Malware Analysis Report

2025-06-15 19:48

Sample ID 240211-nd85nsfe91
Target https://github.com/Derick22198tm/Derick22198tm1/releases/download/Setup/Setup.4.zip
Tags
rhadamanthys stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Derick22198tm/Derick22198tm1/releases/download/Setup/Setup.4.zip was found to be: Known bad.

Malicious Activity Summary

rhadamanthys stealer

Rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Program crash

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Enumerates processes with tasklist

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-11 11:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-11 11:18

Reported

2024-02-11 11:48

Platform

win11-20231215-en

Max time kernel

1799s

Max time network

1690s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 4544 created 2484 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe C:\Windows\system32\sihost.exe

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5392 set thread context of 4544 N/A C:\Windows\system32\DllHost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\System32\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\System32\Taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\System32\Taskmgr.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.4\Installer Setup 9.7.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.4\Installer Setup 9.7.0.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\System32\Taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\Setup.4\Installer Setup 9.7.0.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3616 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Derick22198tm/Derick22198tm1/releases/download/Setup/Setup.4.zip

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca0153cb8,0x7ffca0153cc8,0x7ffca0153cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:8

C:\Users\Admin\Downloads\Setup.4\Installer Setup 9.7.0.exe

"C:\Users\Admin\Downloads\Setup.4\Installer Setup 9.7.0.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Installer.exe" | %SYSTEMROOT%\System32\find.exe "Installer.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Installer.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Installer.exe"

C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe

"C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe"

C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe

"C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Installer" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1476 --field-trial-handle=1704,i,16171403918112562454,11899822602121139709,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe

"C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Installer" --mojo-platform-channel-handle=1900 --field-trial-handle=1704,i,16171403918112562454,11899822602121139709,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe

"C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Installer" --app-path="C:\Users\Admin\AppData\Local\Programs\Installer\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2332 --field-trial-handle=1704,i,16171403918112562454,11899822602121139709,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4916 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "Installer9.exe"

C:\Users\Admin\AppData\Local\Programs\Installer\Installer9.exe

Installer9.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4544 -ip 4544

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 496

C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe

"C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\Installer" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 --field-trial-handle=1704,i,16171403918112562454,11899822602121139709,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4544 -ip 4544

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 492

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\System32\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
N/A 224.0.0.251:5353 udp
GB 184.28.176.82:443 tcp
US 52.168.112.66:443 browser.pipe.aria.microsoft.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
FR 195.35.49.154:443 swapinclick.com tcp
FR 195.35.49.154:443 swapinclick.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.4.4:443 dns.google udp
US 35.173.69.207:443 tcp
US 35.173.69.207:443 tcp
FR 195.35.49.154:443 swapinclick.com tcp
FR 195.35.49.154:443 swapinclick.com udp
FR 195.35.49.154:443 swapinclick.com tcp
FR 195.35.49.154:443 swapinclick.com udp
GB 184.28.176.82:443 tcp
US 52.168.112.66:443 browser.pipe.aria.microsoft.com tcp
US 13.107.246.64:443 fp-afd.azureedge.net tcp
US 13.107.136.254:443 spo-ring.msedge.net tcp
US 144.2.15.25:443 rum8.perf.linkedin.com tcp
IN 52.140.48.131:443 3b501212c24dbb1ba758cc165e3aca13.azr.footprintdns.com tcp
US 13.107.3.254:443 s-ring.msedge.net tcp
DE 20.113.155.207:443 af29dccc154ce44f57ba3ce5a017ce2b.azr.footprintdns.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 552758a7bb19b27354a76866861c4801
SHA1 93a74b56e5bb5aa86a53db413081b3ca7ffb808b
SHA256 53e1302ff50d199fd0002ddb9d4f66fd264b17e73a50e67299adf1243663530c
SHA512 13889bc4ffe240d8a7cf71ca0f2a397f33e38106116f38b5b8fa6c977187899d2d7084d606288f2892d14776460c2fe450adbeb93d2d200caffefe9919076fcc

\??\pipe\LOCAL\crashpad_3616_JXNUZMKXNTUPXSOC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 093fb1749a67506b93171a82877a0595
SHA1 e9b4b6870c065267afc8b7e4a5ebd50fbb9cdbb9
SHA256 2bb77024dbf00acd28f4a7fddf25e98cce4e56aeef0e296c42b73fd992e21a14
SHA512 52562c920a37237bbe96b058d14ce176348fd418563b915ddcc50ce046c57e3ff34a62a68039fba983c35310c5fb6cc4c52b636cbe7e806d3389878aea4195cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8d7fdf570dc5ae69b8edf54a1d95366b
SHA1 762586ebee71882b8652dbc36f2f5ca382927416
SHA256 d8e10c99d309066db954e9b3037472d0f1ee86892e3981fb7a09e6ff97377679
SHA512 be80f1eb471ab09885c1647d4166a787a8630e843444e2ee529ef69deb1d5200c41ca6b143a997b4ba5592e47473f05ebcd203b33e44b2cb6a374dab6f2666a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5422df78f43aa666b9ae1ab55aeb89c4
SHA1 c99cca9bcf5c625448106497ccd2d605fc4d5a6a
SHA256 d6b366b641709bafa618d14a7c646fdeada2cf52bf4a59ad23a81ff5bfd79bb0
SHA512 dbca1f73ab7a81fec7e5ea8393cced4814c7e9a0a7c283d54c9c858e4f7eb668d1632afdd267292eb7bdf0bc8d89ed58a876b36b594298fde04fba0c05442b85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 63b6255b3f07d9e42bedebea98f2aca2
SHA1 40ebdc3a328e822aec42b2373d092dc73101342f
SHA256 51efbb488012f6ba9fd2182e4f57da8fe07e915e6b2c000fe96617c1d25d349a
SHA512 0e54c65fd7616217d813904524e84af94d966c93b9097053d0253f0e7111883f47aea07016b9d1096c6e6f877fe2c5754c035e82c6a5246418303da8662bf652

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9b5ccecf-55e1-4a4d-8bbe-328a64efc4e3.tmp

MD5 42a1586139fbfb2ba538cd7a91ef9409
SHA1 68b05d4953ca8116844e69811035215ce15bacaf
SHA256 08804ef944463428222b02f6b23f5c12d8e85bcfb7dddf436fcdf20fae37618b
SHA512 a28d60bd07b712561b4ed133907bcb7592d1f00a7a467bafd794c131cd76ed47fd6343718fe5e3e1cdf4e2a2b9f1d26c263d0f230b075edab6b517bd1dbde862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b90436da10efbd13cc261c6dd73de3bf
SHA1 8ff8a0de6bf8894303718f9cff2cb91c4f5a1276
SHA256 9038534ce03a5db1ef5ebe58821dc44a9ea6922c7f8be1b7aff068152ba76090
SHA512 bbb6c3dbee20f0c7d9c677c27d48f05bfa0e8da3dfe970401effc1e912c989bfaf8efbe7fa71e2b56ee95539b52d3cb55ffc25e7dd4634892126b3e200ee8911

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b3190625074d322f6350077479561252
SHA1 dc583a194cdd5f73bf53f498c989a0755b52607c
SHA256 1c0843a4b417018af8f54e397292f54b88370732c7680fedc1efde433ca82c6f
SHA512 36000aa4f7d5fd29e6d5ab5d55188a142ea58f0e8db794f125877b8082b2df9362b94bb4badbef9b22b5f9ff82f585bb4503933428c0a4322e31f7e33b1dd8cf

C:\Users\Admin\Downloads\Setup.4.zip

MD5 6cd3332302636882c117b7c2e5352b4f
SHA1 4a38d3b004872ad48607ac82cba4ad4273e526a3
SHA256 78a2ce9ed17de99d29d3a885dcedfd80d476b8083ecab62f50306db152bef506
SHA512 73fb0e0b0f0d645907527a4d43a5137ef1ab562ed91fb7690a7777b586028d2c22522fe945a8cd0e8924806066bc8aefc7b0de7a99558ef6d9fbb6a9ce7c62ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bbd6c106793f144736c9c641df361af7
SHA1 3cb9d8ec50e3904446ebb8473e9c2197c95f3acd
SHA256 82eadd6d96b91ccfd422fe15ca9c322ed3da592deefc2b6ddcda38a17fde7546
SHA512 bf77a7f3c0952c0592bf3059a02506ae83dd48a7c749f41dd1770d1edab1c02317fdb696dfe48fdc9f93b1daa2e24bdf325676bffe527b5adf27e3950df5f854

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 845d6b6685c8e41f256ede888e353b70
SHA1 ed5c1eb4640246521ce972dbd2c4021a05a003f0
SHA256 093e6eacf975065c59fea4c6e5f5194c71215a14647945eda6d26730c1298cd9
SHA512 7809dc6845f118c4df73f01e289a19f627414a59a932d9deb61c4cc2d18f28480f5dbc9d995a7c72e6b32634005680ed787b4a5e5c17001d6b02101d1fee4936

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ee77ee0ddce6df6a4cf39b6d19ea6b4c
SHA1 d5407a3c365266b7a794e647bc17ed9e06b4389f
SHA256 79a078c39145a1dc1c27c15f05bb7a39bdaf7aec14fd85a2dcfd36b95a3f5b36
SHA512 1841689b05aab9ba73ac48bb390c148e92d218b07da6b89bbec900bcb84055fe2080115545933d495f6e8f2506497af930fbab1c68cf65ff080f2d5a61b30eeb

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\chrome_100_percent.pak

MD5 d31f3439e2a3f7bee4ddd26f46a2b83f
SHA1 c5a26f86eb119ae364c5bf707bebed7e871fc214
SHA256 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
SHA512 aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\chrome_200_percent.pak

MD5 5604b67e3f03ab2741f910a250c91137
SHA1 a4bb15ac7914c22575f1051a29c448f215fe027f
SHA256 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
SHA512 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\ffmpeg.dll

MD5 e3ab6f226a9189a456d53dd700f5d503
SHA1 0d3f467e9f36a404eb10b318c758edaf02305e26
SHA256 16070fc0fc3ae0d3d5872e5bd2194d883a1d91cf021e1fcb708c785a348c1a80
SHA512 b1d5b362489b5d26037c035c8b1e9bac24a4555b64371b41f8549ab70d5d591589ba154e163ec84d4b4b4435903db32f7ffe0f720f5e6d01b7656ed03f6757d0

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\icudtl.dat

MD5 f410d187020b71f5d6651c810ea7aa3d
SHA1 0cd14bcae101aeaa62b4a756030e09a89e6aa3c8
SHA256 45eaf7dd7ba3580dc7dee989b20d0cf04dd3c6f2832d51acde27c99c7cc495e3
SHA512 164b92257466367b1d61e6bc6333a891868cf13ae3406a3b3840eacd4d9986748d6d81e0da7f1020503c24fe34ff9be9c6b792b171a5d6dc6624f201c7a148d7

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\libEGL.dll

MD5 637eeb39ddbeb3ff518ff1988604505f
SHA1 8b3d9a0d542718fb906f8fafb2583d7bb53176ef
SHA256 3c51a8e53ef7473e9a335673e909dc9c67bf962997e6e2a319c3bd70fd52b4ed
SHA512 3257f9c96665f1bc8bb39acd0d98015b7d5e32f3cf3f84e795df4d19f6bd3bcc14a4e89759cc0de83289b79cd290fd5f4b176c3e9a4cb2eca3acfba0c9e232df

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\Installer.exe

MD5 27a2dff5293cc65009b5f341cf392c1f
SHA1 3f519e091205acf4647e43b46f837dc64e6be148
SHA256 306ed1471ec56c26750811124506e6f263027b0707acb7df9358cd7ae384acda
SHA512 c5d82a668f4fb9b51cdb156d314a91c1d7bda284688de165a5d5cb46dacae0da14e799c8791653563b9746157353a2bc27719e307c17d1dcbf1a490541b497c0

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\LICENSES.chromium.html

MD5 d9f753d70dfa11b99463ef305934bb94
SHA1 facbd546b972023fb370b5dd9c1bbc32b0778439
SHA256 c790aa0ffbf03467a3370c9b17fb6945e15b9bb31bbdd72b0b38704ce92250d8
SHA512 0e5ae92886c5d9c3a4d6d90bf267db7a0e6372e6d49051b5453799031760a9a60f67d563ee8a6a9c6c10e7a249e556e628b817ec826825e65b24cdd298acb1fe

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\v8_context_snapshot.bin

MD5 031ea03da08fe1247280cfe781658791
SHA1 e91db50ad16b5a5fbbaf4118672d60b347ea6161
SHA256 c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c
SHA512 b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\vulkan-1.dll

MD5 9cd70b4367d433dde85009130b8a0315
SHA1 b8d207b81f4e1fcbc99cb4acc0ddf492a3829a6b
SHA256 aa1d5d49e59501c7487756b7c591f72c66d814aef766b5a7fbf4863cd04b0f03
SHA512 15a64d0ce17bc397b5df74b7cbaa90490850f0f76a2829e261ac2fea265f6e9e4ca3e578aaf74b2575fc78c29663dcb8d90d94d66ce1b96aaa435ffde52ad34e

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\vk_swiftshader.dll

MD5 102c840ca4549525a3cdcf74589674ac
SHA1 c14bce8b6f26fc8af589d8014cc3412f466ebae1
SHA256 13a3a23091f3778058c543f2d2fdaa593c69fad9a9d714ca4d94f7b53ac925c5
SHA512 47bfa930af4d26313c7bb4f075993f60ee54c7a1716f73294cd2c40352c1a32af7ea783bb750e004d9dffb68055fe78a9106f391297ba77e5393ae939dc36212

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\cs.pak

MD5 ff919631102a3a9ec635b3080b63e305
SHA1 e43b117ad5b2d5b373321ab0ae63dd4bc1352a89
SHA256 1b8c3add009028eb567b0094759daff29b7861e11d5a9d864071012200e9735a
SHA512 21833774413cc71ba9c0c592504ae6288e3c8ac4e5d1d62768f4b3eca09e90009abec5e8fadcb4e7d63b99a522ae48fd608aad432eb4165ec7021c8888ad7df1

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ca.pak

MD5 0312c87b6436e733a037bfb3084f7550
SHA1 e3f30b8f3bfc8ddbf4b8f85f845733ed5ac8c632
SHA256 b6c895fbca90c36ae2cfefefda989922162a2cc259603fbca066f0cfbf43c4ff
SHA512 24b7780211b9dcaf7cbe3915851c7b873562e0cff022c29ca1b4e159b9da152b517305f81dd33712a0224fc3b77e594405e432fe5eecf29b7a4f83f441d6905e

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\bn.pak

MD5 c81aa8ddf783ad9a08d8b35db9b7cf37
SHA1 a39bc48fe189f01235e7110d0011b493d8c50eea
SHA256 f715c8adbb3b48ccb0508d917796a808fb5d3ddff7ea4459852cc028e612a0f9
SHA512 2b714e88e8a8b94be5577365592f007fb5798c4e138ab49209f7abd7a5e67d72d7a6aaaf5874934902ff635009181721cc4a78cca66a4505def0cab762c40aa6

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\fa.pak

MD5 d6e9a2ba25c91b4f586f42eb80cdbfae
SHA1 4ead11dade9a8f71d3372f445216e5759fa4b203
SHA256 3a6a0036f33f607d0df9df6f8f13f35a514f8b99727513a5ffbeb9d6a6a410c2
SHA512 2f8cdbfadcbeda1cc127581c7ee5257d1a8f6c7abbf2fe7b753cf887bc3786190524b15a7fefe9c4d68010405e237d12a89bda3047b961b078ac17666fde53b1

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\lt.pak

MD5 36a88e13072304338958f09cbe82e709
SHA1 9f0b7cc19ac86527ef5010a3d97bc0c1bca32ad4
SHA256 29d3b2ef855032addc97a66d7bc01a185da874b4f33115998fb0488daaf98cda
SHA512 f6606071051ba5f6d99b4d57fc2a05da9d06371493ccfa6b21633674e95045a1377a8ca9115d23ae1b65bedfef26c948606968692c9d505c008302ea366780c6

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ko.pak

MD5 aa3bd98cd414a21c1c64b958270cb9b4
SHA1 fb01d006a334742ea07ec95f369d21c3b43c8f78
SHA256 696f98aa0f326a0b357659cf04ac2382f3573eb1177fdefda17eed0bfb21986b
SHA512 63b8de1bf4ab5e59341c3e4947e6662d73be5fbe1da947323c5f09707c2a15b2600f3004be2f47f8f6d5fd71d80e90dda99c9a0e14ad69db6f9934663d05dc5e

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\kn.pak

MD5 d3179f9d7f1e54a1883c46134a847f76
SHA1 6b04398bc1a375d237c770aa5182ead3aa5a5a03
SHA256 9c38e0b70247c58eb6aada7fe92a8fe713030db38bafc14dc10242fd7b0aeba9
SHA512 e01934a3574045dac90494cda6bd7b06c1e5a40d0a02593dd4a05578c55192eeabcc80b7cd875202d617cf40df97bde5b7a49876fc05d42f2e42a1d38c31b765

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ja.pak

MD5 ecb18ef526192a7f5202adcf25f4f594
SHA1 e169e38e5643ffc8f3b8c0f27d3843287cb6fd26
SHA256 0fe7d19e27341d3921eebd351d9a7d7ed5805e4bd662a2cb569c101e386a1b92
SHA512 3cec9ea297d97540b1d33daef223c8dadff4e3a6a5798feab0cc3f76bc432117ac9ddea9e77b9daaf673ec2a9b8f1b65214efe80bca115904a71b32a42583b07

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\it.pak

MD5 65a97804ae3e118e169b835f76b4e5f5
SHA1 95ecdb52b50710beaa7d170207b4d9c9ea3a4e4f
SHA256 c463c57a62b4961a53b89eaae67aff2a5539a6d0845dc89671916d0891d276f7
SHA512 96eafdc256470dd2ffd54776543ac538ccbd781a60fc52ba349da8d4b7fb01efe596890502d928f913a35b10f2f019f7d1c66ada494abb129759dd434741b493

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\id.pak

MD5 a96f0f3f69e6b873910b370af5d23069
SHA1 e0f6e1def18c9f3441c3081f22fa74546edc8102
SHA256 f32e06fdda29bc8932505122f5aa3054f64a9038915e8e77593af912054af833
SHA512 b10e7a8d1685fe48042d32b76d715ed5a44f3bcd1c0a5f323932a115a7f9a89f939c6793cab7fe53b47680df9a8619064e7f21e09d78e1b2db2f281a83b65fa3

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\hu.pak

MD5 d6904e7d1b6750d43a6478877c42618d
SHA1 919f090a6a3aa1112916f5bb0d5b73a62be43c1e
SHA256 3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f
SHA512 d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\hr.pak

MD5 7dbd4a9de6e30de028c97a7d39f8038a
SHA1 18d68f37b3c5eea3a2fe42c4ab1694a439a189c0
SHA256 e1c793e08e062043cc65271718d9b21d5742729dfa2e076ab012e8a008d06c04
SHA512 a18c43257d26380ec14ae0259cf192257fee0c6895b82240c3b41c5d6e8bd6f8023cb39dc2da0701bbcf05e8eb2cd13c84af971c28c94099a6d0ea02ce745ddd

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\hi.pak

MD5 9b5d94450fb03c34759653deb0551441
SHA1 b9134fbc75304ca73b156e77425505ed6dc6d629
SHA256 5e8f2593dbea5a57c3a974558a3fc91b6087329a1e7b11622a6eac120a973718
SHA512 caed9535d487833bdde51e82b76d3b8d2e6ea18ec0b4b7a98552be9266ff0728bb1133d8f9cbd169345aa08b0073f04d649baa71bb487483951cfa1a92080d63

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\he.pak

MD5 6376d0a5f4273b76b1f4aabade194e0c
SHA1 337ba39f09454c0779ab64872b9fa11f866d6adc
SHA256 875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45
SHA512 00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\gu.pak

MD5 3268b8d9b4d4db87ec627b09f1c55a6d
SHA1 683ba367e40abb2fefd4548805e845fc1b452855
SHA256 dee5ef4f4b36fc5fe0f3b5e10c7cc3a7edc14bf948317b31a3287a95bfe0afa4
SHA512 59cff62843d35f790092f42b611e9bcd80d948c0ef27a770b2d7af859997f40c320d67df3c5a9420d28d5c8f1678df4677e01cb99b729664d198b3b95b5fbd20

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\fr.pak

MD5 a7c88eda9e12b6dbd432c544767acbe2
SHA1 81f1abe537870f7888431e820b636b17b5213835
SHA256 a4d0e5a39241a6326143afa4c8ec881d6edb0382c66425411881946f98e053e0
SHA512 88ca203256aaaaa26afd4a0aacb6fba2eb41618d09df6fc6aaa80ab8d699b30e73c373fa75098b1ec4912c042341dd1c79ee3d04f98b4bd59a44481d350a7988

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\fil.pak

MD5 0b7d25d70a2d94a032b7ff7faea45a75
SHA1 d9d473b2ea936ffea4f751d8716cb03407a95785
SHA256 a737a14f84b10b2e3c9ad4d147b430fd30c5ac0e125d5aaaf1ea19b0507de5af
SHA512 e4dbef6fae4cb56c3cd7bd5dbb239b5136eb2534a17cacbf628f5e5d77bfca924580ad4e4d0ec580ffaf94d6e1fafad58e9c5f472c3a3ff782702ea5eae2aea3

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\fi.pak

MD5 fa7dbd2ee35587ff31fde3c7107e4603
SHA1 baaa093dcb7eccf77ce599c8ff09df203e434b60
SHA256 5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c
SHA512 587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\et.pak

MD5 74eda453b23793ced4480ea7a595fe44
SHA1 76964af9c8024bd84fa1d89f60784e7ee6569350
SHA256 e2d38131a5ef4b0e8438f45e8c74c56bcf666760d4682120c8071c9220230555
SHA512 e9928cfac01f10b040c74e63242ffa1f7f616d8598f49f0aa7ddad063e18666cf5649cc65d00b3526526af8a7b46ee3b3655da22adf46aa44c0c6a1c2ac4dc7b

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\es.pak

MD5 4ca91891b2d4670d02931f0ca84e4744
SHA1 85f6559b09c80af2575e3b7626842c10081e188e
SHA256 85fff1ca6bd2527073de03fa77dd013db2557a57cce1fd370caa2b185abb9336
SHA512 83eae7ab2f03598c657786bff6171803b6bbe2128d1a5b8a01d9a13337113632279712dd8ffcd3b707fa6052a936d92a57cb67d848c77ee291e75700e29f2bf8

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\es-419.pak

MD5 02452424bb0cf6ab832808d04883f147
SHA1 a8e97ee52f3d97c1a4c678f7578808416e9fac65
SHA256 1b23cda69927c77764bda121ee398ffefcf5edcb5866432aa3526c378553c9b5
SHA512 9e750b26ab40b5f1c075acbdeb15a57cda9e6bd8049488cfaf368b5cbe8cd9b6e5dc96130e4137370c90bb0777b97515ea2be0787e255cff750fb7e188e22ab2

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\en-US.pak

MD5 3f6f4b2c2f24e3893882cdaa1ccfe1a3
SHA1 b021cca30e774e0b91ee21b5beb030fea646098f
SHA256 bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f
SHA512 bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\en-GB.pak

MD5 502260e74b65b96cd93f5e7bf0391157
SHA1 b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7
SHA256 463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b
SHA512 0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\el.pak

MD5 8025eb8756d4bf3126d83c9078935520
SHA1 78895218a90680fe223af0b003c195da84902e1f
SHA256 e42aeaea80dabe82657983a462e4cd3ec74f71d4f08a689f5825f55fc02f3141
SHA512 f99f47e54583b60857a31648b985216713725496d8653ca04eb1d6634f2b7f7a1f9f70b8a7938529bfc6c8665360da5e6bfb6b68c314c011fef4a9817010c42b

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\de.pak

MD5 8569900305a5661573f7766b93909f16
SHA1 3529376f54e32c17447b065d08c77314c4db2ec8
SHA256 068ba3e34e7f253fad7dc526b1078aaa969bea044d48171925534598aa8becb3
SHA512 d544febbe20a9bc5cf31f79f7ef74c1a742cccc99136e9828187c9a643bd0317c7cc48706346ee1a3c9eda8984be9c8606e9dfa7a6ce2cff49db2d785c2aa1c3

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\da.pak

MD5 4bccba46add5ebaf6efd4ade3c42aed9
SHA1 e48dcc2de930bbf0ea8ee7b735ead321dadb5be8
SHA256 2497368658a988e4eb3f64cd17423ea04e7555b104d43c8996c0ecbbfed5f74d
SHA512 e2059e2a7f80353981eef6982a7da006fa3753aeba9aca5279eef71aa2fa4b7adbf9cbb17c85b8060359f9e871b1a5c665226f8d3b8a6fe49f908fd44e1b46bd

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\bg.pak

MD5 9dc95c3b9b47cc9fe5a34b2aab2d4d01
SHA1 bc19494d160e4af6abd0a10c5adbc8114d50a714
SHA256 fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e
SHA512 a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ar.pak

MD5 b2a23f285858db5e3e53d6a5d5291623
SHA1 674adfeb57075f86f40ff4b14916c3af29695813
SHA256 7ab39416b60ee342ff2874aaa7b9b95b290828807b1395192cdbd29ee1be15e8
SHA512 92c9b31f82f62b15eed3edaf437412cb630e8deb2226ad162d7cb4c252d8cb7f0453b3121a846ffcb1547570e2eadb04cfd3877ab120496a7fefb47a6d96cba0

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\am.pak

MD5 a2a17bdd83467a027505bc817d1ac028
SHA1 cc1266a22606a1055db9653b82e90c9d1f551d44
SHA256 f92b0299185d963337e96df1016e1cf5ca335e22ff86568c1a6507c3fea29094
SHA512 193c5db0a30a3c8ef5e8c821cafb9d0b5671b7e7821748c7b432e927bd4638ecf5bfc1d99721ce89fb3df4f6f23b5e55d753430e8ef2bedd1e1633e613321028

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\af.pak

MD5 198092a7a82efced4d59715bd3e41703
SHA1 ac3cdfba133330fce825816b2f9579ac240dc176
SHA256 d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba
SHA512 590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\snapshot_blob.bin

MD5 b82ff216a0babf602940759b9a3af870
SHA1 07e8a22dcf8d7be04a6ddbcab3098e040494bb0e
SHA256 943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5
SHA512 da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\resources.pak

MD5 cf507f6ebd97604dcd7ccfa1e57cf9ca
SHA1 799ca022839781ab863c353b1fbf56c116b81b73
SHA256 4aa4c30a711a355ebe40422d158d542efd2b9ea8af02e9346687f770d14d824f
SHA512 3df90cfecaa01ce3febcf8467c51bf7cf602bf398b586844bf67424d3f4cc8d478aae9783098699ad93dfb31b1966271bd24cde5ff760f74dc06ed655709b358

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\libGLESv2.dll

MD5 861bb6dc03ee9a93147c50366caaecf8
SHA1 1e4a5821d878ff90e9840a4e299020b90e27035f
SHA256 87a37401f787242b3f0edf2b3bc7f9bfdc4841826b5c288c11fa330eb0515e30
SHA512 4469bd104339fe7467e76273e601d46832a698541e3ba56ccd4fed9692a014e05bfec9fc814e7beb4c93567e04e62e8e74814bfff8251d1c97f44192485850d7

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\nl.pak

MD5 9fdf47fef5b549497005ef8efd2a2c59
SHA1 3449de72bfc2be537f4b007c81e5bc5de6ff3d0a
SHA256 65a9c1efcdd451504e2e9b44b0c8fafd2c3c1445d760fd6c435305e2f8534f59
SHA512 3e77178dcd9e8894847039a997c87d5d04eef8a1ace1846132fde229285da08ffc8d3ba697226130bd07ab122a868cc53693981a21f8211c839ccdaba77207cd

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ur.pak

MD5 16f71c91bdd51e1d57deb2f2977168b7
SHA1 8845bd95518dbe1e1caca96542af38939370419b
SHA256 f442c6e91e85141527f9543287b53eaa3de83afdad00b77fd43bc18382866642
SHA512 6cf038ce1d9e35041561f01c8a07a99cfb0c2ea3a36119cad555edaa60bff8f3333de4d0cfe462ff59266f2b94c801ad6c873f46242b47644a2f9e4dbf7d8f49

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\zh-TW.pak

MD5 540d831e4a7fbe25ba4ed14c40eb3faf
SHA1 92bce5f107cf607572e9cc14dc0a3c1ddaf93822
SHA256 c3322ca2802e7023fc07785ebd9bc7b6d93b26516058ff2c7a9cc7c6197475fb
SHA512 5fde0c110e5d977279eabcf7746470a2261b846063bd2241da5ca0198d9dfc4e21c9f94fee8d7f46bf5262c228bf29d1ea0e1d890e4f49493aa821a19722d931

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\zh-CN.pak

MD5 453f646a457168487ed89d48e7e335f8
SHA1 14c496e7daa9888d701a0d2725f6e7052f2b02ee
SHA256 a646fc29cb66c008eda2fdfa4f4982bd1eb72b23ea442ef88d5dc4df61ffca41
SHA512 0a34dd9619742839e695fd239205236473fff94d6f6d527b281b9d2a83510ea8664f06f719f3c945dedca121d8abc52f8caa1738a74ddc5d6767bb35dabccbcd

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\vi.pak

MD5 819c87e5ca348bbba531f8f246e3fbe6
SHA1 1c9e021a51d100a09dc1aa292b247771d92606d5
SHA256 25810a12d1055a3d75a51bf1f8164ca417dde38d995c03ba4f36c47c217b642e
SHA512 0fe524450087515e5975c2334700036a21271068fd82eaa8a8a52eada42e885697f7dac8c36ef56f5cca7de49b19d2afdb78d7b3e0ecb03606d596bbe8007edc

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\uk.pak

MD5 d73024a9d4b969fd5a7d17a37249ce05
SHA1 424c678a28dc86348c445ba060cda331371b0438
SHA256 bad3c939ddcf3c851fadba230b045d7a0cead2f694cdf3ca51ade7c328d66b37
SHA512 47713314f17a3e9017a4bfbc93fe90bdb5e475617f1c53b9856b42d1f3a46bb506d88a8d7f9a3853b8fec0b73725cf3f346f32c893c433e31f92d9c21e64ae80

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\tr.pak

MD5 faf95a0ba4253538f8517ae8f97ddeb4
SHA1 4452516173e35e4099f203d9c84951eb0b3c3cf5
SHA256 8f7fc44d6111faad2a9654bf6f4c05ac3d4bcca1a55b50a7c163a090e7f91036
SHA512 e1f5a4b63ce8ded89fffbeb8a2a91223335850931952915cff6c13adcdd5e6cba706e52d1ef2c19e5834803ca31f9ed82f453803570c306c0a5d129dceb3e43a

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\th.pak

MD5 7fcfe22f272dc85cee30e99350dbf771
SHA1 4e66402b813f4eee50e69db290532f8f4e3eddda
SHA256 981e7c6a479376a91f9b2f69095902f0279e9a9e3121eaca81985ac5fc598567
SHA512 af79e43adb0a91146417e3a8e36990d7fbb6d97e0ebd6053be05c06539314ae7e8e4cd1be9e58a097d6c936a065b0fef8754cd0add6a3a401526ed0549e8a3ab

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\te.pak

MD5 28f500e12a7b91d91d8f99395fce8332
SHA1 885fd6c78259ae38f7dba3887f7fee783c1766bc
SHA256 06dd7ae122d6f1f394aeb85089a9c837ec05dad627b0bcc92863ab2830e971c9
SHA512 6f0fe4a527e9c53a41d20f95cafda7a2488bab310eecf68c98271a2db6f3efe5d2180e158b5018a9c56a0580b0735146f0ae07d884f564de1e8780956a10d190

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ta.pak

MD5 714ef30e819d791b41ab093d515e1704
SHA1 5410b58dcaa0bc82146655ed56493581d18d5c04
SHA256 9be97a18356b05ac4c3aa2b7e719eb29b47d8ad406aa50cf0f24bdde1d613083
SHA512 a35074a54dc12a68301553345c69f02ad31bc010690d5f4c4fad5d65b3fd9c3f7c3ec7e3637673d250cb33496b93a9582e28b5210d11137bc0bd5b2e219c0aab

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\sw.pak

MD5 9632dd7d883fa4deb3963ea663e0ffd4
SHA1 0db135be4b3a7c54c39e9df5034d5576b68ea92e
SHA256 690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e
SHA512 3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\sv.pak

MD5 14ecf7684d7987950a9655258d3a72be
SHA1 b1506b3b4be332081dde72bf54a197b1ee0bde66
SHA256 690a83bbefe1e97de5d2c1c0791707e8ddc3414a12cf30b79329fa5d21840d6e
SHA512 fd9d36c63b00bb1caf6a25f2c797f3a844395f16016a9010819462d647e8e759fd8887e5eae3ef300871f4abef05f4ceca9edb5b30ffdd56efeede9c75f56e30

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\sr.pak

MD5 fca817ed4b839b976ebcbf59cac66d68
SHA1 413efa65470319999032b6a25b3b2ee33b8cd047
SHA256 524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb
SHA512 cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\sl.pak

MD5 6a2efcb886dd33a5d05a112c141c520d
SHA1 ba89d9ef7ce1862d1e9933e910529ec5a3e2a933
SHA256 4fa004d80c7e89e38cdfed3a652003787fa810256d294c16aab0bca815eb7c02
SHA512 0475df28a602ec90c4331da4e7d742eded2cb3264b41924628bfc45e2662f2ceb7b9518ac88a231da1c3caf18d176ff3a4931c2b1751f3b74bce3af73d0088cc

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\sk.pak

MD5 72946b939f7bcaa98ab314cfba634e0b
SHA1 71c79a61712c8c5d3dac07a65d4c727e3b80ab17
SHA256 75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7
SHA512 2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ru.pak

MD5 aa75c21bfe54bb70e7abd9fce1347a8f
SHA1 3492307cec15b367274c948beb76598f72347846
SHA256 bd981aa65536b544228ed1d60a552ff4c7800b46f815177b33b3e628b97d77e4
SHA512 0e77f1c7e4b5410e9eaed875f5dae6485d8de5b650ec44133b1634645cc3055fa7bea316e843b491f29d9c137b20623b120e014b1c74bbf4e8d1f08dbeaf5bb2

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ro.pak

MD5 9b9c22a12ddce43a4a3c0c047a16a5c3
SHA1 901e072d644a79e0b18be2f4a81e6842b070485d
SHA256 3e89d43b86b2582fd7db236659af47ff459a44c5b5ebcbb0bcc9eda244c8e501
SHA512 196a5bb1b0b5093d4a18279037ef7993525c36c136d4560b7e902c815687f7992ecd2b64d96422911a3468cf3f1478b21df6465d3b31486466cbb5573ff0e7e0

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\pt-PT.pak

MD5 9b04c89c2d17c7c00a6a4342f0771fec
SHA1 a0886040fd5f870023cc3038f5722f4ba6d7c8b6
SHA256 abb012215610178b7f8203f61f41103546d3949ac3df4acb3a622b01663f39cc
SHA512 7c4cf5e7bfad4709db49779c1e3e762b8d0bac6cd736c511711ddca7682e08bc6b3274c9872d88db78bc36b0456b29680d3c4e518d4a401830cfb37b48567bb8

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\pt-BR.pak

MD5 c68170e4948cf3ae6910364c1e68ce90
SHA1 420f3a392db28b6fd6be44fd702b455518b67bbd
SHA256 b26499a256d66feed42b372ea2eaceb75c279694b40a7b5d0f8c1a5c24cf381c
SHA512 29482ced2091873a8c6242a608ed641b3a4d72fb93ccc2eb58d2769c446195f717b438d5633522f457234f3d209029936e9ea4ccd65d45ba8ae0c2df71043797

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\pl.pak

MD5 c9da926441d438b952149650c86a033e
SHA1 74ee60342bda33048570dd3c03f897668cdfc971
SHA256 ce96fd415ffcda01345146faac716e2d45e2c556e5c6c38e9a1ea5ac19dafe84
SHA512 3e718e8df695cbd80146c3e911de9b235ccc06f574739e5720d47952f69eab089b56451cdc321174da9b239c0a71a720baf9d68b46046efa0edcb2a3f1804ea0

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\nb.pak

MD5 bbae0915edec081b04bb903b689bc40b
SHA1 6a0fc635ce1c431e512b8b3b8448176aa4025556
SHA256 d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8
SHA512 573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ms.pak

MD5 6de7b004a86967a3433545b3b38bf89d
SHA1 113bd5b28dda669b27c798e0b46fd680f3a04956
SHA256 ead5a37549b98d55839ffcf0dc8f8201d37d71968ec9138fdea79d7c9b79549d
SHA512 239c4acd2c0b6c08fb92fd95b89a302ddefc01ea843950a0247b7310c2b024383ae98286c2d4b83b99833452c41b386e047b2ef33610ef122fcf2f439ef43726

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\mr.pak

MD5 b9a2aa88c69c42ebcc41fef00c980a38
SHA1 9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8
SHA256 481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09
SHA512 5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ml.pak

MD5 00292b0801e0dd0a74091bf53f1574c9
SHA1 63a002e7a8796bc4b4459a19c95ce426fbd1ec7f
SHA256 61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6
SHA512 e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\lv.pak

MD5 cccbd7f8a0c34c7094ce4d7b8e7e0588
SHA1 1a08401e2dc8c59200c4ecaa1886b43b6faa6979
SHA256 7467360f9addd4d8694e1508a6ab3a3e00dce57e5897d5376ad27d8e651b23d4
SHA512 2cc43437f1cd8d5fda0e95e7dd117c9b82e90cfed58ad8f492f46b4634aa01cd1b0ebe39377231a0828fc1ccd39641e4efc2f1210d629f9aba12ea9048accd95

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\resources\app.asar

MD5 617a6672348e42a43de9437125348a67
SHA1 cf2f668caedd3cb03c81cecc7e1ca32d84ffaa6b
SHA256 9e23d1ad718916af306e9e0dbbe5cdcccc61798a1c1b0daefe42aee174ef8335
SHA512 88b461ac3ed4c4cfc6aefeaafa5de3355da9ef42e85cbbb1118b7c4b10c5ddd1d8d892f4dcbb7e7cd4ee71b4273da4aa3cc191d7fc406a9c75adcc1a14a3cc72

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe

MD5 88b2a96ec4686a8e7e41ae0b1e4f97f4
SHA1 de1b88d1dcf9d9017e8b4f711f44a6851f47d603
SHA256 0661c1d30b1b52db985db01878722b6a633b854138db93b3b2f495d15d96c5a6
SHA512 1a58a5d427d132603f98ff13ffc7e5eab997acafcedc0b229549f0533979ce6502f6ec22ea2311067574384a6a13ec0dfdf82ad0110e360ebcc1464498374388

C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe

MD5 3da16616911a2890a1e5c1b710884fda
SHA1 da77684116197789af479b7c89dda9dfbf2f7972
SHA256 1bdc69705d9b9bc9ea6c29c2644f911288a129f54c82ef3239513d446503422d
SHA512 3b8499d6f4f9027fb81323829a78db80f975eb2ce1d673a90679bc29432afbb345d10d0c76efd5d8bdc3cfcdb30904ebc17b9f87cfe06c1ec3da8d4b56cbc6b7

C:\Users\Admin\AppData\Local\Programs\Installer\ffmpeg.dll

MD5 6b0ff8eeec8e5ee1d208dc42497b6a7c
SHA1 0d418a281703cc898c2355395fd3a36fdcfb553c
SHA256 8944dad7c9e2b6834f1816af028f3508d154f6cfc7cb0da8e279db44a6b34af2
SHA512 e4ea3ce2c041d8aaac44a21f72c526faa883b3bff8ff40ec9248f7b39fdf2f73a0adb7d1d6b5139477f6ce787f0ae2dc81c3adc31a17638fa759a663c2dfe1ec

C:\Users\Admin\AppData\Local\Programs\Installer\ffmpeg.dll

MD5 46dedc5f594446c63d30ea315f57f281
SHA1 08dd8b3e717af92944933feb6053da5fd7dd8ed0
SHA256 5971fb6055bcf557a9093df9a668e400c34ed7a6e7ac4e2719b16772a8a64111
SHA512 8c46c327175981c159639f2de543d7d5ab0423ed875f1a8377decfba82d9e677a1664580e4ca9b523d40ea099836373586cc8cca1e456cb58ac4bc6cdd00a409

C:\Users\Admin\AppData\Local\Programs\Installer\v8_context_snapshot.bin

MD5 1df0b1be0281cf5cadb2207f57d8af4c
SHA1 daba6e2dcfb9a1330eaaafdd514219e91ddc9264
SHA256 422c9d2498a8814cb1cfeb06c7edf8621a0adc83ba0b9f66c7fc02e773087201
SHA512 129f09a9f6075d063f1f181e349bc13855a4b500ba9f5668cfb60b8d2423f687e4ff24ea4fca1d64f27cf8826e6671b2d8f9625263e88a082c64f02f747796dd

C:\Users\Admin\AppData\Local\Programs\Installer\icudtl.dat

MD5 5de95b1f58d903eabc6056339cf5a89e
SHA1 f243e22a2ea86bfed2e1c0be9c0a8d6d436bb153
SHA256 1bc3cbea66f1f306fc6feb1660b89797bfd7139ed7c511aab4e80ef94b15c972
SHA512 1d71a04b608740661aedcc4c0b59a7740b30bbd1b724e434fe93fb71bdc4052498aa61c1044d095aa3791dd9a866fbf2ab1b444b502e4ce05e094d7c556fe3d9

C:\Users\Admin\AppData\Local\Programs\Installer\resources\app.asar

MD5 f61e85e67c0c8fdc230bb0a7b8e28522
SHA1 c9471e1e3fc8ec4dd099331ccbf34fb29bf005de
SHA256 b342fde55ba9281e6f7c267a1dabd2c043945fbe8718a2cd87220384d8d15d51
SHA512 ad7d5542cb792f2aaff1363c5c1f3e20032a0f0aab347848b65a52a3235d39688c580d16cdbd68a1b8bcca00695bfc8ecf0c076ced7ca9d7a719145cb95a12e2

C:\Users\Admin\AppData\Local\Programs\Installer\resources.pak

MD5 403b4a4ca817a27db25b1fd6e135850c
SHA1 7aa10efaff9c5c3e351ddb180b26c25e914f427f
SHA256 8b2fe9d8ba1966c2381651a1a7800d3b11e7bae04af9cba564784f6cf5059d06
SHA512 865db15de34d856a393bd3021717db2453a64c401aa27293a8d48d7e577a0cd6a932cfe348d372437ee8a0141ef3ee462751a379bb580f8537297fbd4963a4da

C:\Users\Admin\AppData\Local\Programs\Installer\ffmpeg.dll

MD5 74825c31f70f790fc9c0e5df1b0f77e8
SHA1 5c2228c2177bfd888ea2d3a7b8fefa82d3be21e7
SHA256 810ea7fa0b9cd78f58e43bed05dded2588c304eb64fc6e78fe236fb697cde2d5
SHA512 e501131b5cf0536e99a2bb80d678a270a3195b368f45f001e5d64f7a1fe25ca559717427f8a4063955d11a8f3daff8931559349e792b0ddc4719facbee1311d0

C:\Users\Admin\AppData\Local\Programs\Installer\ffmpeg.dll

MD5 1ea5e7c9ad488172d20c8e0dce15cb31
SHA1 d484cef666bc21b09a24863face8f6e9cdc17bec
SHA256 c047274fccc093029b0d88b8757d352cf2af9547a643a577cda703587ab9afbc
SHA512 3cdab1da9af4213066a648f2836c030c0dea2775e76abf793c5cef73f4dd50f4a2451189082b76c2d9309cb781b591dcd218b49f840816ed11dc7aa43f8183ef

C:\Users\Admin\AppData\Local\Programs\Installer\ffmpeg.dll

MD5 9bc2c10a913d7c0a39affe079e8c93f4
SHA1 2940ef1c68bf6288979e20f8749ca03a2d9a3d70
SHA256 69858e1cc3f77ad1dd8235aee3b350360ee6f9625c771feafee7314bfbb7c7be
SHA512 157d634f17763a099907bb01f881f06f8f5675a920021869e641cd855026844dd55318db6f2b4d86e161983637aa7f9d53c344ac73c90c22cb6ea89ec1460420

C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe

MD5 62b801e5a8290b8e3b4e2ab773db90e8
SHA1 718850e9f67aa76f8e0fb986ba3478839ffd086d
SHA256 2221fcfa9adeb29a2102bfe95d01834171f560ff3f710e9a9d177b6a50dd24a9
SHA512 96e9bd13dbb65f21baaf5cc9ee1c8c077d0ff811b2305c5e6c668a42e3cd1eef746866b0a9b45e21233b671f2abe33bff0264611e8c2be4c10b9756955a37629

C:\Users\Admin\AppData\Local\Programs\Installer\d3dcompiler_47.dll

MD5 2370f0d5a52b501dfc8ee05bcede88e6
SHA1 ae4aa4845cc0edc8498b7884f43f644f9288ac60
SHA256 c8252a24d2650ea4d6a71fa08d303b343e881553209a892e29e3b8bdc8ffb5ef
SHA512 dc3329c95638fae36eea5fc329196c6578bc0fdeff669f3e0e0c3a4615fba2c4f6b49820ff9337b405671b27953385a2a8fd5a1af4120221e331849b9d93bcc9

C:\Users\Admin\AppData\Local\Programs\Installer\libEGL.dll

MD5 35ae3f0107dd78ae1a0c848d4dec041c
SHA1 6c5e0a25299ad89b28976408270aaf55bd215881
SHA256 4c5bac0a7c51ff5db57181ed152a789eb66be63ebff1baff4a73b2c70bd4f99a
SHA512 b6771770505f7f5693e784cadd153cad5db9cfd262124ac28d1669b99a7427a05a3cc8344cef5976aeadcfc789c0b8e717209587e43bffe65388d7d865d13d38

C:\Users\Admin\AppData\Local\Programs\Installer\vk_swiftshader.dll

MD5 12eb06fc4288beb647e6bf618701292a
SHA1 316d7dae9dd0f55b6fb9bb01a615d366b49efca7
SHA256 5fad2963df3911f8c415e407bba4a2e76116aa0c5579287a73031e6398bd77d8
SHA512 3803b250cf479dadea2cf3d931cfa76f23f8a93c168c9b559a0646809d0671d174e3bcdf090ec1f2d1d68dede92ff067b9622d5b681e8b3e612cad04f31fe0eb

C:\Users\Admin\AppData\Local\Programs\Installer\libegl.dll

MD5 f995a9f54d803fa45071194f7ec40796
SHA1 5530784a1863baa3cd2f09fa972e82419fb7fb7c
SHA256 3bb98982aac12d2e9b1145fbef3a99f383d26aac6e82fd145a64f9b74ac739e6
SHA512 d503e0025dcac70a6e8b7684904455c95d342e70fd10944ac9387f2ed0eed9a0777f7891f7cdf5ebcd77d65f3244eba58f450cb62f711f813854b790a936dfbd

C:\Users\Admin\AppData\Local\Programs\Installer\libGLESv2.dll

MD5 45ccaec7f374ddcd62f92f15dad56c56
SHA1 be62cf86667c5eb0d83f82d653b23eb09f079e50
SHA256 790ebc32214f401e1b4b9274d40386db4dde2ceee054401b9dfbcc68d68549b8
SHA512 f8713cf201b0c55f71a6210b7f8efce776e2de5848fb503ce9cb04cd67f669beab0c09c061eef2ac8ea6248cdecbc7f948d4d09a1412694270be952aa190f24d

C:\Users\Admin\AppData\Local\Programs\Installer\libglesv2.dll

MD5 034e090b9e1acdf703634b5a0845fcc7
SHA1 b21773a03a2c2b02a59aac780cec197f53f347d5
SHA256 4f73d8efe4cdc1c84498beebb74ca5e6593bebe335476fccb6a1b9f6eaf8e399
SHA512 78ed87bf1067e52e43dd147fd117242694b48466444eec3f4efb90708da31b3f0797f8be9f543036703ab074fe07796e8da2f6e849f330821b3972c3f081ed04

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Programs\Installer\D3DCompiler_47.dll

MD5 c13871184ead36b350ae80e514497848
SHA1 c6a5c3c2fd6971b385878e51b6d1aac43a2e3d54
SHA256 a97b031ad5cd6f26ed4307b8435bc91ba8a186e56774b0da62d108f092229bb2
SHA512 23a79aafecd9ae59615251fdd34ace54ae12904ec21fd35bfe70c9d5567da9b13a05f0126f612a68c4e69c348efd3aaa76cdedcae73d08d169feb5e64e4090ae

C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe

MD5 c3ee59f83939a6676e5c000932163f06
SHA1 302669d09e1bfaa880cc62f97ced0c56fa4af6ac
SHA256 85b59fb251ce8a16f1f159bc73596194c748eddd725e73736f296f03c9cce3a3
SHA512 c556917df9591b828408db97c8024d626b4f477db1568216a7eec6cb38223991c5afa5c2555ff068fcc171c8e2006b26fe0d4d78f1d52975ed7451941fad512f

memory/5488-919-0x00007FFCAE840000-0x00007FFCAE841000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe

MD5 d90880a8d485ccaaf87ab77cf122ce1f
SHA1 74fd911b8b9f4cd8bbd96507baf8137b46dc810e
SHA256 eac95fb244cd2e5fa0cf2de04b6c9b43bc543162c17f029ae8d2422a3f49efa6
SHA512 e21726ba91538e166d00d04e30f4fe8d7e3b33c0ea9a331df72ca5885c5bb4450eb6f8b927c09f989e23d72af87622b852198c06c3b12419e07d219c07872d96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd6bd82e16c4cca312c0b2b942e0a238
SHA1 90463ceda2bfcf3402b55c640a2228a70a728a5e
SHA256 29f568c89eaac8bb2fdfa6ca265e1e44f7f08f7a5fb01e3d9b6dd315f9eaf4f9
SHA512 9ab1bebc6692fa0b1ded6389efd4d7b5dbdbb31edb24f4b33afafd11f5b21ef88c540fb7df7fe532a51f2cb0111385a5382a30a07364b73e4d58623e7c797b78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d574e1de4fe43f9a1e92488be4ce9a44
SHA1 23ed6b5f9a44efb6b1dd9f6669e16de4d3aebd14
SHA256 e57d8c87fd03704422c0aa794696e19682903ebbfab21abd7c3000a5ed49d3fe
SHA512 ab7d13bddbcca0f6bfb96956e65abd5016cbf630dee243a7c8641e04109c573e50a4313dda6598dc00f7aba816e12f521e1e39ecea9abcae878799b9e8dff2f9

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 153c39ed8121b4f0e96c42a5bd65f8dd
SHA1 ab4bbee341d40d856e80cbf5c23e206d23b63f15
SHA256 ed3083b170bfc3d9ba3c32da70a9b067dd2cfb866a633c2a6f2941a38dc872cc
SHA512 8165ec01e3bf3465466d1c7446fefba9788ff0deecf34cbfbbfa156adc1e7d08ebac4126603f93c9eb1ae1cb4a59a9f35c425d52ebf747b8dbb64d7cbadac57b

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 1cdc7f1f78682e2f3cbe546b0d5f6d43
SHA1 8ffbf0e3eb3a9faa0e7ca9c91700920b53a50089
SHA256 0092e92b41c3c96ad99a42cb086761c56f54dd0be07361386b9130a9e797b4fd
SHA512 5bca560118ff9dfa84a4c7fab063acb239739e06b7992970fca2d8ca28dd8fe3c3f50cdf02ba9ef1404464dbf92a4adf269f430c7d161e16ee990d13daa9c454

C:\Users\Admin\AppData\Roaming\Installer\Network\TransportSecurity

MD5 4f17680b39cdab1eab90a6b1af54ebad
SHA1 5166f6ba7832a82af59cf8d39fc79e1dd5bdfa96
SHA256 75a2ad029ba61f668c2786b7c2b21e6a318948e652e94771570675fe62dba4d7
SHA512 d16ae97e436cafb0f4a954fbc3c67e5ad813a08ae55142bf3d874f6a901f07cb9ecb36d18ba566c403dcc033fd3399a902339bd7d5ac714ca6257f849c0e6987

C:\Users\Admin\AppData\Roaming\Installer\Network\TransportSecurity~RFe59a1b5.TMP

MD5 19b0303cd13c95348d6a172aecca8a7c
SHA1 a5c96c210cc3ef8b4a3c0f295960f221099194ce
SHA256 91ac0c6b31d70e6c2116672e96d2dcb72f70df246490a14f8d175d213879c24c
SHA512 e70078dce7ccbfb777e2474d0183414c908fd5ce8227c7f4da309a91b437eae39a864c2869ef208e75fa6d83437622d3e4096523f66970ed2ab1bed62dad7709

C:\Users\Admin\AppData\Roaming\Installer\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Installer\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Programs\Installer\Installer9.exe

MD5 b2db1c5df106e7a2e855ead7444aa2c0
SHA1 e47e75ec11e778693fa9b0475bc2538a5f5b5d47
SHA256 92bdddf743b37617fa7cbeb1d053970a3e42efd0157aaf328cd4a7716570b2af
SHA512 128eb12d08d706f2f95774c87c9f6c3d9de8642a71d08a030faedcf62231efc0b0c719f1bfc0a9d4f6518febf424c50c9d2fde71f8e77f9bd718e417a867cd92

C:\Users\Admin\AppData\Local\Programs\Installer\Installer9.exe

MD5 744218f5383c0f4d289aa0aac86cd8e2
SHA1 735ad41afc67ff2e34124ad01b9039a9f7ca368a
SHA256 3d03ff7b22cc35b153fd53af6b7b5aaae9f06f5211516606ea73e7d0ff7ee4bc
SHA512 258026fb54d5a639d44d7d14ec640449d8a232990b6d327de9c546c3129a87cfaa8e5cd7ba1e7dcef93112bbc39643d99a21e2af24fbc1eb6f3a36948d9ccb21

C:\Users\Admin\AppData\Roaming\Installer\Network\Network Persistent State

MD5 8a254ae36c484041138199dc377828ab
SHA1 0f68b8e420a6ae3d13286ec10c94a88369b69abb
SHA256 1ff19bfb5442f5d3a86cc16d7660a93071cec5dd0f486ac074086b806f16ef4e
SHA512 11a1f626e8a67055f804c6612c0b4c7851862dae05a5b42a6045bbef79e0d12876fb6130911a459dc3f640abf2c97bddd12414a5219f6f49eb70bc6ac5e3635e

C:\Users\Admin\AppData\Roaming\Installer\Network\Network Persistent State~RFe5a4cd9.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/5392-1079-0x00007FF6DA500000-0x00007FF6DA7F0000-memory.dmp

memory/5392-1084-0x00007FF6DA500000-0x00007FF6DA7F0000-memory.dmp

memory/5392-1085-0x00007FF6DA500000-0x00007FF6DA7F0000-memory.dmp

memory/4544-1086-0x0000000001300000-0x0000000001388000-memory.dmp

memory/5392-1089-0x00007FF6DA500000-0x00007FF6DA7F0000-memory.dmp

memory/4544-1088-0x0000000001300000-0x0000000001388000-memory.dmp

memory/4544-1090-0x0000000001300000-0x0000000001388000-memory.dmp

memory/4544-1091-0x0000000004390000-0x0000000004790000-memory.dmp

memory/4544-1093-0x0000000004390000-0x0000000004790000-memory.dmp

memory/4544-1092-0x0000000004390000-0x0000000004790000-memory.dmp

memory/4544-1094-0x00007FFCAE880000-0x00007FFCAEA89000-memory.dmp

memory/4544-1096-0x0000000076150000-0x00000000763A2000-memory.dmp

memory/2904-1098-0x0000000000630000-0x0000000000639000-memory.dmp

memory/4544-1097-0x0000000004390000-0x0000000004790000-memory.dmp

memory/2904-1100-0x0000000002540000-0x0000000002940000-memory.dmp

memory/2904-1101-0x00007FFCAE880000-0x00007FFCAEA89000-memory.dmp

memory/2904-1103-0x0000000076150000-0x00000000763A2000-memory.dmp

memory/2904-1104-0x0000000002540000-0x0000000002940000-memory.dmp

memory/2904-1107-0x0000000002540000-0x0000000002940000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Installer\ffmpeg.dll

MD5 0417c42343622bb396e01b7adf8bc8f3
SHA1 723b35b6a6a7b761fb4cc33cd49f3339baa03ee5
SHA256 36df48d97354e7e5adda9ceefe1bca5877e09d69254226492d51b80b60465e8d
SHA512 446d080a41931d2e908ba50bce8428d0f08ab18c830d47e34e8e9db8408451d0e45ffa066656235dac2ea1ec81e72806312c82b71048a71f480da9addf6ddbb2

memory/2904-1109-0x00007FFCAE880000-0x00007FFCAEA89000-memory.dmp

memory/4544-1110-0x0000000004390000-0x0000000004790000-memory.dmp

memory/2904-1108-0x0000000002540000-0x0000000002940000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe

MD5 3c578d0f0eb2a444060a53a57f83bc62
SHA1 50ac98881bcaea39016378300a80641e643f1e7d
SHA256 26a643fcec477dd8d7f26d116e5165420f82e76e481d251297e6d9f4864134b9
SHA512 7e27dcc15e350b941a52c564dfcb5826669ad86c9851fd05559abd5720b72294a868f2697f6e420637b9ff50e21b99c984bcfca4454acefa3f06e52c3a59d4fd

memory/200-1112-0x000001954C750000-0x000001954C751000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Installer\vk_swiftshader.dll

MD5 3a8600d95c9c163940f05e60a69eb457
SHA1 cce71f6a5490b48eaeb272cbf55792819fb2050b
SHA256 3477f8305c88838f894f0a304b8d2013542e9379f0310d398cd6a267e854e9af
SHA512 492a02352546065108c200b41026c711e09a32d3aa26e5356856d081bc1192445d7b98f789b6856b02217e84d8b3baa3288e3b9e359e59af6d0c7dcdd1888cf5

memory/200-1113-0x000001954C750000-0x000001954C751000-memory.dmp

memory/200-1114-0x000001954C750000-0x000001954C751000-memory.dmp

memory/200-1118-0x000001954C750000-0x000001954C751000-memory.dmp

memory/200-1119-0x000001954C750000-0x000001954C751000-memory.dmp

memory/200-1120-0x000001954C750000-0x000001954C751000-memory.dmp

memory/200-1121-0x000001954C750000-0x000001954C751000-memory.dmp

memory/200-1122-0x000001954C750000-0x000001954C751000-memory.dmp

memory/200-1123-0x000001954C750000-0x000001954C751000-memory.dmp

memory/200-1124-0x000001954C750000-0x000001954C751000-memory.dmp

C:\Users\Admin\AppData\Roaming\Installer\Network\Network Persistent State

MD5 92c1a717ae0589421642813f7362d454
SHA1 32d26476ae43d85b34d0939c807f672586457a1b
SHA256 bd14c240a4f0e2786867da2ed764ce338de3490fcee7b8d3659e0266e0d53ff2
SHA512 f9f0474541384476c99b7f755d2250875e5d4eacff52757a02faf608b2fef8ece8877217b419e2578c198dd67ac02e7c2fedad3b1fffa9d3974dae9527d684ea

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Installer.lnk

MD5 bdbb6ead4cc87440ae7b057409cb28c1
SHA1 cc92cd4f7a024984a595141bf78db9fd9d40f258
SHA256 2c68b05534e764d8384955b9c2960b72133d36be880b58896895c999cbd0fadc
SHA512 b478f54a8a516e644fb2f60ec46ac451d10274cdccb4bf8754a99d31c6ab7085a11436f9edad6fd2472696e2944c0e0c5b37a68d07d276178955b22866321fa1

memory/5820-1138-0x00000178C6E20000-0x00000178C6E21000-memory.dmp

memory/5820-1137-0x00000178C6E20000-0x00000178C6E21000-memory.dmp

memory/5820-1139-0x00000178C6E20000-0x00000178C6E21000-memory.dmp

memory/5820-1143-0x00000178C6E20000-0x00000178C6E21000-memory.dmp

memory/5820-1144-0x00000178C6E20000-0x00000178C6E21000-memory.dmp

memory/5820-1145-0x00000178C6E20000-0x00000178C6E21000-memory.dmp

memory/5820-1146-0x00000178C6E20000-0x00000178C6E21000-memory.dmp

memory/5820-1148-0x00000178C6E20000-0x00000178C6E21000-memory.dmp

memory/5820-1147-0x00000178C6E20000-0x00000178C6E21000-memory.dmp

C:\Users\Admin\AppData\Roaming\Installer\Network\Network Persistent State

MD5 a03fe1a4a48b54db31375aa29fd3d06b
SHA1 64f145976f66303534600018e8c8221162eca754
SHA256 3f103b0ca4c3d9f6b49633a3d0456ff3f93bca9476b208aa346416b21d8b0de3
SHA512 5f9e5eee3998ae8ef1c2f90944dc97ee8a2f0084ea4e4ec1188ec30b9c48c9ff3fb3df31802c6859c84c857250284e3bf8ffe411d997dcdd24894b5ca6d81440