Malware Analysis Report

2025-04-03 19:12

Sample ID 241120-raf69ssldk
Target Wave-Setup (1).exe
SHA256 9450dafe9611c073d06b5f7dc8a11659217ba80a5566dd7c12161f87b80b265a
Tags
execution discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9450dafe9611c073d06b5f7dc8a11659217ba80a5566dd7c12161f87b80b265a

Threat Level: Shows suspicious behavior

The file Wave-Setup (1).exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

execution discovery antivm

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Checks installed software on the system

Checks for any installed AV software in registry

Enumerates processes with tasklist

Checks CPU configuration

Reads CPU attributes

Browser Information Discovery

Program crash

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Command and Scripting Interpreter: JavaScript

Unsigned PE

Command and Scripting Interpreter: JavaScript

Reads runtime system information

Enumerates kernel/hardware configuration

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-20 14:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:42

Platform

win10v2004-20241007-en

Max time kernel

1140s

Max time network

632s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 72.72.21.2.in-addr.arpa udp
US 8.8.8.8:53 25.125.209.23.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:05

Platform

win7-20240903-en

Max time kernel

16s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A

Checks installed software on the system

discovery

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv

C:\Windows\SysWOW64\find.exe

"C:\Windows\system32\find.exe" "Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nstC266.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nstC266.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nstC266.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

\Users\Admin\AppData\Local\Temp\nstC266.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

\Users\Admin\AppData\Local\Temp\nstC266.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\chrome_100_percent.pak

MD5 cb4f128469cd84711ed1c9c02212c7a8
SHA1 8ae60303be80b74163d5c4132de4a465a1eafc52
SHA256 7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3
SHA512 0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\chrome_200_percent.pak

MD5 e9c1423fe5d139a4c88ba8b107573536
SHA1 46d3efe892044761f19844c4c4b8f9576f9ca43e
SHA256 2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa
SHA512 abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\ffmpeg.dll

MD5 9691e33909895bfb5bb0355b6f439c81
SHA1 7fca2dfcb9aca4ed92c644e8f7ceb98f87116a52
SHA256 223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7
SHA512 9ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\icudtl.dat

MD5 ffd67c1e24cb35dc109a24024b1ba7ec
SHA1 99f545bc396878c7a53e98a79017d9531af7c1f5
SHA256 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512 e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\libEGL.dll

MD5 09d3bc8a5c6104d78566cd6e51c5a6a8
SHA1 d1db4f83bad27dc0caf75f77d510f2eb62dd84c4
SHA256 1307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85
SHA512 198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\libGLESv2.dll

MD5 02374701c3dc3b26088763fd3cc11bc9
SHA1 84e582496c53ce139d9efd219b762ad38a50d011
SHA256 8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41
SHA512 09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\vk_swiftshader.dll

MD5 337b0322f328251f01bd0fda8948217f
SHA1 6e59fb5df7773c8668e8f18755e62b532a9071c3
SHA256 11f24457eb9af084eb845780f3fdc1989605766c2749fce6fb003dd988d5ff65
SHA512 3540b2f5df1f20b5cbb6e61caa005fe7da5d1cfbe58f639ae0c40f6a4e7a9d8786f3db4691dfee9a001a2a87ac7b0bf39b7f308c14f809874a89f86b18ff8fbc

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\v8_context_snapshot.bin

MD5 a62fbbb671bf975ed46b42d9cf437bcd
SHA1 408b595b1dc6658533e0db1d35f509ab9ee70525
SHA256 a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae
SHA512 87c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\snapshot_blob.bin

MD5 62b9e00c46ed829e06d0c2494aa994af
SHA1 988882632b95bb78d80db60e4787c576e48338e4
SHA256 22a46de643045805a3e588f9a18ebaa377f9fba3dee46b2d60f3ae300a09cc4e
SHA512 03b7c57782923ca3a011fcb85f74e865bb7ff9976c89152758770be3bd3d40684ebd216fe34f0d0050936b536c8bab5eafcaa35fc26e893d30a108e36687876f

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources.pak

MD5 3a87e8d6dc2d7dab0c3c37fe4a74308d
SHA1 5ddd587a6541e034203f24ee329796dfa316656f
SHA256 61216fee0360053988d5be52ab626c89173c86da1cf0b5a697bc32944282fe14
SHA512 7ba1bc093f25cec2539fb462084cb1fc32b17841f79be95679c90f4c735772d1dbe652471e52f4be254b10e650d31e3460ebebc82d89efa6a9ef801e5d98ea6b

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\LICENSES.chromium.html

MD5 ae174699b663bd90d8d06c68c6952477
SHA1 8c76eda61d320779909adc541593b8e26b24815a
SHA256 c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18
SHA512 3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\vulkan-1.dll

MD5 6db4abe9370ef778e93cfc6bd6dbd292
SHA1 0d7bd9d21524780b6f8904a82c3ce09ae5d03f97
SHA256 52bf439424759a84cdcb6d379ed88582a6d6ba58127c44adf1b8379f0e88e5ec
SHA512 1ec07916d82d78243d9a144db3e947c95ca92fce1350708484c45fca2f953bb76728889b8d9a02c041849bcf005f998804d7066a90359fa180d94c237d014317

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\af.pak

MD5 e48860fe82ef022ffab38cbc4c96dffc
SHA1 a832fa66bfddabf3ae7f219cf379f66d2903162a
SHA256 e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13
SHA512 e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\bg.pak

MD5 e6608ecc589e87a6f78f9ce553ec2609
SHA1 9fdb2ff6291549df773ba243b3a92b984b15bdf6
SHA256 97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768
SHA512 25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\cs.pak

MD5 582fde87aac61961e4f7955f16d31769
SHA1 3a8eb832317dd7e07efaaeeb5885c32b9d381622
SHA256 7d7b701ce510b2e4a18e957e500086db590aad8bf5acd37f82263a676f0b556c
SHA512 adb04ccce5471d80182f7ca73bf1a2e4ce63a4980d455837fb378bf679a0022d4ee6f9fbe148d6932fad83f458c76ac229229542092e0cb9b271c8d44639b11b

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\da.pak

MD5 5f8f09aa98ec3a4c8122d64c5bc6610e
SHA1 08a6dfaa3a11d8c994da90460e78ce0a4fcfb644
SHA256 3430c0f1946901dfa24190ca3989f72171ec564bc7c523853e6a1f531b61b5ee
SHA512 9c643eb6415cad6aca0584d62211aed5ed21a0f8d71ac4f692bd420a4a190a9781add7c874d0f56bb5c1c0f65d543d932d0f50caf127e8d014c05d015ae61ca3

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\en-GB.pak

MD5 56bdf77ab3487e28d354a8b0f9ba8d2e
SHA1 b10ee918320a50a417b1ee6a28cd4b05a5f77238
SHA256 7df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb
SHA512 8d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\es.pak

MD5 f90d43351ffdc63bcef25bf634c1fd35
SHA1 f80df8034cb64df1ef62e586891275a74868ab6c
SHA256 0385e6776de5a0d8a3b30b7bad44308ac4cb04e2bcebd573d3c7938b68036573
SHA512 7bfa70a5de14652063d261c28ffd3df89ea5e38877cc7977ab27f7280c48084a4ab1e5bdad0c2f624a7434a5d975feb9d8d221c010e24963d3c42921f5a36e65

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\fil.pak

MD5 c744b92c8feff1c026034f214da59aca
SHA1 95780d3374841efdbc0d8a46cddc46bb860a26e0
SHA256 d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745
SHA512 eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\hu.pak

MD5 2515bb367f56f282657b3dd3b9ffcbc3
SHA1 8cc350e359f1cfefdf0ce3b016109dd483d45a8e
SHA256 b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a
SHA512 779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\lt.pak

MD5 20906aec4a21bcbb8bc8bab067075ba6
SHA1 369da9c1567d4376852cebdb87cd9213dc4bd321
SHA256 a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58
SHA512 8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\pt-BR.pak

MD5 b4183914f46fd63a7bd32d715b8629f5
SHA1 d0295b556e55a74e357f932473f9dd2bb1cd2f51
SHA256 5ff219be32f9178fee40e8966ac5deff2be1f2ff259a66cb9cdce81c2e90a7e8
SHA512 3bcd37cc49a827c03fb5b3a97a5eeb863ebb6f071fb2af697ebfc4f57dda676227533cc6a2fdb00505cb2395aae685dae087970ce13af113260d856b845a985a

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app-update.yml

MD5 4dd45d9de32f1a1a9aaae5d05314e29c
SHA1 80e458fe95becbdbdc82b1c06c92ae4f3781f497
SHA256 f2063da30e10724592fa8e42767f066c34520c4fc8302b6647a1d2a0a039d71f
SHA512 f5b0ade03d39d867ba3d7db972f999b92696beab9c20d1eb0440d3a0aaf66fc6459f0d6100f3ee8d9dbaacb5d6d78b8d3e0f8abcef8dd76f05719b7f896a7c40

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\zh-TW.pak

MD5 e302e1102f3f5a21860f38f41b3c30f8
SHA1 78b5d1c451cf674a7641dfcc815f966fc920cf57
SHA256 d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b
SHA512 1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\zh-CN.pak

MD5 3fe312d9859b299c3a332373172c33f8
SHA1 ce6a99d79dcfc363bcf68bdb1ddd4e6862236020
SHA256 f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b
SHA512 488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\vi.pak

MD5 565abf3f9b296fcff95fa5b169a7d598
SHA1 24de1221b2adec13b5bcc23c4a54b8e987e9f12e
SHA256 fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257
SHA512 53bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\ur.pak

MD5 fb978b7d211112a0774ce09ca54ca96f
SHA1 fb0c69801230437dcd20e3803db81ee60fc042b0
SHA256 60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a
SHA512 abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\uk.pak

MD5 241fc33569b22647e7d2c4189a8ee7bf
SHA1 f56a73cc81b1e96560b74ee5e73d7af792720ada
SHA256 13e40208e2c9f4f4b83dcf422610dc82314a8f99ba50acdbd286c508f92eb232
SHA512 ad16f84482f0c7c3d3c3fb98caa3dbd0048138f361aa6eba2b6338ff6e25da4c3ab39450354f2a86a53d655cad99e92fab2c030b5771d7e6a25190617f1a9385

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\tr.pak

MD5 414b557adfe76e3564d43cb93f513c5a
SHA1 f775095f7c55e834a777c7f25fdfb81f1e63ca08
SHA256 f58ed19be62706fb4fd797a6bfd3af5c6ad4b39aef994a577cd28968fcac0291
SHA512 8b1be522ef23888d46c13888a18229f4c9cb6e1c6e6730cca79d9b13d71eb86ecd3d0c172ade6f70ff63a7fb5242e4de7d9742b93376669d13c77de0cb622f94

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\th.pak

MD5 879a881174501e22c3de65b9f80bc19b
SHA1 a2e020d5ed1be7dee50a495a2f8581e751cbf735
SHA256 647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d
SHA512 b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\te.pak

MD5 3a71904057869c23d1bc108f1e8d0d31
SHA1 6fb6e60c80bc332a2bb66d02a1e3db69961a9c41
SHA256 8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e
SHA512 7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\ta.pak

MD5 52ee28471f2f9d01ef3f57233496554b
SHA1 abd7dd9989fac90636626a41f007eb6aa5ec7a2e
SHA256 1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242
SHA512 af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\sw.pak

MD5 be2bc09130635406f560b95e789f9a81
SHA1 f189cd6eb6c844e2d96ffaeda66fe4d5f1453130
SHA256 f0fccf2e3ad332846736d816e254028569f5f84918573872442987a8bc9bba58
SHA512 f651ea959066a5966f35493788b9833597dff653f649a5bc8b09a8ed748bcf086bd0586a36e1f4ecddd361d04774253e21d67801760d0988f3e17f0c6e1121cd

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\sv.pak

MD5 819b5e4f2b7734ea4677f6d579d72f84
SHA1 aff3048d8e35fabf68a756513b67efedba59f85b
SHA256 105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e
SHA512 3e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\sr.pak

MD5 eb8ec452c7079ef7dc24bc7975513ed9
SHA1 4787250292b8f2040c7ec0b265f60edcfd1ffcd6
SHA256 4cea4c83b5e887463dadbf470a9953b8175149f31fd07b83406a6fc59acfde41
SHA512 3ab2eafd3f09627efed8263cc2d59d5780b6a856a6d1299be511bbb5c1350fa05f98b0e77c53c3707ada17e7e44b8801b191802e2cf5129548e279703983a8ba

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\sl.pak

MD5 6c71fa576a41711dcb351abf92a65ea4
SHA1 a0281f6b9dc363628e7d6045f7dc2904149c9dad
SHA256 458b15bf249c1e6fe9843725c42443274ef6e09dcb15f5288c916c0561aefc47
SHA512 258e49b51ee65bf508d05a5b3286a8937d3a876a876635b59b97752c5171e89458b9d23d9d7178153aa16b6fc908cc011a8e855c6d3a0152c919b40349cdf4fc

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\sk.pak

MD5 5d41e75bf42cb12d7674986f4e5dcba4
SHA1 7c3375226997e3f69e3c9a3a5ed762ec40d24973
SHA256 89f984a67cea3997c704005fbfbacd3f6f5652248626945c2ab1c3bcf24e6623
SHA512 a2b91c888ea3dc2e618bf8faf7ac9f0fe562ff16c85d03afac0778ed671b1868a665b892aeb2d588e7f5bf32a7eba57b75e2e15f2c51fc9264e0db2f95d804d0

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\ru.pak

MD5 46fb61aa9515e97293969683fc330764
SHA1 5bcc41716976eefb65870ba2a2b230238f7e53d3
SHA256 4babe5f20caafca33867ee263aa9dd55ed271704a062e4372fdd133eb359a558
SHA512 c3acfc1c902c651e5fc0501a7a77358cbb99daa020597f7f6be9fc81ee53509dcb0d63c6bbc5ae308c88d95dace7099f024d698b6f364dc7db4ae2a7660e5b31

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\ro.pak

MD5 cfd7cb2444248216e12193689ba56c10
SHA1 0a9d65fdbc68688bf1624a8c98fd42673961e0d2
SHA256 655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9
SHA512 7ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\pt-PT.pak

MD5 03138b2e4fb822b03713f6c4f0fc67cf
SHA1 8f6f6585743676177eaff5a582d18691e3386bbc
SHA256 02ea290fac25b414a1d4ed78cdc159cf6c73fe5350824c2f36f032e426a23364
SHA512 b000f1b8fc952849d1ada21aab665cbb97989fc28e892a75077ae9a24c4ef1d15b7d5cf1c5aca89d27d40a01c64f343a08f790049249fcfed43a1a430b4fef9b

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\pl.pak

MD5 8d4db26e2ee5181afdfdd513053f3c17
SHA1 0da427a085927a5c02d2a67c424ea99cbf5e6b02
SHA256 f2a7dcb69a433c2a898866c555b82c26e3515c089f500e7748b9b11ec3047786
SHA512 bf441f501d746f1fd996c21e5e2cde643b9031bf58bac31474e68a72ea6993447f8bfad3284351bffc94d6a088e183e0b24d109398d65dac0edee8826076ee21

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\nl.pak

MD5 d59fed8986eee2b9d406ad52d88cbcf5
SHA1 f7e409e17723e21174361bc81e54bcef269f40f7
SHA256 619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e
SHA512 234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\nb.pak

MD5 de04250ff403e9af66a1351598d2a64d
SHA1 4b7a5a2bf48d988f95aac6e85b11a8c2b2fd007e
SHA256 887a0278971d6ba61e2f24c62029a3087a46c4962c4357412c28ede12ed6da15
SHA512 71527c025205bbcd63351283b7b123d8807c05bc68f2f7555f10386e330e052d031b9986ae2c1f0398bd174e67962657e0b8d4a57a07d167c233390a4e6c5556

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\ms.pak

MD5 9fb7c18f376b46b254ef9a960e08655f
SHA1 31cb060fc606d011151f1b5464e2a469372113a2
SHA256 2f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2
SHA512 23ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\mr.pak

MD5 649e76b6666096a2258b942745ff9fe1
SHA1 82edf8ca68dff0caa36b17901c1e12a17172fa51
SHA256 039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4
SHA512 92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\ml.pak

MD5 39d4a5ed8cf7c8e0df946220fbfc0f68
SHA1 70794849b41d00f2b895f1211a6baaae3fa7d261
SHA256 87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6
SHA512 ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\lv.pak

MD5 a999e734f9addcf07c080f9861c3c170
SHA1 522bb12a0cd4e5232570001684aed84f421abcd0
SHA256 33fdf706f6d3f06b485c5115a7c73a571296dac41c582fc9d0dbb371d86e8653
SHA512 ecb92c4ddf7b252a3216059e63b387c6847f6eccde532c300b74e6b04ab56da0208c2ecbd00ab1d5e48acced909db74b1aabf88e34d0d5928b89320f45200dc8

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\ko.pak

MD5 965ac0d213ccdfd83ac4970de23a8f11
SHA1 8326841ab80c40a7ca8b13589a3f5ff54fc15827
SHA256 3fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07
SHA512 5eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\kn.pak

MD5 a11d186b8eec7362a280abec3859107f
SHA1 966065cc6f69c3a222751d2191a0efeb6049cbdd
SHA256 a6ecf1dfe4d99f6ba0926c696b5b23b77d234fa8fd03da9825b074ecc640d508
SHA512 099e73977453a5dca329b1d8a8cbc612dd2739bb3db034b7509af35877ede6ee12450875302ff3f9351fc7096b60be1b2d8ccbec89ace3145eb264f25946d46c

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\ja.pak

MD5 412bef3ec11f53c2aa6511ca139b1f35
SHA1 8b42655c2b62edc13c61a4625f55c961cefd1c49
SHA256 c5692ca739c31569ae2431fd58f1028e6c8c01af278b76656ee0bb65b79e9985
SHA512 85760c2a0dd4404a2d41f0d957c9cf8962d6b80389df838cd2d85b6a31a54f4e50c5f19ee73d2ee66e3e61a8809aeb5b493e7170aceeef9bda53e135ae02bc42

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\it.pak

MD5 591113bc491e5c388ee3876de4aab3a1
SHA1 a63c2a18eb92fd03445bd237a5755d557e1cb593
SHA256 33652aae78a486dc3ce4e5affd1b7f72e1248f6f9f3e62188afe3b5d73bd148e
SHA512 66f1e79c9bf179f19942352258181858268a991b42d4a79747ca580df3fa219c2be71ab6597cec4ba7bd4c691a5e1328aa03a565b3eef442c6e2216f0d82653c

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\id.pak

MD5 91bad2312491410c7f0393be512b895f
SHA1 6e4e9cc985c5b96eaaad91787f8bb7f72cddb604
SHA256 a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059
SHA512 5c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\hr.pak

MD5 1973723b9c45b9d971c97229e7a441cb
SHA1 2bfa4922bf2084486681af45cd7f7dedf95b2d66
SHA256 afed35643df24709c8c5cc9b8158b3d9a2266fbfeed132e98ff254ced4086c5f
SHA512 6a1f35435b01ab187cd93b376b76444dff575284632fbf37bf8b08e6cfe7783f985d0fad2425df3d3c332aad2278971412455a748e83c2d6fabd0f6afc3dc292

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\hi.pak

MD5 66ab509000cac52c805d6871ca6c1f25
SHA1 e3d3e7bacbcfaa7538ca89d9d26218eca06c01f1
SHA256 9c6d8d93278a6e375405142df9829adefbcc8ae9797a4f589591b9784b2b71c8
SHA512 356642a19f044c6e192f658ca2bf8764431129cdf7c9891b5b5bf4e99f6b990a1428c1e483487b619865e7f2d31cb5c9bbb3b49ed25fa81c4374de3e8e65519b

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\he.pak

MD5 ad6af80367f0b5d408bbe2c7b32ade48
SHA1 9dd4e4e5a63e50e9d3715667b8149edd8d07a52c
SHA256 20b1c80f8b2bd5130a1fb372814fb9c9ceac15305da3da0cb29923960a94a934
SHA512 95df5ce7f7885d0e72b2d89e1794a3796a1ab407fb27174219db22c668f74a8c3ba1f680cbf990be533c35ca0b2136b1917c0cb92d4556e3ff2ef3447c55efbf

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\gu.pak

MD5 e884bbc8ded4f5f059211fbbb85ed351
SHA1 8f4ecb45ca73902791ff5e56e0b272252c08508e
SHA256 087e99953eef9b5fd736e3dbd98d702fdb01dc614593a4c575cb619159688118
SHA512 50837daec40a2624097cf36dfd7beebba4db748fd9cc470bf71b526e612c1aa6c88ead7511ba751e370f6f5d28ad9d6338dcb3581d7e3d53e2672741915b952f

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\fr.pak

MD5 79d945ef9b8ebc7d39fd03d05d9b2f27
SHA1 6fbcb748515f97056689d4a747e4df3a830fe049
SHA256 1f6cc56e04bcbd6b6ecbe500bcb0a5702551ec80d79e624642d0c7d9758d4424
SHA512 f1a26715ad9399052b664c71fb60b6eb6f965fa80d6d8d6c47e0b96ad0d4a4d2028c3e19dad49e008bbc29edc24e656777ce073da008d3f4dfdee4c8f2212a07

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\fi.pak

MD5 6d7aaddb1365b3efee94d4c510a3002e
SHA1 2a970204894c5ac163c980ec0fac2dbd1711e5b5
SHA256 11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274
SHA512 f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\fa.pak

MD5 7851efacda8438c041c9a511f4097de2
SHA1 64cba381a17ef0ffae2dff5135d57fd1f9300ab1
SHA256 f1a7351bf0d8cad475d2761b9edf970c3098836e38aa98106a5e04a41002b7c8
SHA512 d94fb1d04630cc292296ad6033c6beed1a00dcd4c11eaca04a7eacb50c238269b21e4d2a4002836f4d41e0f6d951624beefc95beaae23530eccded4569ff1869

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\et.pak

MD5 3cad945e9ae6e31cfe66c89365e5d353
SHA1 43758cb523d60d936b9a417123f337b8e123481c
SHA256 ba4ec85d2306a1f1f178a017fef4d340b77b33e10bbee07bd359a8e0ff8ea461
SHA512 ac07e7f72b670a2e8b7a46a672fefedc58d9384d4773a6f220c231c619c1134613ff68c0ccb0dc9e03eb5f47dea7ac57de318af5f3f242d6be7ae43071e2d947

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\es-419.pak

MD5 15d1e262602e54d76de8bac02dada000
SHA1 54e93995675bcebc595befaed6b73c9ff5e6e735
SHA256 ec922f8ca16b7e7642fc73369ba7b75ec950cafb1dcadc6c88426c034382d483
SHA512 a232eb97021f17fde322697db2c00423cd70e9741772912c5f7a41849b35dcf3e2fe84001ff0a7902b2b54305d1f805f53988e421e192be0d5abd157bf8b5f1f

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\en-US.pak

MD5 5c52a86b21633b55b383c20f16859b2f
SHA1 126585e68cb17f241351004e21c1d30e65de1cf6
SHA256 41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078
SHA512 2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\el.pak

MD5 34c6150acccd20c7f260b269bce06930
SHA1 277b6d2387f600c84263847d6fb2342fd4746cfb
SHA256 162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840
SHA512 58308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\de.pak

MD5 d1a513308f9de55b6c7bbeef7c4fe90b
SHA1 a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d
SHA256 662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b
SHA512 9756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\ca.pak

MD5 7474c8e0c3285b97f1f12792964b6824
SHA1 8b9381be0754fc3df2f4f13f8575bd4abab90e9d
SHA256 b3d5dfae25427596b1f14a8e13d6bcb58532c82554229c2367779ff5c42b28bb
SHA512 4ad524fd530bfc72d72edf04ba4890e06ca0a20cc1d5c2c3d95cda746b1d884a62ec2d4463ad7be9cd01c7529b41bef65f9e669c62719808a83d3c70f9475d43

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\bn.pak

MD5 57eab375114893a5ed0de36a516e8252
SHA1 16f23ab3eb62bc7a2525a7a5d86139fa88670b89
SHA256 1aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587
SHA512 895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\ar.pak

MD5 f6ca56d15814dd5afd5e7ff985257880
SHA1 ef236d7027cb50a188c1e771527e6628702311ea
SHA256 5cc02570e5f61cbca791309985df3a29584e41583b3344f1d9fb6b04ce423e6f
SHA512 46c0436c110d6f1a8f3ebe962226c51af525228262cd56744e4d89aeb05d1eda614801a294bbfd2e08598e355750d7a2d200b3e7b594da03dd26ece4cdd31e3d

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\locales\am.pak

MD5 d6e8c344b2b40a9c671304f6f252d51b
SHA1 c59ddcaad921b6d2d3f70b7ab07026c35e5d1e08
SHA256 4e15946e86a578eeff41feda808bb291d81e240fbdfc96cbe2efe692ad35eef5
SHA512 018ce2bf4beb4ce066703b2ac7413c6517759be68f889f27990de5d6694e9f84b4027f9861901ea4b15abdd1bb570e5a16651c935713feafc4d16cd57be0b911

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\.prettierrc.json

MD5 e502800d651a7ef3ff58d918c68aa81a
SHA1 c3b456549821510c5729648bfd93886491df1db8
SHA256 37055c98043228133ffcc5cad7bba5ef6c8f24698a551cae547b90f51d22e519
SHA512 9892bb44616c6c2761027562371e5c72a355ce1b519072ce5733ea1d4971ffb8c9b3e83f935a18120e0702aae644d07274ad4b09214459fc13679a8ed6051e7c

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\@next\swc-win32-x64-msvc\package.json

MD5 704b387859cdf10e134ba4c181773747
SHA1 626f9cd6f668b8f310a4c11f331b96cb4289e44b
SHA256 f6b59292c52960efe68cc3813a78bc505d80cae11d632006770059380173cd53
SHA512 5416f7ac6d243bd04f32d5a776b596b94db1858cbf904357d8eb4733a22ddc94bcfbc116437e86799ccf402493212117f65289308f4ae16f3d39083693f9ae66

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\jsconfig.json

MD5 21cfa078a36c66a3d1f4f2caf729fd56
SHA1 8849b6bf237cf4464a4628f0c2e163e866dead8f
SHA256 87cd1d700216892ba7d388d04f42e373e1abda0b5d407c54a60e67b5dde48ab2
SHA512 92f7960fe79d8e5813372d7a7833bf883c3dce6eddb083302314a2d9ff52d800178f8ddcbf071c169267b346dfbc5d59b1dc0f95a70671bd63453e56e18846d7

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\LICENSE

MD5 9b54883148dfd5ff6b9f1a23f9470a30
SHA1 f062e421fa2d8f722e9ccb2b0b4be9502a7386ad
SHA256 0fa6b5d2902f7ac42db390dfd2cb3b4ce82ed45cb5ad5dea41c11d1d67e0934d
SHA512 d2af503c12f0fda687293452af39f98f5c3987eb8a57cf12c47da5aed67c761349e5186c15371a96f5d490c140e8dd0d5e8bd6a6164139dde0562d6ee46db90b

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\package.json

MD5 d973ee4a6969bc5e14e93d99d4680c16
SHA1 22ad20391ccb50fb6343931a1312751b2f7e049f
SHA256 f0051785c8178f10c2b5ebe86edd6949eb9db7b293d9abbb51a857f7e62500aa
SHA512 2f8c64f04b3fe023d296899b16f6596f42cd69c1b8230c5bee561c18af6bbf44697966b45b50d718eff75cbffab37054a6de7b57bebc16b2d85a5a0e307dfa9d

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\nodemon.js

MD5 30894042a167528293c057f833e7b6f2
SHA1 ec993fedf1f1a22c77b985c72d8b0074811ea680
SHA256 9bb0e59dfd1cc00fc40bed0ccf10d88414d915d79875b9dee5c1d5009f4e89cf
SHA512 2b544b29e44e0471a9da5474209bc15cb81a44a38448a74a7a67f4ed3ca7d1926cef4b2b13d3269fb785a468d00f1cfc042d2a7d6b4d563725da65028e2df15f

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

MD5 de5ecb14c8a2212beb309284b5a62aae
SHA1 cf89d1cbd52f3183590b33bd6be591f95a6f5291
SHA256 d35c0d3af8f66984b1ead5cb56744049c1d71ef0791383250ad1086c0e21f865
SHA512 fea8a49538f5fd4cb8c262c1619f9f8e906edeef7d3c791bd3b85f032a0499aa5f18b4370a00e1f4dab9698e1958b042cab467103598f1bdaa583eb1fb918c07

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\help.txt

MD5 0034cf996f84911ff0646b717ae47ee4
SHA1 5aeef8ef12d8023fe208c0492174a960e57c643e
SHA256 d98c56a3cb9643b399fa04c422da35204dc91cd869c47019e9783fb4f7289adc
SHA512 b1f174300ee58e16676ee8ccfae4e48794ed5412d89e0cc0d8a134ec055dfbdb596d0ab43ab376f46adbf76cf970210455bf46ed666839d69357d0ded8c057af

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\config.txt

MD5 73ea33e660552d101eca031a0baf6be3
SHA1 3d3384db49a197a8a616a274598bc18a25ade114
SHA256 032c4ca3b1814a39579d7a0a00154a3772d89aece9884d135fdef782f36e27c1
SHA512 c7b9a4bf4de7d13bb45b4db857511cb411a7927ee4db759af263905e01cfda8d95477d2e2d6ad6c51c9f301710e20ef64b54a4d15082f5054680da9cfbca1146

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\authors.txt

MD5 b5c019895f49ad741cd49e6291aad090
SHA1 03567a03c8346dd89516e2e03957bb674af91408
SHA256 e1e0dfdaaed1f025c106731aff67d664b849635cc6cd3b9b08674db8dbcbc5e7
SHA512 ff13c9416d29d9a3fe636e14fd63e5424129a6e72366c06b1bae3c5a06f60cbbf3520d868c492d472450e35e547881be93955b29eed63e66979592da576f8bef

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\logo.txt

MD5 f55be3331bb0e69fc47994610da41ada
SHA1 d8415b399bd3853ef658a5f2057812404598b5c2
SHA256 cb0c73fe1bc7676104d6a92ca91250cd562b7f37a564edc260de01a3fc636b6d
SHA512 505d427c6d0add618e0c54f8079e4303fee73e0ccd9c4edfa67b44660ce5d5deab4fac09601002f73cfd00f445640a69ce9fe9a39b8a0f3039b200f5bff058e7

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\options.txt

MD5 016f8e569786ff8f5f6c321a735e2323
SHA1 b7a7a46bf03f4564d6e47fa55a4fc6b9be1e39fc
SHA256 3c8ec4fa239f82b2b9f427925ac2f75af2af9147eaecc706b1990540b95ae94b
SHA512 6b8372648371ea46ac98dc49ec93cb2efb9cc81f75e8ee7a5e1f0a01b7bf209ca92e07649c22630722370b1f254e956ea7ffe4be68d0f9ef419766f90dc80fe7

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\topics.txt

MD5 57a5e0be8307585fffdbe867f0d047da
SHA1 0185976215d973431c6810571b21d6804bf64632
SHA256 5f8f41620ccdc1d7298df4ab786abc7edcf049fa7e06fc69bb26b38cbd453643
SHA512 4c05c95f21225be793051bf799255f6e021145e17ca384697877aa9dad66303d8bdb6e47751433eaf17b22dc766758cb799034a34e1e7851a8328a95b6784273

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\usage.txt

MD5 1448d12c8524497e0abecc6089aa5a99
SHA1 183f63e7726b128a36e247e6bb506ced31272e49
SHA256 844e2d826c59dbd72ad383fe8a23b24373d83e9b184b437f7f04c42487cd5759
SHA512 e14e41721ee4bba6deeedcc5786a113042cd595024eb411ea7d874f282547c5943dbdf1eb7674d752ebbac16ac4e1c98149b957ed5cf3623e85a561a42354e45

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\whoami.txt

MD5 5a53b8ff8c3670ff035f6490a24a0789
SHA1 e079a16d67475a83eea085058af0cd704da97393
SHA256 4e7d19dfe1603ca93a0421b1abd4b19cfa5324ef458ff549809c5e66a2efc596
SHA512 e906ef44ff0273e4df3397ba719c173c87a9919b7f9d2580e2c3354fba22f69b0c0a020eb049d276934dbc66f497b279d15c135fa0e12e04acd39802fc5dfefe

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\index.js

MD5 5250f6ffce08844c0f9f139fd707243c
SHA1 b5646886daa1c00461042d1a35c1a83675f8c8ed
SHA256 95111d84575ab36b697d760e130d722daea3d322cf56612f2ae67c7b3e8cef19
SHA512 49dc989edab7b4ce7477bbc5c678e1b1f4aca0f77e0ad6323d3c251164ed28b59f4d18d5b0280d53108b93e133eb2dab5469093ecbb2f1fe2bb32b758f59e729

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\nodemon.js

MD5 392a1c2f9f7dec3e4f64bb738f21785d
SHA1 02d0364639bbc6483d727e5e24e6c6b39c8f0ae2
SHA256 3bb0b111682da4977e265b0bc746cd57191e294e0c25bf667f129771897dace4
SHA512 48b0517f41013b024dd5a674b88a9e53590113f664482b0420236babb9ecbf0428c40c9f708b204bcb1f2d59789ef6383641eb8efcc7a7ac506d4345c78358d6

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\spawn.js

MD5 ad2e1e41a1aaf8c0d0b622a27bc6bf9e
SHA1 139625411959345da513904bcb7d73d7c312b63d
SHA256 7804d7450f305b9142af45967be5c96f52be8350dba2a403f4bf79d5e092bc60
SHA512 e43ecd8af261ad4cbed89f549c18c18df9cfae6338c0719c1e5c06361c6cee4598d080ee32dfda56cc742e23fad5db56a842ef8511d9d5e2c28b7f7eb4eac091

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\version.js

MD5 7232bc938db18583ac3447bebc844430
SHA1 55051c267076fa3bd3764864ee77d4c41c4b3233
SHA256 5071083e2e09969b2741a46cdedbbfcb2608fa35c1d1237e3bcf134749fb5ecd
SHA512 9167690b0ad72c815c3d8c7227ba8d3574acbab95236de0ddea28c73f6a2899dd700ef9083b06d2badad19c21659a93ab101ecc439a42292d2540ed8c2ff3c5e

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

MD5 05d07534c94e2d589bcc02e96e1b9503
SHA1 3c3712ecff74a1099c4d65e4eefd9cf2e38f1119
SHA256 5c5b008f28d9aa1d6f8c30a30de037b95b50141a20ad0f029d0d79bcd75caa4d
SHA512 7c7526f2b4e685cc7e20689ebe5abf7630b738d2d15ab7b5e94765e0e6f221492e9e029f715f5b3ac156d3d11ffd907e070d2d7f968b5f5fb401aa9c7ec84ea5

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

MD5 63db540f7184a372ac611fc3d7f21136
SHA1 0b3a8e70600a6705297a532849b7470c34f8c19e
SHA256 93b9bbbc19e6f0456185d7c9e9ce11e994f41c01e46067959c5168bd345b0313
SHA512 1f56bbc4856fbefd21f6de0738712157b91f1388a71a957c37444b617ee161885822b21fcf4e7efe14d5af54b9706d8181acbb286dbd7525c91a56b53dc391be

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

MD5 90c1aa9f031e818373c2f2f7ed6b9dbe
SHA1 b6476cdfa45ab967436ba9bb32aac1d65e531a9f
SHA256 50f10478098f06b77a58b351a93bb8fe7a7572bfbfb3e6f0bf668460865da3a7
SHA512 4ee766da766530bb372d8e04b058edd6b28ca5d77f603b175336e9b5e8f5c677e77e0ea4afc07a642c07c48e0c209716dbd9cef4f6ab97864a9ea51af2b49bbc

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

MD5 2e6f9c975170db8136c9ca5c5ecf2a0c
SHA1 404a2c64977cae3407aa138c23a2f841546f713d
SHA256 2b577f3fd8e3d03d64c1ee07ef13db89df04d0a9cf7b69ebf2c17041f7251104
SHA512 15bfa9fad522ddc043383704cac725c8cc2b4565708b891e9e03d889237cd528ee4d347e54a983c801550856c2d1ac1269dcc127edfa6d63bf3d2aa0a19eb358

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

MD5 efcab0a70d5e71fb513734cf92f2a201
SHA1 aa55660d5d6a38e2ea632d4de0640ad2b1b7fc5a
SHA256 fcd713c63326ff75fc44afdcbd2bf63991c3c76169a26a2646defab46ce24155
SHA512 260a468807d297c2fe85ce8341ae10be64a7833a8249f2932c6a93e6ade07438ca4bd26222326a1b0e3203ba0c80a6a6fb78e90015b667feda8f68538e1011ad

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

MD5 ac3af2f96d2e824bc37e36e30cb35cad
SHA1 d04e50eb9464ee715a940819ac7af1b612884bb4
SHA256 be155df5dbc29c88c67c936f2840d2bb3abd09981fdb6db6480d54beeb27e9fe
SHA512 060bc19e10d8b9cd959869866b4ac5e0739edd72ca1e61a230a5f3c735feda6fb75ae7a8ea13349013082bedbcd40e30219ca09ccfaad43571059a765bcaee8c

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

MD5 3379b8830f56cd13355114f157e57857
SHA1 cec1a9f2c8ca7f666cb4efc2f3eb99317ea59602
SHA256 7329c732d39f8e884c0ec197e1133c536545bf4137417e6d664bbec962990e29
SHA512 0690be21833aa598da0d7d20312ee8a2e2ecaf164981c94c3bb12036cea40a206e1b25e839209db78419d6262ae87e29a5c94f583ddd9b45e05bc5a107842d22

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\help\index.js

MD5 e47db45cd167c663151a07e6a3396427
SHA1 f3002a966b346ef937a47576d754787e4bddabff
SHA256 1c1678d18dc75f67bbfae8c92836543af6990bce6b1cf1ad3acfb52285dac393
SHA512 3f8e10d09fcb527e1c1753d50c9bcef2b8fb70586f34e600c0d60ed27a295f077f380e1df2fdadc78b0d468a54f32a5351fb5c4cb638e3012c96358094d31dea

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\index.js

MD5 532b43e5038c9f6a6d65d40ca44375f0
SHA1 c7fa3f4fbab77df0eee87d08d428cc06d18faf76
SHA256 cc16aeb163da6cc7746bf5ced2d11f1436e458c7ee803241e9a9fa1d107450fd
SHA512 809479d0b075c9bcb3eef6670cdd652a6caf39ec7f93f1d7dde0eee8a792d518238cfa9f78a2ec1a11ebbfeb00d2a117d25b198718af668c7f356bc3f93ebc1c

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\match.js

MD5 65475ff22153cb7e1cdcd5322341c398
SHA1 c026de2f4276472496755344bea58e11e6b38748
SHA256 d09e469209e55541c8c67fa7ab25b7d4e051ce26d36f737c6264d4ade4b26d63
SHA512 8010e71be183c4b1a02ced648f083be4c8e4be9ac474e1405d91d9925887b00fed0aa07d15b994846417a48ebf768c5402f5d0b004cf9107cb44149bac3da655

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\run.js

MD5 47603d83844b08ba9fc39ac940d78f50
SHA1 4b8dfa2ec30dbd1146a9908b10c858ecbd73521a
SHA256 d93e994fddfcf6c7683976452a3d877a51e68f56ce2a49b821240c93cca86d13
SHA512 52f33cfc03dda936f4641f1ef8b3f14659247053a701b8990f0713742fb90016ba5d51d1e1f44fde84dd883c92166e77e908d586c527858bd3c0a416b9c9d256

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\signals.js

MD5 0b71010f098a8cbf8ea47a83a699693a
SHA1 456a713c6a78b49bbf6d613ff9cfc4bc9f01f589
SHA256 5c16e2e5f7101eea3f13c19da7c7a9e6fa02f7d1098b170e71f07d14f915e394
SHA512 95a382907ac465d95db0cc41055038e839ed9164d4010003c08e6ba4456c19b50158c908b8d287eea09a153e38fdcc7f9a8c0052f35eb069243628e0968750fb

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\watch.js

MD5 a0bccf8a21d0c4332643a758c666f725
SHA1 1aa6968e927afd86a3f056126f31d2eb6420573f
SHA256 efb0a3f37d9a6279614b29fdbca3f29c1a6d47f2d26067be1c86bb56fbaefcf1
SHA512 bf4dc9c5b4f3b0a01ca161feee0ed13e6f1db24b0a64bbf01b325d0a2788380516da7da7654ee983818f3e0684983302242fe790bbb384dcc126ac4c394c41b8

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\add.js

MD5 4739ea852e85157f1ab60544ea5ce663
SHA1 d83c88f7f8bd7ec5d1b36f86009ac7eba9ca1bbb
SHA256 3cc60361f99b1080c66fce4d6ea0390a38c2a49e821e7f21dc43ed2fafa31277
SHA512 780001095f33fe4a18fa06c3311f3505949dfa762da5f1c0c6665b5501190b6e6c45eb69633c99e02b8b59d01813abfce2baa611509f2a0e65364ccf71965bc6

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\index.js

MD5 0691f1f2acabdb82da7d67e05479ca5a
SHA1 dcff01be935756a732591d61fab8e64e530ddeee
SHA256 3e64a2a35a97e41ff8c073299f07c3754d99b0a6e7d42faef7dc02d61d67757f
SHA512 85ac8207410deba52d3b58fcf30e468ee46b1073544b61376b4b015e588a52973fefa192a027bfe8019b6cfedefc3c4c1cb4fb0ee88e7c2ef88da1c7ed0f9eb0

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\parse.js

MD5 078e15305c8688746d2e6933d291babf
SHA1 80f0b4201c45af197cae63c9d93a88525cd5c5d3
SHA256 9259995d8e1ca1737ff36cf4f97c80e55d812726ec4ead43b6c0829ce9679df9
SHA512 83ea7a6d31845542cf03f4b27be92087e417ba5f995ec740824440ddf92932d3623576b7a1022ade20deeff2f1741d617e32dfeda52efb5fb85e9be28de27df6

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\bus.js

MD5 e469c4cef4116cf230f86394586c5775
SHA1 8849ab04de5836797a3839989d4325906bea9dff
SHA256 8ebae78d8d75951b714acaa3e1a3d7f15b382a92b90c8040423e9866d97f1ad9
SHA512 923ecfd5103fc6e266e53dbb1d35e11f4058893177fa00cc392a628524dcdbe616c90015a24e15b987f971c5eabe0e53a3b107878bc41bc73aacf1e370d660f2

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\clone.js

MD5 9ef3c7b72b1d63f5e3a7975ff67bdfeb
SHA1 a406bd661839b5efeff4929af9fcfa991e51be12
SHA256 5062a7c87599935fec99e505f3f463c3e0872455da73f8c8054ce0788c513ba2
SHA512 eca4c0784695d43435573725f659409ec33a3acd3a5695665935439cca28122a6d8fdc1eaeb8ac6fbdb921893ad4226467777e8c35e3b9b0b672b2196f4e12d6

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\colour.js

MD5 a85f32c2180651cc03bb1f293271bfc4
SHA1 0d04f9086ace00f08c628c1af25c728eab897d66
SHA256 a4969a552701982cd415005d5ce162f955cf26c205229d2f4c75ed4a75bceceb
SHA512 b32f6f7c1bd75a3a23aa5f170e5356cbe1ba7eb031f6eced706aeff8c15d8b37fc771c29a82580a48a95c65334d8e41b0ddb551409164a43bff29def7277c89b

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\index.js

MD5 2f2a9c006f17f892a78a9381932918c6
SHA1 80905883f8b96a2265d60202f61de419e8c6d3e9
SHA256 c69735d5a8d259dbc87614ae268de4f6581fcadcf6f931dd20b36bc09c0a502c
SHA512 702966aebbf2a8f98a89da8640a3e0f610fdbd063a19bd4c7ce2097dff7ca1d49a2c8040885ca3b31f85662e6a8b86769ea9224e8f64a03bcd0bdcfb71873b35

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\log.js

MD5 fa4ca8a08fd35bba58f2af0f046320e7
SHA1 5f672b1e8d504a468b7946514e854425fe938d29
SHA256 dabbcccb1bf0089d96ce9592a575cb64139926d6b899091c1dbd37632e9269c4
SHA512 70cdae1e1983fc7bed3bee24f50196ec281752e7567d5c4d5aa2859172141422f3eb6a7ffe9165c408d5e3354d7c139fd90382c73f7ac0de16a5840221dee399

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\merge.js

MD5 b5932e306173a01da5d3f814bedcf4b8
SHA1 d3ffa9ab328864682cbf2f5e9c5e5f6437d92541
SHA256 c4598a00e91b93b7964bb874e8ceed6d614436335a7fd81aff7f504499e210dd
SHA512 cf565fea7c0b2453b8276fc25b5e0b546b0ef79eebdea4022aedcfdeb7866687c925d95cb4d56de413d53db51d03168b8302383ca9f8b04c3b5e501fd3be0fab

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js

MD5 927d799c0c996a865d11a78f04198211
SHA1 f5898b61159f1f56ebd3cd439b498a177d413c0a
SHA256 7f69b31efa09c6e7d442d6229e82e65f38faeafeda1fbed7c5e54324aff062e6
SHA512 97e1061700f32af28dbc946e2f3be0358234689f9d3482b37429dc28697516916cf1ff6c7891a29b835cdd775705f432ff7f437bb67ba87d7ae81d62453407b2

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js

MD5 e5053e64fdc67009804a42cc8baebf90
SHA1 8814ef33fe018ed0a1817e77c7ed7ddb16076137
SHA256 5e591255fa35fb3650502e648ff51d6d7c7e57ada312bd33058da03cc412efb3
SHA512 60f941a6814dc3efea6a65c6dced552d4248273e1ce57222b428f813e0ab655d13546a0951ad3c0b22adffc7fc40542d7667ce70d315052308ea0fa1195526f5

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE

MD5 216384c4c084ff996a55be20cbd26ef3
SHA1 0510d5fdf8e7bf002b8396958f2240222dbb2a5a
SHA256 fe0982bd7d38ee4cb08b2f111067bdeedb9732a6621c761bcf7dd01aa6211c5a
SHA512 eed68402c44f099b181ebbf43ff7efd1dcf6791f7f35f6d386d66202bae0da6e7f0108fe9c3d62af0f69989d92286fd0c307d2192db0113b9fc857746dd01abe

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json

MD5 2ac7232223dd7c39ae2e82220d9a767d
SHA1 cacf598ea739460d281587549421ce95546b3048
SHA256 0f49b6c0282be08a5dba3e98024401a921167974a516b630ce9f9a9f2301df08
SHA512 249f93debdc2f2aabc8a1d977f2c1a9a54cbc0e3580e4dae06a1193ff83c801518a7cfb7919f98c3b943eea7c7b99d85c8148292b0b96b3bce4788277b956b56

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js

MD5 92a4c6dc39d38ac078ec80977508feac
SHA1 edc8d81988e99c77105abb1455ea224fde97d212
SHA256 c12583530edc83dcc7cacef4a428eaefa84c10bfe4b62c0c9707de015e338859
SHA512 3833af1f274d3bb89776a8dc6b9ff015f5d219ebec47f5e98bf88670e523517ad8a493b0959dd41dd6e658c230335338325e8c2befea61f2f22f8e83822ccab2

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE

MD5 7cb552557240a921e34ad313a224d17d
SHA1 92ad1627269adefd696ac5a67131e4af575a2cfb
SHA256 7d355d1a2324c2073059ffe7ea4d96852c873e718bcc197374440dc3efc3f7ba
SHA512 b4bf90a3cd77805fc149a4112f822ee47b4f13404ee92455ecab9dd12d796ffe81d664bf21042ae3ad6419abf6a9de6df231328be6bd8ca2426e3432d456921e

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h

MD5 349864c2d1fbc9c7788cdf95c541ff52
SHA1 fa968f5bd6560675c26078de4e7d52b454c778f7
SHA256 7340eea1def3c1d832a6f40c5022725f1704a783f7f992b71d5f3ba2dcaeb34c
SHA512 5e1910c23dc08e79199fc80ab8e0c7b300e2e1bd2678d0d9171a73d8f328adbd32021146e5e43485f64f25fcc6bd8413ce1ce3846afd7fcf49ffe3a04d0efbf6

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h

MD5 a5a0f8294daad33a66bf30c329157a2d
SHA1 02b5d7fab93d942033fe9ae2620d1a2363914469
SHA256 4955fbf455cc29d63f5dc777d3aa5172d6e1e6df221a33808a913bdebf5a1277
SHA512 f583116ada3f281c208a98d053fe6b580187d6922e2ceae69917770a46f56c16444267172db2cb0bdef3b8012088706ba1a2203631f9ff79d2814714b25fa78b

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node

MD5 8a50b5876633dd9bb73612fea622a521
SHA1 27fb94a39849fe6ba1ce7b983c0d9e4ca4e62ae8
SHA256 053c3100121939dfa1fb936718c6088e4490e72faa3c713310b556ea90155278
SHA512 958d901f7c72773a2f9439842f422048a8cfa941ef943f5f9e61c5e9d48b4d9ebbbaf72acb2a07138ae66f925b46dd98717656a58719902d417a14ba1e5aacaf

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node

MD5 0b3ffb5b756beae28d8d9da67c288283
SHA1 7c2a0be0a5ab1b936c4752254927f5ed066abe5a
SHA256 462e527de86494f96ed0d42a80c261e46bb57352e86d6175607186c1dcdfc7b0
SHA512 a1568e7d02bd34992236c587cd77404e4cc9c25011a075dc0cbe52b59ae254eea65cc31ee7fdf26898386e370a752df8bbb2ce70592244d6f24b10d39f9f7854

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h

MD5 6f621ba192a6fe2228ef9965757f0bc9
SHA1 e3625cddde946f5ea21e4c00be95cad214da4016
SHA256 2b561b980e0a01191a6c7cc1cf94c8d5c061f9f299ea256f1e7ca17250ae08bb
SHA512 ab90bc30f2c23a3032334d30294aa02007e0db180c82c6c8f0d84781203be7c342134cc17bb2ac0c7bd89c1e5902c852afb2d09b0c7d4dba27f5101577491f4f

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\node_modules\language-server\en-us.json

MD5 de2ac61fe7207c1b2f304b05fae4e39f
SHA1 72a4623fde7103eebcff4a55ccb8eb6acf6bbee8
SHA256 c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647
SHA512 4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\node_modules\language-server\globalTypes.d.luau

MD5 6fb690ee838bebdf6591733bdaf632e5
SHA1 658ccef6ada0551d661d78706266ff6ad2797858
SHA256 ae99b7b676e4becb10e6a9b77229e99bdd60e5a91d2e6bbb141c85721962313f
SHA512 7218ebc8c64a7bbec231989ac7d2221be63f29302f6f16bfc0bd67ed5e9c5ddfcb50ae781f6ef73a3d891a70ca73ecc62bbbe6c5a4a218225b24c0d19c7737ff

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\node_modules\language-server\wave.d.luau

MD5 7e477f85c45cfca5731e0e45ca63f8d5
SHA1 35390d8d2c0dd00e3c60dd6fd7f1727e36874566
SHA256 e58e8b24642a8693b1b1ebad703a7efab1cece9a1b12dcf353c4b4432f23062d
SHA512 dd3d9b149dffd31ba4e94b9c84ed0fda1fb67f1f7d633900688cc9e4e40c26f55048c1730f205e5c22b5030362683f0abce86033816f1e089c3b67cc3853ca70

C:\Users\Admin\AppData\Local\Temp\nstC266.tmp\7z-out\resources\node_modules\language-server\wave-luau.exe

MD5 12fd29fcaf6f6518b8bf9e976928fa38
SHA1 1f9352e217518eaceefdd041e3f085ffbb93acb0
SHA256 d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4
SHA512 b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b

\Users\Admin\AppData\Local\Temp\nstC266.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

memory/1732-973-0x0000000004160000-0x0000000004162000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:26

Platform

win10v2004-20241007-en

Max time kernel

416s

Max time network

1145s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2136 wrote to memory of 116 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2136 wrote to memory of 116 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2136 wrote to memory of 116 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 25.125.209.23.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 9.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 24.125.209.23.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:33

Platform

win10v2004-20241007-en

Max time kernel

1145s

Max time network

1161s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2084 wrote to memory of 2484 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2084 wrote to memory of 2484 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2084 wrote to memory of 2484 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2484 -ip 2484

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 25.125.209.23.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:34

Platform

win10v2004-20241007-en

Max time kernel

1151s

Max time network

1161s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3312 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92c1646f8,0x7ff92c164708,0x7ff92c164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11658939470890557869,17501897318804182338,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11658939470890557869,17501897318804182338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11658939470890557869,17501897318804182338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11658939470890557869,17501897318804182338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11658939470890557869,17501897318804182338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11658939470890557869,17501897318804182338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11658939470890557869,17501897318804182338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11658939470890557869,17501897318804182338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11658939470890557869,17501897318804182338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11658939470890557869,17501897318804182338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11658939470890557869,17501897318804182338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11658939470890557869,17501897318804182338,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2840 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 25.125.209.23.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 24.125.209.23.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_3312_NYHXNCKMTNMATSRL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bc14abb3dd531cb06acb22645e355203
SHA1 b13673142b1996c565a48e7137817807f328096c
SHA256 9cbbfb2ac29ee789a3e101eadf5ec557388c7a0f3d035f9ea021ff3bf4095a60
SHA512 1fda77f57415eebcbd7e17ce3a4ef84063ac649c236c9f99d5f90b1cfb61fc1c9d70537b4378e6d47295e77c58b59d8197fc5ad2619a940c9cf9d63bf37d1299

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 43fcffbab7e3fb52d1fcc50c39a1348b
SHA1 5135c008b8202cb7c63be77f15268e089bfbcac6
SHA256 5f213afff097e6a1c14ec358ba90d2a5676d9938516396d7792ed21e82968035
SHA512 489ee762f15df5c63dc0f4a2d18fd794261d9963d21748aaa82e15193f20a78c600b6f27954552730aa88cc061bfec281fa809dcd13193b27292a78f6b2bc3ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 810c5b16db434d27bed08b9b9ecfd111
SHA1 486ad26575f27874eed3db43e93758402f099b5c
SHA256 1f8b519f3c7fb9134157813650f31c994d86ebe597da738ff0812ea13ad7523f
SHA512 2b4822002d8ba444b1bf2a7610a9c60f0f126775f131e0aac70ca49eadaa0be55e9f7022ee04f3cbf3abf9fdde443ab8c8637d4adf1c343df4129ddf3c26c5be

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:39

Platform

debian9-mipsel-20240729-en

Max time kernel

21s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /sbin/node N/A
N/A N/A /bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:38

Platform

win10v2004-20241007-en

Max time kernel

475s

Max time network

1136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:41

Platform

win10v2004-20241007-en

Max time kernel

1139s

Max time network

1146s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 235.17.178.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:28

Platform

win7-20240903-en

Max time kernel

838s

Max time network

843s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 220

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:38

Platform

win7-20240903-en

Max time kernel

840s

Max time network

851s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:43

Platform

win10v2004-20241007-en

Max time kernel

426s

Max time network

1160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 72.72.21.2.in-addr.arpa udp
US 8.8.8.8:53 70.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:43

Platform

win7-20241023-en

Max time kernel

844s

Max time network

859s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:39

Platform

win10v2004-20241007-en

Max time kernel

409s

Max time network

1144s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 25.125.209.23.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:42

Platform

win7-20240903-en

Max time kernel

835s

Max time network

850s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:25

Platform

win7-20240903-en

Max time kernel

842s

Max time network

847s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2860 wrote to memory of 3004 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2860 wrote to memory of 3004 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2860 wrote to memory of 3004 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2860 wrote to memory of 3004 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2860 wrote to memory of 3004 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2860 wrote to memory of 3004 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2860 wrote to memory of 3004 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:30

Platform

win7-20240903-en

Max time kernel

839s

Max time network

842s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 220

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:34

Platform

win7-20241010-en

Max time kernel

1195s

Max time network

1220s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438273936" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30529795563bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b1319000000000200000000001066000000010000200000005b7a105114ec952cd3732692400a0c02774ace062f7d6656ea8ed7bd342e1f25000000000e800000000200002000000097755b021bae00cafc6cea53655c7723013b7498a33d8b8ce9083bb5bbdbf5d290000000ee6a852394e754e8a856b4c42ec3c9aac676a19f5aa1a1557d13e9815fd16f49777d8b118b9b7c7ea716353770fdb453a5c86e95f4cd278e7144bb38e2023e27e9fbbcf4449932f0953892bc1307820bc4ac7539575605aade53986b10a08c14c50064f8cc8aab6903297291f4a72b607b0f83de0ca5d1aff2c0feb11a3d414233cde3c9e42ed69b009baf7a0a18a6a540000000c4435ae05b647ab62d051289227aafa6194f36c86955dd8d140829a8a8268670037e70a1bf29f5a7d09e67c7f7824b0d64ca5384ec76094e9e501b52710e2dc2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFC7BC21-A749-11EF-98B1-E20EBDDD16B9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000106a19523b2669800d2b79dc61d488f0c96cc836cf75af4588c4cc4b59c7b04d000000000e8000000002000020000000290dd279b65a8718628c6a1ffa485d6a2d4201fd0b3749011d873638774570a62000000034f74ea6fb2f1948c370e43879d103404603122766529f498e5a427cff88d4e34000000061a249f7ee4d13c4cbb926df49ec3e92cf8520a498fa93f3a436dcef8362852f109becdba44d96f372652d0d94373578d9b907741a22f4663c09b2e1838ffc02 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab73BB.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar74E8.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2a95baebc6dabcca47acc1562792ac5
SHA1 68ecf9c302b784470e4634564959284a4c6b82ff
SHA256 b89fdb0f94601e6bd02eaddb31cf61769ad4f0908cd54f1760749f705c382b8d
SHA512 541d3721f392e719eacdea0a16f4379c0a29e5e3fe3aee14e217454b1e8a422e5d83822f3b8c64b854e7926d3af3dd96ae73f54f19d038d06d0a1dd9ab72b037

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff297ca0fcd5b99ec7b1e75575f4d7f9
SHA1 ef2fd73f0c9f09a276e7a675cd5273d452888df4
SHA256 d53fdf1aea608002c3da7b38ca641d975e180cfe87d7b866b852c2f9ba64abf3
SHA512 70cdeb7ea120beb16edaa81bcacea98304da7c9b77f0a6a26776b74aa5a9c3898f6000cac50e2562d6558929a2e1987d20f59a6a92f3cef32769a0f5de5a33fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2519e430332c09dfe2b48a8e1104752
SHA1 e1f2622555e40962df1749bd61c1532f50b3fdc6
SHA256 60bb4384c94f4cf0d59877f6f0f470279e632eeba3f76d732c7a7e489556e33a
SHA512 8da2017b27f34dd16713577714ee7471812acd7ff7e8def5a9eb7b7631c424be6be008d9e403d39874d836f1e17fd494aa0594d88b515f9355941ef494f61d23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 807ae864d73d4d5fb04a299b3ba13e74
SHA1 a95f6d6bfc7b5e558cdcf8aff2f68ca28b920451
SHA256 bfae6ba5740ec10abc887784e1999ec68245d60f957416fa3a98981347a694c1
SHA512 eda2d5b9906b696167bcea30c9c338b92562ae6c9caf1167509bc58e7fcd0b1e591bbfade8f757356817310698a93be31b4ca9a05011106dc673983d2a06596e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df2679bf68ec39695894bf681eea7926
SHA1 47b21503a67916952a9d3472f52b306874cb3712
SHA256 c56e642d95a97e8ce5a3e0c14eabb1f59fa2ee5670055c223b559f64a04d1536
SHA512 b86f4490a0fc8ed09e9218f24393ee3f65328b521f8933102169f07e9258e95e066045efc856e01183ae8486759d5710f01e681f02739eb9ac96a00587ea2169

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c36b650b7d1d80f3dc89df4a45a970c
SHA1 bba37d02d4fd3d9a6197f837f8a61acddcdafe2c
SHA256 c4c05a5548d0a94929b8df9517ebef3f138dcae67090d152444bce07f5db61fb
SHA512 cc2de6930b51022d6fbb5178271e7874d345bd264c85908c7415de03e1a3a0d17c392baf1d0db8c5c4a95ad6a05385965fb1785639878bc93b1692889fc6c2c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0f83e51939941246db9fc83092a2360
SHA1 8a2f09e1cdf7398483d1017a3e127cd2bb980857
SHA256 7351a1805c6967a4e635dcb57f2637ce63d39e5d10623ab6d7ecd25c7805cbbb
SHA512 c6cca5f1ca0440ce3f40a9ba479599e261f6f575ae29fb3135aaaead7d149ceee50fe914d7aa6b1646b86d52f6a0c0ad25119ab1f18f6822ec17e1612bb4520f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2df42342ba058e9bda36fccff9482ccf
SHA1 77ac72afa1183830094f0ec3be38959eb2738783
SHA256 46f2ea0a786dfade69061ea67d253479bd7cb689f1d1b58176d684a37ff39e2f
SHA512 1bb528730887f77f5daf4a9e1f9398efbcd41c318257481dbcdefcef2f8d037fb63fe95911a7a108a0e111790a66a7aa5034a8832ead54b87a39999f648b07dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98e226572854d9adefd81f75b62f5b3b
SHA1 b2174485fde1d0838e05c93d5848d553fc4a71f7
SHA256 547f59ff144065b6c35862d7a92421c1c0c8d1043546a8d50fc2331945e15649
SHA512 1968e7dfd27ee202760c208a73c92906b9e23a16c6f39125ad47dff9ce344e8a410a8c7d30b354d99cff6febcb426cb2ffbb1d0714dc77d6e02f57089d1b8df7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1046b25b131ccdfb239b00a30969d92
SHA1 37bd92b59e331cfa2406fc96d19e8e9a8a4d5dcb
SHA256 d48ecb1c9e7a2d7341170be3fb57756d34bfac14cbd4f1d61d3b967f198df5f8
SHA512 31425f08b77d95d732a1535d15d44260909116a00cddfde9ff714bbb07f2f427cb0492768c3c53e8abfab2888a3dafd036ca47a58cfcbf491b308c9981288e42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 514b51cdf34f2bda9694a8df50626ec2
SHA1 b582cad60b3bc791ee933ee2a9027a20e0a50a47
SHA256 5ec222a4ef879332e4fad1a064cec9891316ff001ba2f2877e8676a3dbf73f64
SHA512 401403a0649c6cc9249be335fcb8fa9092ebb8fee77b990bc39d8b6a377a36efeb40a3f0ed0af8732fafd1ef5fc9bdcb62a24a371e6efd43b6c66ff85aa98434

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ffcfafff9dc328245bc36913d62c395
SHA1 2f349d08f95c0201c7452f154d55915996994777
SHA256 5809929e77e4a112174a7ff468707337d9e83d4455e79b53b94f7f5ebbda0aab
SHA512 4500dbf011690af929ccdbb20e2f86320afb435b24de63bdf6f8d8d278c0e8e9ec4de3980ce8bb2f71713b97e0e9bb6eeba8710e74f0fb73614dc8963143e8b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f9c324c073436e32d2518ed20c537f4
SHA1 fc2239e2ccc0c01b71c88857cfe786d842f78ddf
SHA256 badc0ed752401dcea9a4bfccd83cdf009f6968d41f814017cfa36c1122e38711
SHA512 29c39f15ac7dd6d6094e083e4ecaf20a0db6d34d8eefaf4082ab1c133a6d48fc16af19c2517adad44113b128eab1754b52d0d6ac357744c471d6bdc2083076da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62863fed4cf0faeced52b3f1c5e05b29
SHA1 f7d2a8a0c8aff11240a1c8497d3a2959285afb83
SHA256 ca38f4c611c5e7d710e5eb02a676ba95f7fe8f8e60752e973a62e889c0aa7e0a
SHA512 f01065710ad8ee3c759959c00331b42fe574dc0f9c9b09a4e2dd4d0be4e587173ecdb59b30a243abb4c145d60ae2338010bcd1207c8f80a0df6dfbbf750ae523

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1787523507e1110ad2f287086e6b8229
SHA1 1b9bb2295c404126cee77f8809ad39f19808ba3c
SHA256 d1ea831405f2e2cfe87ea009931c8950aef5f420fa85044819a7c170269b8a9d
SHA512 4e9d1d78bc1679d902115fd10a35b0f991d0db70f8dfff4a0b977d79e0c0361bace063ccf14f647c6fd71516066bdd0ea39707259acccc0dbceb6eee3e1f6b48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bed8eed46c0c82f004a0bfc83d13d29a
SHA1 8af1cba97d46738ad444caa882774c5739ef7fb1
SHA256 b90d05cf3661e76b8a6d7784fbc7889f34211593dd64bed14a4592054c1a397a
SHA512 93a12c5126948831526d93a63d34127e8d8bc021da4dea9b203b733a1474642a53b73d801cd83350656b90bf8ba7d9fe4abfe1c089aeb9ea1d9ac18988fb5b65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61ef92db0f6ec8a273f0f897d8ab5f23
SHA1 d2ee8982705568b896590059319d6cbaa4a93379
SHA256 3dfc3d38e3fc6d0d8dc8488bf6cb68e8159e6f06c39619ecb422c891239c436a
SHA512 15cf87f0813ffa768e53c31215364bbecc0e091acf8137b83026483a17a37c014e08f5240c56d13c75fed06aa421e771ef0e17e811432b302b5e3c8fe38d5adf

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:25

Platform

win10v2004-20241007-en

Max time kernel

1200s

Max time network

1156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\wave-updater\pending\Wave-Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\wave-updater\pending\Wave-Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\wave-updater\pending\Wave-Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\wave-updater\pending\Wave-Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsa2B81.tmp\old-uninstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsa2B81.tmp\old-uninstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsa2B81.tmp\old-uninstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\wave-updater\pending\Wave-Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\KasperskyLab C:\Windows\system32\reg.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\KasperskyLab C:\Windows\system32\reg.exe N/A

Checks installed software on the system

discovery

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\wave-updater\pending\Wave-Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nsa2B81.tmp\old-uninstaller.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\wave-updater\pending\Wave-Setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4356 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe C:\Windows\SysWOW64\cmd.exe
PID 4356 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe C:\Windows\SysWOW64\cmd.exe
PID 4356 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe C:\Windows\SysWOW64\cmd.exe
PID 2180 wrote to memory of 3280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2180 wrote to memory of 3280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2180 wrote to memory of 3280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2180 wrote to memory of 1900 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2180 wrote to memory of 1900 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2180 wrote to memory of 1900 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Windows\system32\fsutil.exe
PID 2804 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Windows\system32\fsutil.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe
PID 2804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe

"C:\Users\Admin\AppData\Local\Temp\Wave-Setup (1).exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv

C:\Windows\SysWOW64\find.exe

"C:\Windows\system32\find.exe" "Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,13496199389369551472,14924625187544544019,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1796 /prefetch:2

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --field-trial-handle=2180,i,13496199389369551472,14924625187544544019,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:3

C:\Windows\system32\fsutil.exe

fsutil dirty query C:

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3000,i,13496199389369551472,14924625187544544019,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2996 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe

C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\en-us.json

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session

C:\Users\Admin\AppData\Local\wave-updater\pending\Wave-Setup.exe

C:\Users\Admin\AppData\Local\wave-updater\pending\Wave-Setup.exe --updated --force-run

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv

C:\Windows\SysWOW64\find.exe

"C:\Windows\system32\find.exe" "Wave.exe"

C:\Users\Admin\AppData\Local\Temp\nsa2B81.tmp\old-uninstaller.exe

"C:\Users\Admin\AppData\Local\Temp\nsa2B81.tmp\old-uninstaller.exe" /S /KEEP_APP_DATA /currentuser --keep-shortcuts --updated _?=C:\Users\Admin\AppData\Local\Programs\Wave

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv

C:\Windows\SysWOW64\find.exe

"C:\Windows\system32\find.exe" "Wave.exe"

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --updated

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,10845007005215104536,10891804052404675033,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1800 /prefetch:2

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --field-trial-handle=1968,i,10845007005215104536,10891804052404675033,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1964 /prefetch:3

C:\Windows\system32\fsutil.exe

fsutil dirty query C:

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2904,i,10845007005215104536,10891804052404675033,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2736 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe

C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\en-us.json

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session

C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe

C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe

C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe

"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3988,i,10845007005215104536,10891804052404675033,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3728 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 25.125.209.23.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 104.26.2.170:443 cdn.getwave.gg tcp
US 8.8.8.8:53 170.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 scriptblox.com udp
US 172.67.69.68:443 scriptblox.com tcp
US 8.8.8.8:53 68.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 104.86.110.210:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 210.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 172.67.73.56:443 cdn.getwave.gg tcp
US 172.67.69.68:443 scriptblox.com tcp
US 8.8.8.8:53 56.73.67.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 172.67.73.56:443 cdn.getwave.gg tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Programs\Wave\chrome_100_percent.pak

MD5 cb4f128469cd84711ed1c9c02212c7a8
SHA1 8ae60303be80b74163d5c4132de4a465a1eafc52
SHA256 7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3
SHA512 0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\chrome_200_percent.pak

MD5 e9c1423fe5d139a4c88ba8b107573536
SHA1 46d3efe892044761f19844c4c4b8f9576f9ca43e
SHA256 2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa
SHA512 abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\ffmpeg.dll

MD5 9691e33909895bfb5bb0355b6f439c81
SHA1 7fca2dfcb9aca4ed92c644e8f7ceb98f87116a52
SHA256 223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7
SHA512 9ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\icudtl.dat

MD5 ffd67c1e24cb35dc109a24024b1ba7ec
SHA1 99f545bc396878c7a53e98a79017d9531af7c1f5
SHA256 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512 e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\libGLESv2.dll

MD5 02374701c3dc3b26088763fd3cc11bc9
SHA1 84e582496c53ce139d9efd219b762ad38a50d011
SHA256 8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41
SHA512 09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\libEGL.dll

MD5 09d3bc8a5c6104d78566cd6e51c5a6a8
SHA1 d1db4f83bad27dc0caf75f77d510f2eb62dd84c4
SHA256 1307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85
SHA512 198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\LICENSES.chromium.html

MD5 ae174699b663bd90d8d06c68c6952477
SHA1 8c76eda61d320779909adc541593b8e26b24815a
SHA256 c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18
SHA512 3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources.pak

MD5 3a87e8d6dc2d7dab0c3c37fe4a74308d
SHA1 5ddd587a6541e034203f24ee329796dfa316656f
SHA256 61216fee0360053988d5be52ab626c89173c86da1cf0b5a697bc32944282fe14
SHA512 7ba1bc093f25cec2539fb462084cb1fc32b17841f79be95679c90f4c735772d1dbe652471e52f4be254b10e650d31e3460ebebc82d89efa6a9ef801e5d98ea6b

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\vk_swiftshader.dll

MD5 337b0322f328251f01bd0fda8948217f
SHA1 6e59fb5df7773c8668e8f18755e62b532a9071c3
SHA256 11f24457eb9af084eb845780f3fdc1989605766c2749fce6fb003dd988d5ff65
SHA512 3540b2f5df1f20b5cbb6e61caa005fe7da5d1cfbe58f639ae0c40f6a4e7a9d8786f3db4691dfee9a001a2a87ac7b0bf39b7f308c14f809874a89f86b18ff8fbc

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\v8_context_snapshot.bin

MD5 a62fbbb671bf975ed46b42d9cf437bcd
SHA1 408b595b1dc6658533e0db1d35f509ab9ee70525
SHA256 a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae
SHA512 87c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\vulkan-1.dll

MD5 6db4abe9370ef778e93cfc6bd6dbd292
SHA1 0d7bd9d21524780b6f8904a82c3ce09ae5d03f97
SHA256 52bf439424759a84cdcb6d379ed88582a6d6ba58127c44adf1b8379f0e88e5ec
SHA512 1ec07916d82d78243d9a144db3e947c95ca92fce1350708484c45fca2f953bb76728889b8d9a02c041849bcf005f998804d7066a90359fa180d94c237d014317

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\snapshot_blob.bin

MD5 62b9e00c46ed829e06d0c2494aa994af
SHA1 988882632b95bb78d80db60e4787c576e48338e4
SHA256 22a46de643045805a3e588f9a18ebaa377f9fba3dee46b2d60f3ae300a09cc4e
SHA512 03b7c57782923ca3a011fcb85f74e865bb7ff9976c89152758770be3bd3d40684ebd216fe34f0d0050936b536c8bab5eafcaa35fc26e893d30a108e36687876f

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\af.pak

MD5 e48860fe82ef022ffab38cbc4c96dffc
SHA1 a832fa66bfddabf3ae7f219cf379f66d2903162a
SHA256 e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13
SHA512 e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\am.pak

MD5 d6e8c344b2b40a9c671304f6f252d51b
SHA1 c59ddcaad921b6d2d3f70b7ab07026c35e5d1e08
SHA256 4e15946e86a578eeff41feda808bb291d81e240fbdfc96cbe2efe692ad35eef5
SHA512 018ce2bf4beb4ce066703b2ac7413c6517759be68f889f27990de5d6694e9f84b4027f9861901ea4b15abdd1bb570e5a16651c935713feafc4d16cd57be0b911

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\bn.pak

MD5 57eab375114893a5ed0de36a516e8252
SHA1 16f23ab3eb62bc7a2525a7a5d86139fa88670b89
SHA256 1aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587
SHA512 895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\cs.pak

MD5 582fde87aac61961e4f7955f16d31769
SHA1 3a8eb832317dd7e07efaaeeb5885c32b9d381622
SHA256 7d7b701ce510b2e4a18e957e500086db590aad8bf5acd37f82263a676f0b556c
SHA512 adb04ccce5471d80182f7ca73bf1a2e4ce63a4980d455837fb378bf679a0022d4ee6f9fbe148d6932fad83f458c76ac229229542092e0cb9b271c8d44639b11b

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\ca.pak

MD5 7474c8e0c3285b97f1f12792964b6824
SHA1 8b9381be0754fc3df2f4f13f8575bd4abab90e9d
SHA256 b3d5dfae25427596b1f14a8e13d6bcb58532c82554229c2367779ff5c42b28bb
SHA512 4ad524fd530bfc72d72edf04ba4890e06ca0a20cc1d5c2c3d95cda746b1d884a62ec2d4463ad7be9cd01c7529b41bef65f9e669c62719808a83d3c70f9475d43

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\bg.pak

MD5 e6608ecc589e87a6f78f9ce553ec2609
SHA1 9fdb2ff6291549df773ba243b3a92b984b15bdf6
SHA256 97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768
SHA512 25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\ar.pak

MD5 f6ca56d15814dd5afd5e7ff985257880
SHA1 ef236d7027cb50a188c1e771527e6628702311ea
SHA256 5cc02570e5f61cbca791309985df3a29584e41583b3344f1d9fb6b04ce423e6f
SHA512 46c0436c110d6f1a8f3ebe962226c51af525228262cd56744e4d89aeb05d1eda614801a294bbfd2e08598e355750d7a2d200b3e7b594da03dd26ece4cdd31e3d

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\da.pak

MD5 5f8f09aa98ec3a4c8122d64c5bc6610e
SHA1 08a6dfaa3a11d8c994da90460e78ce0a4fcfb644
SHA256 3430c0f1946901dfa24190ca3989f72171ec564bc7c523853e6a1f531b61b5ee
SHA512 9c643eb6415cad6aca0584d62211aed5ed21a0f8d71ac4f692bd420a4a190a9781add7c874d0f56bb5c1c0f65d543d932d0f50caf127e8d014c05d015ae61ca3

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\en-US.pak

MD5 5c52a86b21633b55b383c20f16859b2f
SHA1 126585e68cb17f241351004e21c1d30e65de1cf6
SHA256 41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078
SHA512 2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\fa.pak

MD5 7851efacda8438c041c9a511f4097de2
SHA1 64cba381a17ef0ffae2dff5135d57fd1f9300ab1
SHA256 f1a7351bf0d8cad475d2761b9edf970c3098836e38aa98106a5e04a41002b7c8
SHA512 d94fb1d04630cc292296ad6033c6beed1a00dcd4c11eaca04a7eacb50c238269b21e4d2a4002836f4d41e0f6d951624beefc95beaae23530eccded4569ff1869

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\et.pak

MD5 3cad945e9ae6e31cfe66c89365e5d353
SHA1 43758cb523d60d936b9a417123f337b8e123481c
SHA256 ba4ec85d2306a1f1f178a017fef4d340b77b33e10bbee07bd359a8e0ff8ea461
SHA512 ac07e7f72b670a2e8b7a46a672fefedc58d9384d4773a6f220c231c619c1134613ff68c0ccb0dc9e03eb5f47dea7ac57de318af5f3f242d6be7ae43071e2d947

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\es.pak

MD5 f90d43351ffdc63bcef25bf634c1fd35
SHA1 f80df8034cb64df1ef62e586891275a74868ab6c
SHA256 0385e6776de5a0d8a3b30b7bad44308ac4cb04e2bcebd573d3c7938b68036573
SHA512 7bfa70a5de14652063d261c28ffd3df89ea5e38877cc7977ab27f7280c48084a4ab1e5bdad0c2f624a7434a5d975feb9d8d221c010e24963d3c42921f5a36e65

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\es-419.pak

MD5 15d1e262602e54d76de8bac02dada000
SHA1 54e93995675bcebc595befaed6b73c9ff5e6e735
SHA256 ec922f8ca16b7e7642fc73369ba7b75ec950cafb1dcadc6c88426c034382d483
SHA512 a232eb97021f17fde322697db2c00423cd70e9741772912c5f7a41849b35dcf3e2fe84001ff0a7902b2b54305d1f805f53988e421e192be0d5abd157bf8b5f1f

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\en-GB.pak

MD5 56bdf77ab3487e28d354a8b0f9ba8d2e
SHA1 b10ee918320a50a417b1ee6a28cd4b05a5f77238
SHA256 7df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb
SHA512 8d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\fr.pak

MD5 79d945ef9b8ebc7d39fd03d05d9b2f27
SHA1 6fbcb748515f97056689d4a747e4df3a830fe049
SHA256 1f6cc56e04bcbd6b6ecbe500bcb0a5702551ec80d79e624642d0c7d9758d4424
SHA512 f1a26715ad9399052b664c71fb60b6eb6f965fa80d6d8d6c47e0b96ad0d4a4d2028c3e19dad49e008bbc29edc24e656777ce073da008d3f4dfdee4c8f2212a07

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\hi.pak

MD5 66ab509000cac52c805d6871ca6c1f25
SHA1 e3d3e7bacbcfaa7538ca89d9d26218eca06c01f1
SHA256 9c6d8d93278a6e375405142df9829adefbcc8ae9797a4f589591b9784b2b71c8
SHA512 356642a19f044c6e192f658ca2bf8764431129cdf7c9891b5b5bf4e99f6b990a1428c1e483487b619865e7f2d31cb5c9bbb3b49ed25fa81c4374de3e8e65519b

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\he.pak

MD5 ad6af80367f0b5d408bbe2c7b32ade48
SHA1 9dd4e4e5a63e50e9d3715667b8149edd8d07a52c
SHA256 20b1c80f8b2bd5130a1fb372814fb9c9ceac15305da3da0cb29923960a94a934
SHA512 95df5ce7f7885d0e72b2d89e1794a3796a1ab407fb27174219db22c668f74a8c3ba1f680cbf990be533c35ca0b2136b1917c0cb92d4556e3ff2ef3447c55efbf

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\gu.pak

MD5 e884bbc8ded4f5f059211fbbb85ed351
SHA1 8f4ecb45ca73902791ff5e56e0b272252c08508e
SHA256 087e99953eef9b5fd736e3dbd98d702fdb01dc614593a4c575cb619159688118
SHA512 50837daec40a2624097cf36dfd7beebba4db748fd9cc470bf71b526e612c1aa6c88ead7511ba751e370f6f5d28ad9d6338dcb3581d7e3d53e2672741915b952f

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\fil.pak

MD5 c744b92c8feff1c026034f214da59aca
SHA1 95780d3374841efdbc0d8a46cddc46bb860a26e0
SHA256 d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745
SHA512 eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\fi.pak

MD5 6d7aaddb1365b3efee94d4c510a3002e
SHA1 2a970204894c5ac163c980ec0fac2dbd1711e5b5
SHA256 11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274
SHA512 f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\el.pak

MD5 34c6150acccd20c7f260b269bce06930
SHA1 277b6d2387f600c84263847d6fb2342fd4746cfb
SHA256 162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840
SHA512 58308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\de.pak

MD5 d1a513308f9de55b6c7bbeef7c4fe90b
SHA1 a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d
SHA256 662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b
SHA512 9756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\hr.pak

MD5 1973723b9c45b9d971c97229e7a441cb
SHA1 2bfa4922bf2084486681af45cd7f7dedf95b2d66
SHA256 afed35643df24709c8c5cc9b8158b3d9a2266fbfeed132e98ff254ced4086c5f
SHA512 6a1f35435b01ab187cd93b376b76444dff575284632fbf37bf8b08e6cfe7783f985d0fad2425df3d3c332aad2278971412455a748e83c2d6fabd0f6afc3dc292

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\ja.pak

MD5 412bef3ec11f53c2aa6511ca139b1f35
SHA1 8b42655c2b62edc13c61a4625f55c961cefd1c49
SHA256 c5692ca739c31569ae2431fd58f1028e6c8c01af278b76656ee0bb65b79e9985
SHA512 85760c2a0dd4404a2d41f0d957c9cf8962d6b80389df838cd2d85b6a31a54f4e50c5f19ee73d2ee66e3e61a8809aeb5b493e7170aceeef9bda53e135ae02bc42

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\lt.pak

MD5 20906aec4a21bcbb8bc8bab067075ba6
SHA1 369da9c1567d4376852cebdb87cd9213dc4bd321
SHA256 a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58
SHA512 8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\nl.pak

MD5 d59fed8986eee2b9d406ad52d88cbcf5
SHA1 f7e409e17723e21174361bc81e54bcef269f40f7
SHA256 619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e
SHA512 234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\sk.pak

MD5 5d41e75bf42cb12d7674986f4e5dcba4
SHA1 7c3375226997e3f69e3c9a3a5ed762ec40d24973
SHA256 89f984a67cea3997c704005fbfbacd3f6f5652248626945c2ab1c3bcf24e6623
SHA512 a2b91c888ea3dc2e618bf8faf7ac9f0fe562ff16c85d03afac0778ed671b1868a665b892aeb2d588e7f5bf32a7eba57b75e2e15f2c51fc9264e0db2f95d804d0

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\ru.pak

MD5 46fb61aa9515e97293969683fc330764
SHA1 5bcc41716976eefb65870ba2a2b230238f7e53d3
SHA256 4babe5f20caafca33867ee263aa9dd55ed271704a062e4372fdd133eb359a558
SHA512 c3acfc1c902c651e5fc0501a7a77358cbb99daa020597f7f6be9fc81ee53509dcb0d63c6bbc5ae308c88d95dace7099f024d698b6f364dc7db4ae2a7660e5b31

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\ro.pak

MD5 cfd7cb2444248216e12193689ba56c10
SHA1 0a9d65fdbc68688bf1624a8c98fd42673961e0d2
SHA256 655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9
SHA512 7ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\pt-PT.pak

MD5 03138b2e4fb822b03713f6c4f0fc67cf
SHA1 8f6f6585743676177eaff5a582d18691e3386bbc
SHA256 02ea290fac25b414a1d4ed78cdc159cf6c73fe5350824c2f36f032e426a23364
SHA512 b000f1b8fc952849d1ada21aab665cbb97989fc28e892a75077ae9a24c4ef1d15b7d5cf1c5aca89d27d40a01c64f343a08f790049249fcfed43a1a430b4fef9b

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\pt-BR.pak

MD5 b4183914f46fd63a7bd32d715b8629f5
SHA1 d0295b556e55a74e357f932473f9dd2bb1cd2f51
SHA256 5ff219be32f9178fee40e8966ac5deff2be1f2ff259a66cb9cdce81c2e90a7e8
SHA512 3bcd37cc49a827c03fb5b3a97a5eeb863ebb6f071fb2af697ebfc4f57dda676227533cc6a2fdb00505cb2395aae685dae087970ce13af113260d856b845a985a

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\pl.pak

MD5 8d4db26e2ee5181afdfdd513053f3c17
SHA1 0da427a085927a5c02d2a67c424ea99cbf5e6b02
SHA256 f2a7dcb69a433c2a898866c555b82c26e3515c089f500e7748b9b11ec3047786
SHA512 bf441f501d746f1fd996c21e5e2cde643b9031bf58bac31474e68a72ea6993447f8bfad3284351bffc94d6a088e183e0b24d109398d65dac0edee8826076ee21

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\nb.pak

MD5 de04250ff403e9af66a1351598d2a64d
SHA1 4b7a5a2bf48d988f95aac6e85b11a8c2b2fd007e
SHA256 887a0278971d6ba61e2f24c62029a3087a46c4962c4357412c28ede12ed6da15
SHA512 71527c025205bbcd63351283b7b123d8807c05bc68f2f7555f10386e330e052d031b9986ae2c1f0398bd174e67962657e0b8d4a57a07d167c233390a4e6c5556

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\ms.pak

MD5 9fb7c18f376b46b254ef9a960e08655f
SHA1 31cb060fc606d011151f1b5464e2a469372113a2
SHA256 2f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2
SHA512 23ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\mr.pak

MD5 649e76b6666096a2258b942745ff9fe1
SHA1 82edf8ca68dff0caa36b17901c1e12a17172fa51
SHA256 039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4
SHA512 92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\ml.pak

MD5 39d4a5ed8cf7c8e0df946220fbfc0f68
SHA1 70794849b41d00f2b895f1211a6baaae3fa7d261
SHA256 87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6
SHA512 ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\ko.pak

MD5 965ac0d213ccdfd83ac4970de23a8f11
SHA1 8326841ab80c40a7ca8b13589a3f5ff54fc15827
SHA256 3fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07
SHA512 5eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\kn.pak

MD5 a11d186b8eec7362a280abec3859107f
SHA1 966065cc6f69c3a222751d2191a0efeb6049cbdd
SHA256 a6ecf1dfe4d99f6ba0926c696b5b23b77d234fa8fd03da9825b074ecc640d508
SHA512 099e73977453a5dca329b1d8a8cbc612dd2739bb3db034b7509af35877ede6ee12450875302ff3f9351fc7096b60be1b2d8ccbec89ace3145eb264f25946d46c

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\it.pak

MD5 591113bc491e5c388ee3876de4aab3a1
SHA1 a63c2a18eb92fd03445bd237a5755d557e1cb593
SHA256 33652aae78a486dc3ce4e5affd1b7f72e1248f6f9f3e62188afe3b5d73bd148e
SHA512 66f1e79c9bf179f19942352258181858268a991b42d4a79747ca580df3fa219c2be71ab6597cec4ba7bd4c691a5e1328aa03a565b3eef442c6e2216f0d82653c

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\lv.pak

MD5 a999e734f9addcf07c080f9861c3c170
SHA1 522bb12a0cd4e5232570001684aed84f421abcd0
SHA256 33fdf706f6d3f06b485c5115a7c73a571296dac41c582fc9d0dbb371d86e8653
SHA512 ecb92c4ddf7b252a3216059e63b387c6847f6eccde532c300b74e6b04ab56da0208c2ecbd00ab1d5e48acced909db74b1aabf88e34d0d5928b89320f45200dc8

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\hu.pak

MD5 2515bb367f56f282657b3dd3b9ffcbc3
SHA1 8cc350e359f1cfefdf0ce3b016109dd483d45a8e
SHA256 b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a
SHA512 779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\id.pak

MD5 91bad2312491410c7f0393be512b895f
SHA1 6e4e9cc985c5b96eaaad91787f8bb7f72cddb604
SHA256 a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059
SHA512 5c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\sl.pak

MD5 6c71fa576a41711dcb351abf92a65ea4
SHA1 a0281f6b9dc363628e7d6045f7dc2904149c9dad
SHA256 458b15bf249c1e6fe9843725c42443274ef6e09dcb15f5288c916c0561aefc47
SHA512 258e49b51ee65bf508d05a5b3286a8937d3a876a876635b59b97752c5171e89458b9d23d9d7178153aa16b6fc908cc011a8e855c6d3a0152c919b40349cdf4fc

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\sw.pak

MD5 be2bc09130635406f560b95e789f9a81
SHA1 f189cd6eb6c844e2d96ffaeda66fe4d5f1453130
SHA256 f0fccf2e3ad332846736d816e254028569f5f84918573872442987a8bc9bba58
SHA512 f651ea959066a5966f35493788b9833597dff653f649a5bc8b09a8ed748bcf086bd0586a36e1f4ecddd361d04774253e21d67801760d0988f3e17f0c6e1121cd

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\sv.pak

MD5 819b5e4f2b7734ea4677f6d579d72f84
SHA1 aff3048d8e35fabf68a756513b67efedba59f85b
SHA256 105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e
SHA512 3e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\sr.pak

MD5 eb8ec452c7079ef7dc24bc7975513ed9
SHA1 4787250292b8f2040c7ec0b265f60edcfd1ffcd6
SHA256 4cea4c83b5e887463dadbf470a9953b8175149f31fd07b83406a6fc59acfde41
SHA512 3ab2eafd3f09627efed8263cc2d59d5780b6a856a6d1299be511bbb5c1350fa05f98b0e77c53c3707ada17e7e44b8801b191802e2cf5129548e279703983a8ba

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\zh-CN.pak

MD5 3fe312d9859b299c3a332373172c33f8
SHA1 ce6a99d79dcfc363bcf68bdb1ddd4e6862236020
SHA256 f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b
SHA512 488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\zh-TW.pak

MD5 e302e1102f3f5a21860f38f41b3c30f8
SHA1 78b5d1c451cf674a7641dfcc815f966fc920cf57
SHA256 d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b
SHA512 1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\vi.pak

MD5 565abf3f9b296fcff95fa5b169a7d598
SHA1 24de1221b2adec13b5bcc23c4a54b8e987e9f12e
SHA256 fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257
SHA512 53bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\ur.pak

MD5 fb978b7d211112a0774ce09ca54ca96f
SHA1 fb0c69801230437dcd20e3803db81ee60fc042b0
SHA256 60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a
SHA512 abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\uk.pak

MD5 241fc33569b22647e7d2c4189a8ee7bf
SHA1 f56a73cc81b1e96560b74ee5e73d7af792720ada
SHA256 13e40208e2c9f4f4b83dcf422610dc82314a8f99ba50acdbd286c508f92eb232
SHA512 ad16f84482f0c7c3d3c3fb98caa3dbd0048138f361aa6eba2b6338ff6e25da4c3ab39450354f2a86a53d655cad99e92fab2c030b5771d7e6a25190617f1a9385

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\tr.pak

MD5 414b557adfe76e3564d43cb93f513c5a
SHA1 f775095f7c55e834a777c7f25fdfb81f1e63ca08
SHA256 f58ed19be62706fb4fd797a6bfd3af5c6ad4b39aef994a577cd28968fcac0291
SHA512 8b1be522ef23888d46c13888a18229f4c9cb6e1c6e6730cca79d9b13d71eb86ecd3d0c172ade6f70ff63a7fb5242e4de7d9742b93376669d13c77de0cb622f94

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\th.pak

MD5 879a881174501e22c3de65b9f80bc19b
SHA1 a2e020d5ed1be7dee50a495a2f8581e751cbf735
SHA256 647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d
SHA512 b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\te.pak

MD5 3a71904057869c23d1bc108f1e8d0d31
SHA1 6fb6e60c80bc332a2bb66d02a1e3db69961a9c41
SHA256 8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e
SHA512 7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\locales\ta.pak

MD5 52ee28471f2f9d01ef3f57233496554b
SHA1 abd7dd9989fac90636626a41f007eb6aa5ec7a2e
SHA256 1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242
SHA512 af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app-update.yml

MD5 4dd45d9de32f1a1a9aaae5d05314e29c
SHA1 80e458fe95becbdbdc82b1c06c92ae4f3781f497
SHA256 f2063da30e10724592fa8e42767f066c34520c4fc8302b6647a1d2a0a039d71f
SHA512 f5b0ade03d39d867ba3d7db972f999b92696beab9c20d1eb0440d3a0aaf66fc6459f0d6100f3ee8d9dbaacb5d6d78b8d3e0f8abcef8dd76f05719b7f896a7c40

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\@next\swc-win32-x64-msvc\package.json

MD5 704b387859cdf10e134ba4c181773747
SHA1 626f9cd6f668b8f310a4c11f331b96cb4289e44b
SHA256 f6b59292c52960efe68cc3813a78bc505d80cae11d632006770059380173cd53
SHA512 5416f7ac6d243bd04f32d5a776b596b94db1858cbf904357d8eb4733a22ddc94bcfbc116437e86799ccf402493212117f65289308f4ae16f3d39083693f9ae66

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\.prettierrc.json

MD5 e502800d651a7ef3ff58d918c68aa81a
SHA1 c3b456549821510c5729648bfd93886491df1db8
SHA256 37055c98043228133ffcc5cad7bba5ef6c8f24698a551cae547b90f51d22e519
SHA512 9892bb44616c6c2761027562371e5c72a355ce1b519072ce5733ea1d4971ffb8c9b3e83f935a18120e0702aae644d07274ad4b09214459fc13679a8ed6051e7c

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\jsconfig.json

MD5 21cfa078a36c66a3d1f4f2caf729fd56
SHA1 8849b6bf237cf4464a4628f0c2e163e866dead8f
SHA256 87cd1d700216892ba7d388d04f42e373e1abda0b5d407c54a60e67b5dde48ab2
SHA512 92f7960fe79d8e5813372d7a7833bf883c3dce6eddb083302314a2d9ff52d800178f8ddcbf071c169267b346dfbc5d59b1dc0f95a70671bd63453e56e18846d7

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\LICENSE

MD5 9b54883148dfd5ff6b9f1a23f9470a30
SHA1 f062e421fa2d8f722e9ccb2b0b4be9502a7386ad
SHA256 0fa6b5d2902f7ac42db390dfd2cb3b4ce82ed45cb5ad5dea41c11d1d67e0934d
SHA512 d2af503c12f0fda687293452af39f98f5c3987eb8a57cf12c47da5aed67c761349e5186c15371a96f5d490c140e8dd0d5e8bd6a6164139dde0562d6ee46db90b

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\package.json

MD5 d973ee4a6969bc5e14e93d99d4680c16
SHA1 22ad20391ccb50fb6343931a1312751b2f7e049f
SHA256 f0051785c8178f10c2b5ebe86edd6949eb9db7b293d9abbb51a857f7e62500aa
SHA512 2f8c64f04b3fe023d296899b16f6596f42cd69c1b8230c5bee561c18af6bbf44697966b45b50d718eff75cbffab37054a6de7b57bebc16b2d85a5a0e307dfa9d

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\nodemon.js

MD5 30894042a167528293c057f833e7b6f2
SHA1 ec993fedf1f1a22c77b985c72d8b0074811ea680
SHA256 9bb0e59dfd1cc00fc40bed0ccf10d88414d915d79875b9dee5c1d5009f4e89cf
SHA512 2b544b29e44e0471a9da5474209bc15cb81a44a38448a74a7a67f4ed3ca7d1926cef4b2b13d3269fb785a468d00f1cfc042d2a7d6b4d563725da65028e2df15f

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

MD5 de5ecb14c8a2212beb309284b5a62aae
SHA1 cf89d1cbd52f3183590b33bd6be591f95a6f5291
SHA256 d35c0d3af8f66984b1ead5cb56744049c1d71ef0791383250ad1086c0e21f865
SHA512 fea8a49538f5fd4cb8c262c1619f9f8e906edeef7d3c791bd3b85f032a0499aa5f18b4370a00e1f4dab9698e1958b042cab467103598f1bdaa583eb1fb918c07

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\authors.txt

MD5 b5c019895f49ad741cd49e6291aad090
SHA1 03567a03c8346dd89516e2e03957bb674af91408
SHA256 e1e0dfdaaed1f025c106731aff67d664b849635cc6cd3b9b08674db8dbcbc5e7
SHA512 ff13c9416d29d9a3fe636e14fd63e5424129a6e72366c06b1bae3c5a06f60cbbf3520d868c492d472450e35e547881be93955b29eed63e66979592da576f8bef

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\topics.txt

MD5 57a5e0be8307585fffdbe867f0d047da
SHA1 0185976215d973431c6810571b21d6804bf64632
SHA256 5f8f41620ccdc1d7298df4ab786abc7edcf049fa7e06fc69bb26b38cbd453643
SHA512 4c05c95f21225be793051bf799255f6e021145e17ca384697877aa9dad66303d8bdb6e47751433eaf17b22dc766758cb799034a34e1e7851a8328a95b6784273

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\help.txt

MD5 0034cf996f84911ff0646b717ae47ee4
SHA1 5aeef8ef12d8023fe208c0492174a960e57c643e
SHA256 d98c56a3cb9643b399fa04c422da35204dc91cd869c47019e9783fb4f7289adc
SHA512 b1f174300ee58e16676ee8ccfae4e48794ed5412d89e0cc0d8a134ec055dfbdb596d0ab43ab376f46adbf76cf970210455bf46ed666839d69357d0ded8c057af

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\config.txt

MD5 73ea33e660552d101eca031a0baf6be3
SHA1 3d3384db49a197a8a616a274598bc18a25ade114
SHA256 032c4ca3b1814a39579d7a0a00154a3772d89aece9884d135fdef782f36e27c1
SHA512 c7b9a4bf4de7d13bb45b4db857511cb411a7927ee4db759af263905e01cfda8d95477d2e2d6ad6c51c9f301710e20ef64b54a4d15082f5054680da9cfbca1146

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\version.js

MD5 7232bc938db18583ac3447bebc844430
SHA1 55051c267076fa3bd3764864ee77d4c41c4b3233
SHA256 5071083e2e09969b2741a46cdedbbfcb2608fa35c1d1237e3bcf134749fb5ecd
SHA512 9167690b0ad72c815c3d8c7227ba8d3574acbab95236de0ddea28c73f6a2899dd700ef9083b06d2badad19c21659a93ab101ecc439a42292d2540ed8c2ff3c5e

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

MD5 90c1aa9f031e818373c2f2f7ed6b9dbe
SHA1 b6476cdfa45ab967436ba9bb32aac1d65e531a9f
SHA256 50f10478098f06b77a58b351a93bb8fe7a7572bfbfb3e6f0bf668460865da3a7
SHA512 4ee766da766530bb372d8e04b058edd6b28ca5d77f603b175336e9b5e8f5c677e77e0ea4afc07a642c07c48e0c209716dbd9cef4f6ab97864a9ea51af2b49bbc

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

MD5 3379b8830f56cd13355114f157e57857
SHA1 cec1a9f2c8ca7f666cb4efc2f3eb99317ea59602
SHA256 7329c732d39f8e884c0ec197e1133c536545bf4137417e6d664bbec962990e29
SHA512 0690be21833aa598da0d7d20312ee8a2e2ecaf164981c94c3bb12036cea40a206e1b25e839209db78419d6262ae87e29a5c94f583ddd9b45e05bc5a107842d22

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

MD5 ac3af2f96d2e824bc37e36e30cb35cad
SHA1 d04e50eb9464ee715a940819ac7af1b612884bb4
SHA256 be155df5dbc29c88c67c936f2840d2bb3abd09981fdb6db6480d54beeb27e9fe
SHA512 060bc19e10d8b9cd959869866b4ac5e0739edd72ca1e61a230a5f3c735feda6fb75ae7a8ea13349013082bedbcd40e30219ca09ccfaad43571059a765bcaee8c

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\help\index.js

MD5 e47db45cd167c663151a07e6a3396427
SHA1 f3002a966b346ef937a47576d754787e4bddabff
SHA256 1c1678d18dc75f67bbfae8c92836543af6990bce6b1cf1ad3acfb52285dac393
SHA512 3f8e10d09fcb527e1c1753d50c9bcef2b8fb70586f34e600c0d60ed27a295f077f380e1df2fdadc78b0d468a54f32a5351fb5c4cb638e3012c96358094d31dea

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

MD5 efcab0a70d5e71fb513734cf92f2a201
SHA1 aa55660d5d6a38e2ea632d4de0640ad2b1b7fc5a
SHA256 fcd713c63326ff75fc44afdcbd2bf63991c3c76169a26a2646defab46ce24155
SHA512 260a468807d297c2fe85ce8341ae10be64a7833a8249f2932c6a93e6ade07438ca4bd26222326a1b0e3203ba0c80a6a6fb78e90015b667feda8f68538e1011ad

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js

MD5 2e6f9c975170db8136c9ca5c5ecf2a0c
SHA1 404a2c64977cae3407aa138c23a2f841546f713d
SHA256 2b577f3fd8e3d03d64c1ee07ef13db89df04d0a9cf7b69ebf2c17041f7251104
SHA512 15bfa9fad522ddc043383704cac725c8cc2b4565708b891e9e03d889237cd528ee4d347e54a983c801550856c2d1ac1269dcc127edfa6d63bf3d2aa0a19eb358

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js

MD5 63db540f7184a372ac611fc3d7f21136
SHA1 0b3a8e70600a6705297a532849b7470c34f8c19e
SHA256 93b9bbbc19e6f0456185d7c9e9ce11e994f41c01e46067959c5168bd345b0313
SHA512 1f56bbc4856fbefd21f6de0738712157b91f1388a71a957c37444b617ee161885822b21fcf4e7efe14d5af54b9706d8181acbb286dbd7525c91a56b53dc391be

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

MD5 05d07534c94e2d589bcc02e96e1b9503
SHA1 3c3712ecff74a1099c4d65e4eefd9cf2e38f1119
SHA256 5c5b008f28d9aa1d6f8c30a30de037b95b50141a20ad0f029d0d79bcd75caa4d
SHA512 7c7526f2b4e685cc7e20689ebe5abf7630b738d2d15ab7b5e94765e0e6f221492e9e029f715f5b3ac156d3d11ffd907e070d2d7f968b5f5fb401aa9c7ec84ea5

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\spawn.js

MD5 ad2e1e41a1aaf8c0d0b622a27bc6bf9e
SHA1 139625411959345da513904bcb7d73d7c312b63d
SHA256 7804d7450f305b9142af45967be5c96f52be8350dba2a403f4bf79d5e092bc60
SHA512 e43ecd8af261ad4cbed89f549c18c18df9cfae6338c0719c1e5c06361c6cee4598d080ee32dfda56cc742e23fad5db56a842ef8511d9d5e2c28b7f7eb4eac091

C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar.unpacked\node_modules\nodemon\lib\index.js

MD5 5250f6ffce08844c0f9f139fd707243c
SHA1 b5646886daa1c00461042d1a35c1a83675f8c8ed
SHA256 95111d84575ab36b697d760e130d722daea3d322cf56612f2ae67c7b3e8cef19
SHA512 49dc989edab7b4ce7477bbc5c678e1b1f4aca0f77e0ad6323d3c251164ed28b59f4d18d5b0280d53108b93e133eb2dab5469093ecbb2f1fe2bb32b758f59e729

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\usage.txt

MD5 1448d12c8524497e0abecc6089aa5a99
SHA1 183f63e7726b128a36e247e6bb506ced31272e49
SHA256 844e2d826c59dbd72ad383fe8a23b24373d83e9b184b437f7f04c42487cd5759
SHA512 e14e41721ee4bba6deeedcc5786a113042cd595024eb411ea7d874f282547c5943dbdf1eb7674d752ebbac16ac4e1c98149b957ed5cf3623e85a561a42354e45

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\nodemon.js

MD5 392a1c2f9f7dec3e4f64bb738f21785d
SHA1 02d0364639bbc6483d727e5e24e6c6b39c8f0ae2
SHA256 3bb0b111682da4977e265b0bc746cd57191e294e0c25bf667f129771897dace4
SHA512 48b0517f41013b024dd5a674b88a9e53590113f664482b0420236babb9ecbf0428c40c9f708b204bcb1f2d59789ef6383641eb8efcc7a7ac506d4345c78358d6

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\index.js

MD5 532b43e5038c9f6a6d65d40ca44375f0
SHA1 c7fa3f4fbab77df0eee87d08d428cc06d18faf76
SHA256 cc16aeb163da6cc7746bf5ced2d11f1436e458c7ee803241e9a9fa1d107450fd
SHA512 809479d0b075c9bcb3eef6670cdd652a6caf39ec7f93f1d7dde0eee8a792d518238cfa9f78a2ec1a11ebbfeb00d2a117d25b198718af668c7f356bc3f93ebc1c

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\watch.js

MD5 a0bccf8a21d0c4332643a758c666f725
SHA1 1aa6968e927afd86a3f056126f31d2eb6420573f
SHA256 efb0a3f37d9a6279614b29fdbca3f29c1a6d47f2d26067be1c86bb56fbaefcf1
SHA512 bf4dc9c5b4f3b0a01ca161feee0ed13e6f1db24b0a64bbf01b325d0a2788380516da7da7654ee983818f3e0684983302242fe790bbb384dcc126ac4c394c41b8

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\signals.js

MD5 0b71010f098a8cbf8ea47a83a699693a
SHA1 456a713c6a78b49bbf6d613ff9cfc4bc9f01f589
SHA256 5c16e2e5f7101eea3f13c19da7c7a9e6fa02f7d1098b170e71f07d14f915e394
SHA512 95a382907ac465d95db0cc41055038e839ed9164d4010003c08e6ba4456c19b50158c908b8d287eea09a153e38fdcc7f9a8c0052f35eb069243628e0968750fb

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\run.js

MD5 47603d83844b08ba9fc39ac940d78f50
SHA1 4b8dfa2ec30dbd1146a9908b10c858ecbd73521a
SHA256 d93e994fddfcf6c7683976452a3d877a51e68f56ce2a49b821240c93cca86d13
SHA512 52f33cfc03dda936f4641f1ef8b3f14659247053a701b8990f0713742fb90016ba5d51d1e1f44fde84dd883c92166e77e908d586c527858bd3c0a416b9c9d256

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\match.js

MD5 65475ff22153cb7e1cdcd5322341c398
SHA1 c026de2f4276472496755344bea58e11e6b38748
SHA256 d09e469209e55541c8c67fa7ab25b7d4e051ce26d36f737c6264d4ade4b26d63
SHA512 8010e71be183c4b1a02ced648f083be4c8e4be9ac474e1405d91d9925887b00fed0aa07d15b994846417a48ebf768c5402f5d0b004cf9107cb44149bac3da655

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\options.txt

MD5 016f8e569786ff8f5f6c321a735e2323
SHA1 b7a7a46bf03f4564d6e47fa55a4fc6b9be1e39fc
SHA256 3c8ec4fa239f82b2b9f427925ac2f75af2af9147eaecc706b1990540b95ae94b
SHA512 6b8372648371ea46ac98dc49ec93cb2efb9cc81f75e8ee7a5e1f0a01b7bf209ca92e07649c22630722370b1f254e956ea7ffe4be68d0f9ef419766f90dc80fe7

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\logo.txt

MD5 f55be3331bb0e69fc47994610da41ada
SHA1 d8415b399bd3853ef658a5f2057812404598b5c2
SHA256 cb0c73fe1bc7676104d6a92ca91250cd562b7f37a564edc260de01a3fc636b6d
SHA512 505d427c6d0add618e0c54f8079e4303fee73e0ccd9c4edfa67b44660ce5d5deab4fac09601002f73cfd00f445640a69ce9fe9a39b8a0f3039b200f5bff058e7

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\whoami.txt

MD5 5a53b8ff8c3670ff035f6490a24a0789
SHA1 e079a16d67475a83eea085058af0cd704da97393
SHA256 4e7d19dfe1603ca93a0421b1abd4b19cfa5324ef458ff549809c5e66a2efc596
SHA512 e906ef44ff0273e4df3397ba719c173c87a9919b7f9d2580e2c3354fba22f69b0c0a020eb049d276934dbc66f497b279d15c135fa0e12e04acd39802fc5dfefe

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\parse.js

MD5 078e15305c8688746d2e6933d291babf
SHA1 80f0b4201c45af197cae63c9d93a88525cd5c5d3
SHA256 9259995d8e1ca1737ff36cf4f97c80e55d812726ec4ead43b6c0829ce9679df9
SHA512 83ea7a6d31845542cf03f4b27be92087e417ba5f995ec740824440ddf92932d3623576b7a1022ade20deeff2f1741d617e32dfeda52efb5fb85e9be28de27df6

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\index.js

MD5 0691f1f2acabdb82da7d67e05479ca5a
SHA1 dcff01be935756a732591d61fab8e64e530ddeee
SHA256 3e64a2a35a97e41ff8c073299f07c3754d99b0a6e7d42faef7dc02d61d67757f
SHA512 85ac8207410deba52d3b58fcf30e468ee46b1073544b61376b4b015e588a52973fefa192a027bfe8019b6cfedefc3c4c1cb4fb0ee88e7c2ef88da1c7ed0f9eb0

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\add.js

MD5 4739ea852e85157f1ab60544ea5ce663
SHA1 d83c88f7f8bd7ec5d1b36f86009ac7eba9ca1bbb
SHA256 3cc60361f99b1080c66fce4d6ea0390a38c2a49e821e7f21dc43ed2fafa31277
SHA512 780001095f33fe4a18fa06c3311f3505949dfa762da5f1c0c6665b5501190b6e6c45eb69633c99e02b8b59d01813abfce2baa611509f2a0e65364ccf71965bc6

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\bus.js

MD5 e469c4cef4116cf230f86394586c5775
SHA1 8849ab04de5836797a3839989d4325906bea9dff
SHA256 8ebae78d8d75951b714acaa3e1a3d7f15b382a92b90c8040423e9866d97f1ad9
SHA512 923ecfd5103fc6e266e53dbb1d35e11f4058893177fa00cc392a628524dcdbe616c90015a24e15b987f971c5eabe0e53a3b107878bc41bc73aacf1e370d660f2

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\index.js

MD5 2f2a9c006f17f892a78a9381932918c6
SHA1 80905883f8b96a2265d60202f61de419e8c6d3e9
SHA256 c69735d5a8d259dbc87614ae268de4f6581fcadcf6f931dd20b36bc09c0a502c
SHA512 702966aebbf2a8f98a89da8640a3e0f610fdbd063a19bd4c7ce2097dff7ca1d49a2c8040885ca3b31f85662e6a8b86769ea9224e8f64a03bcd0bdcfb71873b35

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\colour.js

MD5 a85f32c2180651cc03bb1f293271bfc4
SHA1 0d04f9086ace00f08c628c1af25c728eab897d66
SHA256 a4969a552701982cd415005d5ce162f955cf26c205229d2f4c75ed4a75bceceb
SHA512 b32f6f7c1bd75a3a23aa5f170e5356cbe1ba7eb031f6eced706aeff8c15d8b37fc771c29a82580a48a95c65334d8e41b0ddb551409164a43bff29def7277c89b

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\clone.js

MD5 9ef3c7b72b1d63f5e3a7975ff67bdfeb
SHA1 a406bd661839b5efeff4929af9fcfa991e51be12
SHA256 5062a7c87599935fec99e505f3f463c3e0872455da73f8c8054ce0788c513ba2
SHA512 eca4c0784695d43435573725f659409ec33a3acd3a5695665935439cca28122a6d8fdc1eaeb8ac6fbdb921893ad4226467777e8c35e3b9b0b672b2196f4e12d6

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\merge.js

MD5 b5932e306173a01da5d3f814bedcf4b8
SHA1 d3ffa9ab328864682cbf2f5e9c5e5f6437d92541
SHA256 c4598a00e91b93b7964bb874e8ceed6d614436335a7fd81aff7f504499e210dd
SHA512 cf565fea7c0b2453b8276fc25b5e0b546b0ef79eebdea4022aedcfdeb7866687c925d95cb4d56de413d53db51d03168b8302383ca9f8b04c3b5e501fd3be0fab

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\log.js

MD5 fa4ca8a08fd35bba58f2af0f046320e7
SHA1 5f672b1e8d504a468b7946514e854425fe938d29
SHA256 dabbcccb1bf0089d96ce9592a575cb64139926d6b899091c1dbd37632e9269c4
SHA512 70cdae1e1983fc7bed3bee24f50196ec281752e7567d5c4d5aa2859172141422f3eb6a7ffe9165c408d5e3354d7c139fd90382c73f7ac0de16a5840221dee399

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js

MD5 927d799c0c996a865d11a78f04198211
SHA1 f5898b61159f1f56ebd3cd439b498a177d413c0a
SHA256 7f69b31efa09c6e7d442d6229e82e65f38faeafeda1fbed7c5e54324aff062e6
SHA512 97e1061700f32af28dbc946e2f3be0358234689f9d3482b37429dc28697516916cf1ff6c7891a29b835cdd775705f432ff7f437bb67ba87d7ae81d62453407b2

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js

MD5 e5053e64fdc67009804a42cc8baebf90
SHA1 8814ef33fe018ed0a1817e77c7ed7ddb16076137
SHA256 5e591255fa35fb3650502e648ff51d6d7c7e57ada312bd33058da03cc412efb3
SHA512 60f941a6814dc3efea6a65c6dced552d4248273e1ce57222b428f813e0ab655d13546a0951ad3c0b22adffc7fc40542d7667ce70d315052308ea0fa1195526f5

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE

MD5 216384c4c084ff996a55be20cbd26ef3
SHA1 0510d5fdf8e7bf002b8396958f2240222dbb2a5a
SHA256 fe0982bd7d38ee4cb08b2f111067bdeedb9732a6621c761bcf7dd01aa6211c5a
SHA512 eed68402c44f099b181ebbf43ff7efd1dcf6791f7f35f6d386d66202bae0da6e7f0108fe9c3d62af0f69989d92286fd0c307d2192db0113b9fc857746dd01abe

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json

MD5 2ac7232223dd7c39ae2e82220d9a767d
SHA1 cacf598ea739460d281587549421ce95546b3048
SHA256 0f49b6c0282be08a5dba3e98024401a921167974a516b630ce9f9a9f2301df08
SHA512 249f93debdc2f2aabc8a1d977f2c1a9a54cbc0e3580e4dae06a1193ff83c801518a7cfb7919f98c3b943eea7c7b99d85c8148292b0b96b3bce4788277b956b56

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js

MD5 92a4c6dc39d38ac078ec80977508feac
SHA1 edc8d81988e99c77105abb1455ea224fde97d212
SHA256 c12583530edc83dcc7cacef4a428eaefa84c10bfe4b62c0c9707de015e338859
SHA512 3833af1f274d3bb89776a8dc6b9ff015f5d219ebec47f5e98bf88670e523517ad8a493b0959dd41dd6e658c230335338325e8c2befea61f2f22f8e83822ccab2

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE

MD5 7cb552557240a921e34ad313a224d17d
SHA1 92ad1627269adefd696ac5a67131e4af575a2cfb
SHA256 7d355d1a2324c2073059ffe7ea4d96852c873e718bcc197374440dc3efc3f7ba
SHA512 b4bf90a3cd77805fc149a4112f822ee47b4f13404ee92455ecab9dd12d796ffe81d664bf21042ae3ad6419abf6a9de6df231328be6bd8ca2426e3432d456921e

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h

MD5 a5a0f8294daad33a66bf30c329157a2d
SHA1 02b5d7fab93d942033fe9ae2620d1a2363914469
SHA256 4955fbf455cc29d63f5dc777d3aa5172d6e1e6df221a33808a913bdebf5a1277
SHA512 f583116ada3f281c208a98d053fe6b580187d6922e2ceae69917770a46f56c16444267172db2cb0bdef3b8012088706ba1a2203631f9ff79d2814714b25fa78b

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h

MD5 349864c2d1fbc9c7788cdf95c541ff52
SHA1 fa968f5bd6560675c26078de4e7d52b454c778f7
SHA256 7340eea1def3c1d832a6f40c5022725f1704a783f7f992b71d5f3ba2dcaeb34c
SHA512 5e1910c23dc08e79199fc80ab8e0c7b300e2e1bd2678d0d9171a73d8f328adbd32021146e5e43485f64f25fcc6bd8413ce1ce3846afd7fcf49ffe3a04d0efbf6

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node

MD5 8a50b5876633dd9bb73612fea622a521
SHA1 27fb94a39849fe6ba1ce7b983c0d9e4ca4e62ae8
SHA256 053c3100121939dfa1fb936718c6088e4490e72faa3c713310b556ea90155278
SHA512 958d901f7c72773a2f9439842f422048a8cfa941ef943f5f9e61c5e9d48b4d9ebbbaf72acb2a07138ae66f925b46dd98717656a58719902d417a14ba1e5aacaf

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node

MD5 0b3ffb5b756beae28d8d9da67c288283
SHA1 7c2a0be0a5ab1b936c4752254927f5ed066abe5a
SHA256 462e527de86494f96ed0d42a80c261e46bb57352e86d6175607186c1dcdfc7b0
SHA512 a1568e7d02bd34992236c587cd77404e4cc9c25011a075dc0cbe52b59ae254eea65cc31ee7fdf26898386e370a752df8bbb2ce70592244d6f24b10d39f9f7854

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h

MD5 6f621ba192a6fe2228ef9965757f0bc9
SHA1 e3625cddde946f5ea21e4c00be95cad214da4016
SHA256 2b561b980e0a01191a6c7cc1cf94c8d5c061f9f299ea256f1e7ca17250ae08bb
SHA512 ab90bc30f2c23a3032334d30294aa02007e0db180c82c6c8f0d84781203be7c342134cc17bb2ac0c7bd89c1e5902c852afb2d09b0c7d4dba27f5101577491f4f

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\node_modules\language-server\en-us.json

MD5 de2ac61fe7207c1b2f304b05fae4e39f
SHA1 72a4623fde7103eebcff4a55ccb8eb6acf6bbee8
SHA256 c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647
SHA512 4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\node_modules\language-server\globalTypes.d.luau

MD5 6fb690ee838bebdf6591733bdaf632e5
SHA1 658ccef6ada0551d661d78706266ff6ad2797858
SHA256 ae99b7b676e4becb10e6a9b77229e99bdd60e5a91d2e6bbb141c85721962313f
SHA512 7218ebc8c64a7bbec231989ac7d2221be63f29302f6f16bfc0bd67ed5e9c5ddfcb50ae781f6ef73a3d891a70ca73ecc62bbbe6c5a4a218225b24c0d19c7737ff

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\node_modules\language-server\wave-luau.exe

MD5 12fd29fcaf6f6518b8bf9e976928fa38
SHA1 1f9352e217518eaceefdd041e3f085ffbb93acb0
SHA256 d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4
SHA512 b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\7z-out\resources\node_modules\language-server\wave.d.luau

MD5 7e477f85c45cfca5731e0e45ca63f8d5
SHA1 35390d8d2c0dd00e3c60dd6fd7f1727e36874566
SHA256 e58e8b24642a8693b1b1ebad703a7efab1cece9a1b12dcf353c4b4432f23062d
SHA512 dd3d9b149dffd31ba4e94b9c84ed0fda1fb67f1f7d633900688cc9e4e40c26f55048c1730f205e5c22b5030362683f0abce86033816f1e089c3b67cc3853ca70

C:\Users\Admin\AppData\Local\Temp\nsqA123.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

memory/3168-1328-0x00007FFA7C2D0000-0x00007FFA7C2D1000-memory.dmp

memory/3168-1327-0x00007FFA7ABA0000-0x00007FFA7ABA1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\Wave\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\Wave\Preferences~RFe580896.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Roaming\Wave\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Wave\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Wave\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State

MD5 458c43da027e26f443f8785ebb2989cb
SHA1 a798060cfa4db6d4c5981dd0222148e58548a45b
SHA256 4d25b85df02fed574b6b37b51290eae560d6c5be16372d538402901864df9d5f
SHA512 1e1046cec8a716184b607e18559edc7542bc426460e7687098c51d0152b0bac7618e72786954a1cb5e5a0b1c16cbb1be9ae47ceda68be8fbfc04e67566cd3efb

C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State~RFe582b12.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\Wave\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\Wave\DawnGraphiteCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Wave\DawnGraphiteCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Programs\Wave\Uninstall Wave.exe

MD5 8475ade8d4940813baef8652f121b4af
SHA1 157facb068fb6877c011a6d4a3b4a301b5fa7abc
SHA256 88518b3c203f7dd989c4feabcceaff7e19ece0cffae474cd67a4f8efa35d0aae
SHA512 d21a35198e2830447f0389ee891241865d878d7aae254b635e693a94514f7763e03ed399366491d880b6f6319d87352bbf5c14b49f519ab26ffae611ae173115

C:\Users\Admin\AppData\Local\Programs\Wave\bin\config.json

MD5 98d76379e7044b833e18491e322a0bfb
SHA1 cc5c927fb5fbcf32b1a019783e23a519fb21d2a9
SHA256 4793e9c5f9e10e49b7525c83a0e85e03afa5067aff322513db4481259617b404
SHA512 2de2e839117a9d9b8cb611fb9708a8cb988b5e9b6843217f9c85ffe90a0772a51bf5fe48b8749e99537b6e59066eadd31f7dd25120b6806b575073ba80fe3ad4

C:\Users\Admin\AppData\Local\Programs\Wave\Uninstall Wave.exe

MD5 74d069bc382bc4b5356fe2c6ce012f6b
SHA1 8c992675c1362522ac3c26b15ae02e65ab1b58bd
SHA256 2344b5fa6fd764341272a47d48ba7e2ea15abbdaebe117aa9981b73718258b1c
SHA512 942044b55d1bcb39293959276c8ff7243e3c8e935dcbec619ffc6e51d14fe952837090289e9afbf7e1965a0c8afeecf805b66f08b31333b57a840d96479ef6c8

memory/2020-2463-0x00007FFA7C2D0000-0x00007FFA7C2D1000-memory.dmp

memory/2020-2462-0x00007FFA7ABA0000-0x00007FFA7ABA1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Wave\Network\TransportSecurity

MD5 1503d40d32e28d99d0c1801f265222c6
SHA1 82bbcd4f8f467059f389895219b87263e945d06a
SHA256 5ec574c7569927a3d9fc5f714abb8ade9d8e8a46700a164a11815403c539f9a7
SHA512 89ff88c012c6765304107aeecde63b536f73f594388a07abc0a8749c2b44ecb1523873190934bb29763c41b5b3fd68217af706a0979e4c488f0d8ec51dea04f9

C:\Users\Admin\AppData\Roaming\Wave\Network\Network Persistent State

MD5 a444c210fa7bf658ced2f815689b9652
SHA1 14c13fd2ebeebd99515e38d1e0012d2e6e018da2
SHA256 57c45f1675c67eb9163a5d4d731a9c69b961836ba16ad8820c25ed483bada79f
SHA512 943f8fe9d2c16cb49aa145b5833085e978a316d6bf56241697b5085e41290e6c2c40954b23771e97a049caa7c99939a92b7c12d9eecb9a4afcd5c846050010ad

memory/3764-2772-0x0000020D5C810000-0x0000020D5C811000-memory.dmp

memory/3764-2774-0x0000020D5C810000-0x0000020D5C811000-memory.dmp

memory/3764-2773-0x0000020D5C810000-0x0000020D5C811000-memory.dmp

memory/3764-2778-0x0000020D5C810000-0x0000020D5C811000-memory.dmp

memory/3764-2780-0x0000020D5C810000-0x0000020D5C811000-memory.dmp

memory/3764-2784-0x0000020D5C810000-0x0000020D5C811000-memory.dmp

memory/3764-2783-0x0000020D5C810000-0x0000020D5C811000-memory.dmp

memory/3764-2782-0x0000020D5C810000-0x0000020D5C811000-memory.dmp

memory/3764-2781-0x0000020D5C810000-0x0000020D5C811000-memory.dmp

memory/3764-2779-0x0000020D5C810000-0x0000020D5C811000-memory.dmp

Analysis: behavioral32

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:43

Platform

win10v2004-20241007-en

Max time kernel

474s

Max time network

1148s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:26

Platform

win7-20240729-en

Max time kernel

721s

Max time network

725s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 220

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:27

Platform

win10v2004-20241007-en

Max time kernel

1145s

Max time network

1157s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3092 wrote to memory of 4348 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3092 wrote to memory of 4348 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3092 wrote to memory of 4348 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4348 -ip 4348

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:38

Platform

debian9-armhf-20240611-en

Max time kernel

2s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/node N/A

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:38

Platform

win7-20240903-en

Max time kernel

1199s

Max time network

1217s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe

"C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe"

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:38

Platform

win7-20240903-en

Max time kernel

840s

Max time network

852s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:40

Platform

win7-20240708-en

Max time kernel

837s

Max time network

852s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:43

Platform

win7-20241010-en

Max time kernel

839s

Max time network

854s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:30

Platform

win10v2004-20241007-en

Max time kernel

1146s

Max time network

1148s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1884 wrote to memory of 3976 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1884 wrote to memory of 3976 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1884 wrote to memory of 3976 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3976 -ip 3976

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 25.125.209.23.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 24.125.209.23.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:35

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

1081s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /usr/local/sbin/node N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

Country Destination Domain Proto
US 151.101.65.91:443 tcp
GB 195.181.164.18:443 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.65.91:443 tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.96:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.98:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.48:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.98:80 connectivity-check.ubuntu.com tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:40

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /bin/node N/A
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /sbin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js

[/tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/nodemon/bin/nodemon.js]

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:38

Platform

win10v2004-20241007-en

Max time kernel

505s

Max time network

1146s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 98.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 67.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:43

Platform

win7-20241010-en

Max time kernel

1197s

Max time network

1220s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-11-20 13:59

Reported

2024-11-20 14:43

Platform

win10v2004-20241007-en

Max time kernel

1139s

Max time network

1156s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 24.125.209.23.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 49.192.11.51.in-addr.arpa udp

Files

N/A