Malware Analysis Report

2025-01-19 06:28

Sample ID 231218-sx43aabdek
Target https://github.com/NovaPatcher/NovaPatcher/releases/download/NovaPatcher/NovaPatcher.exe
Tags
irata infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/NovaPatcher/NovaPatcher/releases/download/NovaPatcher/NovaPatcher.exe was found to be: Known bad.

Malicious Activity Summary

irata infostealer rat trojan

Irata

Irata payload

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Looks up external IP address via web service

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Runs net.exe

Modifies Internet Explorer Phishing Filter

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Uses Volume Shadow Copy WMI provider

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Collects information from the system

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

NTFS ADS

Enumerates processes with tasklist

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-18 15:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-18 15:31

Reported

2023-12-18 15:33

Platform

win7-20231215-en

Max time kernel

51s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/NovaPatcher/NovaPatcher/releases/download/NovaPatcher/NovaPatcher.exe

Signatures

Irata

trojan infostealer rat irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = b0b2c642c731da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7EBA0471-9DBA-11EE-9853-CA8D9A91D956} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3040 wrote to memory of 2980 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3040 wrote to memory of 2980 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3040 wrote to memory of 2980 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3040 wrote to memory of 2980 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3040 wrote to memory of 2172 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe
PID 3040 wrote to memory of 2172 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe
PID 3040 wrote to memory of 2172 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe
PID 3040 wrote to memory of 2172 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe
PID 3040 wrote to memory of 2172 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe
PID 3040 wrote to memory of 2172 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe
PID 3040 wrote to memory of 2172 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/NovaPatcher/NovaPatcher/releases/download/NovaPatcher/NovaPatcher.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe

"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe"

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

"C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=992 --field-trial-handle=1152,1274697624581907679,6448962839881367973,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=2172 get ExecutablePath

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2172 get ExecutablePath"

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

"C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1392 --field-trial-handle=1152,1274697624581907679,6448962839881367973,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

"C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1412 --field-trial-handle=1152,1274697624581907679,6448962839881367973,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "net session"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Windows\system32\net.exe

net session

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

"C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1380 --field-trial-handle=1152,1274697624581907679,6448962839881367973,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe.60vs2lh.partial

MD5 ef6270cc76b6bf9e4caa4312124fa9ea
SHA1 0d539179d779c69d8a6c20e9aaa2c3e7fa4ad5a6
SHA256 b4b8ccdb2421f0e614db583e9aade9d13a8aee8e11a0bce1f948450e86b9ea37
SHA512 42cc080a679a09b32bb7256e80ce73577ec044122941befd76e53274d0d65a40d7bb605bc3b16ef6963b43fdd11c6c2be4fb1a66ba80a4b13c936697870c5b2b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\NovaPatcher.exe

MD5 8d40d29ca578ec702c22086391a9d5ed
SHA1 906d8a73cb1fa1f4c93b1d40fe0608645745ef5d
SHA256 bd5705a1dbd69e51c17de2e4b8abbb277213ead8bd5e4fcbf9bbe3c3005e5740
SHA512 bcd224e412f5c8606f0dfd6826eed8ed9ec6c57197ae5fa3f13892f09a957ef03aab9da15e2e0de199c7e2ed7893ee8f1e2b1653fbacc04ae553af5c4540ec5d

\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\ffmpeg.dll

MD5 b3e06973e4ae021dc699c243b4e4ec9e
SHA1 7ae27e0d4c04e7ffb906f3907b8918320439a952
SHA256 953472f2fa38d64c27944c08a8afe9da7d8b45e6e5cad7affea4360c4a888817
SHA512 0cfb6c543ef88641a2360732aa306349e5aa80113466298036dc615e30e187e01e346e8735afe937144b09f4e4101c0b99b394c790d051d8a39c8ce50a32dfdb

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\icudtl.dat

MD5 25acf98f499281cc2f039f21414ac8a7
SHA1 153290280e190d06fd45cebaa398fdcc8659999b
SHA256 7d0fac006011f55237e14e999fae0e50e2d9b65a134a14e9e2f837b149d8f44e
SHA512 6e80b7ccd6bb491fe8b795ffc4a547a01a4f503ccfd0553b9d01d798d9ba901f1a19ce6ad0c7aa1f128ac67576adeeba0dcd061b504514d29509db26463db065

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\libEGL.dll

MD5 8352fd22f09b873193cabc2932be92f0
SHA1 5bd2b58854b279f1733c5f54ea2669ee8a888d9e
SHA256 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
SHA512 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\libGLESv2.dll

MD5 e311d905194417f044a35fb7fd60cc8f
SHA1 72059a67a8d128cfde61215cacdde90f0b5d09e0
SHA256 53f543993e138086cf7f5110c17f6ddf9b04aa315b4b65df436792e42cbaf962
SHA512 0eb5509cdc75808dc678219ea405820add803752f980f8cbeb0af2d1993313f444c327e0f81b91bc3e72341300cc7042c9b6deb6e072574e4da8d9ccab7fe815

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\LICENSES.chromium.html

MD5 403312883814be149b7b4797398f7d04
SHA1 9c86e3aa6a3b6e36c1d182f77750e133142ae638
SHA256 bbc970a5e507291ca9e31d72f45cedd1ce41bc8f863e1688f8728192980d6de9
SHA512 02b7bc0d9efa279db5e86346d325cdd2c66eb1690b9de97bd80a99b8e740e5e52f20d4f369e6ed5319870687346b4cfc1c3a11e9a913b3bd105c664430f8c8a8

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources.pak

MD5 cb616d54ef2d11d8c86f47be2b8d6d05
SHA1 fd7eb08e5280d0e6222233d4e747ca413fe15eb5
SHA256 8900eafb2775a2a1f715ca70680873485418fe28fa465452b8e6f7b9c4cd57f3
SHA512 3153cc91efb6f3ea7e128a5695d029829b9dc33a94afc8b6aef17dc57ab558df4732f85a1773883b54f47dacc52de4236496299e1ff0f3b8a9249b9eea44df74

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\NovaPatcher.exe

MD5 1262f9a2cfeac34cd65577219b2fbcc7
SHA1 443dfd9eca4636f5e2d974d70baef40eb960c2f9
SHA256 2d61489a352487673fa3383adc24123338db8160549e2951fac37e9f13aad0ac
SHA512 fabe2d6086f2295a91ba02fc3803aa6b1f85011644191013b24478d915a9767e561a3f4437b74d78fc9c717559f72fd27f1aedcb3e02cde98bc67aa9d26ca83d

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\v8_context_snapshot.bin

MD5 47014c0f81bad6d216c617c9c63bf040
SHA1 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf
SHA256 e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178
SHA512 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\vk_swiftshader.dll

MD5 bd6933ea463e8fa3a4e44417d7674452
SHA1 c76d986fd2b0b3f67656d1385fa7453ea225ffc9
SHA256 5be48b77c6bdadf1df332e2725b376b4d639ad15422b1d0dcc71c53c9cfc580d
SHA512 73506d71e648b16c1ca1b5360b263e8afe4136f15b3a5b25fb342d93ebfe910f1654a24abc3f2437e8b28f145b015f5676712cd4913c6d1ebb746f5d51f5799e

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\snapshot_blob.bin

MD5 c9ab741bbef53fa0e84952b8891a5f5a
SHA1 e2dcb8d034e07243537c86371de0c52bce62cee1
SHA256 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4
SHA512 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\vulkan-1.dll

MD5 b91586bd80e057a7f62bdc4422744812
SHA1 a1df644421ece2e740e5bf0ed98b4f269fd85c39
SHA256 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02
SHA512 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\bn.pak

MD5 47c95e191e760dee3ef43345577e2379
SHA1 609634315270a91d4ec631642b18bd0036367aad
SHA256 ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7
SHA512 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\el.pak

MD5 38440b98bfdf5ed496da0f49d59534c0
SHA1 1498d9207ecaf4923a47271e24c68a817041c82e
SHA256 b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f
SHA512 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\fr.pak

MD5 c3095ce1e88b0976ba7bef183d047347
SHA1 b14cfbf6e46ac1f189595fc09660178525301138
SHA256 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272
SHA512 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\hr.pak

MD5 6f92235e6ba003af925a2d6584afd27d
SHA1 3ceba61e9c2975466b6244188f5ea72aaf042fc7
SHA256 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840
SHA512 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ja.pak

MD5 833e8c4aa70351b6be7bd403e4e9a0a7
SHA1 46ccdbdea35deec8ef13a5fc833776875fad187b
SHA256 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0
SHA512 e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\mr.pak

MD5 f22c99fe6a838e333e8ee06a4d01296b
SHA1 c3542ea8dd45a2b387dd02fa5687948f135e10f2
SHA256 b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911
SHA512 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\sk.pak

MD5 b35daa0bd9627ca88b413a5af7c6b4a4
SHA1 d5efdcbc7ca17de29f3075f6434f31ab2e895826
SHA256 f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177
SHA512 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ta.pak

MD5 31dada843d0b4f9a66b184cb6d7b8b92
SHA1 0320b31981043c6e4c17470bf2ff4c7488553511
SHA256 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b
SHA512 c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\zh-TW.pak

MD5 c2c35fcedc3708b5bcadf36587393002
SHA1 31d72402cbd44ceb921cedd806259c2cd14e411f
SHA256 cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac
SHA512 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources\app.asar

MD5 0650627661e2c597caf459b6b798e219
SHA1 628cc25668558b2f42f189d7091a0a32c10f0017
SHA256 d189d6ff4c764bdb05a4da49c9f1625c465c2560174a4b04cdadd7b0ce3c9f4c
SHA512 fe9c82c007ffa9a081cc0c65656d2b03c7725348f10ed67f27cf5ab3a9f984bff8fcd91ca07fe19bd36acab24b8d1891d826e75ee07acd045df0ecc0db54aaf5

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\swiftshader\libEGL.dll

MD5 19dc9ee70e7765bb63a66b6826e8ecb7
SHA1 1a12f983f8b35cc2955d30657971f113c47dc164
SHA256 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f
SHA512 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 a278e192b332e2007221501d91142d0f
SHA1 9900b08824762dbdd01647bde7de86ab1a54c86b
SHA256 017745c674af6ec01ba18a86395c01d8661183be96984f02ba565b2c70fa0239
SHA512 724eccbcb550fe8ed29d5a8fc51e9af87f92c5b930987ca5a8c85cc37998a2ae31dff5252ccdb9a9f4209197a9a9edeca39b249e90cf53c6eaa944fda0f89524

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 16a12bdc986207390dd79d658a6b2263
SHA1 b4b41f62cbc1e1ede786c6e30e11df8e61750bad
SHA256 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac
SHA512 d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 471b15abc9f2e98fb7ed7361d3f045eb
SHA1 95b5798d80a9410872f6ed485ae2b43ca3745540
SHA256 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004
SHA512 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 c20c205c6f8d70a5e1351a4041a3ec9f
SHA1 e1b2a763dd6c42439656e4e55aba0f3610ff3784
SHA256 bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc
SHA512 dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

MD5 20d4ab92898299a5df76e9e0335da9f5
SHA1 a3e1bbea7c69936f7d3f03aa2319e8112bc2043e
SHA256 55a07cf5b6c8f3184a2af4d3aa932ff8c564a8f182d5ede209844a236e16ecdd
SHA512 e0707211fbd35f166949b088940c6d157dd53e84a488ac0a0c79e7d3dd651ab952db3752a8ad12ab8336757b5e3d9ff0373e587be6c8ca15d47f53ab60f5c1e4

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\ffmpeg.dll

MD5 572d63da4b213276f4ae6a2a808b8d1b
SHA1 4d8e53d49bed7584a361888481aeef5f35f1b8c9
SHA256 013a0d708b398fa4d6833cf2d9db9490524252d9d5d1e7cd16bd7f427bc8b36e
SHA512 f9ba358283bfcb34acf7209ed63a769546a13ac6f0aa3ed639aca9341d2b4f5ca7256a33e57aac634ff30b47a3251dc71a9d8c74f515adab8a59b1c92e2c9d63

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

MD5 bed7b0cdb37065d23721678015ac107e
SHA1 dccd0298ab3e2ddf641904d612ce112b7e3b8127
SHA256 3250c558c1c869ebb51171e1c39c7e1e31bb1ed8ad6ac5a68874c84fb5763e9e
SHA512 7b2c6c1931e3e9adde549ad7a37a5dd4354a145af04e89acd044d3f7b71b4ecc72add5f9ff62348104bc88c3fa222d6ff3433808738b8994e03ceddad43eacbd

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\zh-CN.pak

MD5 098d656a4f4bd8240bed10e7678186c7
SHA1 0c19ab62b4262f1b51558e8aaa79e7741f73393a
SHA256 a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7
SHA512 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\vi.pak

MD5 69c8796439192577f48bd249175aaf37
SHA1 97c52088ca69dada593db0e42b2135d264646454
SHA256 d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2
SHA512 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\uk.pak

MD5 d791b1ecf2931b2fb0c31aac170c7cdc
SHA1 02be115a9ff94fe5250651b6de4323eafc44fce1
SHA256 ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22
SHA512 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\tr.pak

MD5 40491896ad21543f339467186c5efb40
SHA1 695dde7cc35056dcbf0a533aff8299d4c6b61bd8
SHA256 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa
SHA512 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\th.pak

MD5 43edd25f67ce6e6cea5373009ff0a1f8
SHA1 ed72ca6620cf23837e1334be50ccf616806bc5a2
SHA256 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0
SHA512 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\icudtl.dat

MD5 9ad5c33ff75a22fddabcbf52e65e6f0c
SHA1 ff0358c3460c551a438547a09a2548abe18f83f3
SHA256 ad689581164c9f9ffe4919a09de4907936ee24e0ee491a7d438c20e712c4c808
SHA512 f2f8676ad2698f5e7bc125c7fd489a495bb76d88ecf76e5b7d0e06367f9e6fd371a8d147d538b7de9017cf574396958584b6822323efde4a5a72b1b63b08bc00

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\te.pak

MD5 793a87d41cde6e6d1bb086284f69733b
SHA1 d887e3842b664f55b7308427aa6f5bf0b352d879
SHA256 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255
SHA512 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\sw.pak

MD5 99e385ebc1ef8d3daddb3a171fa79edf
SHA1 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1
SHA256 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01
SHA512 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\sv.pak

MD5 41e76f7775fc9a2d6e3c02c46e9b32f6
SHA1 088c15c74a68bee69682bf89c31055332b68c84a
SHA256 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13
SHA512 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\sr.pak

MD5 af7083f2a4bd95dcbe792efade352662
SHA1 dc69aa831836016f6e66c6079931503d534a7862
SHA256 e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd
SHA512 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\sl.pak

MD5 e015b6f5042be2dc96a4e23dcf035502
SHA1 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6
SHA256 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4
SHA512 b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ru.pak

MD5 75457b95d2bb03891232dae7db886387
SHA1 e5a7569df7f91533703626d167ecc8cddbd27205
SHA256 e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6
SHA512 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ro.pak

MD5 24b01a438a3ab9699d4ca97c081b5e82
SHA1 0d0b082544d23425a74199fb0a6c11192f0bdf7d
SHA256 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca
SHA512 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\pt-PT.pak

MD5 ecd84b296d3bb312ee18e21017311986
SHA1 f5625523f85c10723750834a54ff59a2dd886fb3
SHA256 fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94
SHA512 e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\pt-BR.pak

MD5 88ad860c73676ffb4025b5c691f29942
SHA1 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558
SHA256 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e
SHA512 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\pl.pak

MD5 644c0ace25d6e532b56510a736c6bc2c
SHA1 1bd0fec952107b493da04c46423da634ff3e1504
SHA256 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7
SHA512 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\nl.pak

MD5 cf6b1cbfd669e9461553974ba37a475e
SHA1 b33867e9bc7fd88ca98a76dc4bd756bcf18887aa
SHA256 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864
SHA512 e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\nb.pak

MD5 b61e42f66d581b6a8929cdf5fb10662e
SHA1 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a
SHA256 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e
SHA512 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ms.pak

MD5 6cfadaa784e687e6dadbcd80e631bc9b
SHA1 481acb75f525055bf4e45ecabe0eadcb9c492106
SHA256 fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71
SHA512 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ml.pak

MD5 04b2540c25990a5e0a9b227dcce6ae0d
SHA1 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e
SHA256 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661
SHA512 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\lv.pak

MD5 264c6e20b3088ceb4dae5773cef0cb55
SHA1 fb6ff83ff14df008092bc3ee73bda7491e8e090e
SHA256 a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda
SHA512 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\lt.pak

MD5 2d4fca437a7548893dc4b51fa5b33c33
SHA1 c1493013d7d981ea9223716e415380992de65c2f
SHA256 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769
SHA512 b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ko.pak

MD5 d6e2c18c9eabba59b50d147d942125ea
SHA1 0918879203c2050b4f9f449f5616e430897ba0b9
SHA256 f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76
SHA512 f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\kn.pak

MD5 5115cde84b4c674db412619b65433004
SHA1 164f33e7e2e9f685a579da492a6fc8806beb6cbf
SHA256 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7
SHA512 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\it.pak

MD5 5aa225aad4f9fe6d05ec24905a827d88
SHA1 f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22
SHA256 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab
SHA512 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\id.pak

MD5 e40cb2f3b4db379e4d187aeef0dfd300
SHA1 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6
SHA256 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5
SHA512 b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\resources\app.asar

MD5 be26851f09fd24178156ec748fd9faff
SHA1 ef44a11868bf79e80f39853a5a9a7e515f20c34b
SHA256 2232e1cd457e2b507d9568b7cef13c4e9d4961a5bb8fb2b071b86a3a994caf41
SHA512 4617841006a1a510884de33f21c6b04dee6f75726a209d090d06bbfc8e7479f4af1f193d9d9a3ddbd40f54faa2eb06bfe851ebd0d6f84b71e033b20994a2c09b

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\hu.pak

MD5 71d42cb22d2d7a8b26c4514ab12df3aa
SHA1 cd0307503a7906f1742d1e98fc816959319c2171
SHA256 b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6
SHA512 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\hi.pak

MD5 590e9e73df9cbd83cd87b9c03848fec9
SHA1 da125e60a5a2c51a2d6219d3f81688bd22237b59
SHA256 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9
SHA512 fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\he.pak

MD5 6a02a37e1ca3215fa9ee0e1b0fbcf5e7
SHA1 89a8a126c0bbf536ac58e29fc50e045fb1b88220
SHA256 f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986
SHA512 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\gu.pak

MD5 63a7fdc4eadf8ef1c35c72468a0ce33f
SHA1 e8d064f0e9c8a6a8c6ccb036711e292d011d9466
SHA256 e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c
SHA512 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\fil.pak

MD5 40bddaf97f64dfea9ebafc7f82166f80
SHA1 90d1fde3c0b27d2184f0353991259c2a92c7820c
SHA256 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2
SHA512 d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\fi.pak

MD5 cc592d91ce8eabaa75249cb78b889376
SHA1 f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac
SHA256 b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20
SHA512 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\fa.pak

MD5 6458a239e994d8d18315deccd35389ed
SHA1 75c985f43503a6c44645786d46639a6b555ae163
SHA256 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34
SHA512 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\et.pak

MD5 c76db3385190c6840315c4497e40258a
SHA1 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46
SHA256 e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f
SHA512 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\es.pak

MD5 f83d8f7f6108786c02c2edbf3d85f147
SHA1 57781d9d9eb7c90cdc71f78e25d0763045b6d29a
SHA256 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d
SHA512 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\es-419.pak

MD5 b261b1efe945365588befdf68879040f
SHA1 616f44a5f73f0449b483f36ccf831db6474a10d2
SHA256 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4
SHA512 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\en-US.pak

MD5 0bb857860d8c9ab6d617cea5a5bd4d00
SHA1 351b744d95846bff2ce5f542fec2e87439aa0f8b
SHA256 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816
SHA512 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\en-GB.pak

MD5 52e2826fb5814776d47a7fcaf55cb675
SHA1 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b
SHA256 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454
SHA512 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\de.pak

MD5 b73344e5a72fca6f956dbab984c123ba
SHA1 0561073aa40a63a9ce9930dd18b18e12ff139b2b
SHA256 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b
SHA512 e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\da.pak

MD5 55a8f5883805a65c854d25edb3959209
SHA1 d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268
SHA256 e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb
SHA512 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\cs.pak

MD5 3cfd9dc564cfcc33cc5524711365c376
SHA1 2e5016d2643017f37658262122974429f18625a2
SHA256 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee
SHA512 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ca.pak

MD5 423651c45566cd90ea5edd8631e823b8
SHA1 13bed4173a08bcbfefba034aada3d838eece6d16
SHA256 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414
SHA512 e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

\Users\Admin\AppData\Local\Temp\b940a46c-f525-475f-937e-c612aa19aa9f.tmp.node

MD5 92cbacb8a87125a3d8817759fdc2e326
SHA1 5bb4d8299fe7bddec780e24af2c4b00a8800378c
SHA256 f723e31ae33bd9e181a4e281fb41280718d57bc712c13c968a0ef8a3694155f6
SHA512 2ab375bc488f7f369052e8da3a68facda94da95d89560b30f9d836e4869702a40438c92b6b60f78fd2bf15d486661a58c07d232c5f4989a47de1f19e21e987c8

\Users\Admin\AppData\Local\Temp\e2d61214-cb61-49ae-a15d-2a8cac8ed1ba.tmp.node

MD5 e308f8720161c3748a175ab20eecfd5d
SHA1 13d105369f907165e412a9a6afa04dcae68fd799
SHA256 2ef1d87047413d0bf9f5b4869936befd517bfd61a8d23b40abd42554c2175156
SHA512 d76a63fb1b0c2cd856f1bd4076bd2243a86d16530fe864a16e6af90987e8ffd0116f4072bfdc3b4fb854b5b3a97d7026180d224c9df7b86bfa558ef725a30896

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\bg.pak

MD5 5ba0c7200362c9ed55610cc8b66ef53c
SHA1 d45239c2f1b00885407771a41a7776fc1fe8fa3b
SHA256 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7
SHA512 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\ar.pak

MD5 6f3e791b4d35ee7d9515614d128752cf
SHA1 181ec3a84fb3e89336d77f24f562a2cbe07619d8
SHA256 e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60
SHA512 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

C:\Users\Admin\AppData\Local\Temp\nse1CD5.tmp\7z-out\locales\am.pak

MD5 e18a450ef034b42599341c3d09f280f1
SHA1 2001c8a85904962ac3a96938eccc69ad2c110fdf
SHA256 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da
SHA512 ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\resources.pak

MD5 44792054dca0eb596f0db1e13e3987b7
SHA1 f33054b794c9496dc16ca667516072ed69064fb8
SHA256 b48fc03a4893e36d29240309bd8b49c031246496eaa211e12ceeb6ca6e9dbde1
SHA512 20baea0788c9b6e68ccac8e3075c3adc4e3de3c2ee8b962541a6eb4477a120452b217c109ec4f682d68fce1cf00c0fe572866faca2de5288d3f9803e3e7108d1

memory/2804-617-0x0000000000060000-0x0000000000061000-memory.dmp

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

MD5 f1002c0281e2813b2d2de55e4d1f519b
SHA1 f19698fe7d371132c9af9457e8749ea3da8c4542
SHA256 6fadd535fc952bb43aef65cabe0d0252ac3db0cc9d1557b093a6852f9e4ac736
SHA512 6ac045c186d6b0e88f694ffdc0517659741db3a2589a3128fa83c7d2ef916dd60e96f7a73936ce874f909cd0f80947b00c3e30f34c3897fc1c9de5fd699779bc

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

MD5 e3af9711e3f60a794af981922e29083b
SHA1 b2d2854bd09ec1aa58fa77472ab5c6122cc55f4f
SHA256 db52ed434bcace011cdf76c473a322ed9f1ca99c500effba7c4c8547a817f5a8
SHA512 fc1c59e4f1c3d6cf4e3ddef5efe64cf92705daa5b9f75c20e1a6eca75b0ffeb28c242f044367395c83b4ce6dcce273c9891a3a0d20523c1aa2a339cdeaf8806e

memory/2804-652-0x0000000077A70000-0x0000000077A71000-memory.dmp

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\ffmpeg.dll

MD5 d4d05deabcc94358511e3b16e7d47f4d
SHA1 fad235c505ff4ec2ecfcbdac0cea0c6fe3954d58
SHA256 778eda19571478dc6e832607a616aac536309f192a44d09a63ac666799e0b31b
SHA512 eb8a84d0f304c658c5edca3edb5f260935a4f7816e515193de542b01e52ae9d8094615954f5669ff58a599540ab9b9f3cbd82bd01609be5c2e7fee69a2e1b12f

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\d3dcompiler_47.dll

MD5 7733262ca28482a42f2ee21dc3bb837a
SHA1 2621f00e0f7115f859821739b50500bb26af78b8
SHA256 320659e5ad327432f1b110f62bf951e6319d6c89471f05f7f80b497e6aa31b38
SHA512 a47aa9b01a0f444a2674c5271fe435b915ec3eb3b97a281c02126d3711187dd3e2fa47f7ba9f2d4f597cdb58fce0550cad12d5d82dbd034e52eb13d860ae44ca

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

MD5 6735381f42fca6c201917d4b50db9613
SHA1 40b98140ddbebd2d43934e59ab74254f542de6d7
SHA256 2cf37e34756bf27054659483237602018b75d3c43c991d6fada88b1850a46487
SHA512 044cc51238380e45424733d5f5e2929d7f7f33466f3bc081aa05805281477c602afabe08dd2bd2b62cd8eb13531bb6e8be9df2de915dc62294868708e191ac1b

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\libGLESv2.dll

MD5 0df3bc3e6e3c45d1ed5c0e57f94ba366
SHA1 e4cda3902cdac324b478b6ce982c03e87d496cc6
SHA256 d73d6a97ad81b7a860b4338e32e80708770b26426ee2300f2be60cf9cbc95361
SHA512 875022b72e3668331c01da20ff2006d98d847b7f12565059d42dfb066fe8989668195719bcc42c6c920f93a4fec5ed3ce1be573790e748f6de2d06d972deb363

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\libglesv2.dll

MD5 0b8665410e1aaa0795e10b2897c8c292
SHA1 dc336e3fd9a0a4c063e615270e2a018970589f4d
SHA256 be5b579021c5e9b41246292f448f080ff08cac0ef35a0675289f03005265d589
SHA512 7298377aafb5e6884f5fc40d9228fecdc33f313e3d06c0a34c7bf59f3e079732005c0d647ab407b94ad746a5eb9df10ab80212a80b116e3bd9371d7ee23682f6

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

MD5 4def69c5ec27261d3398b1774c868564
SHA1 b7a930046d9df6b80ca669e3ba8abc4d2426898c
SHA256 0c03bc4b8983c97282844901c5dcbd28cc5aea1b992c651fec80a5a0f0e7b3d9
SHA512 d5cd67b1d7bd8f3995162c779b1ba865bc62cc4d48e831181f2de41b1a4a48783df5892515c86b0a4e56c07e58ce72ec361123a4ce198bf5f80a1d0e4da0b612

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

MD5 8de23944265b01c8031d04811326a9ed
SHA1 5619bedf4d7edcf22e5d56257b25556231f86e18
SHA256 383103957cf6f850fec86b930c07449cc010194ed120458e58cd9aee7d412357
SHA512 c678abbe454c2db08f99c723b7122d36322d0b91b2fe9b3709d388c090ffc78013736439bb468853cee5d196ad1fe16446183c056c263a37948a4d0220fa92e2

C:\Users\Admin\AppData\Local\Temp\Cab951E.tmp

MD5 d71dff97ca86ca16c3db8bdb5285fb35
SHA1 271c01246897497d069b81ed37af296cf6c1e498
SHA256 4a19255504acfbd49c4e1aed722c7e62b50b5742b860eedabc5f46160f8aefac
SHA512 1fed2a183296b563e35d803927e539d28169895f6ca5b522a1c714f222a2d3e578b1e167b19568b5ad4800b898f7ac041c7bd8f6bb02d1361b32cbdcfb0f682a

C:\Users\Admin\AppData\Local\Temp\Tar9540.tmp

MD5 69b8e2fe3bb7142b759bbc3bd3092cc2
SHA1 c55b032e44415d77a1a2f3f6c6c049b7cc32afd7
SHA256 d31cf766104ab57466eca8c74b0b1dc3f7729270b60df98dde747087ec3e8bb4
SHA512 c3b3ca6861a0e35822f0c5b6085f7fc1444b051548aec4362723d1b7a14b72cd832335ca29eea23ce8f9fb71f4ac76c6bf2b58a220722e7843461bf095970b7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d03e9ed08921401fcd4a84aebfdb8f76
SHA1 c349e5d132e4630c2fdff81ed0bd8a1583e35b25
SHA256 e3418cd2f78fecf816f6b8572915bf07e8b981c4338b909a5f6a2cb06894465c
SHA512 24164ba4d3ebe6ecdf1a438f25285010d0a2249f8d14cf360b1a540b6e4cd72204ee27725f18a9e813f1b3f6b8a38c30178e050f1a1633f224bf4375695221ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a5b0cd741dbe46ca6f406828f20e6a0
SHA1 52fe9ff0c9a7abb880d1ed9a5583bb9b60afc7f5
SHA256 6c098b4ec3766691346adcb70de0b497e5de641b74fa94734a4991f9a1d585ad
SHA512 6084d6fbe47de5ca4f538d179c2f11e7bab3b427f6cb62dcd599baf2f2b1bb60fd9de7c0d600aaf925d257a4a226aa654d5d8b90ea0a4a4630a34c2b9a29112c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df7fd4759a269193edd147897624bbc0
SHA1 26abc1c80b6f5a32f0611120b5b44138b2d21d10
SHA256 5a78bb8d6f00b672d8bd553315dd3b4a0711ad3274a2e8f82942dc450fe5212f
SHA512 7ef8386a5affdbbe6a808214e14e8c40734f8704bbed8620f551e64871c36a8840c0a7dde9680dccb5d5d6e0f90f2c578c16bbff0a31cd981a1edec421c21bad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eca8d4318de1f1ec42b64d2812ca792f
SHA1 5767da1c8d64faeb376095e387670e3cc834cad3
SHA256 693295435aa691e9142326553bec3c28dc3e1d04d803028d7a45f75e6261fcf6
SHA512 dc1511147a373428f5e5cfbce27892aac2425162007f8cf88e818cc759b7437d03de814db32361adea4e66ecc02ddf7e5a039b1d1a1a6639b08de229a309c3c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0672b62b13b725ae32449d3c082fbee
SHA1 137d5cabb8ad174cb2aa622f4b5ccd6fddaf981e
SHA256 7c3c1a8d682615d65550cdaee5912a6758600480fb929a2ff5a581ac0609ee2c
SHA512 6af144ac67a1422218971ca89e93710e157daf2901ef68e166dc0509424a4850065343c06c88a68e05d14b6e5cbe0022debfbfa51ee9d0dc57e012f916ea0364

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 911782733d3832685d18178cd4129324
SHA1 3abab0f3fdc897d41be4b03e8f3411a70d0fdebf
SHA256 8c950c51101389960076c488265c22301cfe8a16abb226d11bfe8678f7158f09
SHA512 30ad28edc33a145371d21f74935e5ab0b11ae4ac85818e780215ba894c89435404275ab76f2edd2fcbcbb133787a9300a9978fc1b97b384c364250c5edb33196

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5e792652137dc2d417f8b14e68d10d5
SHA1 f815cb1c51aa533e3a965597b529ecfc5b8951aa
SHA256 4e6443a029ece318bb18f1f5c60f084fb727eaa141c1667a24c367b60fb1b776
SHA512 0c956a57fbda070c35103e6ddcb9be88976e8efb622fe4f31872e10c45d6375c13f37663f5d9dba7047ba0cb2f5a5f364da7d5b37b6d54a55a1b6a7369c03554

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60e597f19b190bd850fc22aa03543b3e
SHA1 72702ec27a21c5d971fdaff3f51adfd136f57972
SHA256 c8406eb053f774c6f1b6bb8423ef1b72af8973348e69b367565b3cc51021e989
SHA512 57c1d3bdad50588431c7a91a7df58d3c3c400787b7230fafb2d324e27bd759e62e10d6e4b294b6f1bee0214c522093ca7b528113a95cfff5ab3ffbad19c1bb24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea6233ef10e53c57d657ecab093e0f06
SHA1 206c21a8468ddf0db784a7b1ad4892454891e06e
SHA256 176e699020ce3d830cb2763ed1ffe8bec6a4717a1e616560cbe7a13d7de63cb2
SHA512 ef09b843f55eb7f1de04d987ffb650d7be22b1c69db922944f48db48c60bb67f087ca1c1ef394a40ff882e806c1bf773c09c572be97eec95a26c23c61dcd56c3

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

MD5 d279c491d6fa73018c640baae0542295
SHA1 49d68c29290b2f6f802ecb9ce6fa5250c02bd93e
SHA256 c893d90f81e6224fbbca1eef26ef15b7806c7b774e7fd0c80d42ddd64c8d476a
SHA512 b9ae2c1cb01b549cc4879577ecf428a09b980b818b0b84daa0c73e4f2df3d575e8bb00224c84809d280d010c6e2348d852ce7c5b4308a9c26d67b90b4d57c55b

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\libEGL.dll

MD5 240fe2f63e030494949c3aefbfb16aa1
SHA1 a2f2c4298c0da0215f78a979ade7a51e6dc33b49
SHA256 a0f06c1f986e5db370f4430afeba70e67544cdb83eae5363ad658d4c1d9201d4
SHA512 755a561963215c4c4b856427d62edf7e2cddbeabd6c7b8fff9e80f24be86ef9e57fe9d5771507775fd52310404ac9e36859f52cc9bad7eb56333bc4edd4758e9

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\libGLESv2.dll

MD5 c28b74bddb5c56bc08cee2cdfba24591
SHA1 8b073fbdb9f5552f4c4333b20e8ff4063dd1518e
SHA256 8bec94018614cb57f0856c89e5cb26d5c0fccff08c3f8c5edba95a0d98129e0f
SHA512 964d39400b1e08d87aba4a7131ec5c856817a01927910beec6e1122989099483279dda39682c2d233b86dabaf945bb8915304d32ecca0e60bf73a334faa93c69

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\d3dcompiler_47.dll

MD5 a5ee15126188f28e9fbc2bd6fe015298
SHA1 e042049db5b1ba4bce0d952ec24f551f59cf5651
SHA256 8e4f07b3892cf602e0484b9d5d49f1d2c171788a2a652eef971efee9fdf978da
SHA512 bb8f6917b1a9e6ebc928479986693b71f6efad6d0395f48b446d1a3ed37c1df160455ad2f29804cd905741c95f588e2d8eb6eb0827104a2f1c6ef68a126267fb

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

MD5 bfef944d2ac7aa4c9f778d895abde2c9
SHA1 763667077b83f2f5b71e4817f93b39f92b9e2b97
SHA256 e3e602ed1870d7686f689c337eae7b2c2af56dbacdf5fd4e7fee1023e18ce042
SHA512 12209f12464a7bb34bc18870b9ae377a896bf57c12a02b1324116529297b778a13fb6847fbec653508a0df996f720202e7cbe029de01810da3bc895ed6247500

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\ffmpeg.dll

MD5 9f5fa489673b8aea5fc91cc6737ceb82
SHA1 f13b2a02b77823e8012e5faa902fc7533d36b92b
SHA256 e1392e4690f070e6430797fda7269c9462952a6c72b71d8eccbd300d1f303acd
SHA512 fd0c1d3898d6aaf8013816b75f9a1027c8759bdbd1643fab61dc2e5b896797b5d782a7800127a7e0eae738f158d15be1bdc373addaf61ab9e2ea6899f684c7fd

C:\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\NovaPatcher.exe

MD5 d954a1322d6649bc19e3d5f0f40116c7
SHA1 acf495b10ebf5a18a340859ace9d14ae17f75896
SHA256 ec04e4034f9912cf3086e664843e35b0e5100a6711fa92c83b3533b60247b401
SHA512 97beeb3d539d732989c29bfe854031fce14f172e2339a1f8b4452dabef990d2141eb51e5ad87dfb0df007c384f6f60f125da858e7aea5ff0e9bf2f554aa12d07

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\vk_swiftshader.dll

MD5 9acbef7d5eab7486fed176b95e97c725
SHA1 86c1ce556882a1e58074465ba959e0c87fce0e06
SHA256 14db9a16bcb6424cae6395954006412d82868d9e15ba82d77ca62930e0a4836f
SHA512 39e08a402f10c3e6b7a92c41426ef6e69f9b4516796b908697be9eadc9fb4b2a9efa31c3b20cf71ce457e384c0053167a8b8c6908e5e4b959187a6f6dd97d744

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\vk_swiftshader.dll

MD5 2e59ae9ad005adfa0be5668046922302
SHA1 f28edd73ddcb37312037de15a7e0912e7af4bbee
SHA256 f463d4897684497b1973ff1b03ea54a30e5f541fbcb4121e75e9b020ac669c32
SHA512 b55eabdf572b3a9ffa521f0f28a803867ea97522f296c493faec283b670a67daeaccc6163f6775be110b81737670d0b74675a517d67dfeda02f03a45b7d729e9

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\vulkan-1.dll

MD5 4ca92caf36721f570d7df09dcbe1416f
SHA1 cdc88fc5862e4b8ef8cd6d83f0741686ac51a087
SHA256 c63cdd4ca0338d02813bc89091140bf749f86423c27564402aa7eab25a172849
SHA512 6b2c0a0b0b146e0fe5f5a4a60d6dca25f9720e7a02498841c6bb0d5ce4f76a72c6912fbe21138470715b7c44654738a7a7c24e65107808e731faa99c6b547d21

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\libGLESv2.dll

MD5 7c53c90f3741a2108df70b029219f353
SHA1 6bcf80314f74b9cd4949491780d548bf247976f0
SHA256 a1fb2ad4a24b803099eb8275cb0ce8094ecd70636e5dcab2c286d789ceff1698
SHA512 7efbb0be1a47f956d7c9c9818fc3a9c9dcbf4a27476d94f1d07d4eab8d8c1ee1ce550d0175ad4a0ed6f77441cebb02dc456e11f6bce4f9d1c022bca060e206b6

\Users\Admin\AppData\Local\Temp\2ZagYXFYIrv07UGbcXoeXtFH4xD\d3dcompiler_47.dll

MD5 46598a097badc1ee8518a359ccd01c79
SHA1 79cac587e2f3ac74def355253ae2162c0f92fa45
SHA256 9946dd77f45b02bc8d6561fda17a977bc4873256ee827153f0895601e51fc599
SHA512 f371d7fc3f5c71b4a6e74d9e07822b9127e74723e182e842dd94c5282b4c8f539e3ba19e5027aec2dc22e89c1c1b3a8e4a9770e72b364e87b3d969a457df5312

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-18 15:31

Reported

2023-12-18 15:33

Platform

win10v2004-20231215-en

Max time kernel

146s

Max time network

154s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NovaPatcher/NovaPatcher/releases/download/NovaPatcher/NovaPatcher.exe

Signatures

Downloads MZ/PE file

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 168219.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5068 wrote to memory of 4408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NovaPatcher/NovaPatcher/releases/download/NovaPatcher/NovaPatcher.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8a346f8,0x7ff8f8a34708,0x7ff8f8a34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6099834348927265209,13889426342044920321,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eb20b5930f48aa090358398afb25b683
SHA1 4892c8b72aa16c5b3f1b72811bf32b89f2d13392
SHA256 2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35
SHA512 d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

\??\pipe\LOCAL\crashpad_5068_QSHACSSOOACAFQPP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 14dd4401a7cbe561b452c9552eaa8f7c
SHA1 36b751544af4ad257ef941f51793c397ff9dcaf6
SHA256 f997e84d8ccce4303e6b28a36d26666ea73b104ebf1c89cdbfd9a2697071a460
SHA512 54a9897327348567609eeb4e138476ff4e163ffd4113e3b1070f67dd80c6ce9146b9da6fd97f042269ea4d48cdc03269785f7c16067cff8eec3bd43c7cb1c722

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bfd48c71a443241e9e5213a22868b3f9
SHA1 07f9115197d29ad66bd5483f7b9ff7a222b00354
SHA256 499256ddbb36ed3591f86bbf9e39232a3c48608a9b110ca396096d3612985070
SHA512 17ed09997d9ce6e2aecd220698fcd9da0286903c74131c665424623a882ece0f2b7d7067e1d8bd869f789d71f24387e8ff3dc49082dc2f46d6eb3592e2836093

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3496ba3e88a22dbaf7846f4631e1cc53
SHA1 8ff971112fe24053efa7fe10a162d8103aee52ee
SHA256 2311301d775d30661ee2a369074185c1458d5bb7c92d69a0a600ecd6cb2ae225
SHA512 64200f833a1aa7b3319ec6a8c4d9f5d46cb58ec22fc19d25d52f4fe2c16a47ccb4df8d9b6eef111ec663bda333378ca7ee6d6d2053b1f6528684f84d6c3c6cb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 2bbbdb35220e81614659f8e50e6b8a44
SHA1 7729a18e075646fb77eb7319e30d346552a6c9de
SHA256 73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd
SHA512 59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\Downloads\Unconfirmed 168219.crdownload

MD5 2d75966805ba62146241f8872dbb0ffc
SHA1 352a1bc5ca405848a4b4fdb8a68db50423eb7184
SHA256 c5a802fb4227381d058f9f69544fbc2432114af284f3374660903c2fff6ec02c
SHA512 64f8ee35d7abf705b095901cd6572b7d89a1a7a439191b4a3d89349f77206ca6d0aa48e2dbf5202ecca85c51a577c2366b45ace71d2dd8dda2baa18c2a262595

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f5cd008cf465804d0e6f39a8d81f9a2d
SHA1 6b2907356472ed4a719e5675cc08969f30adc855
SHA256 fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d
SHA512 dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d