3d8159f0f99506a7c2ae080208e7562f3deaf67ac02caab57cb928a0a37a3abf

Analysis

max time kernel
45s
max time network
137s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2024, 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

71.4MB
MD5

14db472da8dda8be9bf579ea923844c7
SHA1

8b2c2b8613ad297755583b7160cbf337baba9cf6
SHA256

3d8159f0f99506a7c2ae080208e7562f3deaf67ac02caab57cb928a0a37a3abf
SHA512

46e927c31755cc055d9792d2e464702309f11f9fbee254c030cd19823237b4e59a716377c3c2f16038a7e7123a0b37129ee26f374ca6f2f8d3fb7a253c3038e2
SSDEEP

1572864:I4/4bsPLyf9VHubVd2yGV52JoJawjHoKcRmPdt3E+4UPSPSSfCWr:ry4L2cp/Jg3HNd2+ja/N

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icceidfiahebbnlpgpjejihjpajhngpg\15.23.2.12_0\manifest.json	Setup.exe

Executes dropped EXE 23 IoCs

pid	Process
1496	Setup.exe
1372	Setup.exe
3676	Setup.exe
2556	Setup.exe
1908	Setup.exe
3936	Setup.exe
3084	Setup.exe
1552	Setup.exe
2244	Setup.exe
5044	Setup.exe
3536	Setup.exe
2756	Setup.exe
1976	Setup.exe
4696	Setup.exe
564	Setup.exe
5300	Setup.exe
5316	Setup.exe
5648	Setup.exe
5692	Setup.exe
5884	Setup.exe
5896	Setup.exe
5864	Setup.exe
6012	Setup.exe

Loads dropped DLL 55 IoCs

pid	Process
4160	Setup.exe
4160	Setup.exe
4160	Setup.exe
1496	Setup.exe
1496	Setup.exe
3676	Setup.exe
1372	Setup.exe
1372	Setup.exe
1372	Setup.exe
1372	Setup.exe
2556	Setup.exe
3676	Setup.exe
1908	Setup.exe
1908	Setup.exe
3936	Setup.exe
3084	Setup.exe
3936	Setup.exe
3936	Setup.exe
3936	Setup.exe
1552	Setup.exe
2244	Setup.exe
3084	Setup.exe
2244	Setup.exe
3536	Setup.exe
5044	Setup.exe
5044	Setup.exe
5044	Setup.exe
5044	Setup.exe
2756	Setup.exe
1976	Setup.exe
3536	Setup.exe
1976	Setup.exe
564	Setup.exe
4696	Setup.exe
4696	Setup.exe
4696	Setup.exe
4696	Setup.exe
5300	Setup.exe
5316	Setup.exe
564	Setup.exe
5316	Setup.exe
5692	Setup.exe
5648	Setup.exe
5648	Setup.exe
5648	Setup.exe
5648	Setup.exe
5884	Setup.exe
5692	Setup.exe
5896	Setup.exe
5896	Setup.exe
5864	Setup.exe
6012	Setup.exe
5864	Setup.exe
5864	Setup.exe
5864	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 34 IoCs

Process Discovery

T1057

pid	Process
10184	tasklist.exe
16320	tasklist.exe
1832	tasklist.exe
7740	tasklist.exe
13116	tasklist.exe
13720	tasklist.exe
8272	tasklist.exe
9432	tasklist.exe
14532	tasklist.exe
9580	tasklist.exe
11548	tasklist.exe
6272	tasklist.exe
6256	tasklist.exe
848	tasklist.exe
7696	tasklist.exe
8260	tasklist.exe
11256	tasklist.exe
11204	tasklist.exe
15656	tasklist.exe
15660	tasklist.exe
13456	tasklist.exe
6340	tasklist.exe
7600	tasklist.exe
8860	tasklist.exe
10080	tasklist.exe
10636	tasklist.exe
12188	tasklist.exe
13616	tasklist.exe
15172	tasklist.exe
5560	tasklist.exe
1684	tasklist.exe
12224	tasklist.exe
12544	tasklist.exe
9760	tasklist.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
2936	taskkill.exe
1588	taskkill.exe
2544	taskkill.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2084	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3676	Setup.exe
3676	Setup.exe
2556	Setup.exe
2556	Setup.exe
3084	Setup.exe
3084	Setup.exe
1552	Setup.exe
1552	Setup.exe
3536	Setup.exe
3536	Setup.exe
2756	Setup.exe
2756	Setup.exe
564	Setup.exe
564	Setup.exe
5300	Setup.exe
5300	Setup.exe
5692	Setup.exe
5692	Setup.exe
5884	Setup.exe
5884	Setup.exe
6012	Setup.exe
6012	Setup.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4160	Setup.exe
Token: SeShutdownPrivilege	1496	Setup.exe
Token: SeCreatePagefilePrivilege	1496	Setup.exe
Token: SeShutdownPrivilege	1496	Setup.exe
Token: SeCreatePagefilePrivilege	1496	Setup.exe
Token: SeShutdownPrivilege	1496	Setup.exe
Token: SeCreatePagefilePrivilege	1496	Setup.exe
Token: SeShutdownPrivilege	1496	Setup.exe
Token: SeCreatePagefilePrivilege	1496	Setup.exe
Token: SeShutdownPrivilege	1908	Setup.exe
Token: SeCreatePagefilePrivilege	1908	Setup.exe
Token: SeShutdownPrivilege	1496	Setup.exe
Token: SeCreatePagefilePrivilege	1496	Setup.exe
Token: SeShutdownPrivilege	1908	Setup.exe
Token: SeCreatePagefilePrivilege	1908	Setup.exe
Token: SeShutdownPrivilege	1496	Setup.exe
Token: SeCreatePagefilePrivilege	1496	Setup.exe
Token: SeShutdownPrivilege	1908	Setup.exe
Token: SeCreatePagefilePrivilege	1908	Setup.exe
Token: SeShutdownPrivilege	1496	Setup.exe
Token: SeCreatePagefilePrivilege	1496	Setup.exe
Token: SeShutdownPrivilege	2244	Setup.exe
Token: SeCreatePagefilePrivilege	2244	Setup.exe
Token: SeShutdownPrivilege	1908	Setup.exe
Token: SeCreatePagefilePrivilege	1908	Setup.exe
Token: SeShutdownPrivilege	1496	Setup.exe
Token: SeCreatePagefilePrivilege	1496	Setup.exe
Token: SeDebugPrivilege	1684	tasklist.exe
Token: SeShutdownPrivilege	2244	Setup.exe
Token: SeCreatePagefilePrivilege	2244	Setup.exe
Token: SeShutdownPrivilege	1908	Setup.exe
Token: SeCreatePagefilePrivilege	1908	Setup.exe
Token: SeShutdownPrivilege	1496	Setup.exe
Token: SeCreatePagefilePrivilege	1496	Setup.exe
Token: SeShutdownPrivilege	2244	Setup.exe
Token: SeCreatePagefilePrivilege	2244	Setup.exe
Token: SeShutdownPrivilege	1908	Setup.exe
Token: SeCreatePagefilePrivilege	1908	Setup.exe
Token: SeShutdownPrivilege	1976	Setup.exe
Token: SeCreatePagefilePrivilege	1976	Setup.exe
Token: SeShutdownPrivilege	1496	Setup.exe
Token: SeCreatePagefilePrivilege	1496	Setup.exe
Token: SeShutdownPrivilege	1976	Setup.exe
Token: SeCreatePagefilePrivilege	1976	Setup.exe
Token: SeShutdownPrivilege	1908	Setup.exe
Token: SeCreatePagefilePrivilege	1908	Setup.exe
Token: SeShutdownPrivilege	2244	Setup.exe
Token: SeCreatePagefilePrivilege	2244	Setup.exe
Token: SeShutdownPrivilege	1496	Setup.exe
Token: SeCreatePagefilePrivilege	1496	Setup.exe
Token: SeShutdownPrivilege	1976	Setup.exe
Token: SeCreatePagefilePrivilege	1976	Setup.exe
Token: SeShutdownPrivilege	1908	Setup.exe
Token: SeCreatePagefilePrivilege	1908	Setup.exe
Token: SeShutdownPrivilege	2244	Setup.exe
Token: SeCreatePagefilePrivilege	2244	Setup.exe
Token: SeShutdownPrivilege	1496	Setup.exe
Token: SeCreatePagefilePrivilege	1496	Setup.exe
Token: SeShutdownPrivilege	5316	Setup.exe
Token: SeCreatePagefilePrivilege	5316	Setup.exe
Token: SeShutdownPrivilege	1976	Setup.exe
Token: SeCreatePagefilePrivilege	1976	Setup.exe
Token: SeShutdownPrivilege	1908	Setup.exe
Token: SeCreatePagefilePrivilege	1908	Setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 1496	4160	Setup.exe	85
PID 4160 wrote to memory of 1496	4160	Setup.exe	85
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 1372	1496	Setup.exe	87
PID 1496 wrote to memory of 3676	1496	Setup.exe	88
PID 1496 wrote to memory of 3676	1496	Setup.exe	88
PID 1496 wrote to memory of 4164	1496	Setup.exe	90
PID 1496 wrote to memory of 4164	1496	Setup.exe	90
PID 1496 wrote to memory of 2556	1496	Setup.exe	91
PID 1496 wrote to memory of 2556	1496	Setup.exe	91
PID 4164 wrote to memory of 1908	4164	cmd.exe	92
PID 4164 wrote to memory of 1908	4164	cmd.exe	92
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94
PID 1908 wrote to memory of 3936	1908	Setup.exe	94

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1496
- - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1420 --field-trial-handle=1648,4734365854973345598,7269752611098737863,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1372
- - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
    C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:3676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1700,17962285624132320431,3330201800476722570,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2088 --field-trial-handle=1700,17962285624132320431,3330201800476722570,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1552
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        5⤵
        
        PID:1924
- - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2068 --field-trial-handle=1648,4734365854973345598,7269752611098737863,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2556

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ShowSearch.css
1⤵
- Opens file in notepad (likely ransom note)
PID:2084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2244
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1684,3162793518064226845,3189723524100408786,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5044
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
  2⤵
  - Drops Chrome extension
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3536
- - C:\Windows\system32\cmd.exe
    cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1004
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:1684
- - C:\Windows\system32\cmd.exe
    cmd.exe /d /s /c "wmic useraccount where name='%username%' get sid"
    3⤵
    PID:6040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic useraccount where name='Admin' get sid
      4⤵
      PID:6084
- - C:\Windows\system32\cmd.exe
    cmd.exe /d /s /c "taskkill /f /IM chrome.exe"
    3⤵
    PID:6128
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /IM chrome.exe
      4⤵
      Kills process with taskkill
      PID:2936
- - C:\Windows\system32\cmd.exe
    cmd.exe /d /s /c "wmic useraccount where name='%username%' get sid"
    3⤵
    PID:5456
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic useraccount where name='Admin' get sid
      4⤵
      PID:6076
- - C:\Windows\system32\cmd.exe
    cmd.exe /d /s /c "taskkill /f /IM msedge.exe"
    3⤵
    PID:3308
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /IM msedge.exe
      4⤵
      Kills process with taskkill
      PID:1588
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2104 --field-trial-handle=1684,3162793518064226845,3189723524100408786,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
  2⤵
  PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1976
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1408 --field-trial-handle=1680,14930415542187383327,5004435042492365293,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4696
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
  2⤵
  PID:5284
- - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1696,4786313659456419234,7879501931586856756,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:5692
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1708,14808535885734670980,17968210032698618676,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:6012
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        7⤵
        
        PID:6224
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:6340
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "wmic useraccount where name='%username%' get sid"
        7⤵
        
        PID:6960
        
        C:\Windows\System32\Wbem\WMIC.exe
        
        wmic useraccount where name='Admin' get sid
        8⤵
        
        PID:7112
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "taskkill /f /IM msedge.exe"
        7⤵
        
        PID:7156
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /IM msedge.exe
        8⤵
        Kills process with taskkill
        
        PID:2544
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1720,8881036996004377125,4349780467959039799,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        8⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        8⤵
        
        PID:6564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        8⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        9⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1716,9618145872449058967,5392368407958736215,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        10⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        10⤵
        
        PID:7004
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        11⤵
        
        PID:6092
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        12⤵
        Enumerates processes with tasklist
        
        PID:6256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        11⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1636,9152857161023818267,9481355066933350142,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        12⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        12⤵
        
        PID:6188
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        13⤵
        
        PID:5244
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        14⤵
        Enumerates processes with tasklist
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2196 --field-trial-handle=1636,9152857161023818267,9481355066933350142,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        12⤵
        
        PID:4668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        12⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2180 --field-trial-handle=1716,9618145872449058967,5392368407958736215,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        10⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2164 --field-trial-handle=1720,8881036996004377125,4349780467959039799,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        8⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2100 --field-trial-handle=1708,14808535885734670980,17968210032698618676,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        6⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2156 --field-trial-handle=1696,4786313659456419234,7879501931586856756,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:5884
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2124 --field-trial-handle=1680,14930415542187383327,5004435042492365293,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:5300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
1⤵
PID:7032
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1740,287554633432534072,12232230288641083309,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:6080
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
  2⤵
  PID:1800
- - C:\Windows\system32\cmd.exe
    cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1416
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
  2⤵
  PID:6416
- - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
    3⤵
    PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1692,18024522959647326948,8377090179031311422,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
      4⤵
      PID:7244
    - - C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        5⤵
        
        PID:7652
      - C:\Windows\system32\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        
        PID:7696
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        5⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1668,1724135982801363713,16569132798099818174,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        6⤵
        
        PID:7888
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        7⤵
        
        PID:7428
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:7600
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        6⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        7⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1756,4498862442147942362,13293068127650441558,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        8⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        8⤵
        
        PID:1500
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        9⤵
        
        PID:7376
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        10⤵
        Enumerates processes with tasklist
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2268 --field-trial-handle=1756,4498862442147942362,13293068127650441558,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        8⤵
        
        PID:756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        8⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2244 --field-trial-handle=1668,1724135982801363713,16569132798099818174,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        6⤵
        
        PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2216 --field-trial-handle=1692,18024522959647326948,8377090179031311422,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      PID:7456
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2216 --field-trial-handle=1740,287554633432534072,12232230288641083309,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:1528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
1⤵
PID:2760
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1776,17609800650695940291,10788858351584944285,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:8024
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
  2⤵
  PID:4076
- - C:\Windows\system32\cmd.exe
    cmd.exe /d /s /c "tasklist"
    3⤵
    PID:8564
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:8860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
  2⤵
  PID:8276
- - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
    3⤵
    PID:8292
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1644,7075187299635885014,5156413744436929649,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:8524
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
      4⤵
      PID:8620
    - - C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        5⤵
        
        PID:9176
      - C:\Windows\system32\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        
        PID:8260
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
      4⤵
      PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        5⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1788,1775002425291204799,14891589484905667345,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        6⤵
        
        PID:5632
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        7⤵
        
        PID:8252
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:8272
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1732,15101396476487327641,4952740451120931540,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        8⤵
        
        PID:9052
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        9⤵
        
        PID:9364
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        10⤵
        Enumerates processes with tasklist
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2324 --field-trial-handle=1732,15101396476487327641,4952740451120931540,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        8⤵
        
        PID:9148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        8⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2320 --field-trial-handle=1788,1775002425291204799,14891589484905667345,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        6⤵
        
        PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2260 --field-trial-handle=1644,7075187299635885014,5156413744436929649,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      PID:8832
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2280 --field-trial-handle=1776,17609800650695940291,10788858351584944285,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:8304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
1⤵
PID:9200
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1408 --field-trial-handle=1728,5840467509990027713,5353903834295372043,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:9552
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
  2⤵
  PID:9608
- - C:\Windows\system32\cmd.exe
    cmd.exe /d /s /c "tasklist"
    3⤵
    PID:10036
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:10080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
  2⤵
  PID:9776
- - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
    3⤵
    PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1652,9897492059692379117,7979666963712611360,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:10164
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
      4⤵
      PID:10220
    - - C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        5⤵
        
        PID:9368
      - C:\Windows\system32\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        
        PID:10184
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2384 --field-trial-handle=1652,9897492059692379117,7979666963712611360,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      PID:6376
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        5⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1820,10376747769181930980,11866965938070895951,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        6⤵
        
        PID:9948
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        7⤵
        
        PID:10580
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2368 --field-trial-handle=1820,10376747769181930980,11866965938070895951,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        6⤵
        
        PID:10312
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        6⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        7⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1404 --field-trial-handle=1736,7578627187516535514,12351357309758924635,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        8⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        8⤵
        
        PID:10776
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        9⤵
        
        PID:11212
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        10⤵
        Enumerates processes with tasklist
        
        PID:11256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        9⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1796,16062376545534632880,205918035926303319,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        10⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        10⤵
        
        PID:10084
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        11⤵
        
        PID:11136
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        12⤵
        Enumerates processes with tasklist
        
        PID:11204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        10⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        11⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1416 --field-trial-handle=1812,12360496734111434280,2233660016182500220,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        12⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        12⤵
        
        PID:10784
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        13⤵
        
        PID:11444
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        14⤵
        Enumerates processes with tasklist
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2108 --field-trial-handle=1812,12360496734111434280,2233660016182500220,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        12⤵
        
        PID:11276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        12⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2432 --field-trial-handle=1796,16062376545534632880,205918035926303319,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        10⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2392 --field-trial-handle=1736,7578627187516535514,12351357309758924635,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        8⤵
        
        PID:10976
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2356 --field-trial-handle=1728,5840467509990027713,5353903834295372043,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:9792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:10260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:10900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:10556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9384

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
1⤵
PID:11288
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1724,3370729828346960118,10529537451525662594,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:11648
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
  2⤵
  PID:11704
- - C:\Windows\system32\cmd.exe
    cmd.exe /d /s /c "tasklist"
    3⤵
    PID:12144
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:12188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
  2⤵
  PID:11888
- - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
    3⤵
    PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1868,17562069559450903900,5140455905253899833,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
      4⤵
      PID:11268
    - - C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        5⤵
        
        PID:12092
      - C:\Windows\system32\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        
        PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2476 --field-trial-handle=1868,17562069559450903900,5140455905253899833,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      PID:11664
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
      4⤵
      PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        5⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1408 --field-trial-handle=1852,16396149274765530476,13262218099190669498,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        6⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        6⤵
        
        PID:11204
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        7⤵
        
        PID:12404
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:12544
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        7⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1836,16961306298947394978,958913058316541737,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        8⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        8⤵
        
        PID:12580
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        9⤵
        
        PID:13068
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        10⤵
        Enumerates processes with tasklist
        
        PID:13116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        8⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        9⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1408 --field-trial-handle=1848,15272368180037960017,16307539787798491801,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        10⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        10⤵
        
        PID:12308
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        11⤵
        
        PID:10564
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        12⤵
        Enumerates processes with tasklist
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2508 --field-trial-handle=1848,15272368180037960017,16307539787798491801,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        10⤵
        
        PID:12692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        10⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        11⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1400 --field-trial-handle=1772,15637898765401725731,1048935178444403564,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        12⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        12⤵
        
        PID:6184
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        13⤵
        
        PID:12348
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        14⤵
        Enumerates processes with tasklist
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2368 --field-trial-handle=1772,15637898765401725731,1048935178444403564,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        12⤵
        
        PID:13152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        12⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        13⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1884,13822882157007925893,6559303566183121081,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        14⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        14⤵
        
        PID:13292
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        15⤵
        
        PID:13656
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        16⤵
        Enumerates processes with tasklist
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2552 --field-trial-handle=1884,13822882157007925893,6559303566183121081,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        14⤵
        
        PID:13440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        14⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        15⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1872,12379588223108394817,9278389485344574054,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        16⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        16⤵
        
        PID:14004
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        17⤵
        
        PID:13396
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        18⤵
        Enumerates processes with tasklist
        
        PID:13456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        16⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        17⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1864,6814629387221670488,5033816412127459281,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        18⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        18⤵
        
        PID:13620
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        19⤵
        
        PID:5336
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        20⤵
        Enumerates processes with tasklist
        
        PID:13616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        18⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        19⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1932,5454260943105454702,14146002946738634964,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        20⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        20⤵
        
        PID:13732
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        21⤵
        
        PID:14468
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        22⤵
        Enumerates processes with tasklist
        
        PID:14532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        20⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        21⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1396 --field-trial-handle=1816,9146154948896557571,16965124896801044412,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        22⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        22⤵
        
        PID:14684
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        23⤵
        
        PID:15124
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        24⤵
        Enumerates processes with tasklist
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2604 --field-trial-handle=1816,9146154948896557571,16965124896801044412,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        22⤵
        
        PID:14892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        22⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        23⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1408 --field-trial-handle=1876,11387417648050398619,13212053989224613891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        24⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        24⤵
        
        PID:15332
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        25⤵
        
        PID:13848
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        26⤵
        Enumerates processes with tasklist
        
        PID:5560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        24⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        25⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1408 --field-trial-handle=1272,15956527942903540981,13744892991408005930,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        26⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        26⤵
        
        PID:14856
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        27⤵
        
        PID:14656
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        28⤵
        Enumerates processes with tasklist
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2648 --field-trial-handle=1272,15956527942903540981,13744892991408005930,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        26⤵
        
        PID:9144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        26⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        27⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1892,7600471480157034012,968425127613700418,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        28⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        28⤵
        
        PID:15192
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        29⤵
        
        PID:15612
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        30⤵
        Enumerates processes with tasklist
        
        PID:15656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        28⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        29⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1416 --field-trial-handle=1944,4662533192356467940,5749183176321972032,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        30⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        30⤵
        
        PID:15908
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        31⤵
        
        PID:16260
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        32⤵
        Enumerates processes with tasklist
        
        PID:15660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        30⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        31⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1404 --field-trial-handle=1936,7984295049364949303,15425122715926433627,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        32⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        32⤵
        
        PID:5580
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe /d /s /c "tasklist"
        33⤵
        
        PID:15680
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        34⤵
        Enumerates processes with tasklist
        
        PID:16320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        32⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
        33⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1952,10624329381917381168,1006015522291150932,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        34⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
        34⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2692 --field-trial-handle=1952,10624329381917381168,1006015522291150932,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        34⤵
        
        PID:8404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe""
        34⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2684 --field-trial-handle=1936,7984295049364949303,15425122715926433627,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        32⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2664 --field-trial-handle=1944,4662533192356467940,5749183176321972032,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        30⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2640 --field-trial-handle=1892,7600471480157034012,968425127613700418,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        28⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2612 --field-trial-handle=1876,11387417648050398619,13212053989224613891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        24⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2588 --field-trial-handle=1932,5454260943105454702,14146002946738634964,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        20⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2544 --field-trial-handle=1864,6814629387221670488,5033816412127459281,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        18⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2548 --field-trial-handle=1872,12379588223108394817,9278389485344574054,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        16⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2480 --field-trial-handle=1836,16961306298947394978,958913058316541737,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        8⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2472 --field-trial-handle=1852,16396149274765530476,13262218099190669498,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        6⤵
        
        PID:11864
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2412 --field-trial-handle=1724,3370729828346960118,10529537451525662594,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:11908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:11788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:11468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:12684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:11552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:12980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:13316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:14124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:14000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:14148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:14808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:13632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:14496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:16012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:14548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:16100

C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe"
1⤵
PID:15708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\LICENSES.chromium.html

Filesize
5.2MB

MD5
df37c89638c65db9a4518b88e79350be

SHA1
6b9ba9fba54fb3aa1b938de218f549078924ac50

SHA256
dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463

SHA512
93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe

Filesize
2.8MB

MD5
5dc1907eeb579b905a9bd99298183e0b

SHA1
4903fbdf9b41495e7c1bf486af00816ee4773aa8

SHA256
70cb35bd49e42e2e71577a3339adbde49cf38b0b7e707a492576c9063b951fa6

SHA512
ca814c5ff467b48353b7c97f1429dd409c34fbfc895cc380e28ea1dc9c39c649adeaba63f68b2f7d2dfc0a8f68a08f093a6a4c978ceb114bbbdb03ff89751a65

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe

Filesize
960KB

MD5
0d5723b1813ba0557da31ae3a912900c

SHA1
eba9e11e72672e2e473e2353b6df4653acd10caf

SHA256
27c4910ab33d7457b67e67dbf2d63c61443ab337da5341fc32ef3f54f604bd74

SHA512
f270169e53945570eabef4ae0dabed9d50052bbee2362fdcfe9fe9adcc4e8449b7d14d9259d966e7681426f08135a88d85005a7b49ea9c9716dda3c6975473e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\d3dcompiler_47.dll

Filesize
2.8MB

MD5
f532e0d5256b2cb11bafca7d08bfc001

SHA1
b2ac129b7ad323fe4907392678e9519f00337897

SHA256
7e13f60e8fba7ede2fd4ec138501b6ce5acaba3b05bb5054bc7dad6cf1de22ac

SHA512
0fd4305ed7cdc5b46937d67e08952a206929dd0bf336675aef4914bcfe1ad322e9908421ee3d86e58b0ece25e655d90a195a52c37177b943e74c85aebd3e679d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\ffmpeg.dll

Filesize
2.6MB

MD5
93d2ae354e5544386312df0b0744b3e4

SHA1
908bc552a5618afd328d07aa2611b0f171807880

SHA256
dc938bdf87d6acaac9e0ca343e917f722b12f59fd7d27124dac85b0430c3872d

SHA512
b8b869054411392965bf28523e932f07f44447c919d61c74b8ddca9917ee552e4d0579b788afdd3bd21cbc85ea919b44ce306b3083d0b2d2e07703a3583d10e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\icudtl.dat

Filesize
2.7MB

MD5
56679f092675574372e49774e6d73cb0

SHA1
b71847bbb7f7b3759d91751ea0fe804d2a06c4cb

SHA256
b16c8f76e844a63404f422b2cb63b130187706dd995f3b7e79016a120203cd11

SHA512
6052ea942c00c8b8b0629343d664208adeefb3ca87da0fa41fb3b6506e864bbfb9b6615205482ae4fba71928102c46f48887432af27abb682b673e18c63131f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\libGLESv2.dll

Filesize
6.3MB

MD5
ed47a77eda8131570d63e6ed9a516bf6

SHA1
4a41ed7d4463bc8e7db8acf1fb46c37b3d561ab1

SHA256
26754a53e07d1e7243a48478e8b0b1df4c75a44d6540b4fc0391647e00287851

SHA512
b03d3f6617428976399ded1dff148996a914c98878ac4be6a3870e3799bb2f3c77bb48cbf239ab64b3850c7ecb2eb850b74cc99dd67b7d2d26cddd77d800fa51

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\locales\sk.pak

Filesize
127KB

MD5
b35daa0bd9627ca88b413a5af7c6b4a4

SHA1
d5efdcbc7ca17de29f3075f6434f31ab2e895826

SHA256
f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177

SHA512
48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\locales\sv.pak

Filesize
111KB

MD5
d59db925bd683480f4e3b2f4eb74c3bd

SHA1
75b40770850787ce9dbddf92725a5719f85c2ab0

SHA256
d60d3d4b8fd284a2457868fd06961bb79f3dc91b8c4505182c5e9778419fe849

SHA512
7d6b41569c2432535c0d55021ea9d78a1020f32d9d09a0624a90ebf76dc6904b04df9dc86837161e0db453a68b452ff829e0f8df29e79869af8b58314fe79ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources.pak

Filesize
768KB

MD5
76541f2cb1cdca7a7fe5484f58ee588e

SHA1
bf7665eed4e8582640fec77ec2a6ff12d73eb8f5

SHA256
e0e3d8891cd8dc3a287cad32b6448e5f5ff6a5c0d74ff12441a9028bbceb24c5

SHA512
f8bc695e07e56ed49d5eb848dfa541abc20d7bab2a3bb2de3d95a8d01488ebedd5a6a2367cd8f5314fa77e721312d424a551f8c83f901100ed31317cbcbce0c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar

Filesize
448KB

MD5
38d579552f51f253c19edc6a8dd08dec

SHA1
9748545251de9ffb49bfc04481c383312f68a230

SHA256
aa2fc95e22fbca17a31c7b3cf6762911f94572bb24c039ba4357a0ad7a2aeccc

SHA512
55eac9eea75e6dc8db2e7fc79f808c4c12db2981754095bffedaf68b63fbdaa5885bc3dfb9e81635a28bad798b476dd45f992e4c1b4bd4cc7f724bfa83b2caa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f1fcf4d-5d1d-421c-87d2-49a84533c6e6.tmp.node

Filesize
613KB

MD5
174c50bb9795f9d23b87158da5cfa977

SHA1
f5d963f733d9a82490bd828051b45c2b322b032b

SHA256
77ad8327ae7fb12e0d6b8f3d806311be07d2c34cca0da720cab2af4cb8c30435

SHA512
bf9bb12ac5b4a38fba44736ddefd48afb98ba3b5ce9ee262ea24ae7d41b8d4a41cb5a8c66336218e40cc20c2df75166b11587ea4c4a6764e5942a7cfa110b769

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-QLoXng\extension\scr\p-install.bundle.js

Filesize
59KB

MD5
8295526ad1b8892c1f5963a086078df9

SHA1
bab5cd4922ae22224f09fae802579cd62e4bf80a

SHA256
8ab532ce0219128f0370e7b75b4afe89e9e9037b72f66a7be2122a55466952b4

SHA512
f44939cf01f22e0d044c3b3f487f0b69978ad64342aa14ab9a6b5107f26b4a039a2ecfefc2e823a331f022db4e822d7a3cbe1dee9016f186bddacccdfd3ae20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-QLoXng\extension\styles\p-install.bundle.css

Filesize
8KB

MD5
d3661208b3e90056e411013cc493c6e3

SHA1
26a8cbda197e4ba728dee95daaad38f3419dd0ad

SHA256
b33ca22add7f0e796ee39ef1a5f39c5d40a7892a4a3926e8db355a8df54ff9bc

SHA512
bd8f4ab0587adca2aa056b777871084da69350fea21557622150ffc8740615512f0eb15d2a89be3c5646a51cff3fdd6d8847a16ac09ef88e9fa42ee7e0b5e36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\_metadata\computed_hashes.json

Filesize
35KB

MD5
ae5b22e6bd607eca85fb58882451457f

SHA1
57c52e096081198ecb1a958092026f6a92be6db0

SHA256
4f2bc807c76bf2a4e5327e258c63392f79c8a5c38ac9c5b6b9660e5df3df2fd8

SHA512
e64b995257bd3ba0e68801f0ae6391067d2b85aab061c570e4272a50ece2d4cf536fc7fe9d138ecf2b8096598b4ae47170b0aa09140653ccd71a9d2c47a7c732

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\_metadata\verified_contents.json

Filesize
5KB

MD5
e251cf0ca25c8f7e4da803b7384eecc4

SHA1
5d086ad6eb43cac48b3fa16497f8ad30e697b0a8

SHA256
4e2adbea6ade4ba52ad155351a5c87ba505e877574b23b91f0e702cb7d51555f

SHA512
b67508d19c27696aa27fa1edb9192f58e5885dbb9aa7233e1664b178d3b4bc629d09ec99d41409bc64430734f503d2520a3bce746ef8043512c8a2fd66f72a52

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\fonts\materialdesignicons.eot

Filesize
203KB

MD5
ed840d794dc7ea1c6a53363d73f72509

SHA1
f97410b31a2f7e243c5a61981e12e1925732b087

SHA256
6423c407713698935b9028e6ed8c1faeb4a437a4e2beb3c1cb1f529495406200

SHA512
af70bf0bec975f15c0b879f5e0081cc1d556d52730fccc894716bd42b06ed53d93373b34b812e8fcf71b2caa4ed7b1d6197da31d64c35424cb25c1730f2e098c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\fonts\materialdesignicons.svg

Filesize
1.5MB

MD5
527080c4652828659a7b92516393c016

SHA1
c054be91039c9901289e2beed0d874a427cd0d4b

SHA256
bf80f95a656380efe4c16174d8ee665c93fb79168c42d16ae0f334a0ddbbf467

SHA512
fafe43eb031a42640b8d20173a671ff3b58dd7533c1bf07584297a604543dbe6c5b7dc1e2f4e9e3f1acff580edc97eb994764196455e6748b1506368d67ac87f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\fonts\materialdesignicons.ttf

Filesize
203KB

MD5
246a512d70416108683f9f190d3dd1a6

SHA1
cf1a426d41200419923033a2ef85bacb4f2930ce

SHA256
637a440284c24b36e4b1f28c80da04cfd9a9c8c2b092a60803f627ce0f8f463b

SHA512
c42c1269ebde9265629d4fd1bdb6ca129d8b26c640cb1042d847dcb5f140f65133985f58439c604cd5137f68af7d2cd2f62532dc00e0f4dc71c15e37000ed82b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\fonts\materialdesignicons.woff

Filesize
100KB

MD5
489a5d51dc8059afea165fe93f5b48e5

SHA1
6749e3ce61ec0c04787a6c618ce7cba9d2db8c4b

SHA256
ff2a89a0ccd6ab54032e9aa25b5a584a2457cbd84b3433df1b0402bed80fa640

SHA512
0dd68936bc1af1918835bbc7df0ae76194c2ff910162e3974cdf12e376fe43c794585fdda9d96496cb6a437afcd0d744fbb5d1f4fa136d6b76a994841e5545e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\fonts\materialdesignicons.woff2

Filesize
77KB

MD5
380a87ac162f7313bdc7556fcca4fd38

SHA1
4b29d05c0445f92f14a1c058fc06e34ab6e7f869

SHA256
56ca131e02e335cbc5604cf53451ad97f160b33a46bba0b0b8f41578de9715c1

SHA512
589b7c0ecee83caef16b5ae433fcdace49fc7a56faa491bcbbccf1b0b154fd9953380277b0d6193dfe4c12fabf27400c0dc6cbb0bd22e00f62db60349ca72e5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\bg1.svg

Filesize
33KB

MD5
33db4cd1554eb23a6a5bead999877d11

SHA1
d17ca741f45602a3ccab82d5b2bfcd0f488fc624

SHA256
5e10f33d94d3be0ee06818fba06a5788b08fa8889f10ad5bec15f7479df3fd9a

SHA512
8aef45863497e967877497636d8e763fe6f40c002023c9e4a2840472be5427500f93852879202de0bf616a9a64f3c2a0bb4e6d209ceb65cbec42bdaf15998970

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons2\icon128.png

Filesize
2KB

MD5
5250bf2fb19b9abeee6f87765984b2ea

SHA1
eba386ae38601821841163c2467ddd95be89a5c0

SHA256
25875ebac929cdb8bef8527442be5dbddf6f1da553156b050b967b4cc8bf3ebc

SHA512
9c4cbe3972a794edd28164ebf00eb1d86a04d8b35d8f7251a65b89b31a80abc54265e27592e2a6905452c1940fcf8587257b2bc8b0a97f5de8fec642b8bc5905

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons2\icon16.png

Filesize
421B

MD5
e78672884edbd449426fc44efb79fdc8

SHA1
cdc25d836919acbbfa022abc1a518811f8fba4c3

SHA256
e9f3cfc7914887717a6e0e8b52a83daad960d15500409a90b71c354b74b1bb7c

SHA512
4a7bf3919eecd5d5e41eb3cae193de4a66a5c131632c236ae8ef95a545c6e7e840bc17abf52b9da1913e70e9d3a2165d57bec5b972a837ac1c10a71e1f243130

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons2\icon32.png

Filesize
732B

MD5
bc9572bdf728a91936ed5b7bd74e805b

SHA1
7068d57e90588908b4ffc1a10927eba3a0b84249

SHA256
103d16764a3618b8eb8dbb61ee033f8e8aab71d710b1bb1144766279c57667c1

SHA512
6bcb9f45189e3455b4dac5b90d3ec1652720a5257b0d49bea680a298cd718b473778d45294d5102612ba52c275ab8566ed2d05610230db775bfb181fbe75952f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons2\icon48.png

Filesize
1KB

MD5
058950f1f5a965f370314e7d18deb7a2

SHA1
f94a2c44428c8c9114cf757e2e3ff0d9181a078a

SHA256
ef81878283f413db5073f852969254ca196307e4c7f1c22bd0eda6f02a23c8cd

SHA512
7348b9f665799ed0825d4dd72088093c73e66d045efeb0dc904ba881f9250d2d1c09742e66ed44b640b7943968c63fcf471cd1cb62b110da0ad34f887d45007a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons2\icon64.png

Filesize
1KB

MD5
2346b80496555eb87aa065e198911746

SHA1
751828b3e543879557d0529ae5199b7936b8a44a

SHA256
0fab5a63bbf561d1adad5732c4d74b1bd1ec6c4cafbbb1ed41a62f4db542d449

SHA512
4702820e61f2b9c8c376049db6612f2ba7fd67711aa61687c8e21f9fd7e1b136e18867b72127975981a288e09bc7d6aa9bbae7ede2d7a3248c63fdb6adae3bf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons\icon-empty.png

Filesize
88B

MD5
790f7f479aed1a1affd24bf3f2a0d9ee

SHA1
e00c17daee1f4cfa8e55ad94320ca577c3125006

SHA256
bf058de3f5629406073bedaaa290021c9eb39b8cd90ea1159393a984d8f987a4

SHA512
062e6c23ff7ef311db5b487f8da251c0f3fec864527394307723c5d3a423148398e094c23f1a6cb1ba7616df63d84f02209cb709c7d6040ee6ba43b9ee5a54e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons\icon1.png

Filesize
497B

MD5
4a795af87dd1b6ce1eca74a9cb94c7de

SHA1
f5f530b2ff7d31a27679436eecb1b33bd7e09e2c

SHA256
b7cc07c20cb64cb13a2408a1de065290774683578047fd88a4d646dbd6546b8b

SHA512
7ab2464a8520a7788ad4bfb90205a874121f78a2610a02db7d7814784bda0190959af8f51ff87a85c4b3a99c0a1f76a5cc6e7b9e90078294edfdcff507d139f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons\icon2.png

Filesize
468B

MD5
74da91d2ad27d354733b8e9d33804ed1

SHA1
1409bdcff4d00aa9ff9738d903076330c57f4f89

SHA256
aa62e6a50481ed9a26c8301e67f1a9ef6b6504f9e812ca53a07a978af27f4c55

SHA512
94fefc5b569ad32c6a865e18d5d89b3b519d9eb80a2cc46a9d65d50b32d6a888231e6092d826105ee0e9e2564c04cb09de91551b0d063470e912119cee0d73b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons\icon3.png

Filesize
511B

MD5
cd2e140903489574e80d3e7ad4273017

SHA1
eb5586a743678ae3b44237f7b843e8c200eb3530

SHA256
e3b2ef83b8cf5095f38025f11cb9c710d9fba844833b93a1d0b83bc8e61d8b4d

SHA512
48096567d0ff28070705f93ba217e757d13e67151acb2575588468caceec472ef1d986ea3837bf4aa21afa8f40d97a170367d435b6c1c455acb282a0a9f69e4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons\icon4.png

Filesize
380B

MD5
b02363af6ac46ee565a564275f7bc6e4

SHA1
7101846e7a77b264e0a3dc0c58f5465f50ebae1e

SHA256
8d3cc5a0acea7c81a722c5faa35513ffd7ed20ae82c50f1856e75fcd72cd40e6

SHA512
217a89577a0d273ba3e5e4deb7362594075e4e51a3ac70f35a2018d87a5dc0ace91844eaab49004de296f583ef126547174863f3393421cc9baa1fc24f74074c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons\icon48.png

Filesize
3KB

MD5
670a7983428a403a0de6377e880d7a15

SHA1
9c85314ee190909d33c1c27aae019f34eb8ccc33

SHA256
2fba918f9672ce0095e773d30234299c99c7dc69460a37b0845a6fafa8e13e43

SHA512
bb98f23ea70dff11d2fcd426e2c484201a14344c739abc7c39d16e6c1ffc73ac08693e021ae722ecf17e9f1b45050902649f3d3780ea681e235c9900d7e57708

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons\icon48a.png

Filesize
1KB

MD5
6b1eec7ad997bf2657bfdb3e538b7fad

SHA1
5367a27ac1e3a8ad25e1a5480fe9beb12ff9ddae

SHA256
a99f0e757f31db0296413bf523ef3f6eb689043277ea2da4829888ba4f97a876

SHA512
9b29ef7f305b74e6e7ef730f254e5659e5225bd0cc5bf53285d0013ce4ce236843ad1c74cd26ede6444ee214221f388e1102c75be8a09a4c23249a2c72ba9eec

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons\icon5.png

Filesize
393B

MD5
09ac87c5a040985cec0d6849fa79f988

SHA1
481ca43e7ba1edbb22c0f050c859970913c6e16f

SHA256
c4fbe4957eedc09d31369d4aa7ebcc9cf896cbdecc884329a9e28b0864acb33a

SHA512
4cdf12531450858cc3434f691690447a26155b06a1e8552c3e8f10fa2bfc99f1523b25ef0a57da3c5c173244e0477f20f6b060f5bfaaf83b5ed2e3448ed5cfdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons\icon6.png

Filesize
526B

MD5
6ac4e97e72d364ae76aecb8749bbeb26

SHA1
e81192d09d9da51cd0a9f3198262802d27f81d27

SHA256
8df8d61781e1aed83da06036e627b62ced2909f93a1dc5b459c398e9facbefbd

SHA512
96b4f12d5c85007aaf4f5a8ac8b4e3b6bb645099abcf0b58d87dbc82913b75a56f3b644bd515eb10b11eb754d4f12c24517e85b30109b9e02b0137d4e91e96ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\images\icons\icon7.png

Filesize
653B

MD5
d67379927dc21cf1fc9fdac18f52159d

SHA1
296fcef19f428dce9ae93a2e3398f65c06dd9b13

SHA256
5c2f82c86e8cc4cd7b7ff2d4a1d712fcd8b13f0f00fedce79069a3b86485d7b7

SHA512
b3a3e1598ea66cc52c7e8a537e748a86b4cdfc26ff7bbad214f4d86e4ffc4fab6d6753b7f67f6189001d4289b54600db7c23312fda53058d83be2ff77b8fe4ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\manifest.json

Filesize
1KB

MD5
7c5a0ed4902b215e0f0878160ca775d4

SHA1
908f7eedbfb7d2608de87200102d0fd44afb7de8

SHA256
dbf0389068d8a25d632a5f9ed93d746ffefd712b21d0765295c68bd1cd996453

SHA512
731baac9aa06180b954856510b55049bf9752b07c3fc4a46c86184e9f62fbde9f9cb43cab460e66117766a774fba97483ef57f5adf74110116e2e811e5a44c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\scr\background.js

Filesize
446KB

MD5
d9e599fc5a43be336ad48f131af98839

SHA1
3959704f7a487690cb850757571e03e071e269d9

SHA256
f77ed58c82b9e7829051dec7274031f031e90a5cb1029c1f765fe8674a9238ad

SHA512
efe2f1df91f7d47ac99b0eb4f18c2d7b879a6584c0ad27f992e528822198a3f44db5895d1b8a8c1a0f931cd286356e8855a9a7f2ba073d443d9dfedbcf410f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\scr\bg.js

Filesize
2KB

MD5
d1e23846ca116000d1192f4fb38b5b5c

SHA1
6e79f3cbbed3fd2321f68aad3e4b69cd07195b27

SHA256
f86bede60b5f8907f19bf9b2341212b1ff72fa1a2f2e5ee45818861def520216

SHA512
13d2056add0b9e265a5483b0438662d3c389d19f30c90db67e1711fa51d09fb4069375ed3d6f7febf46ec78d964b5d49f9b2c67ce970dd4db203c954623349f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\scr\content.bundle.js

Filesize
10KB

MD5
fea528468e60b9a1388633163fed2a91

SHA1
121308e30e678f6fbc362e7a1093f8f10964aee6

SHA256
04999b4e5aaec25b770e0d9f2737cf423b8deb0891f18c39ae295dd255dcc194

SHA512
3db3a19eacbd5a8207abb6e8c52e257077d0efe6dd44055391606b16b6dd93fccae94ec47cb3ff4675e7f4c0a09893727d6a1c72ab0accadef39e50ce91be4b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\scr\popup.bundle.js

Filesize
108KB

MD5
6537b97046fe095a03e662c6c501db1a

SHA1
3c147ac31cb0444792711ea05b346767581aa767

SHA256
3ba6ab46f7f99c6aa54f443da8dfd08e164c896853539670e46c3756aec7739e

SHA512
98a650a933f08ff8db21e870847f8df771ed3ff8b88c169e93fbd1be3068e792e6952f4bfa30737213295e899f0bf2a314c6967fd043eddb6737ee2f94387ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\styles\popup.bundle.css

Filesize
13KB

MD5
f99f7fb67b182dfcc8be8dc2ed238543

SHA1
d57b04c9ea0073773c6590842cf4457744e38de4

SHA256
5c2aece5900a42d696fb9b71a1781d95844676de32419c72ff3e8797453c0947

SHA512
dd804e48481fd89ad33dd7becac452fd050d413cc10aca778ef239a1c899c45f50b692559d5085ed236aa2ca3f4aed0fc45d5e8ba51c541ded8223aa726002b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\win2.html

Filesize
175B

MD5
8d2985587f0ccf5f1fefa0c8e5ed48f9

SHA1
3ebc235440967354444218554e83786dc76a7912

SHA256
4865250de8097ee615ae3a4b0b6ca747aa4b6ed8a246a9e7780b797b00491659

SHA512
5e2d03f31beed4b196129fdf558ab187aa74b5858097e04d0a452fddb80478506ea975adb507957d1486fc636c56ef8274612b71db8bb8656431d8e4d50f6cd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-XdcirA\extension\window.html

Filesize
420B

MD5
94f60afb0d9583cc1b379850f7066a85

SHA1
d8dc54cd759029ae7e0930c10c3be0fc768a9c23

SHA256
8c3e9c5f8baa6224ee6348ddebf768c35193d2d8be9fd9eb00bb9b26de7df4de

SHA512
f3e8e7ccb236494382156ea82adc28dc4314ef904ce683683d0504fd691f87e007c6d143cb7b48620f27257a547ac4529cf4dd196b1dfb6abb7c66fb0c9960ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\LICENSES.chromium.html

Filesize
4.7MB

MD5
114c3fde6de38166ea6ce17e8b05d3c7

SHA1
c4881d878620b9c6fe332054cf62b56b1d8ebb53

SHA256
003d0bba3c5babbad0b40e3ecc1a061dd25ac78a949d0854318a9790f66d886f

SHA512
eb137fa578910ad67ba56469dd4036c8db1c2f8347c0eadf4ed9170341cbbea7d0e566aac88fd16910556a7f9b34fa76136e8aaa24e012ab9c2fc45ec04fff62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\Setup.exe

Filesize
2.6MB

MD5
849b8d771d330258e4bd3d213526c39f

SHA1
4dc9671fa07c533c21d8fb248544469e27e7fa47

SHA256
0265211687eea317141eb22cdc5e23aec039dbdc913c57535f96fa9ec39676b1

SHA512
d703e7d2e6916612a41f5d4e5e6a7f41d5bfddd0cfe9d998b0e71c91b44ffdb41a641031c6cdff0354c7c157ca2e205c325c6970e49927b51737b9b250b1deea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\chrome_100_percent.pak

Filesize
138KB

MD5
9c1b859b611600201ccf898f1eff2476

SHA1
87d5d9a5fcc2496b48bb084fdf04331823dd1699

SHA256
53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b

SHA512
1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\chrome_200_percent.pak

Filesize
202KB

MD5
b51a78961b1dbb156343e6e024093d41

SHA1
51298bfe945a9645311169fc5bb64a2a1f20bc38

SHA256
4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9

SHA512
23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\d3dcompiler_47.dll

Filesize
1.2MB

MD5
2a0c5dcb4f78774f2ffe7051e05d1dca

SHA1
edee1782eeeb0261b0ed81241bbc524fc80c22aa

SHA256
5e2500d8546f259a2ccab45bfd5254513d7095bc3af9513207f096c912563dcd

SHA512
c6ed392c3571793180a345e7fb806fd0b3ab1b23e88a6e2fd5c4f0dae1ef9b4c946a0bb8b7fe5a1a2da53df16fdefc2184b53dab9a6417c1e7285d59d00c3e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\ffmpeg.dll

Filesize
320KB

MD5
59cdf772a3d9e719748fba6f314094a1

SHA1
ff418aa465a53530b9f0b0a744e0215bba5ba749

SHA256
de6a4aad21e67ec489652e1c3a64f1f365f20d40a339f9df5334dd643e297e29

SHA512
bfaeaa61d6a1c76a4b3559b4e3e5cf9ae640ecd6792075b630eb119dc7cb0de6cb163bb6788f4a060cf13df15d586c7bfb3b88a4b796d92e2ef949657f42f7f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\icudtl.dat

Filesize
149KB

MD5
82daae660b538f374f24e291ac6b4b53

SHA1
ff85347897b58d7bc751e5b18cffc807f7cf3145

SHA256
1cfab72d47aac1641e0b8c214cca52309d1e5390f0329b4f1454dc5e392f70bb

SHA512
240417e6b43cdf3734dc212a1bc72494ee339a442bcb83fd5698d8bca87355693982890badd5ac2949df1c7eae497596c43edf0214c71d5570b7d4c9bf5346ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\libEGL.dll

Filesize
437KB

MD5
3412c0fbadf8fabe8a675718ccaa8bef

SHA1
fb57c24800c84ba268e91f68efc07bb2b6492e50

SHA256
98fefd22a29c37a55ceeeedabd4c9b34e777102d0f00fde51d4c0b166c162ffa

SHA512
7309e243ffee43a750c27c6c19327508e5401c4a17f0c84968d32faf0601cad3194289da89733aed63b198f36813d5d53cf0fb9b8894cd2b73c4573f0738fac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\libGLESv2.dll

Filesize
5.1MB

MD5
a0fd0ff5ae5aa47f6811cd895a81b8da

SHA1
ec1be88559be40c89dcdd3758cd6ae0faea90ade

SHA256
394c31f2a73e01220715d06cf5fe9453e8f24cb06dc5f8d000c38eedbfee21ee

SHA512
7ed6fbc39f656faa3ceb986f50a6737268ce726059ef072eff707e62a2ccf1741230444d93122ec60cc9a6312fc0b50156a3ddef4c9203d9a0ed065b9d1d36c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\am.pak

Filesize
175KB

MD5
e18a450ef034b42599341c3d09f280f1

SHA1
2001c8a85904962ac3a96938eccc69ad2c110fdf

SHA256
7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da

SHA512
ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\ar.pak

Filesize
181KB

MD5
6f3e791b4d35ee7d9515614d128752cf

SHA1
181ec3a84fb3e89336d77f24f562a2cbe07619d8

SHA256
e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60

SHA512
3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\bg.pak

Filesize
196KB

MD5
5ba0c7200362c9ed55610cc8b66ef53c

SHA1
d45239c2f1b00885407771a41a7776fc1fe8fa3b

SHA256
2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7

SHA512
6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\bn.pak

Filesize
253KB

MD5
47c95e191e760dee3ef43345577e2379

SHA1
609634315270a91d4ec631642b18bd0036367aad

SHA256
ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7

SHA512
46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\ca.pak

Filesize
122KB

MD5
423651c45566cd90ea5edd8631e823b8

SHA1
13bed4173a08bcbfefba034aada3d838eece6d16

SHA256
7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414

SHA512
e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\cs.pak

Filesize
125KB

MD5
3cfd9dc564cfcc33cc5524711365c376

SHA1
2e5016d2643017f37658262122974429f18625a2

SHA256
8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee

SHA512
6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\da.pak

Filesize
114KB

MD5
55a8f5883805a65c854d25edb3959209

SHA1
d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268

SHA256
e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb

SHA512
4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\de.pak

Filesize
123KB

MD5
b73344e5a72fca6f956dbab984c123ba

SHA1
0561073aa40a63a9ce9930dd18b18e12ff139b2b

SHA256
6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b

SHA512
e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\el.pak

Filesize
216KB

MD5
38440b98bfdf5ed496da0f49d59534c0

SHA1
1498d9207ecaf4923a47271e24c68a817041c82e

SHA256
b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f

SHA512
95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\en-GB.pak

Filesize
99KB

MD5
52e2826fb5814776d47a7fcaf55cb675

SHA1
51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b

SHA256
83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454

SHA512
69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\en-US.pak

Filesize
100KB

MD5
0bb857860d8c9ab6d617cea5a5bd4d00

SHA1
351b744d95846bff2ce5f542fec2e87439aa0f8b

SHA256
5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816

SHA512
33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\es-419.pak

Filesize
120KB

MD5
b261b1efe945365588befdf68879040f

SHA1
616f44a5f73f0449b483f36ccf831db6474a10d2

SHA256
1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4

SHA512
9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\es.pak

Filesize
122KB

MD5
2f11136d6b5aae996d7f4b7f56f39970

SHA1
6aea3b6f0d5f1a283c34034569a9fc65dbc929fa

SHA256
a827e2defd5d20c3332260d498b81ab35a1f8458ff0fef236f0ffc3e983397c6

SHA512
6d3d7e00afeaaacf3b055e9a416b2d033d5982f50c4ae7b8b0d0f4637c98d0004895f4e5639c1d1e9897df0f67bf0008138669410742e5fe4d56cbf88e49fb5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\et.pak

Filesize
110KB

MD5
c76db3385190c6840315c4497e40258a

SHA1
34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46

SHA256
e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f

SHA512
90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\fa.pak

Filesize
173KB

MD5
6458a239e994d8d18315deccd35389ed

SHA1
75c985f43503a6c44645786d46639a6b555ae163

SHA256
300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34

SHA512
3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\fi.pak

Filesize
112KB

MD5
cc592d91ce8eabaa75249cb78b889376

SHA1
f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac

SHA256
b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20

SHA512
58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\fil.pak

Filesize
126KB

MD5
40bddaf97f64dfea9ebafc7f82166f80

SHA1
90d1fde3c0b27d2184f0353991259c2a92c7820c

SHA256
39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2

SHA512
d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\fr.pak

Filesize
131KB

MD5
c3095ce1e88b0976ba7bef183d047347

SHA1
b14cfbf6e46ac1f189595fc09660178525301138

SHA256
66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272

SHA512
29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\gu.pak

Filesize
245KB

MD5
63a7fdc4eadf8ef1c35c72468a0ce33f

SHA1
e8d064f0e9c8a6a8c6ccb036711e292d011d9466

SHA256
e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c

SHA512
0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\he.pak

Filesize
151KB

MD5
6a02a37e1ca3215fa9ee0e1b0fbcf5e7

SHA1
89a8a126c0bbf536ac58e29fc50e045fb1b88220

SHA256
f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986

SHA512
6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\hi.pak

Filesize
253KB

MD5
f38367dcc09779c27a7b24a8b8d9e3de

SHA1
d50fb715f9de8c613330d451619404c0a16dbff1

SHA256
62aa4fe12b03a7940bed60dc17764c7e413236f078879f984fcf56fc6fd682b7

SHA512
90bca68b224249df6314934c1ab488aafea5f2d002dcbf4ec7c5ca8bd118ee619b9ba16e795394f39e9391f7f94b493846f09ec524359a009b5633bec6528154

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\hr.pak

Filesize
119KB

MD5
6f92235e6ba003af925a2d6584afd27d

SHA1
3ceba61e9c2975466b6244188f5ea72aaf042fc7

SHA256
479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840

SHA512
82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\hu.pak

Filesize
129KB

MD5
71d42cb22d2d7a8b26c4514ab12df3aa

SHA1
cd0307503a7906f1742d1e98fc816959319c2171

SHA256
b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6

SHA512
29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\id.pak

Filesize
108KB

MD5
e40cb2f3b4db379e4d187aeef0dfd300

SHA1
537b1ebc615c980c89bbe2b9e91a11199fa7d6a6

SHA256
3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5

SHA512
b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\it.pak

Filesize
123KB

MD5
5aa225aad4f9fe6d05ec24905a827d88

SHA1
f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22

SHA256
96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab

SHA512
3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\ja.pak

Filesize
143KB

MD5
833e8c4aa70351b6be7bd403e4e9a0a7

SHA1
46ccdbdea35deec8ef13a5fc833776875fad187b

SHA256
74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0

SHA512
e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\kn.pak

Filesize
277KB

MD5
5115cde84b4c674db412619b65433004

SHA1
164f33e7e2e9f685a579da492a6fc8806beb6cbf

SHA256
891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7

SHA512
090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\ko.pak

Filesize
120KB

MD5
d6e2c18c9eabba59b50d147d942125ea

SHA1
0918879203c2050b4f9f449f5616e430897ba0b9

SHA256
f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76

SHA512
f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\lt.pak

Filesize
131KB

MD5
2d4fca437a7548893dc4b51fa5b33c33

SHA1
c1493013d7d981ea9223716e415380992de65c2f

SHA256
776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769

SHA512
b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\lv.pak

Filesize
130KB

MD5
264c6e20b3088ceb4dae5773cef0cb55

SHA1
fb6ff83ff14df008092bc3ee73bda7491e8e090e

SHA256
a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda

SHA512
01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\ml.pak

Filesize
292KB

MD5
04b2540c25990a5e0a9b227dcce6ae0d

SHA1
4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e

SHA256
556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661

SHA512
4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\mr.pak

Filesize
240KB

MD5
f22c99fe6a838e333e8ee06a4d01296b

SHA1
c3542ea8dd45a2b387dd02fa5687948f135e10f2

SHA256
b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911

SHA512
882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\ms.pak

Filesize
111KB

MD5
6cfadaa784e687e6dadbcd80e631bc9b

SHA1
481acb75f525055bf4e45ecabe0eadcb9c492106

SHA256
fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71

SHA512
0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\nb.pak

Filesize
110KB

MD5
b61e42f66d581b6a8929cdf5fb10662e

SHA1
6f06fa9ee092fbcb61bbd668734fb3b92cfb549a

SHA256
1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e

SHA512
79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\nl.pak

Filesize
114KB

MD5
cf6b1cbfd669e9461553974ba37a475e

SHA1
b33867e9bc7fd88ca98a76dc4bd756bcf18887aa

SHA256
9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864

SHA512
e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\pl.pak

Filesize
125KB

MD5
644c0ace25d6e532b56510a736c6bc2c

SHA1
1bd0fec952107b493da04c46423da634ff3e1504

SHA256
2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7

SHA512
9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\pt-BR.pak

Filesize
119KB

MD5
88ad860c73676ffb4025b5c691f29942

SHA1
3c5e5b999ea7153ccdd1b4cc7b6162de3456b558

SHA256
25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e

SHA512
41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\pt-PT.pak

Filesize
123KB

MD5
ecd84b296d3bb312ee18e21017311986

SHA1
f5625523f85c10723750834a54ff59a2dd886fb3

SHA256
fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94

SHA512
e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\ro.pak

Filesize
122KB

MD5
24b01a438a3ab9699d4ca97c081b5e82

SHA1
0d0b082544d23425a74199fb0a6c11192f0bdf7d

SHA256
38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca

SHA512
43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\ru.pak

Filesize
195KB

MD5
75457b95d2bb03891232dae7db886387

SHA1
e5a7569df7f91533703626d167ecc8cddbd27205

SHA256
e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6

SHA512
9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\sk.pak

Filesize
42KB

MD5
7f4577c352bf8d6c491e4d79ead74cea

SHA1
ef5e38a7e32e39613a520765bc0e532307ac3a9b

SHA256
f8873ab5c34920f8036b31d1e7e97a4ef82e824e5f5721aba734b9b387507a84

SHA512
49f8edee33e45064a4d6cb27fcc198f4e7dfaabf159b7fa7cbbeb848346bdc9bcfebc8c3a64ced2bfc67bb98af7a0cfea6fd66f1ebe2893e7c97a86a126f3c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\sl.pak

Filesize
121KB

MD5
e015b6f5042be2dc96a4e23dcf035502

SHA1
7946509eed8db1e4c1f3da99ffe7155c86fdb4d6

SHA256
99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4

SHA512
b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\sr.pak

Filesize
185KB

MD5
af7083f2a4bd95dcbe792efade352662

SHA1
dc69aa831836016f6e66c6079931503d534a7862

SHA256
e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd

SHA512
342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\sw.pak

Filesize
114KB

MD5
99e385ebc1ef8d3daddb3a171fa79edf

SHA1
3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1

SHA256
8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01

SHA512
797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\ta.pak

Filesize
290KB

MD5
31dada843d0b4f9a66b184cb6d7b8b92

SHA1
0320b31981043c6e4c17470bf2ff4c7488553511

SHA256
457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b

SHA512
c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\te.pak

Filesize
270KB

MD5
793a87d41cde6e6d1bb086284f69733b

SHA1
d887e3842b664f55b7308427aa6f5bf0b352d879

SHA256
5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255

SHA512
7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\th.pak

Filesize
227KB

MD5
43edd25f67ce6e6cea5373009ff0a1f8

SHA1
ed72ca6620cf23837e1334be50ccf616806bc5a2

SHA256
287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0

SHA512
7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\tr.pak

Filesize
117KB

MD5
40491896ad21543f339467186c5efb40

SHA1
695dde7cc35056dcbf0a533aff8299d4c6b61bd8

SHA256
43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa

SHA512
18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\uk.pak

Filesize
198KB

MD5
f7cb65c30ed422de5aa691413168a994

SHA1
c14b44231f057bda8eac8d312eae001f8c34d1ce

SHA256
fc375516f856dbf8a6000fe54467dc6ea6f4d5bd3ca8ddb93274c41fb869f797

SHA512
bc8d852baf5b8de7ccfdcdac05df7beaa35b72b027d8b1915a1746bac7363473bc8a70986a4fb5353d10d0e8804263916fbfd8c2932465949878d20ed1dbb8e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\vi.pak

Filesize
140KB

MD5
69c8796439192577f48bd249175aaf37

SHA1
97c52088ca69dada593db0e42b2135d264646454

SHA256
d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2

SHA512
65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\zh-CN.pak

Filesize
101KB

MD5
098d656a4f4bd8240bed10e7678186c7

SHA1
0c19ab62b4262f1b51558e8aaa79e7741f73393a

SHA256
a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7

SHA512
084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\locales\zh-TW.pak

Filesize
101KB

MD5
029fa66683685096fd55192345222d03

SHA1
c49fd292595555e99e108b88d0b43f68a0fa6564

SHA256
bd4f963a6315f4f9670b1d9aab65ba314ddddcd4d201c931190b16a3ea2b4436

SHA512
7070c00208976a4a1d10a3e88214681a6bbb4900573b33814c56702f828c0db8b9b3629bf145f0eedb81e8d6b2fad2e4fcd09c43f9d20dc571d34a56446102ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources.pak

Filesize
4.8MB

MD5
ab74478262c856d1e2595faa1802eb29

SHA1
bcc6b4f1ef7022ccc9d1d3912c9e388966611f49

SHA256
f9ae7dbe8191d943ddadf2cc113cdec83458665cef07cf8541009f82f9aa8e03

SHA512
b9e371d4afdab9eafa6447fc483de9a7a131badbe2e9d4756682ea8f518c08040441d30c8443152a05482088fdd42a4d1fcc6940532a996e81ee93e7931bf354

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar

Filesize
4.5MB

MD5
d79c3cd14181d4e62a36cd184b3e783d

SHA1
3be5ce6a60fe0e4f44da92995b953f58a96c81f1

SHA256
1328f59cd76a4cd4e49393859c8119029cfb08acc36d31fd71ccd3912535df84

SHA512
25020346f65389b73eeab7a71bbba6a5975e915ed44767e59522ecf6ddeaf8bb6b4f60e86bda6fa3d9676d390fff3ab8468a2d29446d3c30ed728482c8b777b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\LICENSE

Filesize
1KB

MD5
b87aed05aac36b36d87be98309779793

SHA1
eeaf2430cbadd5b0c24d636725211ddd7d71c662

SHA256
68bad23b0c3035bfdb255406410d03097dc08b0f6d59f9858497d276cd953ddb

SHA512
acf7b4a93d590041dccc81c25246bcc50b20f48b3000e7790485db765b579bb64c5cd57ab4395ff09fefce0a974792163bd9f3da525b8de4af65ce15b8f28dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\api-type-definitions.js

Filesize
3KB

MD5
129e5004e0ed840ab3b24186cdd4f69b

SHA1
51f51579c886db83fe644ae2cac21703b5d0a54a

SHA256
a619729f84e068513ff1404465de35472ad41bd3b600633dc2f3174b477080c0

SHA512
f6be717157cd8ebf46d1a1ca5846c5e89ea2e5e391d858f9d1ad79540e4b269a1517f75542924793b8cf6c0488060ca128f5906e0204347b0117e0c7484d9320

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\index.js

Filesize
1KB

MD5
205563f976ffb7fd7c60fdccbd7794cb

SHA1
a9cbd89014771bd437ae84b743ce49fed48b86df

SHA256
b2735872b2a36b0b017b1a5fce226370d6836ec066316a0e559a2c118e0cfe49

SHA512
75ea5f90636a43ec56506cb732e4e7c4290cc8d9480adf97b6ddad2ab2efaf0dc19f5020e31fae44a2ae62e596ef8e34deb1481c9a33aa8d6e7d3651d90b9609

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\package.json

Filesize
1KB

MD5
8a4ecbdf0d7058f5ef4429104dd1759d

SHA1
d2d07582927f64747122d0d3abfc237e412495ee

SHA256
dfe0f59649ec2ab079e5f3e6925e96803541be5da2d5b71cab552edda5f4501a

SHA512
81f4a8145295e7ca33caa126a672a0c4b77d30ec43133a4dd94f3161d6b1a382d5fce0feba6ba8e9e2018f06e7461722aa9f25ebd9d9320a068c0c7ad4ed1de7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\helpers.js

Filesize
3KB

MD5
a5c7f3db1c46228f30018c2787572f74

SHA1
2c45d98220089aee6eae4674d7772fbeb1927f3a

SHA256
872ba81a1d5926e66a14423d4ff7b35e3642e01e400ee0959993a1bb479611fb

SHA512
30cf7ca7095a4fef898ac16d081c004ad2cbab3211cda1f418a8c5a683a2455fce36d900d1c8bf7e12d6636cc1d22dcc1f8646d14daec76706ec7a608d9757e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\library.js

Filesize
8KB

MD5
45bcb7f9665f0111f8947654e9097edf

SHA1
d98c686dbf437f02c79c9ad20dd1f2182adbd3a3

SHA256
ab50347312ed8b0e1f8998facc59620527a54dc80affbf2515dba109b00f88c9

SHA512
2b3a3c533b90016825c81a3dc9044fe6b8e83965deda674a3c3a894af7bfa0e2b72d6fc6188f682290642f690b25123aca5fd4126328f768b143d412f29b409e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\validation.js

Filesize
23KB

MD5
b3622888d64c18f4bc45fd57545f7011

SHA1
82220d864473a7c157e74a33fa58be817582e6f9

SHA256
0d5f434d82f6d2a1990fe475dc24bc42f1287b494869a3b39dfbee3c1d1fb1c6

SHA512
0e1ebdc4140070f86a5210461c2e425ec7423207e5c7eac4be2bd2524bfb7d217ab820dd3b58c67f7a8dc20779f0bb56f744848d43b18a4570df35b9ba5ca5be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\windows.vbs

Filesize
1KB

MD5
b18daa53f25929438a549ef5cef114e1

SHA1
8d08853cb9286b6f6efb9e2a403bdd1a9a7bf5d8

SHA256
1529bc4babe8b8f81945ec965390fe68e1df8ed806b492e878e910b1ef4e71d7

SHA512
a53c251cbfd4a8dbe6e8cb6ccfcf2937fd2295a49a388f0db412f6cf5a87a05b33965350c55860f7e6f7768b1f14dad9710017e62feab8bc695aed12c445272d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\bin\node

Filesize
34B

MD5
c0d2abf7d3fd5f932c06adf2d80efdff

SHA1
54d79709bcdab7157cee429192158de6cfe6f635

SHA256
1ac4ed15b141fd4e8684a12aa79f3c446df0bf41c237b83825170508c8843cce

SHA512
0242391b5b671c7b0533fd819c8775a5a3a739012d685552d86ed284468e1b5e4c4834116beae80c919393d4242f7fad21006295714530c1a18420100e564954

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\bin\node.exe

Filesize
2.2MB

MD5
e6650e6bdb6418eaadb52354b665546e

SHA1
cf6b1ebbf623ee4bbf9bfb1cbac96c4b9a617448

SHA256
cdc1f1c3d67c54cd3ad07c8a84be026e5426cf23c1f21ed300be08ada9dddc18

SHA512
a8d8fea91fafbbbb641e8c2322e7cd0bee96b1c2dcbc2eabba620e23c7dad30a5d189119f56223fe30589263306a0d1b2ebdb16a6f3c47b84dd2377d637afae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\installArchSpecificPackage.js

Filesize
44B

MD5
c866a4c96aee99d0a42d8901ff6d4884

SHA1
185ceafd2e21a7b7f8c899767d1be1240a51ad38

SHA256
0cf2f8df7555a24f45bbfc8de7675867e00ecf6049582b3242aa62b3ac77e9ed

SHA512
9f2c9b47526589c59e9d4e1ae134ea620eb96c5ee8ff9484a7e3f71bccd9e3e3ddae71680b1a53f12d28030d453f4722531432080294ec85194af206a6215319

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\package.json

Filesize
460B

MD5
b3669ef5330a4151f2640b4732048163

SHA1
3c8451d4d40db6a0ed8daab7d1f32ff1381416bc

SHA256
9e732c7553077105e7a2cd73124bd6fb890bffe2bd2ff620297f04a1ddf5a1d2

SHA512
142bc847988474406852cdd3dc9f648043bf7290ba9d41e694c45d39b0f767887c931d71d9e07ac8a3203c0e57a3c91a9b0b77103af07b09b69c5006e20b42bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\resources\elevate.exe

Filesize
127KB

MD5
41ab18902435bca98f8ad33695990365

SHA1
f840e1f29c48687777b996978f62b08b20fa3f79

SHA256
c90000ea659cef04795810e574eafd370f6a18b7b918724e9a416657ee3a6692

SHA512
d99fa89aa906b143f7168e0967ff91436e7c46ab55efc245fe3230652af27cb98fed7fc3fd904d7808eed7d510e433cc4aae7758399bd18ad2e49e99b17b637b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\snapshot_blob.bin

Filesize
342KB

MD5
c9ab741bbef53fa0e84952b8891a5f5a

SHA1
e2dcb8d034e07243537c86371de0c52bce62cee1

SHA256
4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4

SHA512
177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\swiftshader\libEGL.dll

Filesize
450KB

MD5
0494ae645d81023ed69bacf4a23f51ee

SHA1
ac7b51bc102ad7b3b408e4038f42ca74cb6e4a7c

SHA256
2316524c8da04a9f31c4ef811e35e9554178b123da7f682ccb6bfe396ee80662

SHA512
5dbebb4ac4d3cbce1deffe70b37d5a26ce1f85dcb07062af2ab2b5cfe1871afdcf4715112467623047bc7130d6a7fff1467980fe1ccaad601594aa7aa7471ce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\swiftshader\libGLESv2.dll

Filesize
2.1MB

MD5
564a1ec2b954e56119a4ccb2a4601d6e

SHA1
95105829d2fce86370a247bc30f62f11d0711a8d

SHA256
b3c2d24d82687ab1e8b0ed7dd3eeaf046c9ce91cdbf5969a1eb16a3eb389c0f0

SHA512
ea5b48807364cff3dd1d2227556f1b1ea7664d31392b9585491507011fe1cf5a3aa98ee68ce4792fb33bd710b9f78afac56a900a48ac4c4a3b95ced53e6791a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\v8_context_snapshot.bin

Filesize
656KB

MD5
47014c0f81bad6d216c617c9c63bf040

SHA1
7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf

SHA256
e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178

SHA512
052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\vk_swiftshader.dll

Filesize
1.6MB

MD5
379b40a277d94a1b634417e6fbcb3cf0

SHA1
e384bc261f92e0c2135853f5861ef02520cf9646

SHA256
720756fea450b140c74278e9d13173eac4e15923a34b454575bdbcf670b235d0

SHA512
ea45293a785047b2567cb441305211da421a81fcd418cccce3ddda40d7a1bc23d67cdcfb32bee787dd029d86289bd02ac52b16ec9a9380dba6b987c606369c70

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\7z-out\vulkan-1.dll

Filesize
819KB

MD5
c3c954ddb80eccc79d893f0294f626a9

SHA1
08de93cea7a914d7e1967001b3d30c094a1e30eb

SHA256
115e837e4c2f0df5cbf527b4a9b8d1286a6508d1ccd124653b211ad394082fcd

SHA512
85ea828aaf5357ab46a94a2380496364a0a1d8c466a174eccb78c54356d206db9da46ac2117fd9b5f5925f8a94fccd65e001e119ae46e23f9dd4ab5b8cac4cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9FCB.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\com.torrent-launcher\Local State

Filesize
389B

MD5
f2963bef49f7ac08fecc7c3a573260fc

SHA1
1985ea92ffccb25d5c3f689b11f42fba34977fbb

SHA256
fe5094b1f763290e30a9f1be31a0ffb0ef95dfe74e16230def1920768ec7b1b1

SHA512
4fe5d2f28a81fe2156b4094ae46b27196109873ce848700895b5258f281bc887c132d3501565dff806bbfe070711effd3712cd2be8026fcd58529e330913a1ee

Download Submit
C:\Users\Admin\AppData\Roaming\com.torrent-launcher\Local State

Filesize
389B

MD5
d7caeb23c9d91c7793d66abb5efdbe78

SHA1
6f1160d9ead80081f29cc3a653f12baa023e0722

SHA256
8b11ae4730759bd7275bf3f1025043f34921ebf69931a0ff285548d5461a7eb4

SHA512
0c091ab70a745109116314dcac23e80291e55dda63f0148f2785a451ed36dfa72c9f4bcf7cea29dff0afd0eb91e98b955c8c0f93e4021aa5801e13d951c838b1

Download Submit
C:\Users\Admin\AppData\Roaming\com.torrent-launcher\Local State

Filesize
389B

MD5
510bb9bd01b1ab0e7318ca089950cdbb

SHA1
0076e3ad3484be1f85b7ba04d6de07d938b56ddb

SHA256
698e1929c126362e9e16b158d80d7b09ac49d3f860896da26db462ae78018902

SHA512
c28bc33d395220352c65caf095e8cf46626bf789d2e1cb42099ea533728d15e4000633a51fa2468e0d61fd99be63dab68502f3cbb1aedc1e3c2a8953fc078629

Download Submit
C:\Users\Admin\AppData\Roaming\com.torrent-launcher\bs-list.json

Filesize
383B

MD5
6c3f179a71558c1fda690a45da0616ac

SHA1
e893a35f1c14d3ebfb407cc75942eeb9ae63d3e4

SHA256
d940ab2b95f07084d2b9c1beff8c65bf850ce48018f536c62cf9a6cce155bce1

SHA512
80b8432e8e558abeb3891711350cd5d8ac64495020bc886ce899f1b2d89c6b11a9e2f9768802ef5ef929b9f28d633abc681721fd4d2c98aecbfff62c5a133393

Download Submit
C:\Users\Admin\ex-list

Filesize
3KB

MD5
0e77c8f1b4d0261f1f25a1727a497112

SHA1
301b8a7f04a3b25717938a3714a461a2f8658892

SHA256
8fa9518d46d5ed9a1f8bed1c00bacf1fa8cfa01d054b548b64dd015f879340b2

SHA512
52f2d4a44bdbf1093fbceef655f0d7a177ed881712cd87f13a0b750bf7e325f0954d0750e3dccad47b1f6af1fed7027bc0bbc4a2c00b8485cbab43d0c8c1ddaa

Download Submit
C:\Users\Admin\ex-list

Filesize
3KB

MD5
518a1718fd658980a6d17c4798b49db4

SHA1
7bdf479e945617f50a8a093a006b336eadb84849

SHA256
ce653293f9e73be21bf6c0657a63d4d45776740790fafabcc1cc5119ab3556a9

SHA512
f2333702d4ebaf8f62e4bd030baad14bba056f3ec2972c1867c254752df4e252aeb6ec546623fe708e25abb1c0cd3e589a01d33a4c1a369fcdf536c597bc9703

Download Submit
C:\Users\Admin\ex-list

Filesize
2KB

MD5
767e253eb96d0348bfd8a46e72418931

SHA1
d36560da34ec569eb57ae462c21a6827eb807f27

SHA256
4b04798616782b0b6c266c3404125bbf0be33d1835cd7623c99da3310e8139b0

SHA512
c5f4edcd22ab4047d2398ab0a60fad3c899dd1efbeb19c985d5449d7c0f17a2f566e5de8a2f4ca1b8848e567eb2eab192336065e70ff11b24e75a41fcd3b21a3

Download Submit
C:\Users\Admin\ex-list

Filesize
1KB

MD5
15a27560f248935b5c3dbee5dfa6fe1c

SHA1
cb08e970b1967525afa5a8428b62c3b15dd61e62

SHA256
28324cc9d042897ffda0c0a7b3a011bfcb14d6ab58cd73aba3f877c2dae69e1b

SHA512
cae2a84d0812d15021629b54449ee1e33cac1d03115f28e808a2e51d6ad58036f012eada289a21e17f23a324232a5f9f044b28c28bc377ef72e3f75ff98da718

Download Submit
memory/1372-792-0x0000025DAA6D0000-0x0000025DAA87C000-memory.dmp

Filesize
1.7MB

Download
memory/1372-638-0x00007FFA2F300000-0x00007FFA2F301000-memory.dmp

Filesize
4KB

Download
memory/3936-1210-0x0000023226190000-0x000002322633C000-memory.dmp

Filesize
1.7MB

Download
memory/4696-1219-0x000001D3EF020000-0x000001D3EF1CC000-memory.dmp

Filesize
1.7MB

Download
memory/5044-1216-0x00000189B5090000-0x00000189B523C000-memory.dmp

Filesize
1.7MB

Download
memory/5648-1223-0x0000023585100000-0x00000235852AC000-memory.dmp

Filesize
1.7MB

Download
memory/5864-1354-0x000001F0A04A0000-0x000001F0A064C000-memory.dmp

Filesize
1.7MB

Download