Windows Analysis Report
SenPalia.exe

Overview

General Information

Sample name:	SenPalia.exe
Analysis ID:	1431412
MD5:	3c327cbf1db1396f027a78d968db2e90
SHA1:	416f02955dbbb66ec4eae89f3088db92cdeb9572
SHA256:	a18106059f5438c0cb46c20aefd36a3cd7cbf4762a3d4ff2daa7312f4cbc7b79
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Drops large PE files

Monitors registry run keys for changes

Contains capabilities to detect virtual machines

Drops PE files

Enables security privileges

Found dropped PE file which has not been started or loaded

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: SenPalia.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SenPalia.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\88c1452e-94d1-56de-ad34-3a975ddef9d7

Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\LICENSE.electron.txt
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Programs\SenPalia\LICENSE.electron.txt

Source: SenPalia.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SenPalia.exe	File opened: C:\Users\user
Source: C:\Users\user\Desktop\SenPalia.exe	File opened: C:\Users\user\AppData\Local\Programs
Source: C:\Users\user\Desktop\SenPalia.exe	File opened: C:\Users\user\AppData\Local\Programs\SenPalia
Source: C:\Users\user\Desktop\SenPalia.exe	File opened: C:\Users\user\AppData\Local\Programs\SenPalia\SenPalia.exe
Source: C:\Users\user\Desktop\SenPalia.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\Desktop\SenPalia.exe	File opened: C:\Users\user\AppData\Local

System Summary

Drops large PE files

Source: C:\Users\user\Desktop\SenPalia.exe

File dump: SenPalia.exe.1.dr 160076800

Jump to dropped file

Enables security privileges

Source: C:\Users\user\Desktop\SenPalia.exe

Process token adjusted: Security

Uses 32bit PE files

Source: SenPalia.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal48.winEXE@5/79@0/0

Source: C:\Users\user\Desktop\SenPalia.exe

File created: C:\Users\user\AppData\Local\Programs

Source: C:\Windows\System32\Taskmgr.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\TM.750ce7b0-e5fd-454f-9fad-2f66513dfa1b
Source: C:\Users\user\Desktop\SenPalia.exe	Mutant created: \Sessions\1\BaseNamedObjects\88c1452e-94d1-56de-ad34-3a975ddef9d7

Source: C:\Users\user\Desktop\SenPalia.exe

File created: C:\Users\user\AppData\Local\Temp\nslEBB9.tmp

Source: SenPalia.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SenPalia.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\SenPalia.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\SenPalia.exe

File read: C:\Users\user\Desktop\SenPalia.exe

Source: unknown	Process created: C:\Users\user\Desktop\SenPalia.exe "C:\Users\user\Desktop\SenPalia.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Programs\SenPalia\SenPalia.exe "C:\Users\user\AppData\Local\Programs\SenPalia\SenPalia.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Programs\SenPalia\SenPalia.exe "C:\Users\user\AppData\Local\Programs\SenPalia\SenPalia.exe"
Source: unknown	Process created: C:\Windows\System32\Taskmgr.exe "C:\Windows\system32\taskmgr.exe" /4
Source: unknown	Process created: C:\Windows\System32\Taskmgr.exe "C:\Windows\system32\taskmgr.exe" /4

Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: oleacc.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: shfolder.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: riched20.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: usp10.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: msls31.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: sxs.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\SenPalia.exe	Section loaded: netutils.dll

Source: C:\Users\user\Desktop\SenPalia.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Windows\System32\Taskmgr.exe

Window found: window name: SysTabControl32

Source: C:\Users\user\Desktop\SenPalia.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\88c1452e-94d1-56de-ad34-3a975ddef9d7

Source: SenPalia.exe

Static file information: File size 82609817 > 1048576

Source: SenPalia.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Drops PE files

Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Programs\SenPalia\SenPalia.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\SpiderBanner.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\System.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\LICENSE.electron.txt
Source: C:\Users\user\Desktop\SenPalia.exe	File created: C:\Users\user\AppData\Local\Programs\SenPalia\LICENSE.electron.txt

Boot Survival

Monitors registry run keys for changes

Source: C:\Windows\System32\Taskmgr.exe	Registry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Windows\System32\Taskmgr.exe	Registry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Source: C:\Windows\System32\Taskmgr.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\SenPalia.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SenPalia.lnk

Source: C:\Users\user\Desktop\SenPalia.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SenPalia.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SenPalia.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SenPalia.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SenPalia.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SenPalia.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX

Contains capabilities to detect virtual machines

Source: C:\Windows\System32\Taskmgr.exe

File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SenPalia.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\SpiderBanner.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SenPalia.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\System.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SenPalia.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\SenPalia.exe	File opened: C:\Users\user
Source: C:\Users\user\Desktop\SenPalia.exe	File opened: C:\Users\user\AppData\Local\Programs
Source: C:\Users\user\Desktop\SenPalia.exe	File opened: C:\Users\user\AppData\Local\Programs\SenPalia
Source: C:\Users\user\Desktop\SenPalia.exe	File opened: C:\Users\user\AppData\Local\Programs\SenPalia\SenPalia.exe
Source: C:\Users\user\Desktop\SenPalia.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\Desktop\SenPalia.exe	File opened: C:\Users\user\AppData\Local

Source: C:\Users\user\Desktop\SenPalia.exe

Process information queried: ProcessInformation

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Windows\System32\Taskmgr.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\ProgramData\Microsoft\User Account Pictures\user.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\System32\RuntimeBroker.exe VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Assets\SquareLogo44x44.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\ImmersiveControlPanel\images\logo.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\ImmersiveControlPanel\images\logo.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Assets\SquareLogo44x44.scale-100.png VolumeInformation

Screenshots

Network Map

⊘No contacted IP infos

ID:	1431412
Product:	CloudBasic
Start time:	02:38:26
Start date:	25.04.2024
Sample:	SenPalia.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	3c327cbf1db1396f027a78d968db2e90
SHA1:	416f02955dbbb66ec4eae89f3088db92cdeb9572
SHA256:	a18106059f5438c0cb46c20aefd36a3cd7cbf4762a3d4ff2daa7312f4cbc7b79
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock	ASCII text, with no line terminators	F49655F856ACB8884CC0ACE29216F511	CB0F1F87EC0455EC349AAA950C600475AC7B7B6B	7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
C:\Users\user\AppData\Local\Programs\SenPalia\SenPalia.exe	PE32+ executable (GUI) x86-64, for MS Windows	021569D2490415EF5C3003ACD35CF809	780B132C2472298E8FC6F2DC2A67B460D8447515	E5FC14829988EFB8A9E360D3484DC7E12263B81D479D21FA7CED4C3F482CD6E1
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\LICENSE.electron.txt	ASCII text	4D42118D35941E0F664DDDBD83F633C5	2B21EC5F20FE961D15F2B58EFB1368E66D202E5C	5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\LICENSES.chromium.html	HTML document, ASCII text	312446EDF757F7E92AAD311F625CEF2A	91102D30D5ABCFA7B6EC732E3682FB9C77279BA3	C2656201AC86438D062673771E33E44D6D5E97670C3160E0DE1CB0BD5FBBAE9B
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\chrome_100_percent.pak	data	ACD0FA0A90B43CD1C87A55A991B4FAC3	17B84E8D24DA12501105B87452F86BFA5F9B1B3C	CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\chrome_200_percent.pak	data	4610337E3332B7E65B73A6EA738B47DF	8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B	C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\d3dcompiler_47.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	2191E768CC2E19009DAD20DC999135A3	F49A46BA0E954E657AAED1C9019A53D194272B6A	7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\ffmpeg.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	E096C168B79A56DED0DF1AA142D9F1DA	318F20DAB294A315BD935160E9417FB5B28300F5	65CC75329D17EC264E7A2DB571EA55F918394241445EA64569A56C75D0CFDC60
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\icudtl.dat	data	D89CE8C00659D8E5D408C696EE087CE3	49FC8109960BE3BB32C06C3D1256CB66DDED19A8	9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\libEGL.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	1EECFB04C4434F5A813C8F0C0C8F2C88	6DC3CA4B3F72E7FB33BA26FA488DE323EDB59ADD	897CEB95FB164640DDD2426673997B5F6FC2619FD916B038B575A70A0682A706
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\libGLESv2.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	CBA2436016F7A2838588A52D5B6F30F1	81DDF44B3E122DFBEE1A2CD8D4544364F1A621A4	BCB3A3D2FCA3C33FA3D1D5DC976AA913CDC8001DF8E64C2CD3D2C545245141BF
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\af.pak	data	7E51349EDC7E6AED122BFA00970FAB80	EB6DF68501ECCE2090E1AF5837B5F15AC3A775EB	F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\am.pak	data	2009647C3E7AED2C4C6577EE4C546E19	E2BBACF95EC3695DAAE34835A8095F19A782CBCF	6D61E5189438F3728F082AD6F694060D7EE8E571DF71240DFD5B77045A62954E
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\ar.pak	data	47A6D10B4112509852D4794229C0A03B	2FB49A0B07FBDF8D4CE51A7B5A7F711F47A34951	857FE3AB766B60A8D82B7B6043137E3A7D9F5CFB8DDD942316452838C67D0495
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\bg.pak	data	A19269683A6347E07C55325B9ECC03A4	D42989DAF1C11FCFFF0978A4FB18F55EC71630EC	AD65351A240205E881EF5C4CF30AD1BC6B6E04414343583597086B62D48D8A24
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\bn.pak	data	5CDD07FA357C846771058C2DB67EB13B	DEB87FC5C13DA03BE86F67526C44F144CC65F6F6	01C830B0007B8CE6ACA46E26D812947C3DF818927B826F7D8C5FFD0008A32384
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\ca.pak	data	D259469E94F2ADF54380195555154518	D69060BBE8E765CA4DC1F7D7C04C3C53C44B8AB5	F98B7442BEFC285398A5DD6A96740CBA31D2F5AADADD4D5551A05712D693029B
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\cs.pak	data	04A680847C4A66AD9F0A88FB9FB1FC7B	2AFCDF4234A9644FB128B70182F5A3DF1EE05BE1	1CC44C5FBE1C0525DF37C5B6267A677F79C9671F86EDA75B6FC13ABF5D5356EB
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\da.pak	data	1A53D374B9C37F795A462AAC7A3F118F	154BE9CF05042ECED098A20FF52FA174798E1FEA	D0C38EB889EE27D81183A0535762D8EF314F0FDEB90CCCA9176A0CE9AB09B820
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\de.pak	data	8E6654B89ED4C1DC02E1E2D06764805A	FF660BC85BB4A0FA3B2637050D2B2D1AECC37AD8	61CBCE9A31858DDF70CC9B0C05FB09CE7032BFB8368A77533521722465C57475
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\el.pak	data	9528D21E8A3F5BAD7CA273999012EBE8	58CD673CE472F3F2F961CF8B69B0C8B8C01D457C	E79C1E7A47250D88581E8E3BAF78DCAF31FE660B74A1E015BE0F4BAFDFD63E12
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\en-GB.pak	data	D59E613E8F17BDAFD00E0E31E1520D1F	529017D57C4EFED1D768AB52E5A2BC929FDFB97C	90E585F101CF0BB77091A9A9A28812694CEE708421CE4908302BBD1BC24AC6FD
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\en-US.pak	data	5E3813E616A101E4A169B05F40879A62	615E4D94F69625DDA81DFAEC7F14E9EE320A2884	4D207C5C202C19C4DACA3FDDB2AE4F747F943A8FAF86A947EEF580E2F2AEE687
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\es-419.pak	data	7F6696CC1E71F84D9EC24E9DC7BD6345	36C1C44404EE48FC742B79173F2C7699E1E0301F	D1F17508F3A0106848C48A240D49A943130B14BD0FEB5ED7AE89605C7B7017D1
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\es.pak	data	A36992D320A88002697DA97CD6A4F251	C1F88F391A40CCF2B8A7B5689320C63D6D42935F	C5566B661675B613D69A507CBF98768BC6305B80E6893DC59651A4BE4263F39D
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\et.pak	data	A94E1775F91EA8622F82AE5AB5BA6765	FF17ACCDD83AC7FCC630E9141E9114DA7DE16FDB	1606B94AEF97047863481928624214B7E0EC2F1E34EC48A117965B928E009163
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\fa.pak	data	9D273AF70EAFD1B5D41F157DBFB94FDC	DA98BDE34B59976D4514FF518BD977A713EA4F2E	319D1E20150D4E3F496309BA82FCE850E91378EE4B0C7119A003A510B14F878B
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\fi.pak	data	D4B776267EFEBDCB279162C213F3DB22	7236108AF9E293C8341C17539AA3F0751000860A	297E3647EAF9B3B95CF833D88239919E371E74CC345A2E48A5033EBE477CD54E
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\fil.pak	data	3165351C55E3408EAA7B661FA9DC8924	181BEE2A96D2F43D740B865F7E39A1BA06E2CA2B	2630A9D5912C8EF023154C6A6FB5C56FAF610E1E960AF66ABEF533AF19B90CAA
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\fr.pak	data	0BF28AFF31E8887E27C4CD96D3069816	B5313CF6B5FBCE7E97E32727A3FAE58B0F2F5E97	2E1D413442DEF9CAE2D93612E3FD04F3AFAF3DD61E4ED7F86400D320AF5500C2
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\gu.pak	data	7B5F52F72D3A93F76337D5CF3168EBD1	00D444B5A7F73F566E98ABADF867E6BB27433091	798EA5D88A57D1D78FA518BF35C5098CBEB1453D2CB02EF98CD26CF85D927707
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\he.pak	data	6D787DC113ADFB6A539674AF7D6195DB	F966461049D54C61CDD1E48EF1EA0D3330177768	A976FAD1CC4EB29709018C5FFCC310793A7CEB2E69C806454717CCAE9CBC4D21
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\hi.pak	data	1766A05BE4DC634B3321B5B8A142C671	B959BCADC3724AE28B5FE141F3B497F51D1E28CF	0EEE8E751B5B0AF1E226106BEB09477634F9F80774FF30894C0F5A12B925AC35
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\hr.pak	data	8F9498D18D90477AD24EA01A97370B08	3868791B549FC7369AB90CD27684F129EBD628BE	846943F77A425F3885689DCF12D62951C5B7646E68EADC533B8B5C2A1373F02E
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\hu.pak	data	F5E1CA8A14C75C6F62D4BFF34E27DDB5	7ABA6BFF18BDC4C477DA603184D74F054805C78F	C0043D9FA0B841DA00EC1672D60015804D882D4765A62B6483F2294C3C5B83E0
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\id.pak	data	7B39423028DA71B4E776429BB4F27122	CB052AB5F734D7A74A160594B25F8A71669C38F2	3D95C5819F57A0AD06A118A07E0B5D821032EDCF622DF9B10A09DA9AA974885F
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\it.pak	data	D58A43068BF847C7CD6284742C2F7823	497389765143FAC48AF2BD7F9A309BFE65F59ED9	265D8B1BC479AD64FA7A41424C446139205AF8029A2469D558813EDD10727F9C
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\ja.pak	data	D10D536BCD183030BA07FF5C61BF5E3A	44DD78DBA9F098AC61222EB9647D111AD1608960	2A3D3ABC9F80BAD52BD6DA5769901E7B9E9F052B6A58A7CC95CE16C86A3AA85A
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\kn.pak	data	C548A5F1FB5753408E44F3F011588594	E064AB403972036DAD1B35ABE9794E95DBE4CC00	890F50A57B862F482D367713201E1E559AC778FC3A36322D1DFBBEF2535DD9CB
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\ko.pak	data	B4FBFF56E4974A7283D564C6FC0365BE	DE68BD097DEF66D63D5FF04046F3357B7B0E23AC	8C9ACDE13EDCD40D5B6EB38AD179CC27AA3677252A9CD47990EBA38AD42833E5
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\lt.pak	data	980C27FD74CC3560B296FE8E7C77D51F	F581EFA1B15261F654588E53E709A2692D8BB8A3	41E0F3619CDA3B00ABBBF07B9CD64EC7E4785ED4C8A784C928E582C3B6B8B7DB
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\lv.pak	data	E4F7D9E385CB525E762ECE1AA243E818	689D784379BAC189742B74CD8700C687FEEEDED1	523D141E59095DA71A41C14AEC8FE9EE667AE4B868E0477A46DD18A80B2007EF
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\ml.pak	data	8B38C65FC30210C7AF9B6FA0424266F4	116413710FFCF94FBFA38CB97A47731E43A306F5	E8DF9A74417C5839C531D7CCAB63884A80AFB731CC62CBBB3FD141779086AC7D
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\mr.pak	data	C0EF1866167D926FB351E9F9BF13F067	6092D04EF3CE62BE44C29DA5D0D3A04985E2BC04	88DF231CF2E506DB3453F90A797194662A5F85E23BBAC2ED3169D91A145D2091
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\ms.pak	data	9B3E2F3C49897228D51A324AB625EB45	8F3DAEC46E9A99C3B33E3D0E56C03402CCC52B9D	61A3DAAE72558662851B49175C402E9FE6FD1B279E7B9028E49506D9444855C5
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\nb.pak	data	AF0FD9179417BA1D7FCCA3CC5BEE1532	F746077BBF6A73C6DE272D5855D4F1CA5C3AF086	E900F6D0DD9D5A05B5297618F1FE1600C189313DA931A9CB390EE42383EB070F
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\nl.pak	data	181D2A0ECE4B67281D9D2323E9B9824D	E8BDC53757E96C12F3CD256C7812532DD524A0EA	6629E68C457806621ED23AA53B3675336C3E643F911F8485118A412EF9ED14CE
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\pl.pak	data	18D49D5376237BB8A25413B55751A833	0B47A7381DE61742AC2184850822C5FA2AFA559E	1729AA5C8A7E24A0DB98FEBCC91DF8B7B5C16F9B6BB13A2B0795038F2A14B981
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\pt-BR.pak	data	0D9DEA9E24645C2A3F58E4511C564A36	DCD2620A1935C667737EEA46CA7BB2BDCB31F3A6	CA7B880391FCD319E976FCC9B5780EA71DE655492C4A52448C51AB2170EEEF3B
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\pt-PT.pak	data	6A7232F316358D8376A1667426782796	8B70FE0F3AB2D73428F19ECD376C5DEBA4A0BB6C	6A526CD5268B80DF24104A7F40F55E4F1068185FEBBBB5876BA2CB7F78410F84
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\ro.pak	data	99EAA3D101354088379771FD85159DE1	A32DB810115D6DCF83A887E71D5B061B5EEFE41F	33F4C20F7910BC3E636BC3BEC78F4807685153242DD4BC77648049772CF47423
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\ru.pak	data	AB9902025DCF7D5408BF6377B046272B	C9496E5AF3E2A43377290A4883C0555E27B1F10F	983B15DCC31D0E9A3DA78CD6021E5ADD2A3C2247322ADED9454A5D148D127AAE
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\sk.pak	data	C6C7396DBFB989F034D50BD053503366	089F176B88235CCE5BCA7ABFCC78254E93296D61	439F7D6C23217C965179898754EDCEF8FD1248BDD9B436703BF1FF710701117A
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\sl.pak	data	D4BD9F20FD29519D6B017067E659442C	782283B65102DE4A0A61B901DEA4E52AB6998F22	F33AFA6B8DF235B09B84377FC3C90403C159C87EDD8CD8004B7F6EDD65C85CE6
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\sr.pak	data	CBB817A58999D754F99582B72E1AE491	6EC3FD06DEE0B1FE5002CB0A4FE8EC533A51F9FD	4BD7E466CB5F5B0A451E1192AA1ABAAF9526855A86D655F94C9CE2183EC80C25
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\sv.pak	data	502E4A8B3301253ABE27C4FD790FBE90	17ABCD7A84DA5F01D12697E0DFFC753FFB49991A	7D72E3ADB35E13EC90F2F4271AD2A9B817A2734DA423D972517F3CFF299165FD
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\sw.pak	data	39277AE2D91FDC1BD38BEA892B388485	FF787FB0156C40478D778B2A6856AD7B469BD7CB	6D6D095A1B39C38C273BE35CD09EB1914BD3A53F05180A3B3EB41A81AE31D5D3
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\ta.pak	data	7006691481966109CCE413F48A349FF2	6BD243D753CF66074359ABE28CFAE75BCEDD2D23	24EA4028DA66A293A43D27102012235198F42A1E271FE568C7FD78490A3EE647
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\te.pak	data	F809BF5184935C74C8E7086D34EA306C	709AB3DECFF033CF2FA433ECC5892A7AC2E3752E	9BBFA7A9F2116281BF0AF1E8FFB279D1AA97AC3ED9EBC80C3ADE19E922D7E2D4
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\th.pak	data	2C41616DFE7FCDB4913CFAFE5D097F95	CF7D9E8AD3AA47D683E47F116528C0E4A9A159B0	F11041C48831C93AA11BBF885D330739A33A42DB211DACCF80192668E2186ED3
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\tr.pak	data	3A858619502C68D5F7DE599060F96DB9	80A66D9B5F1E04CDA19493FFC4A2F070200E0B62	D81F28F69DA0036F9D77242B2A58B4A76F0D5C54B3E26EE96872AC54D7ABB841
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\uk.pak	data	EE70E9F3557B9C8C67BFB8DFCB51384D	FC4DFC35CDE1A00F97EEFE5E0A2B9B9C0149751E	54324671A161F6D67C790BFD29349DB2E2D21F5012DC97E891F8F5268BDF7E22
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\ur.pak	data	FF0A23974AEF88AFC86ECC806DBF1D60	E7BAE97CBB8692A0D106644DFAA9B7D7EA6FCEF0	F245AB242AAFEEF37DB736C780476534FAD0706AA66DCB8B6B8CD181B4778385
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\vi.pak	data	3FE6F90F1F990AED508DEDA3810CE8C2	3B86F00666D55E984B4ACA1A5E8319FFA8F411FF	5EEBB23221AEBCF0BE01BFC2695F7DD35B17F6769BE1E28E5610D35C9717854B
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\zh-CN.pak	data	20F315D38E3B2EDC5832931E7770B62A	2390BD585DEC1E884873454BB98B6F1467DCF7BB	53A803724BBF2E7F40AAB860325C348F786EECA1EA5CA39A76B4C4A616E3233F
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\locales\zh-TW.pak	data	524711882CBFB5B95A63EF48F884CFF0	1078037687CFC5D038EEB8B63D295239E0EDC47A	9E16499CD96A155D410C8DF4C812C52FF2A750F8C4DB87FD891C1E58C1428C78
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\resources.pak	data	7D5065ECBA284ED704040FCA1C821922	095FCC890154A52AD1998B4B1E318F99B3E5D6B8	A10C3D236246E001CB9D434A65FC3E8AA7ACDDDDD9608008DB5C5C73DEE0BA1F
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\resources\app.asar	data	D09C51723FF4F91C7F78BF7F19A67283	B1FC0F586F47955DF09E3DE149B48D733B626C3C	FE7D58ABB34C8FBF4DA01D900D96F3BC273720499A99FC6E9850562C67C53AE3
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\resources\elevate.exe	PE32 executable (console) Intel 80386, for MS Windows	792B92C8AD13C46F27C7CED0810694DF	D8D449B92DE20A57DF722DF46435BA4553ECC802	9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\snapshot_blob.bin	data	8915DD2A6D6B4EBF9A16C77FE063D8DE	A03132ADCB99A82BA269D56AB6577CCFD1BB08E5	C1802B29B13663A8890031411270866834246931F71F41397682DD88FA16D485
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\v8_context_snapshot.bin	data	4CD37EA771EA4FE2F3AD46217CC02206	31680E26869B007E62550E96DBF846B3980D5B2B	95F7B8664306DA8D0073A795E86590ED6FDAEDE5F489132E56C8779F53CF1ED5
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\vk_swiftshader.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	524B0D85D992F86A7F26C162F3DBB91C	BC9C862FD01F6134A0514DCB63F9FAB7A61CE269	5B2FFB78FA963F2DEA5A7FCF7676FC3ABA243C4372D7528C8F1FC8F726D0A3FA
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\vk_swiftshader_icd.json	JSON data	8642DD3A87E2DE6E991FAE08458E302B	9C06735C31CEC00600FD763A92F8112D085BD12A	32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\7z-out\vulkan-1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	6D4ADF9A48DBCE2E480EF10B1338CA3C	CEB77D5768C6EDA84EC8E0B43821B8027764DE81	4CCA7E6C05B2D988926E4B4D0C8FF91D6356F18DE8BF40B440251180E5CAD6A7
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\SpiderBanner.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	17309E33B596BA3A5693B4D3E85CF8D7	7D361836CF53DF42021C7F2B148AEC9458818C01	996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\StdUtils.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	C6A6E03F77C313B267498515488C5740	3D49FC2784B9450962ED6B82B46E9C3C957D7C15	B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0D7AD4F45DC6F5AA87F606D0331C6901	48DF0911F0484CBE2A8CDD5362140B63C41EE457	3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\app-64.7z	7-zip archive data, version 0.4	8E44C744276E314AE268FA0AF664EF05	81D0D10AF7F3AE4B6C7E48F0F8836F09DBCE19F5	638FB71FCB8EDCCE62E51D83A99385DB29971ACD5EF2C02EFCF407B60E9A38AD
C:\Users\user\AppData\Local\Temp\nsgECD3.tmp\nsis7z.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	80E44CE4895304C6A3A831310FBF8CD0	36BD49AE21C460BE5753A904B4501F1ABCA53508	B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592

Windows Analysis Report
SenPalia.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Windows Analysis Report SenPalia.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Windows Analysis Report
SenPalia.exe