a6e72366c06b1bae3c5a06f60cbbf3520d868c492d472450e35e547881be93955b29eed63e66979592da576f8bef

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

MD5 de5ecb14c8a2212beb309284b5a62aae
SHA1 cf89d1cbd52f3183590b33bd6be591f95a6f5291
SHA256 d35c0d3af8f66984b1ead5cb56744049c1d71ef0791383250ad1086c0e21f865
SHA512 fea8a49538f5fd4cb8c262c1619f9f8e906edeef7d3c791bd3b85f032a0499aa5f18b4370a00e1f4dab9698e1958b042cab467103598f1bdaa583eb1fb918c07

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\nodemon.js

MD5 30894042a167528293c057f833e7b6f2
SHA1 ec993fedf1f1a22c77b985c72d8b0074811ea680
SHA256 9bb0e59dfd1cc00fc40bed0ccf10d88414d915d79875b9dee5c1d5009f4e89cf
SHA512 2b544b29e44e0471a9da5474209bc15cb81a44a38448a74a7a67f4ed3ca7d1926cef4b2b13d3269fb785a468d00f1cfc042d2a7d6b4d563725da65028e2df15f

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\LICENSE

MD5 9b54883148dfd5ff6b9f1a23f9470a30
SHA1 f062e421fa2d8f722e9ccb2b0b4be9502a7386ad
SHA256 0fa6b5d2902f7ac42db390dfd2cb3b4ce82ed45cb5ad5dea41c11d1d67e0934d
SHA512 d2af503c12f0fda687293452af39f98f5c3987eb8a57cf12c47da5aed67c761349e5186c15371a96f5d490c140e8dd0d5e8bd6a6164139dde0562d6ee46db90b

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\jsconfig.json

MD5 21cfa078a36c66a3d1f4f2caf729fd56
SHA1 8849b6bf237cf4464a4628f0c2e163e866dead8f
SHA256 87cd1d700216892ba7d388d04f42e373e1abda0b5d407c54a60e67b5dde48ab2
SHA512 92f7960fe79d8e5813372d7a7833bf883c3dce6eddb083302314a2d9ff52d800178f8ddcbf071c169267b346dfbc5d59b1dc0f95a70671bd63453e56e18846d7

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\.prettierrc.json

MD5 e502800d651a7ef3ff58d918c68aa81a
SHA1 c3b456549821510c5729648bfd93886491df1db8
SHA256 37055c98043228133ffcc5cad7bba5ef6c8f24698a551cae547b90f51d22e519
SHA512 9892bb44616c6c2761027562371e5c72a355ce1b519072ce5733ea1d4971ffb8c9b3e83f935a18120e0702aae644d07274ad4b09214459fc13679a8ed6051e7c

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\@next\swc-win32-x64-msvc\package.json

MD5 704b387859cdf10e134ba4c181773747
SHA1 626f9cd6f668b8f310a4c11f331b96cb4289e44b
SHA256 f6b59292c52960efe68cc3813a78bc505d80cae11d632006770059380173cd53
SHA512 5416f7ac6d243bd04f32d5a776b596b94db1858cbf904357d8eb4733a22ddc94bcfbc116437e86799ccf402493212117f65289308f4ae16f3d39083693f9ae66

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\pt-BR.pak

MD5 b4183914f46fd63a7bd32d715b8629f5
SHA1 d0295b556e55a74e357f932473f9dd2bb1cd2f51
SHA256 5ff219be32f9178fee40e8966ac5deff2be1f2ff259a66cb9cdce81c2e90a7e8
SHA512 3bcd37cc49a827c03fb5b3a97a5eeb863ebb6f071fb2af697ebfc4f57dda676227533cc6a2fdb00505cb2395aae685dae087970ce13af113260d856b845a985a

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\pl.pak

MD5 8d4db26e2ee5181afdfdd513053f3c17
SHA1 0da427a085927a5c02d2a67c424ea99cbf5e6b02
SHA256 f2a7dcb69a433c2a898866c555b82c26e3515c089f500e7748b9b11ec3047786
SHA512 bf441f501d746f1fd996c21e5e2cde643b9031bf58bac31474e68a72ea6993447f8bfad3284351bffc94d6a088e183e0b24d109398d65dac0edee8826076ee21

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\nb.pak

MD5 de04250ff403e9af66a1351598d2a64d
SHA1 4b7a5a2bf48d988f95aac6e85b11a8c2b2fd007e
SHA256 887a0278971d6ba61e2f24c62029a3087a46c4962c4357412c28ede12ed6da15
SHA512 71527c025205bbcd63351283b7b123d8807c05bc68f2f7555f10386e330e052d031b9986ae2c1f0398bd174e67962657e0b8d4a57a07d167c233390a4e6c5556

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\ms.pak

MD5 9fb7c18f376b46b254ef9a960e08655f
SHA1 31cb060fc606d011151f1b5464e2a469372113a2
SHA256 2f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2
SHA512 23ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\mr.pak

MD5 649e76b6666096a2258b942745ff9fe1
SHA1 82edf8ca68dff0caa36b17901c1e12a17172fa51
SHA256 039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4
SHA512 92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\lv.pak

MD5 a999e734f9addcf07c080f9861c3c170
SHA1 522bb12a0cd4e5232570001684aed84f421abcd0
SHA256 33fdf706f6d3f06b485c5115a7c73a571296dac41c582fc9d0dbb371d86e8653
SHA512 ecb92c4ddf7b252a3216059e63b387c6847f6eccde532c300b74e6b04ab56da0208c2ecbd00ab1d5e48acced909db74b1aabf88e34d0d5928b89320f45200dc8

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\lt.pak

MD5 20906aec4a21bcbb8bc8bab067075ba6
SHA1 369da9c1567d4376852cebdb87cd9213dc4bd321
SHA256 a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58
SHA512 8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\ko.pak

MD5 965ac0d213ccdfd83ac4970de23a8f11
SHA1 8326841ab80c40a7ca8b13589a3f5ff54fc15827
SHA256 3fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07
SHA512 5eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\kn.pak

MD5 a11d186b8eec7362a280abec3859107f
SHA1 966065cc6f69c3a222751d2191a0efeb6049cbdd
SHA256 a6ecf1dfe4d99f6ba0926c696b5b23b77d234fa8fd03da9825b074ecc640d508
SHA512 099e73977453a5dca329b1d8a8cbc612dd2739bb3db034b7509af35877ede6ee12450875302ff3f9351fc7096b60be1b2d8ccbec89ace3145eb264f25946d46c

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\it.pak

MD5 591113bc491e5c388ee3876de4aab3a1
SHA1 a63c2a18eb92fd03445bd237a5755d557e1cb593
SHA256 33652aae78a486dc3ce4e5affd1b7f72e1248f6f9f3e62188afe3b5d73bd148e
SHA512 66f1e79c9bf179f19942352258181858268a991b42d4a79747ca580df3fa219c2be71ab6597cec4ba7bd4c691a5e1328aa03a565b3eef442c6e2216f0d82653c

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\id.pak

MD5 91bad2312491410c7f0393be512b895f
SHA1 6e4e9cc985c5b96eaaad91787f8bb7f72cddb604
SHA256 a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059
SHA512 5c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\hu.pak

MD5 2515bb367f56f282657b3dd3b9ffcbc3
SHA1 8cc350e359f1cfefdf0ce3b016109dd483d45a8e
SHA256 b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a
SHA512 779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\hr.pak

MD5 1973723b9c45b9d971c97229e7a441cb
SHA1 2bfa4922bf2084486681af45cd7f7dedf95b2d66
SHA256 afed35643df24709c8c5cc9b8158b3d9a2266fbfeed132e98ff254ced4086c5f
SHA512 6a1f35435b01ab187cd93b376b76444dff575284632fbf37bf8b08e6cfe7783f985d0fad2425df3d3c332aad2278971412455a748e83c2d6fabd0f6afc3dc292

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\hi.pak

MD5 66ab509000cac52c805d6871ca6c1f25
SHA1 e3d3e7bacbcfaa7538ca89d9d26218eca06c01f1
SHA256 9c6d8d93278a6e375405142df9829adefbcc8ae9797a4f589591b9784b2b71c8
SHA512 356642a19f044c6e192f658ca2bf8764431129cdf7c9891b5b5bf4e99f6b990a1428c1e483487b619865e7f2d31cb5c9bbb3b49ed25fa81c4374de3e8e65519b

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\gu.pak

MD5 e884bbc8ded4f5f059211fbbb85ed351
SHA1 8f4ecb45ca73902791ff5e56e0b272252c08508e
SHA256 087e99953eef9b5fd736e3dbd98d702fdb01dc614593a4c575cb619159688118
SHA512 50837daec40a2624097cf36dfd7beebba4db748fd9cc470bf71b526e612c1aa6c88ead7511ba751e370f6f5d28ad9d6338dcb3581d7e3d53e2672741915b952f

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\fr.pak

MD5 79d945ef9b8ebc7d39fd03d05d9b2f27
SHA1 6fbcb748515f97056689d4a747e4df3a830fe049
SHA256 1f6cc56e04bcbd6b6ecbe500bcb0a5702551ec80d79e624642d0c7d9758d4424
SHA512 f1a26715ad9399052b664c71fb60b6eb6f965fa80d6d8d6c47e0b96ad0d4a4d2028c3e19dad49e008bbc29edc24e656777ce073da008d3f4dfdee4c8f2212a07

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\fil.pak

MD5 c744b92c8feff1c026034f214da59aca
SHA1 95780d3374841efdbc0d8a46cddc46bb860a26e0
SHA256 d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745
SHA512 eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\fi.pak

MD5 6d7aaddb1365b3efee94d4c510a3002e
SHA1 2a970204894c5ac163c980ec0fac2dbd1711e5b5
SHA256 11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274
SHA512 f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\et.pak

MD5 3cad945e9ae6e31cfe66c89365e5d353
SHA1 43758cb523d60d936b9a417123f337b8e123481c
SHA256 ba4ec85d2306a1f1f178a017fef4d340b77b33e10bbee07bd359a8e0ff8ea461
SHA512 ac07e7f72b670a2e8b7a46a672fefedc58d9384d4773a6f220c231c619c1134613ff68c0ccb0dc9e03eb5f47dea7ac57de318af5f3f242d6be7ae43071e2d947

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\es.pak

MD5 f90d43351ffdc63bcef25bf634c1fd35
SHA1 f80df8034cb64df1ef62e586891275a74868ab6c
SHA256 0385e6776de5a0d8a3b30b7bad44308ac4cb04e2bcebd573d3c7938b68036573
SHA512 7bfa70a5de14652063d261c28ffd3df89ea5e38877cc7977ab27f7280c48084a4ab1e5bdad0c2f624a7434a5d975feb9d8d221c010e24963d3c42921f5a36e65

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\locales\da.pak

MD5 5f8f09aa98ec3a4c8122d64c5bc6610e
SHA1 08a6dfaa3a11d8c994da90460e78ce0a4fcfb644
SHA256 3430c0f1946901dfa24190ca3989f72171ec564bc7c523853e6a1f531b61b5ee
SHA512 9c643eb6415cad6aca0584d62211aed5ed21a0f8d71ac4f692bd420a4a190a9781add7c874d0f56bb5c1c0f65d543d932d0f50caf127e8d014c05d015ae61ca3

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE

MD5 7cb552557240a921e34ad313a224d17d
SHA1 92ad1627269adefd696ac5a67131e4af575a2cfb
SHA256 7d355d1a2324c2073059ffe7ea4d96852c873e718bcc197374440dc3efc3f7ba
SHA512 b4bf90a3cd77805fc149a4112f822ee47b4f13404ee92455ecab9dd12d796ffe81d664bf21042ae3ad6419abf6a9de6df231328be6bd8ca2426e3432d456921e

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h

MD5 349864c2d1fbc9c7788cdf95c541ff52
SHA1 fa968f5bd6560675c26078de4e7d52b454c778f7
SHA256 7340eea1def3c1d832a6f40c5022725f1704a783f7f992b71d5f3ba2dcaeb34c
SHA512 5e1910c23dc08e79199fc80ab8e0c7b300e2e1bd2678d0d9171a73d8f328adbd32021146e5e43485f64f25fcc6bd8413ce1ce3846afd7fcf49ffe3a04d0efbf6

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h

MD5 a5a0f8294daad33a66bf30c329157a2d
SHA1 02b5d7fab93d942033fe9ae2620d1a2363914469
SHA256 4955fbf455cc29d63f5dc777d3aa5172d6e1e6df221a33808a913bdebf5a1277
SHA512 f583116ada3f281c208a98d053fe6b580187d6922e2ceae69917770a46f56c16444267172db2cb0bdef3b8012088706ba1a2203631f9ff79d2814714b25fa78b

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node

MD5 8a50b5876633dd9bb73612fea622a521
SHA1 27fb94a39849fe6ba1ce7b983c0d9e4ca4e62ae8
SHA256 053c3100121939dfa1fb936718c6088e4490e72faa3c713310b556ea90155278
SHA512 958d901f7c72773a2f9439842f422048a8cfa941ef943f5f9e61c5e9d48b4d9ebbbaf72acb2a07138ae66f925b46dd98717656a58719902d417a14ba1e5aacaf

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node

MD5 0b3ffb5b756beae28d8d9da67c288283
SHA1 7c2a0be0a5ab1b936c4752254927f5ed066abe5a
SHA256 462e527de86494f96ed0d42a80c261e46bb57352e86d6175607186c1dcdfc7b0
SHA512 a1568e7d02bd34992236c587cd77404e4cc9c25011a075dc0cbe52b59ae254eea65cc31ee7fdf26898386e370a752df8bbb2ce70592244d6f24b10d39f9f7854

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h

MD5 6f621ba192a6fe2228ef9965757f0bc9
SHA1 e3625cddde946f5ea21e4c00be95cad214da4016
SHA256 2b561b980e0a01191a6c7cc1cf94c8d5c061f9f299ea256f1e7ca17250ae08bb
SHA512 ab90bc30f2c23a3032334d30294aa02007e0db180c82c6c8f0d84781203be7c342134cc17bb2ac0c7bd89c1e5902c852afb2d09b0c7d4dba27f5101577491f4f

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\node_modules\language-server\globalTypes.d.luau

MD5 6fb690ee838bebdf6591733bdaf632e5
SHA1 658ccef6ada0551d661d78706266ff6ad2797858
SHA256 ae99b7b676e4becb10e6a9b77229e99bdd60e5a91d2e6bbb141c85721962313f
SHA512 7218ebc8c64a7bbec231989ac7d2221be63f29302f6f16bfc0bd67ed5e9c5ddfcb50ae781f6ef73a3d891a70ca73ecc62bbbe6c5a4a218225b24c0d19c7737ff

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\node_modules\language-server\en-us.json

MD5 de2ac61fe7207c1b2f304b05fae4e39f
SHA1 72a4623fde7103eebcff4a55ccb8eb6acf6bbee8
SHA256 c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647
SHA512 4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\node_modules\language-server\wave.d.luau

MD5 7e477f85c45cfca5731e0e45ca63f8d5
SHA1 35390d8d2c0dd00e3c60dd6fd7f1727e36874566
SHA256 e58e8b24642a8693b1b1ebad703a7efab1cece9a1b12dcf353c4b4432f23062d
SHA512 dd3d9b149dffd31ba4e94b9c84ed0fda1fb67f1f7d633900688cc9e4e40c26f55048c1730f205e5c22b5030362683f0abce86033816f1e089c3b67cc3853ca70

C:\Users\Admin\AppData\Local\Temp\nstB38.tmp\7z-out\resources\node_modules\language-server\wave-luau.exe

MD5 12fd29fcaf6f6518b8bf9e976928fa38
SHA1 1f9352e217518eaceefdd041e3f085ffbb93acb0
SHA256 d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4
SHA512 b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b

\Users\Admin\AppData\Local\Temp\nstB38.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

memory/2772-973-0x0000000002C50000-0x0000000002C52000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win10v2004-20241007-en

Max time kernel

90s

Max time network

154s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4932 wrote to memory of 840 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4932 wrote to memory of 840 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4932 wrote to memory of 840 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 41.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

147s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2552 wrote to memory of 4976 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2552 wrote to memory of 4976 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2552 wrote to memory of 4976 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4976 -ip 4976

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:31

Platform

debian9-mipsel-20240418-en

Max time kernel

1s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /sbin/node N/A
N/A N/A /bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win7-20240903-en

Max time kernel

120s

Max time network

134s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:31

Platform

win10v2004-20241007-en

Max time kernel

138s

Max time network

161s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 81.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 66.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:31

Platform

win10v2004-20241007-en

Max time kernel

139s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 81.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win7-20240903-en

Max time kernel

117s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 220

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win10v2004-20241007-en

Max time kernel

142s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win7-20240903-en

Max time kernel

76s

Max time network

23s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win7-20240708-en

Max time kernel

121s

Max time network

140s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win7-20240903-en

Max time kernel

122s

Max time network

133s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win7-20240903-en

Max time kernel

121s

Max time network

129s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2840 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2840 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2840 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2840 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2840 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2840 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2840 wrote to memory of 2192 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win7-20240903-en

Max time kernel

117s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000d8a6008d92ab79a2a1501cfc6d45a1fce00c581aca75523645773e1d2c411d4e000000000e800000000200002000000005037a84aa950bb26889b253bf8089bf8920e1c6f75bf03eb348a98d01112225200000007279ed6628fc85741cc6a0e3a0ec6a054b43a4e05258e640df6a5a66ab952bd440000000ee391319a1fefec0c282b2a50373757c4d5f5ce30eae812bec315881d2cda3e9c1f3a125c451813fffd1af8db9fa61af01cdeab80a60397c91c6613df686ab98 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438267554" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70638aba473bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000724e77eccff3a0e9f2de928330c89a7479a3b787afe55fac04eb4be0c01e8951000000000e800000000200002000000035893e2e18ead1bce070119b6727571817c891ac39303a7371f492117cb95b209000000036c5c6be819057dfe00237646f0ae4b8b17c1a8d57a8f43d2ab84cca78d2665f83cf2611bc6e55debc928c5dd913fe19b6621832185f39bc6220ac1f1ffcb95855adfd1ab55b395ee21e42dcd32c5cb62f2c7be086a41eee040a6f6313ea0a57edfff310fc70050e657d18ca8b45322f6230e9a5a47d0f25c143a886e094f254081fc0f9552ca45a14f31e36d5d38530400000008e0fc40e43176cf29b94c8ad8cc824e5005162c8f66a6e98574a7ee9b76ff1f425f438391cad19a08d402f2630926ad415e8ad54c3e12994c255c6d6f14fd125 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5450C01-A73A-11EF-856C-4E0B11BE40FD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab33DF.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar346F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85eca0d97abf48bb284ba7f7ee79e3c0
SHA1 9948697e3c7517ee4d4c8c5e2b22fadd51df3521
SHA256 e0c064c48c8aa89d7eec08a8ab173369e29befc6b909582d0317c2df3b20d6c7
SHA512 3de745eb36d8b4d26271ceef6fcf9571e1ca732a9e3be8475e6bde56f87170e74fd2d99c045c5fc532ba3785a3c3beb99f0762b68cc2337af6870c899fca7ac1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6e53d9bff6d285513abf951a3fa0d5b
SHA1 6c099eb70fd473023afbf7dc2bb5276c7e8eb76e
SHA256 3eefd67f1062388b53bf2d7b6fc249afd748350f8ef10aa281d8afa9a681bfdc
SHA512 99c1edbf3794883197192187f425235d6bb61d69753f6bad44e1a313e82182d0b3ad1bdff5ee9af79798a361e37c4ef3c604c5b5da24aaaaadca3deea0c0bcda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eaef8e336c1fe0f8c818a0f505da019f
SHA1 5c2dfb908b91c58c36b58fcdb74e35abd42039cb
SHA256 59b1a2d4ba69973ad01084e90c58fb3f52ed1ec37ab9f01b2aa5ba429449a1ff
SHA512 66a271cd814cfdb8edd3bbe989be2590a95704b171276b49b5dfe07aa4ee96b9c0dc407d6229009fb7cf6783dc4761c1c6d21e6f7f40aaaa003ea197b52f809e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1228a7cca2e0ba905569992bdcf2be92
SHA1 fdbd0337ec0a0be38a8ab4a3424ef58bc694a8af
SHA256 c9d847da0a13b9c71ef3bdcfc077d9e26881d875fe8e42736abbc615618a1740
SHA512 0eb9de03e6190fc538b06ee0aa3de1e50cb71746007395e0171c558e8802774f0753b4bffcce350e43527a8f14c625bddd89f4761f531057f992277ca5a04f4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d9eb73a8338e855e926cf67c71e8b9a
SHA1 e0915b2fe26f9a3ebd34f1ee6504da22f789df6e
SHA256 e54543cac31aec459aa5e4d0b014bb8a339a64857c54cb97bfb1950aacfc82e2
SHA512 1bf7c260e1a456f95d457e0217d416a639fa58ba599d4982112259d7cddb238b5358095483ecb8078af45e63754af08222e81720b31687a9b7409f17fc2d56cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12d3f555d355591b0b170a783418d086
SHA1 8af997ac991cc05ec4eb737200f86a3211fdc464
SHA256 b61d5e3bcc7e497706c27f2a76d3a7624da60ef191d8b47949f17de97598b169
SHA512 f68da65f65ac8df3ed4e994e807bce0be478b3ae5eaa62c892e5b8b03ab8d8ffda702231a725a6fad382b733f06063845b7ee112727828f4c8cbcb20c99cf9ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d50d5c72bc155d3cc29d24829785dc6
SHA1 572d4bb5c2b0e67c21e014121a768c88bcf33a82
SHA256 69a5f8b6443712d5f233c3fde46d0bf909fe6dcfc03dab80899be82a2dcadbb8
SHA512 b51019863cfc8c2b15fe25470b67a5392d8a54d7fac56e8be9750326eb60531371080cca986419c7e3907a0cbf3c23a6822fb8b31656fb8ce0f910ce2b85a482

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c22fcbfb26064b0ae7bb49c9ff05f08
SHA1 77e525f0fdf609aaf5e3703131eda7da4078063a
SHA256 2526560d34edbde55a500b28a1bd0f886a3293eec889cb3240dc33605a7f5988
SHA512 727fb1586b58431df18992750a56f49b84368d5ce8006507989ff4685df618c87d4cda9444d06c84c45c3867a491de6719acffedb6ef824d2f2c1f66304050a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 129d49441d3691962f700568a4ccd491
SHA1 848deef30245015c8f53e7453b764a4e9846104f
SHA256 af27fe7455707f92a1ba7892cfb0d16573160e0d2f2bd66586aa55c8b2ec0a40
SHA512 059c230729f3eb6a2900fad96f5fe72530926e75f9358c8293d2c045c94eaac7fac647dd0e6eec72f49cd84b9c3ef7a10cce5b1408e6bc97ec6b7e5cb68995c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93625516effdeae22de38a4e466f0b88
SHA1 f1c7df3da0cbe8fa45f75350ba8af0763d09123e
SHA256 cd0e4a8a89f95d3c3ee00ca3309f8cbf53cfc98be248a5355a87795b21c7f342
SHA512 2c9b0b2e7cb2ef4cfab50a6980a6711e9d4e81ac41d156673bfa573dd75061386e0dc7d510b639eed287b9d43e149f9ea3df1d23c522647512b97f77f71cb542

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f538dc0bd088049f67842bab251278b9
SHA1 3e620b4b8f859071847bb1f3e51c7a5fe355f703
SHA256 13f85e8823e6b0402045b072e9b533a74f660ff3d2afef6b2b63f1cdec64be9d
SHA512 d773b0ecdc848e0418d92d85b029193b6acae833a5842d2fc5d94ef494ec9c34e9ce9674a65609ef62174764d491b2cef7a70c6d6c8b6831604acacbd1a1264d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aac3e4fda88faeb2ec9ae4d01e39a2ce
SHA1 243ba582765c8f7cf12d4c8b239c35a7cec19d06
SHA256 d688e50bd123441a96fb996b63f2aaa03541cd7b1442e9dda3513ab62ef1da62
SHA512 83eb02714bb118028f18201c15647945d4a7995488e3ca300a6f4dd539111ba42ce5bdb2f4fc3509fb0fea1ec782791ef464137f6c0c01c02d3e2fc91a1b68ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55206e70e6f08ea82f4e587a4d140535
SHA1 42926071de01503c4657deaf8adce1ce7796ac9d
SHA256 086bf907e227c5c15cc72af6036d621a2185828a9d597c5ad61f2b2c7f13a2c3
SHA512 ca7511316809fda6ba88ebd46034b42fa1d31bc6954db7e22abab816ab724ad19a5d5500a42099e13cc2ad0f73ee0c74eda4b51aa649c53cce7066964ae3e8eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74e6b7c9f189b368f194f8d92a571b45
SHA1 5734caa287c01c00a4e0076b396d57f4f6d5b65c
SHA256 dae9e55d5429bfba2d98fa54561f8b4f1593669ba883e1ad6e4a375efb8d3cc0
SHA512 15d71feb882ae5e6f9312be13b64da3a82fcefbb55f0a58a63690ca1e06126dd9c08f9ecfb54a80bc26c69f02411a75cd3fc4edf170d5d580c5fbb566d6728f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36182a1d28517d82072ab8c20e1a2d09
SHA1 1fb57b2f926d7159b682c8326451bfe451f5e071
SHA256 e891d5427abf15e76b9d9c24fec99293b864a86533a41ccef2f4385ae2636549
SHA512 cd6ee09401d10734374c6e66fde4d0923397bbf4195751438530ca267ceb4db4ac9af94ceec28b517bd2e9fe227a68550dd145e2919895456321b699a17565b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4641d1565faa2e2cefbeb068143674bc
SHA1 7feda310192f1049edb8dd7f923e9437b55fe56d
SHA256 4fbb7021f7489014c696f4546155c3f77ad7d950a5606ad3e7eb232290407ffa
SHA512 de11a61ccc3e86b94cc50a4e2d99c6390fc1869324930def0eb06f23dd7424e82f5b4745ceefdfee506bffd945b317e06e6384014d203bdb1013c07b09a3514a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46692342922b33dd637ce58b7fe4ca7f
SHA1 61b2aeb75362743c349bfbcf07616d8eb0497135
SHA256 457713d614d24ebd6c0e35f7a4b6667d9fccee16937eddab5caf5c1f5c9dcb70
SHA512 66d85fadf3096e41620624b381d33de2fa9f4830deedaa1096983662dd00a0cea5f57646a1c0c1125745ae9cdf69805f2777e6f0235fe7ebbc276167acb34ce2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ecb1fed88458b1f1508fa3240cf1df7
SHA1 b7a2f238b2c9d261b2131404c0c4302bb401848e
SHA256 efb424949a1f04073b14adeae5b07f1062afdb9931ab6c424ba0282b5d3017cd
SHA512 c4f87169271544e84fcc91368f827e7f966fa52102734af8a45c882afc5359a2e1ab9daf333445482b9dcab78a336378d5c75ccdb12de39f1ffb7e9fdafea4ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf44ddbe9cb09939657275b0b59f9500
SHA1 8b49601bf3eebd3b5f984c6e3e251f06a2809fb0
SHA256 73004be7b07b8334bd6e17fce294817cad9ff277106719eeab5bf4d8899f136d
SHA512 654b67c367a3b06269880f5a338f5f588205d8188f52f11697653dae15c0e2517fc3804dfab74428dc89627cf5f117e94a99b4e6cc2bba45924c9bd19fa73023

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win7-20240903-en

Max time kernel

118s

Max time network

128s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win7-20240729-en

Max time kernel

117s

Max time network

130s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2240 wrote to memory of 4488 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2240 wrote to memory of 4488 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2240 wrote to memory of 4488 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4488 -ip 4488

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 73.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:30

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

0s

Max time network

131s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

Country Destination Domain Proto
US 151.101.193.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
N/A 224.0.0.251:5353 udp
GB 84.17.50.8:443 tcp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-11-20 11:59

Reported

2024-11-20 12:31

Platform

win10v2004-20241007-en

Max time kernel

139s

Max time network

163s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A