Analysis Overview
Threat Level: Known bad
The file https://github.com/Derick22198tm/Derick22198tm1/releases/download/Setup/Setup.4.zip was found to be: Known bad.
Malicious Activity Summary
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Program crash
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Enumerates processes with tasklist
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-11 11:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-11 11:18
Reported
2024-02-11 11:48
Platform
win11-20231215-en
Max time kernel
1799s
Max time network
1690s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4544 created 2484 | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe | C:\Windows\system32\sihost.exe |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
| N/A | N/A | C:\Windows\system32\DllHost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
Loads dropped DLL
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5392 set thread context of 4544 | N/A | C:\Windows\system32\DllHost.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\System32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\Taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\System32\Taskmgr.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Derick22198tm/Derick22198tm1/releases/download/Setup/Setup.4.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca0153cb8,0x7ffca0153cc8,0x7ffca0153cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:8
C:\Users\Admin\Downloads\Setup.4\Installer Setup 9.7.0.exe
"C:\Users\Admin\Downloads\Setup.4\Installer Setup 9.7.0.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Installer.exe" | %SYSTEMROOT%\System32\find.exe "Installer.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Installer.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Installer.exe"
C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe
"C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe"
C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe
"C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Installer" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1476 --field-trial-handle=1704,i,16171403918112562454,11899822602121139709,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe
"C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Installer" --mojo-platform-channel-handle=1900 --field-trial-handle=1704,i,16171403918112562454,11899822602121139709,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe
"C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Installer" --app-path="C:\Users\Admin\AppData\Local\Programs\Installer\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2332 --field-trial-handle=1704,i,16171403918112562454,11899822602121139709,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14927267319335734241,17533117617088796872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4916 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "Installer9.exe"
C:\Users\Admin\AppData\Local\Programs\Installer\Installer9.exe
Installer9.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4544 -ip 4544
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 496
C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe
"C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\Installer" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 --field-trial-handle=1704,i,16171403918112562454,11899822602121139709,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4544 -ip 4544
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 492
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 184.28.176.82:443 | tcp | |
| US | 52.168.112.66:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| FR | 195.35.49.154:443 | swapinclick.com | tcp |
| FR | 195.35.49.154:443 | swapinclick.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 35.173.69.207:443 | tcp | |
| US | 35.173.69.207:443 | tcp | |
| FR | 195.35.49.154:443 | swapinclick.com | tcp |
| FR | 195.35.49.154:443 | swapinclick.com | udp |
| FR | 195.35.49.154:443 | swapinclick.com | tcp |
| FR | 195.35.49.154:443 | swapinclick.com | udp |
| GB | 184.28.176.82:443 | tcp | |
| US | 52.168.112.66:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 13.107.246.64:443 | fp-afd.azureedge.net | tcp |
| US | 13.107.136.254:443 | spo-ring.msedge.net | tcp |
| US | 144.2.15.25:443 | rum8.perf.linkedin.com | tcp |
| IN | 52.140.48.131:443 | 3b501212c24dbb1ba758cc165e3aca13.azr.footprintdns.com | tcp |
| US | 13.107.3.254:443 | s-ring.msedge.net | tcp |
| DE | 20.113.155.207:443 | af29dccc154ce44f57ba3ce5a017ce2b.azr.footprintdns.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 552758a7bb19b27354a76866861c4801 |
| SHA1 | 93a74b56e5bb5aa86a53db413081b3ca7ffb808b |
| SHA256 | 53e1302ff50d199fd0002ddb9d4f66fd264b17e73a50e67299adf1243663530c |
| SHA512 | 13889bc4ffe240d8a7cf71ca0f2a397f33e38106116f38b5b8fa6c977187899d2d7084d606288f2892d14776460c2fe450adbeb93d2d200caffefe9919076fcc |
\??\pipe\LOCAL\crashpad_3616_JXNUZMKXNTUPXSOC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 093fb1749a67506b93171a82877a0595 |
| SHA1 | e9b4b6870c065267afc8b7e4a5ebd50fbb9cdbb9 |
| SHA256 | 2bb77024dbf00acd28f4a7fddf25e98cce4e56aeef0e296c42b73fd992e21a14 |
| SHA512 | 52562c920a37237bbe96b058d14ce176348fd418563b915ddcc50ce046c57e3ff34a62a68039fba983c35310c5fb6cc4c52b636cbe7e806d3389878aea4195cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8d7fdf570dc5ae69b8edf54a1d95366b |
| SHA1 | 762586ebee71882b8652dbc36f2f5ca382927416 |
| SHA256 | d8e10c99d309066db954e9b3037472d0f1ee86892e3981fb7a09e6ff97377679 |
| SHA512 | be80f1eb471ab09885c1647d4166a787a8630e843444e2ee529ef69deb1d5200c41ca6b143a997b4ba5592e47473f05ebcd203b33e44b2cb6a374dab6f2666a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5422df78f43aa666b9ae1ab55aeb89c4 |
| SHA1 | c99cca9bcf5c625448106497ccd2d605fc4d5a6a |
| SHA256 | d6b366b641709bafa618d14a7c646fdeada2cf52bf4a59ad23a81ff5bfd79bb0 |
| SHA512 | dbca1f73ab7a81fec7e5ea8393cced4814c7e9a0a7c283d54c9c858e4f7eb668d1632afdd267292eb7bdf0bc8d89ed58a876b36b594298fde04fba0c05442b85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 63b6255b3f07d9e42bedebea98f2aca2 |
| SHA1 | 40ebdc3a328e822aec42b2373d092dc73101342f |
| SHA256 | 51efbb488012f6ba9fd2182e4f57da8fe07e915e6b2c000fe96617c1d25d349a |
| SHA512 | 0e54c65fd7616217d813904524e84af94d966c93b9097053d0253f0e7111883f47aea07016b9d1096c6e6f877fe2c5754c035e82c6a5246418303da8662bf652 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9b5ccecf-55e1-4a4d-8bbe-328a64efc4e3.tmp
| MD5 | 42a1586139fbfb2ba538cd7a91ef9409 |
| SHA1 | 68b05d4953ca8116844e69811035215ce15bacaf |
| SHA256 | 08804ef944463428222b02f6b23f5c12d8e85bcfb7dddf436fcdf20fae37618b |
| SHA512 | a28d60bd07b712561b4ed133907bcb7592d1f00a7a467bafd794c131cd76ed47fd6343718fe5e3e1cdf4e2a2b9f1d26c263d0f230b075edab6b517bd1dbde862 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b90436da10efbd13cc261c6dd73de3bf |
| SHA1 | 8ff8a0de6bf8894303718f9cff2cb91c4f5a1276 |
| SHA256 | 9038534ce03a5db1ef5ebe58821dc44a9ea6922c7f8be1b7aff068152ba76090 |
| SHA512 | bbb6c3dbee20f0c7d9c677c27d48f05bfa0e8da3dfe970401effc1e912c989bfaf8efbe7fa71e2b56ee95539b52d3cb55ffc25e7dd4634892126b3e200ee8911 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b3190625074d322f6350077479561252 |
| SHA1 | dc583a194cdd5f73bf53f498c989a0755b52607c |
| SHA256 | 1c0843a4b417018af8f54e397292f54b88370732c7680fedc1efde433ca82c6f |
| SHA512 | 36000aa4f7d5fd29e6d5ab5d55188a142ea58f0e8db794f125877b8082b2df9362b94bb4badbef9b22b5f9ff82f585bb4503933428c0a4322e31f7e33b1dd8cf |
C:\Users\Admin\Downloads\Setup.4.zip
| MD5 | 6cd3332302636882c117b7c2e5352b4f |
| SHA1 | 4a38d3b004872ad48607ac82cba4ad4273e526a3 |
| SHA256 | 78a2ce9ed17de99d29d3a885dcedfd80d476b8083ecab62f50306db152bef506 |
| SHA512 | 73fb0e0b0f0d645907527a4d43a5137ef1ab562ed91fb7690a7777b586028d2c22522fe945a8cd0e8924806066bc8aefc7b0de7a99558ef6d9fbb6a9ce7c62ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bbd6c106793f144736c9c641df361af7 |
| SHA1 | 3cb9d8ec50e3904446ebb8473e9c2197c95f3acd |
| SHA256 | 82eadd6d96b91ccfd422fe15ca9c322ed3da592deefc2b6ddcda38a17fde7546 |
| SHA512 | bf77a7f3c0952c0592bf3059a02506ae83dd48a7c749f41dd1770d1edab1c02317fdb696dfe48fdc9f93b1daa2e24bdf325676bffe527b5adf27e3950df5f854 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 845d6b6685c8e41f256ede888e353b70 |
| SHA1 | ed5c1eb4640246521ce972dbd2c4021a05a003f0 |
| SHA256 | 093e6eacf975065c59fea4c6e5f5194c71215a14647945eda6d26730c1298cd9 |
| SHA512 | 7809dc6845f118c4df73f01e289a19f627414a59a932d9deb61c4cc2d18f28480f5dbc9d995a7c72e6b32634005680ed787b4a5e5c17001d6b02101d1fee4936 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ee77ee0ddce6df6a4cf39b6d19ea6b4c |
| SHA1 | d5407a3c365266b7a794e647bc17ed9e06b4389f |
| SHA256 | 79a078c39145a1dc1c27c15f05bb7a39bdaf7aec14fd85a2dcfd36b95a3f5b36 |
| SHA512 | 1841689b05aab9ba73ac48bb390c148e92d218b07da6b89bbec900bcb84055fe2080115545933d495f6e8f2506497af930fbab1c68cf65ff080f2d5a61b30eeb |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\chrome_100_percent.pak
| MD5 | d31f3439e2a3f7bee4ddd26f46a2b83f |
| SHA1 | c5a26f86eb119ae364c5bf707bebed7e871fc214 |
| SHA256 | 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e |
| SHA512 | aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\chrome_200_percent.pak
| MD5 | 5604b67e3f03ab2741f910a250c91137 |
| SHA1 | a4bb15ac7914c22575f1051a29c448f215fe027f |
| SHA256 | 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c |
| SHA512 | 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\ffmpeg.dll
| MD5 | e3ab6f226a9189a456d53dd700f5d503 |
| SHA1 | 0d3f467e9f36a404eb10b318c758edaf02305e26 |
| SHA256 | 16070fc0fc3ae0d3d5872e5bd2194d883a1d91cf021e1fcb708c785a348c1a80 |
| SHA512 | b1d5b362489b5d26037c035c8b1e9bac24a4555b64371b41f8549ab70d5d591589ba154e163ec84d4b4b4435903db32f7ffe0f720f5e6d01b7656ed03f6757d0 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\icudtl.dat
| MD5 | f410d187020b71f5d6651c810ea7aa3d |
| SHA1 | 0cd14bcae101aeaa62b4a756030e09a89e6aa3c8 |
| SHA256 | 45eaf7dd7ba3580dc7dee989b20d0cf04dd3c6f2832d51acde27c99c7cc495e3 |
| SHA512 | 164b92257466367b1d61e6bc6333a891868cf13ae3406a3b3840eacd4d9986748d6d81e0da7f1020503c24fe34ff9be9c6b792b171a5d6dc6624f201c7a148d7 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\libEGL.dll
| MD5 | 637eeb39ddbeb3ff518ff1988604505f |
| SHA1 | 8b3d9a0d542718fb906f8fafb2583d7bb53176ef |
| SHA256 | 3c51a8e53ef7473e9a335673e909dc9c67bf962997e6e2a319c3bd70fd52b4ed |
| SHA512 | 3257f9c96665f1bc8bb39acd0d98015b7d5e32f3cf3f84e795df4d19f6bd3bcc14a4e89759cc0de83289b79cd290fd5f4b176c3e9a4cb2eca3acfba0c9e232df |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\Installer.exe
| MD5 | 27a2dff5293cc65009b5f341cf392c1f |
| SHA1 | 3f519e091205acf4647e43b46f837dc64e6be148 |
| SHA256 | 306ed1471ec56c26750811124506e6f263027b0707acb7df9358cd7ae384acda |
| SHA512 | c5d82a668f4fb9b51cdb156d314a91c1d7bda284688de165a5d5cb46dacae0da14e799c8791653563b9746157353a2bc27719e307c17d1dcbf1a490541b497c0 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\LICENSES.chromium.html
| MD5 | d9f753d70dfa11b99463ef305934bb94 |
| SHA1 | facbd546b972023fb370b5dd9c1bbc32b0778439 |
| SHA256 | c790aa0ffbf03467a3370c9b17fb6945e15b9bb31bbdd72b0b38704ce92250d8 |
| SHA512 | 0e5ae92886c5d9c3a4d6d90bf267db7a0e6372e6d49051b5453799031760a9a60f67d563ee8a6a9c6c10e7a249e556e628b817ec826825e65b24cdd298acb1fe |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 031ea03da08fe1247280cfe781658791 |
| SHA1 | e91db50ad16b5a5fbbaf4118672d60b347ea6161 |
| SHA256 | c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c |
| SHA512 | b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\vulkan-1.dll
| MD5 | 9cd70b4367d433dde85009130b8a0315 |
| SHA1 | b8d207b81f4e1fcbc99cb4acc0ddf492a3829a6b |
| SHA256 | aa1d5d49e59501c7487756b7c591f72c66d814aef766b5a7fbf4863cd04b0f03 |
| SHA512 | 15a64d0ce17bc397b5df74b7cbaa90490850f0f76a2829e261ac2fea265f6e9e4ca3e578aaf74b2575fc78c29663dcb8d90d94d66ce1b96aaa435ffde52ad34e |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\vk_swiftshader.dll
| MD5 | 102c840ca4549525a3cdcf74589674ac |
| SHA1 | c14bce8b6f26fc8af589d8014cc3412f466ebae1 |
| SHA256 | 13a3a23091f3778058c543f2d2fdaa593c69fad9a9d714ca4d94f7b53ac925c5 |
| SHA512 | 47bfa930af4d26313c7bb4f075993f60ee54c7a1716f73294cd2c40352c1a32af7ea783bb750e004d9dffb68055fe78a9106f391297ba77e5393ae939dc36212 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\cs.pak
| MD5 | ff919631102a3a9ec635b3080b63e305 |
| SHA1 | e43b117ad5b2d5b373321ab0ae63dd4bc1352a89 |
| SHA256 | 1b8c3add009028eb567b0094759daff29b7861e11d5a9d864071012200e9735a |
| SHA512 | 21833774413cc71ba9c0c592504ae6288e3c8ac4e5d1d62768f4b3eca09e90009abec5e8fadcb4e7d63b99a522ae48fd608aad432eb4165ec7021c8888ad7df1 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ca.pak
| MD5 | 0312c87b6436e733a037bfb3084f7550 |
| SHA1 | e3f30b8f3bfc8ddbf4b8f85f845733ed5ac8c632 |
| SHA256 | b6c895fbca90c36ae2cfefefda989922162a2cc259603fbca066f0cfbf43c4ff |
| SHA512 | 24b7780211b9dcaf7cbe3915851c7b873562e0cff022c29ca1b4e159b9da152b517305f81dd33712a0224fc3b77e594405e432fe5eecf29b7a4f83f441d6905e |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\bn.pak
| MD5 | c81aa8ddf783ad9a08d8b35db9b7cf37 |
| SHA1 | a39bc48fe189f01235e7110d0011b493d8c50eea |
| SHA256 | f715c8adbb3b48ccb0508d917796a808fb5d3ddff7ea4459852cc028e612a0f9 |
| SHA512 | 2b714e88e8a8b94be5577365592f007fb5798c4e138ab49209f7abd7a5e67d72d7a6aaaf5874934902ff635009181721cc4a78cca66a4505def0cab762c40aa6 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\fa.pak
| MD5 | d6e9a2ba25c91b4f586f42eb80cdbfae |
| SHA1 | 4ead11dade9a8f71d3372f445216e5759fa4b203 |
| SHA256 | 3a6a0036f33f607d0df9df6f8f13f35a514f8b99727513a5ffbeb9d6a6a410c2 |
| SHA512 | 2f8cdbfadcbeda1cc127581c7ee5257d1a8f6c7abbf2fe7b753cf887bc3786190524b15a7fefe9c4d68010405e237d12a89bda3047b961b078ac17666fde53b1 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\lt.pak
| MD5 | 36a88e13072304338958f09cbe82e709 |
| SHA1 | 9f0b7cc19ac86527ef5010a3d97bc0c1bca32ad4 |
| SHA256 | 29d3b2ef855032addc97a66d7bc01a185da874b4f33115998fb0488daaf98cda |
| SHA512 | f6606071051ba5f6d99b4d57fc2a05da9d06371493ccfa6b21633674e95045a1377a8ca9115d23ae1b65bedfef26c948606968692c9d505c008302ea366780c6 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ko.pak
| MD5 | aa3bd98cd414a21c1c64b958270cb9b4 |
| SHA1 | fb01d006a334742ea07ec95f369d21c3b43c8f78 |
| SHA256 | 696f98aa0f326a0b357659cf04ac2382f3573eb1177fdefda17eed0bfb21986b |
| SHA512 | 63b8de1bf4ab5e59341c3e4947e6662d73be5fbe1da947323c5f09707c2a15b2600f3004be2f47f8f6d5fd71d80e90dda99c9a0e14ad69db6f9934663d05dc5e |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\kn.pak
| MD5 | d3179f9d7f1e54a1883c46134a847f76 |
| SHA1 | 6b04398bc1a375d237c770aa5182ead3aa5a5a03 |
| SHA256 | 9c38e0b70247c58eb6aada7fe92a8fe713030db38bafc14dc10242fd7b0aeba9 |
| SHA512 | e01934a3574045dac90494cda6bd7b06c1e5a40d0a02593dd4a05578c55192eeabcc80b7cd875202d617cf40df97bde5b7a49876fc05d42f2e42a1d38c31b765 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ja.pak
| MD5 | ecb18ef526192a7f5202adcf25f4f594 |
| SHA1 | e169e38e5643ffc8f3b8c0f27d3843287cb6fd26 |
| SHA256 | 0fe7d19e27341d3921eebd351d9a7d7ed5805e4bd662a2cb569c101e386a1b92 |
| SHA512 | 3cec9ea297d97540b1d33daef223c8dadff4e3a6a5798feab0cc3f76bc432117ac9ddea9e77b9daaf673ec2a9b8f1b65214efe80bca115904a71b32a42583b07 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\it.pak
| MD5 | 65a97804ae3e118e169b835f76b4e5f5 |
| SHA1 | 95ecdb52b50710beaa7d170207b4d9c9ea3a4e4f |
| SHA256 | c463c57a62b4961a53b89eaae67aff2a5539a6d0845dc89671916d0891d276f7 |
| SHA512 | 96eafdc256470dd2ffd54776543ac538ccbd781a60fc52ba349da8d4b7fb01efe596890502d928f913a35b10f2f019f7d1c66ada494abb129759dd434741b493 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\id.pak
| MD5 | a96f0f3f69e6b873910b370af5d23069 |
| SHA1 | e0f6e1def18c9f3441c3081f22fa74546edc8102 |
| SHA256 | f32e06fdda29bc8932505122f5aa3054f64a9038915e8e77593af912054af833 |
| SHA512 | b10e7a8d1685fe48042d32b76d715ed5a44f3bcd1c0a5f323932a115a7f9a89f939c6793cab7fe53b47680df9a8619064e7f21e09d78e1b2db2f281a83b65fa3 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\hu.pak
| MD5 | d6904e7d1b6750d43a6478877c42618d |
| SHA1 | 919f090a6a3aa1112916f5bb0d5b73a62be43c1e |
| SHA256 | 3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f |
| SHA512 | d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\hr.pak
| MD5 | 7dbd4a9de6e30de028c97a7d39f8038a |
| SHA1 | 18d68f37b3c5eea3a2fe42c4ab1694a439a189c0 |
| SHA256 | e1c793e08e062043cc65271718d9b21d5742729dfa2e076ab012e8a008d06c04 |
| SHA512 | a18c43257d26380ec14ae0259cf192257fee0c6895b82240c3b41c5d6e8bd6f8023cb39dc2da0701bbcf05e8eb2cd13c84af971c28c94099a6d0ea02ce745ddd |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\hi.pak
| MD5 | 9b5d94450fb03c34759653deb0551441 |
| SHA1 | b9134fbc75304ca73b156e77425505ed6dc6d629 |
| SHA256 | 5e8f2593dbea5a57c3a974558a3fc91b6087329a1e7b11622a6eac120a973718 |
| SHA512 | caed9535d487833bdde51e82b76d3b8d2e6ea18ec0b4b7a98552be9266ff0728bb1133d8f9cbd169345aa08b0073f04d649baa71bb487483951cfa1a92080d63 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\he.pak
| MD5 | 6376d0a5f4273b76b1f4aabade194e0c |
| SHA1 | 337ba39f09454c0779ab64872b9fa11f866d6adc |
| SHA256 | 875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45 |
| SHA512 | 00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\gu.pak
| MD5 | 3268b8d9b4d4db87ec627b09f1c55a6d |
| SHA1 | 683ba367e40abb2fefd4548805e845fc1b452855 |
| SHA256 | dee5ef4f4b36fc5fe0f3b5e10c7cc3a7edc14bf948317b31a3287a95bfe0afa4 |
| SHA512 | 59cff62843d35f790092f42b611e9bcd80d948c0ef27a770b2d7af859997f40c320d67df3c5a9420d28d5c8f1678df4677e01cb99b729664d198b3b95b5fbd20 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\fr.pak
| MD5 | a7c88eda9e12b6dbd432c544767acbe2 |
| SHA1 | 81f1abe537870f7888431e820b636b17b5213835 |
| SHA256 | a4d0e5a39241a6326143afa4c8ec881d6edb0382c66425411881946f98e053e0 |
| SHA512 | 88ca203256aaaaa26afd4a0aacb6fba2eb41618d09df6fc6aaa80ab8d699b30e73c373fa75098b1ec4912c042341dd1c79ee3d04f98b4bd59a44481d350a7988 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\fil.pak
| MD5 | 0b7d25d70a2d94a032b7ff7faea45a75 |
| SHA1 | d9d473b2ea936ffea4f751d8716cb03407a95785 |
| SHA256 | a737a14f84b10b2e3c9ad4d147b430fd30c5ac0e125d5aaaf1ea19b0507de5af |
| SHA512 | e4dbef6fae4cb56c3cd7bd5dbb239b5136eb2534a17cacbf628f5e5d77bfca924580ad4e4d0ec580ffaf94d6e1fafad58e9c5f472c3a3ff782702ea5eae2aea3 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\fi.pak
| MD5 | fa7dbd2ee35587ff31fde3c7107e4603 |
| SHA1 | baaa093dcb7eccf77ce599c8ff09df203e434b60 |
| SHA256 | 5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c |
| SHA512 | 587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\et.pak
| MD5 | 74eda453b23793ced4480ea7a595fe44 |
| SHA1 | 76964af9c8024bd84fa1d89f60784e7ee6569350 |
| SHA256 | e2d38131a5ef4b0e8438f45e8c74c56bcf666760d4682120c8071c9220230555 |
| SHA512 | e9928cfac01f10b040c74e63242ffa1f7f616d8598f49f0aa7ddad063e18666cf5649cc65d00b3526526af8a7b46ee3b3655da22adf46aa44c0c6a1c2ac4dc7b |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\es.pak
| MD5 | 4ca91891b2d4670d02931f0ca84e4744 |
| SHA1 | 85f6559b09c80af2575e3b7626842c10081e188e |
| SHA256 | 85fff1ca6bd2527073de03fa77dd013db2557a57cce1fd370caa2b185abb9336 |
| SHA512 | 83eae7ab2f03598c657786bff6171803b6bbe2128d1a5b8a01d9a13337113632279712dd8ffcd3b707fa6052a936d92a57cb67d848c77ee291e75700e29f2bf8 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\es-419.pak
| MD5 | 02452424bb0cf6ab832808d04883f147 |
| SHA1 | a8e97ee52f3d97c1a4c678f7578808416e9fac65 |
| SHA256 | 1b23cda69927c77764bda121ee398ffefcf5edcb5866432aa3526c378553c9b5 |
| SHA512 | 9e750b26ab40b5f1c075acbdeb15a57cda9e6bd8049488cfaf368b5cbe8cd9b6e5dc96130e4137370c90bb0777b97515ea2be0787e255cff750fb7e188e22ab2 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\en-US.pak
| MD5 | 3f6f4b2c2f24e3893882cdaa1ccfe1a3 |
| SHA1 | b021cca30e774e0b91ee21b5beb030fea646098f |
| SHA256 | bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f |
| SHA512 | bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\en-GB.pak
| MD5 | 502260e74b65b96cd93f5e7bf0391157 |
| SHA1 | b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7 |
| SHA256 | 463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b |
| SHA512 | 0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\el.pak
| MD5 | 8025eb8756d4bf3126d83c9078935520 |
| SHA1 | 78895218a90680fe223af0b003c195da84902e1f |
| SHA256 | e42aeaea80dabe82657983a462e4cd3ec74f71d4f08a689f5825f55fc02f3141 |
| SHA512 | f99f47e54583b60857a31648b985216713725496d8653ca04eb1d6634f2b7f7a1f9f70b8a7938529bfc6c8665360da5e6bfb6b68c314c011fef4a9817010c42b |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\de.pak
| MD5 | 8569900305a5661573f7766b93909f16 |
| SHA1 | 3529376f54e32c17447b065d08c77314c4db2ec8 |
| SHA256 | 068ba3e34e7f253fad7dc526b1078aaa969bea044d48171925534598aa8becb3 |
| SHA512 | d544febbe20a9bc5cf31f79f7ef74c1a742cccc99136e9828187c9a643bd0317c7cc48706346ee1a3c9eda8984be9c8606e9dfa7a6ce2cff49db2d785c2aa1c3 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\da.pak
| MD5 | 4bccba46add5ebaf6efd4ade3c42aed9 |
| SHA1 | e48dcc2de930bbf0ea8ee7b735ead321dadb5be8 |
| SHA256 | 2497368658a988e4eb3f64cd17423ea04e7555b104d43c8996c0ecbbfed5f74d |
| SHA512 | e2059e2a7f80353981eef6982a7da006fa3753aeba9aca5279eef71aa2fa4b7adbf9cbb17c85b8060359f9e871b1a5c665226f8d3b8a6fe49f908fd44e1b46bd |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\bg.pak
| MD5 | 9dc95c3b9b47cc9fe5a34b2aab2d4d01 |
| SHA1 | bc19494d160e4af6abd0a10c5adbc8114d50a714 |
| SHA256 | fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e |
| SHA512 | a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ar.pak
| MD5 | b2a23f285858db5e3e53d6a5d5291623 |
| SHA1 | 674adfeb57075f86f40ff4b14916c3af29695813 |
| SHA256 | 7ab39416b60ee342ff2874aaa7b9b95b290828807b1395192cdbd29ee1be15e8 |
| SHA512 | 92c9b31f82f62b15eed3edaf437412cb630e8deb2226ad162d7cb4c252d8cb7f0453b3121a846ffcb1547570e2eadb04cfd3877ab120496a7fefb47a6d96cba0 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\am.pak
| MD5 | a2a17bdd83467a027505bc817d1ac028 |
| SHA1 | cc1266a22606a1055db9653b82e90c9d1f551d44 |
| SHA256 | f92b0299185d963337e96df1016e1cf5ca335e22ff86568c1a6507c3fea29094 |
| SHA512 | 193c5db0a30a3c8ef5e8c821cafb9d0b5671b7e7821748c7b432e927bd4638ecf5bfc1d99721ce89fb3df4f6f23b5e55d753430e8ef2bedd1e1633e613321028 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\af.pak
| MD5 | 198092a7a82efced4d59715bd3e41703 |
| SHA1 | ac3cdfba133330fce825816b2f9579ac240dc176 |
| SHA256 | d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba |
| SHA512 | 590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\snapshot_blob.bin
| MD5 | b82ff216a0babf602940759b9a3af870 |
| SHA1 | 07e8a22dcf8d7be04a6ddbcab3098e040494bb0e |
| SHA256 | 943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5 |
| SHA512 | da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\resources.pak
| MD5 | cf507f6ebd97604dcd7ccfa1e57cf9ca |
| SHA1 | 799ca022839781ab863c353b1fbf56c116b81b73 |
| SHA256 | 4aa4c30a711a355ebe40422d158d542efd2b9ea8af02e9346687f770d14d824f |
| SHA512 | 3df90cfecaa01ce3febcf8467c51bf7cf602bf398b586844bf67424d3f4cc8d478aae9783098699ad93dfb31b1966271bd24cde5ff760f74dc06ed655709b358 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\libGLESv2.dll
| MD5 | 861bb6dc03ee9a93147c50366caaecf8 |
| SHA1 | 1e4a5821d878ff90e9840a4e299020b90e27035f |
| SHA256 | 87a37401f787242b3f0edf2b3bc7f9bfdc4841826b5c288c11fa330eb0515e30 |
| SHA512 | 4469bd104339fe7467e76273e601d46832a698541e3ba56ccd4fed9692a014e05bfec9fc814e7beb4c93567e04e62e8e74814bfff8251d1c97f44192485850d7 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\nl.pak
| MD5 | 9fdf47fef5b549497005ef8efd2a2c59 |
| SHA1 | 3449de72bfc2be537f4b007c81e5bc5de6ff3d0a |
| SHA256 | 65a9c1efcdd451504e2e9b44b0c8fafd2c3c1445d760fd6c435305e2f8534f59 |
| SHA512 | 3e77178dcd9e8894847039a997c87d5d04eef8a1ace1846132fde229285da08ffc8d3ba697226130bd07ab122a868cc53693981a21f8211c839ccdaba77207cd |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ur.pak
| MD5 | 16f71c91bdd51e1d57deb2f2977168b7 |
| SHA1 | 8845bd95518dbe1e1caca96542af38939370419b |
| SHA256 | f442c6e91e85141527f9543287b53eaa3de83afdad00b77fd43bc18382866642 |
| SHA512 | 6cf038ce1d9e35041561f01c8a07a99cfb0c2ea3a36119cad555edaa60bff8f3333de4d0cfe462ff59266f2b94c801ad6c873f46242b47644a2f9e4dbf7d8f49 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\zh-TW.pak
| MD5 | 540d831e4a7fbe25ba4ed14c40eb3faf |
| SHA1 | 92bce5f107cf607572e9cc14dc0a3c1ddaf93822 |
| SHA256 | c3322ca2802e7023fc07785ebd9bc7b6d93b26516058ff2c7a9cc7c6197475fb |
| SHA512 | 5fde0c110e5d977279eabcf7746470a2261b846063bd2241da5ca0198d9dfc4e21c9f94fee8d7f46bf5262c228bf29d1ea0e1d890e4f49493aa821a19722d931 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\zh-CN.pak
| MD5 | 453f646a457168487ed89d48e7e335f8 |
| SHA1 | 14c496e7daa9888d701a0d2725f6e7052f2b02ee |
| SHA256 | a646fc29cb66c008eda2fdfa4f4982bd1eb72b23ea442ef88d5dc4df61ffca41 |
| SHA512 | 0a34dd9619742839e695fd239205236473fff94d6f6d527b281b9d2a83510ea8664f06f719f3c945dedca121d8abc52f8caa1738a74ddc5d6767bb35dabccbcd |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\vi.pak
| MD5 | 819c87e5ca348bbba531f8f246e3fbe6 |
| SHA1 | 1c9e021a51d100a09dc1aa292b247771d92606d5 |
| SHA256 | 25810a12d1055a3d75a51bf1f8164ca417dde38d995c03ba4f36c47c217b642e |
| SHA512 | 0fe524450087515e5975c2334700036a21271068fd82eaa8a8a52eada42e885697f7dac8c36ef56f5cca7de49b19d2afdb78d7b3e0ecb03606d596bbe8007edc |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\uk.pak
| MD5 | d73024a9d4b969fd5a7d17a37249ce05 |
| SHA1 | 424c678a28dc86348c445ba060cda331371b0438 |
| SHA256 | bad3c939ddcf3c851fadba230b045d7a0cead2f694cdf3ca51ade7c328d66b37 |
| SHA512 | 47713314f17a3e9017a4bfbc93fe90bdb5e475617f1c53b9856b42d1f3a46bb506d88a8d7f9a3853b8fec0b73725cf3f346f32c893c433e31f92d9c21e64ae80 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\tr.pak
| MD5 | faf95a0ba4253538f8517ae8f97ddeb4 |
| SHA1 | 4452516173e35e4099f203d9c84951eb0b3c3cf5 |
| SHA256 | 8f7fc44d6111faad2a9654bf6f4c05ac3d4bcca1a55b50a7c163a090e7f91036 |
| SHA512 | e1f5a4b63ce8ded89fffbeb8a2a91223335850931952915cff6c13adcdd5e6cba706e52d1ef2c19e5834803ca31f9ed82f453803570c306c0a5d129dceb3e43a |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\th.pak
| MD5 | 7fcfe22f272dc85cee30e99350dbf771 |
| SHA1 | 4e66402b813f4eee50e69db290532f8f4e3eddda |
| SHA256 | 981e7c6a479376a91f9b2f69095902f0279e9a9e3121eaca81985ac5fc598567 |
| SHA512 | af79e43adb0a91146417e3a8e36990d7fbb6d97e0ebd6053be05c06539314ae7e8e4cd1be9e58a097d6c936a065b0fef8754cd0add6a3a401526ed0549e8a3ab |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\te.pak
| MD5 | 28f500e12a7b91d91d8f99395fce8332 |
| SHA1 | 885fd6c78259ae38f7dba3887f7fee783c1766bc |
| SHA256 | 06dd7ae122d6f1f394aeb85089a9c837ec05dad627b0bcc92863ab2830e971c9 |
| SHA512 | 6f0fe4a527e9c53a41d20f95cafda7a2488bab310eecf68c98271a2db6f3efe5d2180e158b5018a9c56a0580b0735146f0ae07d884f564de1e8780956a10d190 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ta.pak
| MD5 | 714ef30e819d791b41ab093d515e1704 |
| SHA1 | 5410b58dcaa0bc82146655ed56493581d18d5c04 |
| SHA256 | 9be97a18356b05ac4c3aa2b7e719eb29b47d8ad406aa50cf0f24bdde1d613083 |
| SHA512 | a35074a54dc12a68301553345c69f02ad31bc010690d5f4c4fad5d65b3fd9c3f7c3ec7e3637673d250cb33496b93a9582e28b5210d11137bc0bd5b2e219c0aab |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\sw.pak
| MD5 | 9632dd7d883fa4deb3963ea663e0ffd4 |
| SHA1 | 0db135be4b3a7c54c39e9df5034d5576b68ea92e |
| SHA256 | 690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e |
| SHA512 | 3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\sv.pak
| MD5 | 14ecf7684d7987950a9655258d3a72be |
| SHA1 | b1506b3b4be332081dde72bf54a197b1ee0bde66 |
| SHA256 | 690a83bbefe1e97de5d2c1c0791707e8ddc3414a12cf30b79329fa5d21840d6e |
| SHA512 | fd9d36c63b00bb1caf6a25f2c797f3a844395f16016a9010819462d647e8e759fd8887e5eae3ef300871f4abef05f4ceca9edb5b30ffdd56efeede9c75f56e30 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\sr.pak
| MD5 | fca817ed4b839b976ebcbf59cac66d68 |
| SHA1 | 413efa65470319999032b6a25b3b2ee33b8cd047 |
| SHA256 | 524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb |
| SHA512 | cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\sl.pak
| MD5 | 6a2efcb886dd33a5d05a112c141c520d |
| SHA1 | ba89d9ef7ce1862d1e9933e910529ec5a3e2a933 |
| SHA256 | 4fa004d80c7e89e38cdfed3a652003787fa810256d294c16aab0bca815eb7c02 |
| SHA512 | 0475df28a602ec90c4331da4e7d742eded2cb3264b41924628bfc45e2662f2ceb7b9518ac88a231da1c3caf18d176ff3a4931c2b1751f3b74bce3af73d0088cc |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\sk.pak
| MD5 | 72946b939f7bcaa98ab314cfba634e0b |
| SHA1 | 71c79a61712c8c5d3dac07a65d4c727e3b80ab17 |
| SHA256 | 75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7 |
| SHA512 | 2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ru.pak
| MD5 | aa75c21bfe54bb70e7abd9fce1347a8f |
| SHA1 | 3492307cec15b367274c948beb76598f72347846 |
| SHA256 | bd981aa65536b544228ed1d60a552ff4c7800b46f815177b33b3e628b97d77e4 |
| SHA512 | 0e77f1c7e4b5410e9eaed875f5dae6485d8de5b650ec44133b1634645cc3055fa7bea316e843b491f29d9c137b20623b120e014b1c74bbf4e8d1f08dbeaf5bb2 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ro.pak
| MD5 | 9b9c22a12ddce43a4a3c0c047a16a5c3 |
| SHA1 | 901e072d644a79e0b18be2f4a81e6842b070485d |
| SHA256 | 3e89d43b86b2582fd7db236659af47ff459a44c5b5ebcbb0bcc9eda244c8e501 |
| SHA512 | 196a5bb1b0b5093d4a18279037ef7993525c36c136d4560b7e902c815687f7992ecd2b64d96422911a3468cf3f1478b21df6465d3b31486466cbb5573ff0e7e0 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\pt-PT.pak
| MD5 | 9b04c89c2d17c7c00a6a4342f0771fec |
| SHA1 | a0886040fd5f870023cc3038f5722f4ba6d7c8b6 |
| SHA256 | abb012215610178b7f8203f61f41103546d3949ac3df4acb3a622b01663f39cc |
| SHA512 | 7c4cf5e7bfad4709db49779c1e3e762b8d0bac6cd736c511711ddca7682e08bc6b3274c9872d88db78bc36b0456b29680d3c4e518d4a401830cfb37b48567bb8 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\pt-BR.pak
| MD5 | c68170e4948cf3ae6910364c1e68ce90 |
| SHA1 | 420f3a392db28b6fd6be44fd702b455518b67bbd |
| SHA256 | b26499a256d66feed42b372ea2eaceb75c279694b40a7b5d0f8c1a5c24cf381c |
| SHA512 | 29482ced2091873a8c6242a608ed641b3a4d72fb93ccc2eb58d2769c446195f717b438d5633522f457234f3d209029936e9ea4ccd65d45ba8ae0c2df71043797 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\pl.pak
| MD5 | c9da926441d438b952149650c86a033e |
| SHA1 | 74ee60342bda33048570dd3c03f897668cdfc971 |
| SHA256 | ce96fd415ffcda01345146faac716e2d45e2c556e5c6c38e9a1ea5ac19dafe84 |
| SHA512 | 3e718e8df695cbd80146c3e911de9b235ccc06f574739e5720d47952f69eab089b56451cdc321174da9b239c0a71a720baf9d68b46046efa0edcb2a3f1804ea0 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\nb.pak
| MD5 | bbae0915edec081b04bb903b689bc40b |
| SHA1 | 6a0fc635ce1c431e512b8b3b8448176aa4025556 |
| SHA256 | d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8 |
| SHA512 | 573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ms.pak
| MD5 | 6de7b004a86967a3433545b3b38bf89d |
| SHA1 | 113bd5b28dda669b27c798e0b46fd680f3a04956 |
| SHA256 | ead5a37549b98d55839ffcf0dc8f8201d37d71968ec9138fdea79d7c9b79549d |
| SHA512 | 239c4acd2c0b6c08fb92fd95b89a302ddefc01ea843950a0247b7310c2b024383ae98286c2d4b83b99833452c41b386e047b2ef33610ef122fcf2f439ef43726 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\mr.pak
| MD5 | b9a2aa88c69c42ebcc41fef00c980a38 |
| SHA1 | 9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8 |
| SHA256 | 481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09 |
| SHA512 | 5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\ml.pak
| MD5 | 00292b0801e0dd0a74091bf53f1574c9 |
| SHA1 | 63a002e7a8796bc4b4459a19c95ce426fbd1ec7f |
| SHA256 | 61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6 |
| SHA512 | e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\locales\lv.pak
| MD5 | cccbd7f8a0c34c7094ce4d7b8e7e0588 |
| SHA1 | 1a08401e2dc8c59200c4ecaa1886b43b6faa6979 |
| SHA256 | 7467360f9addd4d8694e1508a6ab3a3e00dce57e5897d5376ad27d8e651b23d4 |
| SHA512 | 2cc43437f1cd8d5fda0e95e7dd117c9b82e90cfed58ad8f492f46b4634aa01cd1b0ebe39377231a0828fc1ccd39641e4efc2f1210d629f9aba12ea9048accd95 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\resources\app.asar
| MD5 | 617a6672348e42a43de9437125348a67 |
| SHA1 | cf2f668caedd3cb03c81cecc7e1ca32d84ffaa6b |
| SHA256 | 9e23d1ad718916af306e9e0dbbe5cdcccc61798a1c1b0daefe42aee174ef8335 |
| SHA512 | 88b461ac3ed4c4cfc6aefeaafa5de3355da9ef42e85cbbb1118b7c4b10c5ddd1d8d892f4dcbb7e7cd4ee71b4273da4aa3cc191d7fc406a9c75adcc1a14a3cc72 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsi7E83.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe
| MD5 | 88b2a96ec4686a8e7e41ae0b1e4f97f4 |
| SHA1 | de1b88d1dcf9d9017e8b4f711f44a6851f47d603 |
| SHA256 | 0661c1d30b1b52db985db01878722b6a633b854138db93b3b2f495d15d96c5a6 |
| SHA512 | 1a58a5d427d132603f98ff13ffc7e5eab997acafcedc0b229549f0533979ce6502f6ec22ea2311067574384a6a13ec0dfdf82ad0110e360ebcc1464498374388 |
C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe
| MD5 | 3da16616911a2890a1e5c1b710884fda |
| SHA1 | da77684116197789af479b7c89dda9dfbf2f7972 |
| SHA256 | 1bdc69705d9b9bc9ea6c29c2644f911288a129f54c82ef3239513d446503422d |
| SHA512 | 3b8499d6f4f9027fb81323829a78db80f975eb2ce1d673a90679bc29432afbb345d10d0c76efd5d8bdc3cfcdb30904ebc17b9f87cfe06c1ec3da8d4b56cbc6b7 |
C:\Users\Admin\AppData\Local\Programs\Installer\ffmpeg.dll
| MD5 | 6b0ff8eeec8e5ee1d208dc42497b6a7c |
| SHA1 | 0d418a281703cc898c2355395fd3a36fdcfb553c |
| SHA256 | 8944dad7c9e2b6834f1816af028f3508d154f6cfc7cb0da8e279db44a6b34af2 |
| SHA512 | e4ea3ce2c041d8aaac44a21f72c526faa883b3bff8ff40ec9248f7b39fdf2f73a0adb7d1d6b5139477f6ce787f0ae2dc81c3adc31a17638fa759a663c2dfe1ec |
C:\Users\Admin\AppData\Local\Programs\Installer\ffmpeg.dll
| MD5 | 46dedc5f594446c63d30ea315f57f281 |
| SHA1 | 08dd8b3e717af92944933feb6053da5fd7dd8ed0 |
| SHA256 | 5971fb6055bcf557a9093df9a668e400c34ed7a6e7ac4e2719b16772a8a64111 |
| SHA512 | 8c46c327175981c159639f2de543d7d5ab0423ed875f1a8377decfba82d9e677a1664580e4ca9b523d40ea099836373586cc8cca1e456cb58ac4bc6cdd00a409 |
C:\Users\Admin\AppData\Local\Programs\Installer\v8_context_snapshot.bin
| MD5 | 1df0b1be0281cf5cadb2207f57d8af4c |
| SHA1 | daba6e2dcfb9a1330eaaafdd514219e91ddc9264 |
| SHA256 | 422c9d2498a8814cb1cfeb06c7edf8621a0adc83ba0b9f66c7fc02e773087201 |
| SHA512 | 129f09a9f6075d063f1f181e349bc13855a4b500ba9f5668cfb60b8d2423f687e4ff24ea4fca1d64f27cf8826e6671b2d8f9625263e88a082c64f02f747796dd |
C:\Users\Admin\AppData\Local\Programs\Installer\icudtl.dat
| MD5 | 5de95b1f58d903eabc6056339cf5a89e |
| SHA1 | f243e22a2ea86bfed2e1c0be9c0a8d6d436bb153 |
| SHA256 | 1bc3cbea66f1f306fc6feb1660b89797bfd7139ed7c511aab4e80ef94b15c972 |
| SHA512 | 1d71a04b608740661aedcc4c0b59a7740b30bbd1b724e434fe93fb71bdc4052498aa61c1044d095aa3791dd9a866fbf2ab1b444b502e4ce05e094d7c556fe3d9 |
C:\Users\Admin\AppData\Local\Programs\Installer\resources\app.asar
| MD5 | f61e85e67c0c8fdc230bb0a7b8e28522 |
| SHA1 | c9471e1e3fc8ec4dd099331ccbf34fb29bf005de |
| SHA256 | b342fde55ba9281e6f7c267a1dabd2c043945fbe8718a2cd87220384d8d15d51 |
| SHA512 | ad7d5542cb792f2aaff1363c5c1f3e20032a0f0aab347848b65a52a3235d39688c580d16cdbd68a1b8bcca00695bfc8ecf0c076ced7ca9d7a719145cb95a12e2 |
C:\Users\Admin\AppData\Local\Programs\Installer\resources.pak
| MD5 | 403b4a4ca817a27db25b1fd6e135850c |
| SHA1 | 7aa10efaff9c5c3e351ddb180b26c25e914f427f |
| SHA256 | 8b2fe9d8ba1966c2381651a1a7800d3b11e7bae04af9cba564784f6cf5059d06 |
| SHA512 | 865db15de34d856a393bd3021717db2453a64c401aa27293a8d48d7e577a0cd6a932cfe348d372437ee8a0141ef3ee462751a379bb580f8537297fbd4963a4da |
C:\Users\Admin\AppData\Local\Programs\Installer\ffmpeg.dll
| MD5 | 74825c31f70f790fc9c0e5df1b0f77e8 |
| SHA1 | 5c2228c2177bfd888ea2d3a7b8fefa82d3be21e7 |
| SHA256 | 810ea7fa0b9cd78f58e43bed05dded2588c304eb64fc6e78fe236fb697cde2d5 |
| SHA512 | e501131b5cf0536e99a2bb80d678a270a3195b368f45f001e5d64f7a1fe25ca559717427f8a4063955d11a8f3daff8931559349e792b0ddc4719facbee1311d0 |
C:\Users\Admin\AppData\Local\Programs\Installer\ffmpeg.dll
| MD5 | 1ea5e7c9ad488172d20c8e0dce15cb31 |
| SHA1 | d484cef666bc21b09a24863face8f6e9cdc17bec |
| SHA256 | c047274fccc093029b0d88b8757d352cf2af9547a643a577cda703587ab9afbc |
| SHA512 | 3cdab1da9af4213066a648f2836c030c0dea2775e76abf793c5cef73f4dd50f4a2451189082b76c2d9309cb781b591dcd218b49f840816ed11dc7aa43f8183ef |
C:\Users\Admin\AppData\Local\Programs\Installer\ffmpeg.dll
| MD5 | 9bc2c10a913d7c0a39affe079e8c93f4 |
| SHA1 | 2940ef1c68bf6288979e20f8749ca03a2d9a3d70 |
| SHA256 | 69858e1cc3f77ad1dd8235aee3b350360ee6f9625c771feafee7314bfbb7c7be |
| SHA512 | 157d634f17763a099907bb01f881f06f8f5675a920021869e641cd855026844dd55318db6f2b4d86e161983637aa7f9d53c344ac73c90c22cb6ea89ec1460420 |
C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe
| MD5 | 62b801e5a8290b8e3b4e2ab773db90e8 |
| SHA1 | 718850e9f67aa76f8e0fb986ba3478839ffd086d |
| SHA256 | 2221fcfa9adeb29a2102bfe95d01834171f560ff3f710e9a9d177b6a50dd24a9 |
| SHA512 | 96e9bd13dbb65f21baaf5cc9ee1c8c077d0ff811b2305c5e6c668a42e3cd1eef746866b0a9b45e21233b671f2abe33bff0264611e8c2be4c10b9756955a37629 |
C:\Users\Admin\AppData\Local\Programs\Installer\d3dcompiler_47.dll
| MD5 | 2370f0d5a52b501dfc8ee05bcede88e6 |
| SHA1 | ae4aa4845cc0edc8498b7884f43f644f9288ac60 |
| SHA256 | c8252a24d2650ea4d6a71fa08d303b343e881553209a892e29e3b8bdc8ffb5ef |
| SHA512 | dc3329c95638fae36eea5fc329196c6578bc0fdeff669f3e0e0c3a4615fba2c4f6b49820ff9337b405671b27953385a2a8fd5a1af4120221e331849b9d93bcc9 |
C:\Users\Admin\AppData\Local\Programs\Installer\libEGL.dll
| MD5 | 35ae3f0107dd78ae1a0c848d4dec041c |
| SHA1 | 6c5e0a25299ad89b28976408270aaf55bd215881 |
| SHA256 | 4c5bac0a7c51ff5db57181ed152a789eb66be63ebff1baff4a73b2c70bd4f99a |
| SHA512 | b6771770505f7f5693e784cadd153cad5db9cfd262124ac28d1669b99a7427a05a3cc8344cef5976aeadcfc789c0b8e717209587e43bffe65388d7d865d13d38 |
C:\Users\Admin\AppData\Local\Programs\Installer\vk_swiftshader.dll
| MD5 | 12eb06fc4288beb647e6bf618701292a |
| SHA1 | 316d7dae9dd0f55b6fb9bb01a615d366b49efca7 |
| SHA256 | 5fad2963df3911f8c415e407bba4a2e76116aa0c5579287a73031e6398bd77d8 |
| SHA512 | 3803b250cf479dadea2cf3d931cfa76f23f8a93c168c9b559a0646809d0671d174e3bcdf090ec1f2d1d68dede92ff067b9622d5b681e8b3e612cad04f31fe0eb |
C:\Users\Admin\AppData\Local\Programs\Installer\libegl.dll
| MD5 | f995a9f54d803fa45071194f7ec40796 |
| SHA1 | 5530784a1863baa3cd2f09fa972e82419fb7fb7c |
| SHA256 | 3bb98982aac12d2e9b1145fbef3a99f383d26aac6e82fd145a64f9b74ac739e6 |
| SHA512 | d503e0025dcac70a6e8b7684904455c95d342e70fd10944ac9387f2ed0eed9a0777f7891f7cdf5ebcd77d65f3244eba58f450cb62f711f813854b790a936dfbd |
C:\Users\Admin\AppData\Local\Programs\Installer\libGLESv2.dll
| MD5 | 45ccaec7f374ddcd62f92f15dad56c56 |
| SHA1 | be62cf86667c5eb0d83f82d653b23eb09f079e50 |
| SHA256 | 790ebc32214f401e1b4b9274d40386db4dde2ceee054401b9dfbcc68d68549b8 |
| SHA512 | f8713cf201b0c55f71a6210b7f8efce776e2de5848fb503ce9cb04cd67f669beab0c09c061eef2ac8ea6248cdecbc7f948d4d09a1412694270be952aa190f24d |
C:\Users\Admin\AppData\Local\Programs\Installer\libglesv2.dll
| MD5 | 034e090b9e1acdf703634b5a0845fcc7 |
| SHA1 | b21773a03a2c2b02a59aac780cec197f53f347d5 |
| SHA256 | 4f73d8efe4cdc1c84498beebb74ca5e6593bebe335476fccb6a1b9f6eaf8e399 |
| SHA512 | 78ed87bf1067e52e43dd147fd117242694b48466444eec3f4efb90708da31b3f0797f8be9f543036703ab074fe07796e8da2f6e849f330821b3972c3f081ed04 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Programs\Installer\D3DCompiler_47.dll
| MD5 | c13871184ead36b350ae80e514497848 |
| SHA1 | c6a5c3c2fd6971b385878e51b6d1aac43a2e3d54 |
| SHA256 | a97b031ad5cd6f26ed4307b8435bc91ba8a186e56774b0da62d108f092229bb2 |
| SHA512 | 23a79aafecd9ae59615251fdd34ace54ae12904ec21fd35bfe70c9d5567da9b13a05f0126f612a68c4e69c348efd3aaa76cdedcae73d08d169feb5e64e4090ae |
C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe
| MD5 | c3ee59f83939a6676e5c000932163f06 |
| SHA1 | 302669d09e1bfaa880cc62f97ced0c56fa4af6ac |
| SHA256 | 85b59fb251ce8a16f1f159bc73596194c748eddd725e73736f296f03c9cce3a3 |
| SHA512 | c556917df9591b828408db97c8024d626b4f477db1568216a7eec6cb38223991c5afa5c2555ff068fcc171c8e2006b26fe0d4d78f1d52975ed7451941fad512f |
memory/5488-919-0x00007FFCAE840000-0x00007FFCAE841000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe
| MD5 | d90880a8d485ccaaf87ab77cf122ce1f |
| SHA1 | 74fd911b8b9f4cd8bbd96507baf8137b46dc810e |
| SHA256 | eac95fb244cd2e5fa0cf2de04b6c9b43bc543162c17f029ae8d2422a3f49efa6 |
| SHA512 | e21726ba91538e166d00d04e30f4fe8d7e3b33c0ea9a331df72ca5885c5bb4450eb6f8b927c09f989e23d72af87622b852198c06c3b12419e07d219c07872d96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd6bd82e16c4cca312c0b2b942e0a238 |
| SHA1 | 90463ceda2bfcf3402b55c640a2228a70a728a5e |
| SHA256 | 29f568c89eaac8bb2fdfa6ca265e1e44f7f08f7a5fb01e3d9b6dd315f9eaf4f9 |
| SHA512 | 9ab1bebc6692fa0b1ded6389efd4d7b5dbdbb31edb24f4b33afafd11f5b21ef88c540fb7df7fe532a51f2cb0111385a5382a30a07364b73e4d58623e7c797b78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d574e1de4fe43f9a1e92488be4ce9a44 |
| SHA1 | 23ed6b5f9a44efb6b1dd9f6669e16de4d3aebd14 |
| SHA256 | e57d8c87fd03704422c0aa794696e19682903ebbfab21abd7c3000a5ed49d3fe |
| SHA512 | ab7d13bddbcca0f6bfb96956e65abd5016cbf630dee243a7c8641e04109c573e50a4313dda6598dc00f7aba816e12f521e1e39ecea9abcae878799b9e8dff2f9 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 153c39ed8121b4f0e96c42a5bd65f8dd |
| SHA1 | ab4bbee341d40d856e80cbf5c23e206d23b63f15 |
| SHA256 | ed3083b170bfc3d9ba3c32da70a9b067dd2cfb866a633c2a6f2941a38dc872cc |
| SHA512 | 8165ec01e3bf3465466d1c7446fefba9788ff0deecf34cbfbbfa156adc1e7d08ebac4126603f93c9eb1ae1cb4a59a9f35c425d52ebf747b8dbb64d7cbadac57b |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 1cdc7f1f78682e2f3cbe546b0d5f6d43 |
| SHA1 | 8ffbf0e3eb3a9faa0e7ca9c91700920b53a50089 |
| SHA256 | 0092e92b41c3c96ad99a42cb086761c56f54dd0be07361386b9130a9e797b4fd |
| SHA512 | 5bca560118ff9dfa84a4c7fab063acb239739e06b7992970fca2d8ca28dd8fe3c3f50cdf02ba9ef1404464dbf92a4adf269f430c7d161e16ee990d13daa9c454 |
C:\Users\Admin\AppData\Roaming\Installer\Network\TransportSecurity
| MD5 | 4f17680b39cdab1eab90a6b1af54ebad |
| SHA1 | 5166f6ba7832a82af59cf8d39fc79e1dd5bdfa96 |
| SHA256 | 75a2ad029ba61f668c2786b7c2b21e6a318948e652e94771570675fe62dba4d7 |
| SHA512 | d16ae97e436cafb0f4a954fbc3c67e5ad813a08ae55142bf3d874f6a901f07cb9ecb36d18ba566c403dcc033fd3399a902339bd7d5ac714ca6257f849c0e6987 |
C:\Users\Admin\AppData\Roaming\Installer\Network\TransportSecurity~RFe59a1b5.TMP
| MD5 | 19b0303cd13c95348d6a172aecca8a7c |
| SHA1 | a5c96c210cc3ef8b4a3c0f295960f221099194ce |
| SHA256 | 91ac0c6b31d70e6c2116672e96d2dcb72f70df246490a14f8d175d213879c24c |
| SHA512 | e70078dce7ccbfb777e2474d0183414c908fd5ce8227c7f4da309a91b437eae39a864c2869ef208e75fa6d83437622d3e4096523f66970ed2ab1bed62dad7709 |
C:\Users\Admin\AppData\Roaming\Installer\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Installer\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Programs\Installer\Installer9.exe
| MD5 | b2db1c5df106e7a2e855ead7444aa2c0 |
| SHA1 | e47e75ec11e778693fa9b0475bc2538a5f5b5d47 |
| SHA256 | 92bdddf743b37617fa7cbeb1d053970a3e42efd0157aaf328cd4a7716570b2af |
| SHA512 | 128eb12d08d706f2f95774c87c9f6c3d9de8642a71d08a030faedcf62231efc0b0c719f1bfc0a9d4f6518febf424c50c9d2fde71f8e77f9bd718e417a867cd92 |
C:\Users\Admin\AppData\Local\Programs\Installer\Installer9.exe
| MD5 | 744218f5383c0f4d289aa0aac86cd8e2 |
| SHA1 | 735ad41afc67ff2e34124ad01b9039a9f7ca368a |
| SHA256 | 3d03ff7b22cc35b153fd53af6b7b5aaae9f06f5211516606ea73e7d0ff7ee4bc |
| SHA512 | 258026fb54d5a639d44d7d14ec640449d8a232990b6d327de9c546c3129a87cfaa8e5cd7ba1e7dcef93112bbc39643d99a21e2af24fbc1eb6f3a36948d9ccb21 |
C:\Users\Admin\AppData\Roaming\Installer\Network\Network Persistent State
| MD5 | 8a254ae36c484041138199dc377828ab |
| SHA1 | 0f68b8e420a6ae3d13286ec10c94a88369b69abb |
| SHA256 | 1ff19bfb5442f5d3a86cc16d7660a93071cec5dd0f486ac074086b806f16ef4e |
| SHA512 | 11a1f626e8a67055f804c6612c0b4c7851862dae05a5b42a6045bbef79e0d12876fb6130911a459dc3f640abf2c97bddd12414a5219f6f49eb70bc6ac5e3635e |
C:\Users\Admin\AppData\Roaming\Installer\Network\Network Persistent State~RFe5a4cd9.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
memory/5392-1079-0x00007FF6DA500000-0x00007FF6DA7F0000-memory.dmp
memory/5392-1084-0x00007FF6DA500000-0x00007FF6DA7F0000-memory.dmp
memory/5392-1085-0x00007FF6DA500000-0x00007FF6DA7F0000-memory.dmp
memory/4544-1086-0x0000000001300000-0x0000000001388000-memory.dmp
memory/5392-1089-0x00007FF6DA500000-0x00007FF6DA7F0000-memory.dmp
memory/4544-1088-0x0000000001300000-0x0000000001388000-memory.dmp
memory/4544-1090-0x0000000001300000-0x0000000001388000-memory.dmp
memory/4544-1091-0x0000000004390000-0x0000000004790000-memory.dmp
memory/4544-1093-0x0000000004390000-0x0000000004790000-memory.dmp
memory/4544-1092-0x0000000004390000-0x0000000004790000-memory.dmp
memory/4544-1094-0x00007FFCAE880000-0x00007FFCAEA89000-memory.dmp
memory/4544-1096-0x0000000076150000-0x00000000763A2000-memory.dmp
memory/2904-1098-0x0000000000630000-0x0000000000639000-memory.dmp
memory/4544-1097-0x0000000004390000-0x0000000004790000-memory.dmp
memory/2904-1100-0x0000000002540000-0x0000000002940000-memory.dmp
memory/2904-1101-0x00007FFCAE880000-0x00007FFCAEA89000-memory.dmp
memory/2904-1103-0x0000000076150000-0x00000000763A2000-memory.dmp
memory/2904-1104-0x0000000002540000-0x0000000002940000-memory.dmp
memory/2904-1107-0x0000000002540000-0x0000000002940000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Installer\ffmpeg.dll
| MD5 | 0417c42343622bb396e01b7adf8bc8f3 |
| SHA1 | 723b35b6a6a7b761fb4cc33cd49f3339baa03ee5 |
| SHA256 | 36df48d97354e7e5adda9ceefe1bca5877e09d69254226492d51b80b60465e8d |
| SHA512 | 446d080a41931d2e908ba50bce8428d0f08ab18c830d47e34e8e9db8408451d0e45ffa066656235dac2ea1ec81e72806312c82b71048a71f480da9addf6ddbb2 |
memory/2904-1109-0x00007FFCAE880000-0x00007FFCAEA89000-memory.dmp
memory/4544-1110-0x0000000004390000-0x0000000004790000-memory.dmp
memory/2904-1108-0x0000000002540000-0x0000000002940000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Installer\Installer.exe
| MD5 | 3c578d0f0eb2a444060a53a57f83bc62 |
| SHA1 | 50ac98881bcaea39016378300a80641e643f1e7d |
| SHA256 | 26a643fcec477dd8d7f26d116e5165420f82e76e481d251297e6d9f4864134b9 |
| SHA512 | 7e27dcc15e350b941a52c564dfcb5826669ad86c9851fd05559abd5720b72294a868f2697f6e420637b9ff50e21b99c984bcfca4454acefa3f06e52c3a59d4fd |
memory/200-1112-0x000001954C750000-0x000001954C751000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Installer\vk_swiftshader.dll
| MD5 | 3a8600d95c9c163940f05e60a69eb457 |
| SHA1 | cce71f6a5490b48eaeb272cbf55792819fb2050b |
| SHA256 | 3477f8305c88838f894f0a304b8d2013542e9379f0310d398cd6a267e854e9af |
| SHA512 | 492a02352546065108c200b41026c711e09a32d3aa26e5356856d081bc1192445d7b98f789b6856b02217e84d8b3baa3288e3b9e359e59af6d0c7dcdd1888cf5 |
memory/200-1113-0x000001954C750000-0x000001954C751000-memory.dmp
memory/200-1114-0x000001954C750000-0x000001954C751000-memory.dmp
memory/200-1118-0x000001954C750000-0x000001954C751000-memory.dmp
memory/200-1119-0x000001954C750000-0x000001954C751000-memory.dmp
memory/200-1120-0x000001954C750000-0x000001954C751000-memory.dmp
memory/200-1121-0x000001954C750000-0x000001954C751000-memory.dmp
memory/200-1122-0x000001954C750000-0x000001954C751000-memory.dmp
memory/200-1123-0x000001954C750000-0x000001954C751000-memory.dmp
memory/200-1124-0x000001954C750000-0x000001954C751000-memory.dmp
C:\Users\Admin\AppData\Roaming\Installer\Network\Network Persistent State
| MD5 | 92c1a717ae0589421642813f7362d454 |
| SHA1 | 32d26476ae43d85b34d0939c807f672586457a1b |
| SHA256 | bd14c240a4f0e2786867da2ed764ce338de3490fcee7b8d3659e0266e0d53ff2 |
| SHA512 | f9f0474541384476c99b7f755d2250875e5d4eacff52757a02faf608b2fef8ece8877217b419e2578c198dd67ac02e7c2fedad3b1fffa9d3974dae9527d684ea |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Installer.lnk
| MD5 | bdbb6ead4cc87440ae7b057409cb28c1 |
| SHA1 | cc92cd4f7a024984a595141bf78db9fd9d40f258 |
| SHA256 | 2c68b05534e764d8384955b9c2960b72133d36be880b58896895c999cbd0fadc |
| SHA512 | b478f54a8a516e644fb2f60ec46ac451d10274cdccb4bf8754a99d31c6ab7085a11436f9edad6fd2472696e2944c0e0c5b37a68d07d276178955b22866321fa1 |
memory/5820-1138-0x00000178C6E20000-0x00000178C6E21000-memory.dmp
memory/5820-1137-0x00000178C6E20000-0x00000178C6E21000-memory.dmp
memory/5820-1139-0x00000178C6E20000-0x00000178C6E21000-memory.dmp
memory/5820-1143-0x00000178C6E20000-0x00000178C6E21000-memory.dmp
memory/5820-1144-0x00000178C6E20000-0x00000178C6E21000-memory.dmp
memory/5820-1145-0x00000178C6E20000-0x00000178C6E21000-memory.dmp
memory/5820-1146-0x00000178C6E20000-0x00000178C6E21000-memory.dmp
memory/5820-1148-0x00000178C6E20000-0x00000178C6E21000-memory.dmp
memory/5820-1147-0x00000178C6E20000-0x00000178C6E21000-memory.dmp
C:\Users\Admin\AppData\Roaming\Installer\Network\Network Persistent State
| MD5 | a03fe1a4a48b54db31375aa29fd3d06b |
| SHA1 | 64f145976f66303534600018e8c8221162eca754 |
| SHA256 | 3f103b0ca4c3d9f6b49633a3d0456ff3f93bca9476b208aa346416b21d8b0de3 |
| SHA512 | 5f9e5eee3998ae8ef1c2f90944dc97ee8a2f0084ea4e4ec1188ec30b9c48c9ff3fb3df31802c6859c84c857250284e3bf8ffe411d997dcdd24894b5ca6d81440 |