hxxps://www[.]mediafire[.]com/file/hcxxrydfrejiljq/Geometry_Dash-Oyunindirvip[.]zip/file

Analysis

max time kernel
344s
max time network
346s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
28-04-2024 19:12

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://www.mediafire.com/file/hcxxrydfrejiljq/Geometry_Dash-Oyunindirvip.zip/file

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 12 IoCs

Processes:

Setup.exeSetup.exeSetup.exedata0.exeSetup.exedata0.tmpcls-lolz_x64.exeGeometryDash.exeGeometryDash.exeGeometryDash.exeGeometryDash.exeGeometryDash.exe

pid	process
1768	Setup.exe
1020	Setup.exe
2492	Setup.exe
4596	data0.exe
1576	Setup.exe
4996	data0.tmp
1932	cls-lolz_x64.exe
5912	GeometryDash.exe
6872	GeometryDash.exe
1596	GeometryDash.exe
8408	GeometryDash.exe
8200	GeometryDash.exe

Loads dropped DLL 64 IoCs

Processes:

Setup.exeSetup.exeSetup.exeSetup.exeSetup.exedata0.tmpGeometryDash.exeGeometryDash.exeGeometryDash.exeGeometryDash.exeGeometryDash.exe

pid	process
2944	Setup.exe
2944	Setup.exe
2944	Setup.exe
1768	Setup.exe
1768	Setup.exe
1020	Setup.exe
2492	Setup.exe
1020	Setup.exe
1020	Setup.exe
1020	Setup.exe
1576	Setup.exe
2492	Setup.exe
4996	data0.tmp
4996	data0.tmp
4996	data0.tmp
4996	data0.tmp
4996	data0.tmp
4996	data0.tmp
4996	data0.tmp
4996	data0.tmp
4996	data0.tmp
4996	data0.tmp
5912	GeometryDash.exe
5912	GeometryDash.exe
5912	GeometryDash.exe
5912	GeometryDash.exe
5912	GeometryDash.exe
5912	GeometryDash.exe
5912	GeometryDash.exe
5912	GeometryDash.exe
5912	GeometryDash.exe
5912	GeometryDash.exe
6872	GeometryDash.exe
6872	GeometryDash.exe
6872	GeometryDash.exe
6872	GeometryDash.exe
6872	GeometryDash.exe
6872	GeometryDash.exe
6872	GeometryDash.exe
6872	GeometryDash.exe
6872	GeometryDash.exe
6872	GeometryDash.exe
1596	GeometryDash.exe
1596	GeometryDash.exe
1596	GeometryDash.exe
1596	GeometryDash.exe
1596	GeometryDash.exe
1596	GeometryDash.exe
1596	GeometryDash.exe
1596	GeometryDash.exe
1596	GeometryDash.exe
1596	GeometryDash.exe
1596	GeometryDash.exe
8408	GeometryDash.exe
8408	GeometryDash.exe
8408	GeometryDash.exe
8408	GeometryDash.exe
8408	GeometryDash.exe
8408	GeometryDash.exe
8408	GeometryDash.exe
8408	GeometryDash.exe
8408	GeometryDash.exe
8408	GeometryDash.exe
8200	GeometryDash.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

Processes:

Setup.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nepahehhheieplaoeilefnfhbiblcfej\15.23.2.12_0\manifest.json	Setup.exe

Drops file in Program Files directory 64 IoCs

Processes:

data0.tmp

description	ioc	process
File created	C:\Program Files (x86)\Geometry Dash\Resources\sfx\s2235.ogg	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\sfx\s2271.ogg	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_169.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\dialogIcon_013.png	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_31-hd.png	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\bird_59.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\ship_131.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\spider_62-uhd.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_116-hd.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_144.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\ship_162.png	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\PlayerExplosion_06-uhd.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\ship_156-hd.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_ball_00-hd.png	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\ship_166-uhd.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\ship_49-hd.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\shipfire03_009.png	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\dart_06-uhd.png	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_ball_89-hd.png	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\chatFont-hd.fnt	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\bird_50-hd.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\dart_15-hd.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_335-hd.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_ball_68.png	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\gjFont02-hd.fnt	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\bird_39-uhd.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\robot_31-hd.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\robot_54.png	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\spider_65-hd.png	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\swing_13.png	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\ship_70-hd.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\levels\10.txt	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_191.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_342.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_459.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_ball_13-uhd.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\ship_05.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\ship_153-uhd.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\sfx\s2974.ogg	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\ship_65-hd.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\slidergroove2.png	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_452.png	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_394.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_ball_25-uhd.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\spider_67-hd.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\songs\10003129.ogg	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\groundSquare_09_2_001.png	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\robot_32-hd.png	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\robot_52-uhd.png	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\bird_114-uhd.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_132-uhd.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\spider_03.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\spider_34-uhd.png	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_68.png	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_247.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_248.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\spider_51.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\swing_30.plist	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\dart_25-uhd.png	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_178.png	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_219.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\icons\player_ball_77.plist	data0.tmp
File created	C:\Program Files (x86)\Geometry Dash\Resources\GJ_ShopSheet03.png	data0.tmp
File opened for modification	C:\Program Files (x86)\Geometry Dash\Resources\icons\bird_03-hd.png	data0.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
6792	5912	WerFault.exe	GeometryDash.exe
6596	6872	WerFault.exe	GeometryDash.exe
6900	1596	WerFault.exe	GeometryDash.exe
5148	8408	WerFault.exe	GeometryDash.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery
T1057

Processes:

tasklist.exe

pid process

1472 tasklist.exe

pid	process
1472	tasklist.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

3512 taskkill.exe
3512 taskkill.exe

pid	process
3512	taskkill.exe
3512	taskkill.exe

Modifies registry class 2 IoCs

Processes:

MiniSearchHost.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exeSetup.exeSetup.exemsedge.exedata0.tmpmsedge.exemsedge.exe

pid	process
4832	msedge.exe
4832	msedge.exe
4624	msedge.exe
4624	msedge.exe
904	msedge.exe
904	msedge.exe
1932	identity_helper.exe
1932	identity_helper.exe
2492	Setup.exe
2492	Setup.exe
1576	Setup.exe
1576	Setup.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
4996	data0.tmp
4996	data0.tmp
3200	msedge.exe
3200	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 52 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Setup.exeSetup.exetasklist.exeWMIC.exetaskkill.exeWMIC.exe

description	pid	process
Token: SeSecurityPrivilege	2944	Setup.exe
Token: SeShutdownPrivilege	1768	Setup.exe
Token: SeCreatePagefilePrivilege	1768	Setup.exe
Token: SeDebugPrivilege	1472	tasklist.exe
Token: SeIncreaseQuotaPrivilege	5636	WMIC.exe
Token: SeSecurityPrivilege	5636	WMIC.exe
Token: SeTakeOwnershipPrivilege	5636	WMIC.exe
Token: SeLoadDriverPrivilege	5636	WMIC.exe
Token: SeSystemProfilePrivilege	5636	WMIC.exe
Token: SeSystemtimePrivilege	5636	WMIC.exe
Token: SeProfSingleProcessPrivilege	5636	WMIC.exe
Token: SeIncBasePriorityPrivilege	5636	WMIC.exe
Token: SeCreatePagefilePrivilege	5636	WMIC.exe
Token: SeBackupPrivilege	5636	WMIC.exe
Token: SeRestorePrivilege	5636	WMIC.exe
Token: SeShutdownPrivilege	5636	WMIC.exe
Token: SeDebugPrivilege	5636	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5636	WMIC.exe
Token: SeRemoteShutdownPrivilege	5636	WMIC.exe
Token: SeUndockPrivilege	5636	WMIC.exe
Token: SeManageVolumePrivilege	5636	WMIC.exe
Token: 33	5636	WMIC.exe
Token: 34	5636	WMIC.exe
Token: 35	5636	WMIC.exe
Token: 36	5636	WMIC.exe
Token: SeShutdownPrivilege	1768	Setup.exe
Token: SeCreatePagefilePrivilege	1768	Setup.exe
Token: SeIncreaseQuotaPrivilege	5636	WMIC.exe
Token: SeSecurityPrivilege	5636	WMIC.exe
Token: SeTakeOwnershipPrivilege	5636	WMIC.exe
Token: SeLoadDriverPrivilege	5636	WMIC.exe
Token: SeSystemProfilePrivilege	5636	WMIC.exe
Token: SeSystemtimePrivilege	5636	WMIC.exe
Token: SeProfSingleProcessPrivilege	5636	WMIC.exe
Token: SeIncBasePriorityPrivilege	5636	WMIC.exe
Token: SeCreatePagefilePrivilege	5636	WMIC.exe
Token: SeBackupPrivilege	5636	WMIC.exe
Token: SeRestorePrivilege	5636	WMIC.exe
Token: SeShutdownPrivilege	5636	WMIC.exe
Token: SeDebugPrivilege	5636	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5636	WMIC.exe
Token: SeRemoteShutdownPrivilege	5636	WMIC.exe
Token: SeUndockPrivilege	5636	WMIC.exe
Token: SeManageVolumePrivilege	5636	WMIC.exe
Token: 33	5636	WMIC.exe
Token: 34	5636	WMIC.exe
Token: 35	5636	WMIC.exe
Token: 36	5636	WMIC.exe
Token: SeDebugPrivilege	3512	taskkill.exe
Token: SeShutdownPrivilege	1768	Setup.exe
Token: SeCreatePagefilePrivilege	1768	Setup.exe
Token: SeIncreaseQuotaPrivilege	5968	WMIC.exe
Token: SeSecurityPrivilege	5968	WMIC.exe
Token: SeTakeOwnershipPrivilege	5968	WMIC.exe
Token: SeLoadDriverPrivilege	5968	WMIC.exe
Token: SeSystemProfilePrivilege	5968	WMIC.exe
Token: SeSystemtimePrivilege	5968	WMIC.exe
Token: SeProfSingleProcessPrivilege	5968	WMIC.exe
Token: SeIncBasePriorityPrivilege	5968	WMIC.exe
Token: SeCreatePagefilePrivilege	5968	WMIC.exe
Token: SeBackupPrivilege	5968	WMIC.exe
Token: SeRestorePrivilege	5968	WMIC.exe
Token: SeShutdownPrivilege	5968	WMIC.exe
Token: SeDebugPrivilege	5968	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

2776 MiniSearchHost.exe

pid	process
2776	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4624 wrote to memory of 2924	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2924	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 2060	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 4832	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 4832	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe
PID 4624 wrote to memory of 1816	4624	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/hcxxrydfrejiljq/Geometry_Dash-Oyunindirvip.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8d4973cb8,0x7ff8d4973cc8,0x7ff8d4973cd8
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8864 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9052 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9136 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9416 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9444 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9540 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8856 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10168 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10236 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9212 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9808 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8812 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9756 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9952 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9916 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,7116496693873720801,11971027975323061616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
  2⤵
  PID:5408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1036

C:\Users\Admin\Desktop\Geometry Dash-Oyunindirvip\Setup.exe
"C:\Users\Admin\Desktop\Geometry Dash-Oyunindirvip\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2944
- C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1768
- - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1440 --field-trial-handle=1656,4173196072886339605,12223516602755915729,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1020
- - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
    C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\resources\app.asar\dist\electron\fork-entry.js Extensions
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops Chrome extension
    - Suspicious behavior: EnumeratesProcesses
    PID:2492
  - - C:\Windows\system32\cmd.exe
      cmd.exe /d /s /c "tasklist"
      4⤵
      PID:6000
    - - C:\Windows\system32\tasklist.exe
        
        tasklist
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:1472
  - - C:\Windows\system32\cmd.exe
      cmd.exe /d /s /c "wmic useraccount where name='%username%' get sid"
      4⤵
      PID:5032
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic useraccount where name='Admin' get sid
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5636
  - - C:\Windows\system32\cmd.exe
      cmd.exe /d /s /c "taskkill /f /IM chrome.exe"
      4⤵
      PID:2744
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /IM chrome.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3512
  - - C:\Windows\system32\cmd.exe
      cmd.exe /d /s /c "wmic useraccount where name='%username%' get sid"
      4⤵
      PID:5604
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:5032
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic useraccount where name='Admin' get sid
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5968
  - - C:\Windows\system32\cmd.exe
      cmd.exe /d /s /c "taskkill /f /IM msedge.exe"
      4⤵
      PID:1088
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:2744
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /IM msedge.exe
        5⤵
        Kills process with taskkill
        
        PID:3512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "call "C:\Users\Admin\Desktop\Geometry Dash-Oyunindirvip\data0.exe""
    3⤵
    PID:2468
  - - C:\Users\Admin\Desktop\Geometry Dash-Oyunindirvip\data0.exe
      "C:\Users\Admin\Desktop\Geometry Dash-Oyunindirvip\data0.exe"
      4⤵
      Executes dropped EXE
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\is-53ERE.tmp\data0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-53ERE.tmp\data0.tmp" /SL5="$10354,2329049,643584,C:\Users\Admin\Desktop\Geometry Dash-Oyunindirvip\data0.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\is-E2582.tmp\cls-lolz_x64.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-E2582.tmp\cls-lolz_x64.exe" d - - -idx=00
        6⤵
        Executes dropped EXE
        
        PID:1932
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ti-url.com/geometry-dash
        6⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:4728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8c29a3cb8,0x7ff8c29a3cc8,0x7ff8c29a3cd8
        7⤵
        
        PID:2324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15885244780751657107,44617522133668526,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
        7⤵
        
        PID:5372
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,15885244780751657107,44617522133668526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,15885244780751657107,44617522133668526,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
        7⤵
        
        PID:6436
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15885244780751657107,44617522133668526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
        7⤵
        
        PID:4636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15885244780751657107,44617522133668526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
        7⤵
        
        PID:4556
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15885244780751657107,44617522133668526,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
        7⤵
        
        PID:6356
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15885244780751657107,44617522133668526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
        7⤵
        
        PID:8116
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15885244780751657107,44617522133668526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
        7⤵
        
        PID:7472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15885244780751657107,44617522133668526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
        7⤵
        
        PID:7488
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15885244780751657107,44617522133668526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
        7⤵
        
        PID:7728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15885244780751657107,44617522133668526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
        7⤵
        
        PID:7736
- - C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\com.torrent-launcher" --mojo-platform-channel-handle=2108 --field-trial-handle=1656,4173196072886339605,12223516602755915729,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5804

C:\Program Files (x86)\Geometry Dash\GeometryDash.exe
"C:\Program Files (x86)\Geometry Dash\GeometryDash.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5912
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 1016
  2⤵
  - Program crash
  PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5912 -ip 5912
1⤵
PID:1932

C:\Program Files (x86)\Geometry Dash\GeometryDash.exe
"C:\Program Files (x86)\Geometry Dash\GeometryDash.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 992
  2⤵
  - Program crash
  PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6872 -ip 6872
1⤵
PID:4080

C:\Program Files (x86)\Geometry Dash\GeometryDash.exe
"C:\Program Files (x86)\Geometry Dash\GeometryDash.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1596
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 992
  2⤵
  - Program crash
  PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1596 -ip 1596
1⤵
PID:7112

C:\Program Files (x86)\Geometry Dash\GeometryDash.exe
"C:\Program Files (x86)\Geometry Dash\GeometryDash.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:8408
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 992
  2⤵
  - Program crash
  PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 8408 -ip 8408
1⤵
PID:3088

C:\Program Files (x86)\Geometry Dash\GeometryDash.exe
"C:\Program Files (x86)\Geometry Dash\GeometryDash.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:8200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Geometry Dash\GeometryDash.exe

Filesize
8.5MB

MD5
e4d73e0e44a0ef808c906106b52466c1

SHA1
ac31df176f434ae5b1bc7944b9082fb1e229da0e

SHA256
1e75576e5c9912e7884f31b188a974f72c126a3aa52c6d57e358f38e2d21fa6d

SHA512
2a5b537147ce5189a583d7b61d2a4490b6eb672339d3291b563604062b8eaa597785e99e6781a1957358c5a1ac7bdc43e8109048a0f97d915ec76aeee0eb8c15

Download Submit
C:\Program Files (x86)\Geometry Dash\Resources\sfx\s12913.ogg

Filesize
11KB

MD5
87d3094f8dfe01e7c4fcc47b9c43cc89

SHA1
ce5e68a8f0bb9ee6356ec832d9b7f1ab90f176d4

SHA256
11515a2dcba6f819df8e0336dadb125c6a691bb22094f9a3cd0e8bf1038b792c

SHA512
6bab5a4e4e51e9e01aa03cc82903ad6db15baa65078f85379e623e80f4b69b3877c72bdbf63f33d63077cd63297ac61b32b491ce7551687aeb7fe5b82b2bbced

Download Submit
C:\Program Files (x86)\Geometry Dash\Resources\sfx\s1375.ogg

Filesize
32KB

MD5
8af3469b02e2a7286c90a57accc1668b

SHA1
e38cd05b789cb2badbfbf3e3eb4605263fc330fe

SHA256
a814a2ac3243b6f7372aa65fa9086826bbec13b8aaad79faeeaf40fd887a1dcd

SHA512
ea61cae1c945077b6018f8449d569d2e752964b281a9bdad5e5d4ac9d048684e017b089171dbf57f1622a12d60d5fac97d454cadcaaea913ee2811f487b96509

Download Submit
C:\Program Files (x86)\Geometry Dash\Resources\sfx\s2238.ogg

Filesize
10KB

MD5
cbe30b5fefa6d4de1f23b089c222ee45

SHA1
fb50dee951ebe2bd650d5bf97f2750c9b4749b95

SHA256
f6141b42c432d04749a5d1175b9978357017fc07a829634e7a0414740b409566

SHA512
f5505934631f3add0424c040b3ab7a8bebb890cd524089a1f9e5100c0fdc79aacf469abff2929233b6cd44bd0b22993c365342dfac829083d77f68845b1d1898

Download Submit
C:\Program Files (x86)\Geometry Dash\Resources\sfx\s2268.ogg

Filesize
8KB

MD5
62d1bfd2c2fa7c469eb6e0dae695b953

SHA1
cb2bc3ea9d0d3ea16d00f043cdfadf9dccbc2362

SHA256
8d708630394181565667a45861a6f6105d0dea60f33cb413f4d284a973aaac84

SHA512
1c935bd2a728d411ee4f659e633cc928299f66ef4a91a338f8093972df169fb76249364d211a783a4b702cd34ba1a43351058c79cef76b9907176cd87ee107d5

Download Submit
C:\Program Files (x86)\Geometry Dash\Resources\sfx\s2714.ogg

Filesize
25KB

MD5
5eea6f7ee2de54968abe281a35feda8a

SHA1
11ad23014ae94a2ef000ee5beafe000d6e50199e

SHA256
cd0f0544d50833a5dd384852a876a7a0a8878fbe503d3a242db7628b23ffe3c9

SHA512
71bfcc3edeeca6e2e46e298f96b930fb82344074bacf3f61d061a43877a8e604717f62608bf5592585e136b296672acdc5c68bfeca0f5320da43fa037ad47f6d

Download Submit
C:\Program Files (x86)\Geometry Dash\Resources\sfx\s4400.ogg

Filesize
62KB

MD5
7eca3df6e46adecb0596c5036ad2af7f

SHA1
c624254ac02233459269fe9487e88e3ce9b76e31

SHA256
b9b67136e89b2edcad7bd4fdff4569b281ee4dad3ef91536cc5009228d5f0e06

SHA512
e33712e8403fbe1f6c633525332f4259048669f040227042fc68811ca7fc263669f5a494ec7cf26905479c2342340841cd33b44dc58998df25db4cbcfebbfee0

Download Submit
C:\Program Files (x86)\Geometry Dash\Resources\sfx\s7360.ogg

Filesize
13KB

MD5
64c4ca6b0dd89f3b721a31f8f8222cea

SHA1
fd7c162d0d783c2ce2bdb80dd0bc4633a69330c3

SHA256
8c14d2bba032519b7beb760f3d857b00874cdff0f8390e940d26d244729f3cc0

SHA512
495b254f3df7a6d71b7f2188afede88dbf82a42357a69c51ee27965cd642ba9e60a696876954d9f0e273b8b572ea357ffb93eb913e37ce7566823ad8503fd0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9faad3e004614b187287bed750e56acc

SHA1
eeea3627a208df5a8cf627b0d39561167d272ac5

SHA256
64a60300c46447926ce44b48ce179d01eff3dba906b83b17e48db0c738ca38a9

SHA512
a7470fe359229c2932aa39417e1cd0dc47f351963cbb39f4026f3a2954e05e3238f3605e13c870c9fe24ae56a0d07e1a6943df0e891bdcd46fd9ae4b7a48ab90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
838db493a70b3848f22a280ad832c097

SHA1
d6ccc22fa58a6a315210439f2457bd2bbf43d261

SHA256
ad65b2116947ffa2d31b729084a9fc23bdda9ef88d34713ed592c71500a1ca5c

SHA512
07a22eefd6f633792e53c0287243ab593f13aa6d9bbca1d53ea0b66643c8cf301dbd8a173fa9baf8a7bc28ef8bcb8013405d3b096d12454c9896a8a63a7ff762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
79208cf81462bf6397bcccfda9d1bdd4

SHA1
0010effe0b8e3b6c0c6541f5284e3afa15bcf83d

SHA256
bc2aa6c1e10651bce83929d881bd0689af68aa3d942130a29c0cf43045081bfa

SHA512
c0e5e77b595a02fdff724ec9ac85da2503ad92d222d4eb07a8777aeb75047ecd43997ca1894a766fca6e182f6c90d72cd5b85603cb0eed608f81a1b80c118581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7915c5c12c884cc2fa03af40f3d2e49d

SHA1
d48085f85761cde9c287b0b70a918c7ce8008629

SHA256
e79d4b86d8cabd981d719da7f55e0540831df7fa0f8df5b19c0671137406c3da

SHA512
4c71eb6836546d4cfdb39cd84b6c44687b2c2dee31e2e658d12f809225cbd495f20ce69030bff1d80468605a3523d23b6dea166975cedae25b02a75479c3f217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\30f3e864-fdfc-4327-851f-aff8bfe0776f.tmp

Filesize
4KB

MD5
dc2e288c9d0227141a364a9a24d860af

SHA1
0f941a0b164cdc68947f139260cd18e7d977051b

SHA256
382831e16359fcfb891fcb1f9781b05065f5ef5dded8c395c1fcede3480c457e

SHA512
f18b2ae0c809f2baf1d8bbfec8d656e16b4f18b7ca1d6baef44cc3107015b9dc037b80ac5bbcb4a45f650e456e3c8d15770b3e10e013b16509581d3fd9e52e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\614eec9d-68be-43e2-bacc-18ca36802885.tmp

Filesize
27KB

MD5
0e3377ef0ec872276b413312183e8d34

SHA1
0d73d15c4fa8e43726b220c26c54acd293903cfb

SHA256
23fc1468f16c2ce53e1f1836c95b1755270347da9bd8e1c167a0e38747e358fc

SHA512
4bb7b08190889f2a9f6c0c6159d117b874d243dece571d13a7aca330d572fab57bdb03887fcb65fe1f4bebb04d61b5037035e3d3d9844c48b4b91d4d3b4813ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
19KB

MD5
f266b5b7f7a5b8b30286eaf784a209d6

SHA1
6e58bd181829f56af501fbda274bc4db888e42ef

SHA256
485702c015ca106fb1fe168d023a0bb9a6d5b144480231b601b4207df86882f6

SHA512
592b950f752c1b17d8863a8ea28641782ccb93d0fac91e4f93812f0adecb0ec810b831ce45c7bc79d89ce6212ec30afb143d8ddb11464f5407981880e2723ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
62KB

MD5
6e8834a3945e6e2db4bec98445cf2267

SHA1
2d5300fff3e83ba0624f83de12bdf4bf1f9e9bee

SHA256
5960ba2a57cf6f6297c7eb019c4bed7e1fc4e9d6230ee9c53da601fe799543f8

SHA512
80e96f5a7b787dba918f523fea87a1a45461a44cf6f28b27009bde247709697e617f453263f8cb4dfd43f6f6b2fe9e938dd487dd9e2c9be235eabf94eeb4628c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
31KB

MD5
7ad7f8b226329acba12aab120767031a

SHA1
1700a9c957a574aef1e80ae5a9b8de0e00f64295

SHA256
e780b4f5e426db26bb37add473fb6e21dd07a3bb2667be7068d39e18ba6d4906

SHA512
2039e35310ac7b98795e406407a417b210198ca01fd9a65a9d6cef778efa2f39d4daf7a669dad10bda62c54394183eb94d1f17afc3376589011938fc493f80fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03254f952599285f_0

Filesize
55KB

MD5
9b746307400f43ec6a5cf6045cd93a95

SHA1
17daf8f5fee55223157fc5be3902f213786c5406

SHA256
c3fafabf337fdb5fae11d98a2e3148f3cfbac812eb1f174f7d71f06553b1a6cf

SHA512
a121e3511f2e59bc063113da14ee7a4be0e2002543f003f89e61e42f000ba5ab79d212f8209eaad435da04e98c93efa0817fbef089cae4402bf7a914834e5c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\041a234ecd2d26d8_0

Filesize
278B

MD5
a59426892d34bc777f5ae4e096397452

SHA1
41884c44ff0aa006c73349ad0abd9c3225d4ab0d

SHA256
3788df4c50696a4e299982f67a78bb8c0efd1e706585f5308e3fb8885ca043dd

SHA512
91be21314f2aab62387f1b6d054afde4ea73cb56b25ad88a15d79a66b39d54060a57e90ca8432953c0748191c9916e5d7d67d5ba0bd0a0af750f6fa53f967d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\60b784f46e5feca1_0

Filesize
159KB

MD5
1153aed69014c93c0886a84094f1cd74

SHA1
ad73b5f763b07c3109f166bd8c70fe3d0ce1271f

SHA256
d741e3f9fc3a60ff264fe1c2f61e0c05d2f6553e47e2f2235a0f50838c2b32f4

SHA512
a6f08e32660aa8c6789705b93798c3a9909e34d9a2d0d849717b1199603b01e244d6cef93de693590a7b4402fe8c7d9fd1eb6a8319c1f027d1f143444d6a59dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cedc1251fc1dc40_0

Filesize
22KB

MD5
24dcf30d0cb8143f0a62c5a10ce05d08

SHA1
1e0cab90addebab733110bef7ce686b440b72eed

SHA256
87ff528bdc1186335ec31f1f4a66e62c7cff83ed650baa93be674c0803aaeb53

SHA512
2c1b736b8ef985181eb487b843e8700de0becce912a96982a4600e406c78745fd6f6a3f992d67720a272fdba38ab4493ac03fd44b949ba1c7a5c2090fffe16d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\84411b2127fdd823_0

Filesize
53KB

MD5
c793510bca63198433141211cdf05fd1

SHA1
b380f08dd3ee0e9a5066329d62280f5e46c654ed

SHA256
cd685787ce0501130da27427d317454e74f99c0ea8f0560aefba1fc73262c25a

SHA512
650b296cc681960a1bf3130a993f67f1b40690e3bc79d1292cb36336f2ded8137eb55e13d5def7944177891fc429962464705d29ec618340252d27ad074812a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dbaff6d994953188_0

Filesize
268B

MD5
a3a1239398dd128fa980f3544d443022

SHA1
cfcd5faac26af598348c7eb5c111f52a7853b5a6

SHA256
74971c1afde1f9af2b4b5e8dcf317b754b9430fe66e7bde4f6056d89e6007e72

SHA512
fc9ccad5ad69d46bf316dc0fecd5bb5f3d3081a4a7eaba3176c06616f00b832ad455a9e8a0a633788afbf8f6d49a77b5acf2ec862c7a0e72564f282e8c160bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e6a16b34462bfa32_0

Filesize
341KB

MD5
37a5bb502357a85fc7d5b4d98b0d5e7b

SHA1
42d09dd2a7c964bd9686d1e4497ffc6c7b91295d

SHA256
507023dd4b7e3f6ce141f6de11cf26f61236a51fd679c8945a0bcae3cf8cf3ac

SHA512
2a31c8fbdf8d8ad1fbdf5e4eb3a8a7ec9d9d57135104d21f27544cb0df3de0fdb1eae6d75ed78568148c3932c6dfdff343565296a240128b8e2b817b189e27a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ff6c5882aa11929f_0

Filesize
14KB

MD5
f20cb70330356debea1f6feca8c05c2c

SHA1
0b3803510ffe07ccb17655514f7e0b15eb2617ce

SHA256
0f3506b8f43ce9394c19252e4dd2d7bcc57b093542409a55c208572abcab92cb

SHA512
9028246bb1bae8e6373b5ad65bb08065371437e5f44dd6cc718752284c711410b14b81d5102cc1a95972dedb8032b1d7b7cc3f64606aecf64a2773e96407a570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9cdde0b8e3712d6c23e7fb820991b9af

SHA1
897ec12ab08aadb15dbd0f496bb4ff37c3f468eb

SHA256
2e2bc4cfeb7444de701e8b6febe58381d9c40d00a6469aaf3a474a28cb1c29d4

SHA512
da874886d2e754c33565072264fba84dfed1fc59cd94ec8dab40f8f0e1375207c82dec1f884b220502370133859025eb65f512fde8094eead2f29e469fab96ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
72d7c73433e5fd724b130b9689e3aa12

SHA1
9be2deee48bc544888e175f7c2fef3e48c33d2c0

SHA256
298dfc91261a18af4fca795e115b8f0ce71c2817c860d3c6f43a2b43f8283076

SHA512
b19f5a0bad0127d6f98ec9b415509170a10368191036475af44ddb4d52922120ac830507a038b061943127be6db131518bd4ede1e4657c7fb95542574b8e5591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8764e4522e8ed7b396cd15bfc3deeaa6

SHA1
d94c901a1d1c8394265c0633e0ebb6f00d0943ba

SHA256
ddfa75f27b22cdefe780f9417b2a94c3b07eca71386ad9524af17f739bfed13a

SHA512
1a6755abae070dade559f4473c047acea7771fd386935a9afc5ca0d3b9c8897d4f5aaa19f9d394f7482bace0e56e5c4c3ded02d2fbb600cdce74ca81ebc91bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
03987826282f54f3feff51379a977d87

SHA1
8f597ea3fb71ef17359605ffcfeb90df849ff2cb

SHA256
e311cd802e7466d05be03a156bf6df8d53fe007ca196de0770081a7bf94050a8

SHA512
74bb906245d1e2a8809bb8f492d73c5eb4defc68dc85b69e1933008025ecde59253e77b7ba2ce7e8c5150ca5955d7a019e2ededd5db81a358f05c69564ed24c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6b8ef2786e6984736447df2cf35cb1a1

SHA1
a95d050e871e8dafb9de5d3076fdfe7a046ce416

SHA256
76aac4079115ec250fe47408075112bc56fe7f365481cccad6f6a757cae04a5f

SHA512
9328731cb0b492ed14d1593fe2407ea20c7052301f736b12e19d28f2d94cd85d5ecf23063cd8616acfd53486c4d4b01cf22c7eef1c209cdadb864bba94a6202f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
24add7a0be6331aeadaacc9de5c3848c

SHA1
72a5c79bc632a4bd54e5480c5c7302183a25a368

SHA256
e2fe16957727e080bff4c45e6bca786789d95c9371f72c80807b1d981709f778

SHA512
b035cf5462daa8e38c45544a86d56ed89abceee87b63512bca0495adcad96d9ac5c7ad8e3b56fd0cb6550a52bf4e0d969f186ed2a75851bf8bc5744d1656664b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ca7e8802c3b660de1dbe7eef34ebcd7b

SHA1
c8fd7fc50da6616d6b70e3141e00dd8e168022a9

SHA256
227613b29be71b27efadce1f6f572a57243973c2b2dc8c2bd9a6965456243040

SHA512
44fba12336c0a333988b5863b8f5c5cfa8d0629f8519af42a9f61fa6ffb731a0a011ceffd29aababbfec698b7a435c58b47a4e76b4245321ad281d27b15f5945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2e390b0aeaec31d93266361ac8a17c87

SHA1
5b0e6b220561aacaf42e9d61c2b526e9b0a11818

SHA256
7462a0989936b95ddc3ae4b69cbcf9cc485fc6e291cd854240f1eed2de6acbf1

SHA512
551617f574381c39d1e6c034d042dd3cea2732bfa7af33f501f928cff18da841b1dd1c11a40e7d916f067bdcf6e180f74cad9b2266bdb11d4a3c11ad80b6a4c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
f4468b34acd7730b52b394753238eb16

SHA1
45b34b3ff4d1e6e379591cf9fac1388cb8b42102

SHA256
9c3e67287685c33f0d3dd79a21177422ef8c67b1afa1f3a2680a29000f204a9f

SHA512
df78d5e3c6f18dbf2a7cb259571439ac95fae8ee205a2b4a68c0939ef0bdd7c56521f78ab33064e668e7d348e1aa0541109af03f2ae7286315d2d7355c63beff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
510bad169b3107161037a922cc09e0f2

SHA1
29dc854a247a1ac18b589b372b543921f0fa8908

SHA256
9b632834c76aa7241e8d868f4300f9202f23606890d6a948b0d22f563bd95087

SHA512
3d41fda341226c9f7e40e68bcbf2ac9febc1a23335f438486565fd0bbc2b00d6b12819062597fe68b5ba6bae6487e6acdc1f31a16ca1d4f97af4d43f54d47efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
34c31b38466c5da724f946906ca3bd99

SHA1
238d83b8e83c037705db02a5c87c6dbee1406518

SHA256
db92b0d2b019f04a34c3ee2d6ffe220bf16810f6b19eda41edecc8a9ce69b7f7

SHA512
123d815bb6b93b2eec2f7168e53213ee2703d27ecd7cc03c81c9c20a45b4cb48a942846f3755cae40e8fe0aad523473e19d290779c9947c3d5cf65223addc34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
eea7aef75e2f9aa6e2dbf6c19089cdcf

SHA1
454b6eb0845ccfd2f158f2cea0995dd86c399f6d

SHA256
6dfc5ac0c63feb02372dcf3980e60cfe2bc4a04d8022cd98d21417230419a162

SHA512
dde182e527578bd71c705bd585784d63a1f46dad782cc041dbc08d2f397a7eebd09d0dad0860a650409f071df4f37fe2ef8c15c5427db52d8f63bad6e885a2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b2e7b3c17f73d454cd4f683ef58de17

SHA1
af2b80a5ac48d67c464aa814bc431dc776771551

SHA256
e3bd22665c04db214a0abd3c954b975d023e405c3f0c526e3dc89774bcb95ca1

SHA512
611843193058d0511640e6cfc9d415171db772110922982ac1a2770fda77586f69a64c11ad2a0afe0862a5226b2287b01f1b91b09feac44485d6cf35d8dc2008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
c0203b0c3e7535b22ef7dd61624be27e

SHA1
abd4957dfc313e771bea248088521ebab050e3d5

SHA256
2dc36b1a8539840189d86dde6fb622c2bd24725d3a3283cf348824dece481eb4

SHA512
d7c53b656c4c0137ffa2b0b3c01f8014c9abbfa943e5132f5ca080764a7bcbe25e9eba6748a0b398c1a8cd6aaff77d2eb6c95cf71cfab4c135fd2c3bc43818a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
641e6ac4e466fbe379f681aff8fb099e

SHA1
088b1f7677d5cf28818d3d0c3ec15b1e27753269

SHA256
1f5c7fa1e1b404957b55970a602668bbd5a2e1cff520a122d77d08f845fcb0f7

SHA512
deeb71de5b8ce3cc4f8a9c967800c615b1b2eda2a67771a8f8dd9af91c693a1ece5da1bca2aeb29d00c246ccc16d3d50c96b8d8729de165337d1e0f7824ee15b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a2b09208fb1868c4eaad9db5737571b6

SHA1
8fa86acb79fb24aec9ca15c79cf2b2238a33aebd

SHA256
7764d180f63a42b4091ef8bd4661d940cb2fda933cfd38bc453c0e6b73a64483

SHA512
49a3d42d77a0a45c0706045ed31347dc572a154e4132a60e84a1a2e48138679f86ed3715b28ca80dac9a1d5779132f0ba5a290720a65b6bb5945c723218432a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
28477cd7ea59af3c494b44fefc337151

SHA1
960afbfe2ad65d40a59c1204deed7f230feeff08

SHA256
047bb0ee587bd50e40165034851d432fee7b89f74ddb1870881f3989bd74a946

SHA512
2acebfc12027c3fced552c3e02fd7ecbdfafb29ed89c71b3b455d852bb055c543d568f738e9c3ba0f85604fdc88f319eb734c698a9d72e15d049151619145249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
9960cde39de4dbdbba1b6a3b5ab136b2

SHA1
8cbbd28996d8d5f47f68174b54a1c4372178aa6c

SHA256
a0339f6a38ee94e70ef9da4bf69f5b48ecd286313901e7c4dd381f81ff2b51e8

SHA512
28195997dad28de304cd176fe7b6aa28e09d4e67189f632bf461e4e831edbf69e77f901f5067e1eed076ebfa753cdfd22d0a807e3d3b4f153021002da5ec3d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
953bc8026e5878c3d67fa9e98d942835

SHA1
c15122e5041d3836edf12a57a104034e2f5f5517

SHA256
d2d6f4aff1a7c14fca1689753c3f3e1ff8a2da674ce1c54544c92adeaa5884f0

SHA512
37ffa98f3427d26370ce903faef1abd9ffa95cbafde79cc806af2dc8e9c36ae9f77eb6c119dc93a44a2b5648e5b8fee9ed71693ebd1b9c988433cac8060410d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c6171fdfa3c8a088095d8209355bc498

SHA1
796d31141a582341871d5252081c6aff8b1aa5e7

SHA256
80e22d3dcab3f05a73fbc23405a33bdb299863402fca34beff01f6e08642280e

SHA512
3edd4e914293bc21269f7d5b10cd397105d08a01a6ea06bd1c657bf139b920468c0b7f3299ace40b1fce5119e41f7d3758e713f0e49415e4270483572a4cb4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
448739604179178e07d942e3a2fbaa95

SHA1
d02903a9a8b2a8431aef003ac9c2e09ac4139b01

SHA256
233f7c54a34d3a569cc4ed53ef8a658a053df691901d600f482f913dc76ec22b

SHA512
06491c444ff76389d7d8fba8faf4b28bebf95e2de1ff163da04ed6bbe5074af36a29433d2190194868ae27e3628e309965ba3790f37306df252cf5960df368cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b9912d4f8231983047458b674c4b2957

SHA1
1bd8f9a34ab2516b1f30ac0f47a020607f5e8973

SHA256
a1cbbc3b115da3c43b2cfae8153d8b54ec29e67f52c229fc39abe38ea484116f

SHA512
90722c78b31914eae2ef978768ded0bb2e979c31a1b33ec47ca2aa34acd87ec79bfc507ab2b0657456a5c04d99953368caab4dd130f7a8a779ffa4d041bf788d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e81a536d9c543afa278b09ea8ca097e7

SHA1
961fa0808e409fa8151ebc742717f1235288d2fd

SHA256
25dabd241ace64d20a5f056191d34394b37c223f04a51b437b1a97e65b675241

SHA512
a1ce85c04eb3eb350a0710091294e78918eadf1bc959c18394ad2724214bad516f19e0c80aed678508b7ca3a441b27f52cf2ece8be0e273cf96bd9eb52104480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6182fc97776a1d87c789c23f168cabf5

SHA1
85513cda336ca41e39bf45993bc55618efa71138

SHA256
b28c2c372d9750755415efac0d34af8fa3cb5b32ed9f9b7af3d9903b5d9093ed

SHA512
dc7d03561eb731ebc34788df3cddd982da9157dbbe9a77e8b4a67f8244d3f956ab553e5ea8df0790542c9fa3b28f80331af10492982ec8eb933ffb32b82499a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f6e7cf974984429087d9f7f1ecc73287

SHA1
997e58329d601733688a5281fa1f96f393f8d99b

SHA256
0684133c2a4c19df463caa46dc0bdae4310d8c250b06efd861d249687e55ebdd

SHA512
9b3bc9e5cd7120af228fa66d6ee4714bf620b3f55f8329629ef01583d3d87e5f2cc890b549e6cc111594d1251acde6357a689b840709078df52acf46733f76d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
679eb3be2c8372bc0b6c6a373f5df3c6

SHA1
99ab8fbcd6d986b413a8949f7875efc6fb9af811

SHA256
46993e2554aefe4294c80020d3dcde92a57ce0959dc5e4c31e08e187b6769339

SHA512
d319a6b38c15ee131cfae3dec28fa588ea24ba1fef7b9b351010539a046bf87a124a1cd6342f7827d88c96723df88ae742e0088cf86063437c16cfca2e9cf708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
30c6cba783b60412272eb726513e73fa

SHA1
dd17cf86bd288fbe70278d6fe1fdd761a890a13a

SHA256
ef937dc495b0bbbe89a2bb17e0840e3eb48bb728497480c17ca6a4d778d4aa74

SHA512
f5ea68bedf18c13aa39b625204371879d21b8fbadd9c0b868cd0cc88ff22cad0090091c189fee9fd3f18e12548d76170afd751466914cc1f0c83f579ed36c981

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b29ce20b0c556aed95eff518fe0480da

SHA1
f5de2e7a3ea12a79b814a5c4d74abc84a5f3793d

SHA256
993a6084acd5e43137b1864359c8a4ad6c46aae8d1086cae650ac918ef10a730

SHA512
af9c841db2c4f600d32e4c06bfe3438c61039c62559e21f2c52c37a0f755c5fe0b3ae675a6ca57adbfbe0a16a6a70231a44bf609f6b4eced37036caeb9f8cd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a25a.TMP

Filesize
1KB

MD5
d523f1185b37c64afa439cfc9844fa80

SHA1
ebe63d6a10a3f5d0d2b2a65639d1f2931f718d90

SHA256
5af28936269a43b8497637240b9eba718c252ef73a2e562d4a7ba63147a5699b

SHA512
c1deb731b37d15599136ac98cb20142c9f4e7c09953bfb357851cf368d86c5b2020a1e2e6adfc90479aeaa749064e53a9ee33a4793dcb43ad31781f0a8c2ecdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
005b2ad9bfed65de53d1be832dfec291

SHA1
0b284eb61bf73271ea28dab15ad96f9cc0e940ef

SHA256
3fe8c7f30bfecdcfb636c4e7aff5808be0ed1dddf4ffa90b38d8320c218b6b5f

SHA512
074343841f5d584e70aa15e59cea90f3500b92fb76ee58d9d5d9cc64e078634a5fd1eb869d4639e097891065c2bfe23549d7a35d928fdbdff2dc26f01ddee43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cae2debcccf16ca5d25e45318c30407b

SHA1
d211f92213d513eb061630cbb42d816b5a14b228

SHA256
ca50f0ae4b73901ba2adcef96c94fa3374d330ff02390c2ec4dc14a83e583ec9

SHA512
3c45d3847a15947bf86595eea88dc84dd8c6f9289442605999346b37b5329b3c43881cb38abe617bc94d621f95a79bc9056a573077e4051aec054f6f748b2698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bcd2c804813775123f79409f4641b319

SHA1
5fe590b3829992f73fff3cf41803f9a7cb63bf3f

SHA256
b2d71542d1c37351d1617981c26155beae71fa55a1f1c9c1baea3f98385d5614

SHA512
30b8c698c25bab19c13152ebce6b2c9371c49351b5a4e2a2c6185276b01bb2c8b0123ebfa188f52bfa989afca058c4c8f215988f88887cb7da47236b645ce309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3ea9685f268119b2716a847c1614ae68

SHA1
4d5c84b632f85108e1d6bb3a59171a5f26d6064a

SHA256
b486e7c9a6b77f93cd0462c31f94ef5e9811f48151ebf0994b3ecf8a386d419b

SHA512
0400b831712ced5bcb163645036721f1e49b03bf06dafdd7512e68093eb51687fd752cbb7953efcb27b294364884c96f53f0f9a2cf4643d46bb4611b5294ae40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
400616f45617284e166dc271806e4f4a

SHA1
a9eb81b3236278d9a6edac8b56ca3a21b990be5e

SHA256
d14e3dabcacc85a8799f4a176c319ecc591a87d097cfaf9d53f6e68bf3c8d51e

SHA512
9956cc64b3f24b4ade4c8c0c359f2c6fdb9fea3d3652bb351174497188c208d42559763666a71a673b18c353cb9a84bfc481f9afbab0233ef311304e66944694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
45e5731aff10c955d3e9f53e08b9214b

SHA1
3a1693fdf395c6f95da1b92770f70773b72138d2

SHA256
695978c915e5d6b907d6d46082e73e3e1e100ddea965f11030e6d2caa389965e

SHA512
43491d75d8e41d1cdc5fe4735346b263fe93fd96d8b2292fa4f6b70034b6873f7d02ee72b052551bfeacf5e248d1ed983e2e2b530bd72148cd29b036b796df19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
744135b1ccddc042f1a8248dc68d79a5

SHA1
f5808b4118cd5eaa047f42d0b4e7ee6acac7edbd

SHA256
220d42c9ac1420780d4a504ecf888be6748ee37b24e013df7c328c0db6466d80

SHA512
9cf91bf94e05cf7fa85c08df40a798e08fd99b16a23d4c3da85b9bd848edcbd917dd86fbf7656366044ebdbb979ca81cac79f060247064eefda74e143baa1e21

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ZURk50dsV65EiRl1TZzPgYECyS\chrome_100_percent.pak

Filesize
138KB

MD5
9c1b859b611600201ccf898f1eff2476

SHA1
87d5d9a5fcc2496b48bb084fdf04331823dd1699

SHA256
53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b

SHA512
1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

Download Submit
C:\Users\Admin\AppData\Local\Temp\602ef5d3-563e-403b-a926-1332c3360566.tmp.node

Filesize
613KB

MD5
174c50bb9795f9d23b87158da5cfa977

SHA1
f5d963f733d9a82490bd828051b45c2b322b032b

SHA256
77ad8327ae7fb12e0d6b8f3d806311be07d2c34cca0da720cab2af4cb8c30435

SHA512
bf9bb12ac5b4a38fba44736ddefd48afb98ba3b5ce9ee262ea24ae7d41b8d4a41cb5a8c66336218e40cc20c2df75166b11587ea4c4a6764e5942a7cfa110b769

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-0N5Ji8\extension\css\install.p.bundle.css

Filesize
8KB

MD5
0a04f49bf1ec8c2c47f6ee37dfc0b343

SHA1
54bf674ec247d3ed4975473f6aa9f04c406d1383

SHA256
b5eb2c366410f1b104660ef7d8f346ed3cf517e25912d736ed578021218fb62a

SHA512
3adf2ae1176646f1328c1580b1739511988f8a33e5bb575a9f2fb2ea21100c2f99743aaa1a802ead434ef3bb9c370a2e513f1c7d4e636ea3639156b9df86370d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-0N5Ji8\extension\img\i2\i128.png

Filesize
3KB

MD5
27eff251a41f50f3472fa7fe8d147c0f

SHA1
39bcc26848c0d9a89f589fa02092ac486c5f1da1

SHA256
cfebd5fa09d4354bba3b83c44afdbf5fe5edc14ef861602b316cd750316094b9

SHA512
2de6a0d86e9610ca9c38a3511bcf3e338b664218e5aae52a43a16a3d22d5a6b94a082f401f6a4a16d523039f6495a8f73659328bba1902061abf60d31a2edf7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-0N5Ji8\extension\img\i\icon48a.png

Filesize
1KB

MD5
2e43ceb786906ce0302b58c7347d2076

SHA1
4343f17d0077cbc8c0978a3167ac3ac6d9a45203

SHA256
49aff7bfc53e4994fcd8284dc34a995885185fd7541c5d2a71cb927ab271c0c7

SHA512
2f338a4b8fe0f19e6aff4076a87dde629c98097924abf544cd987e08225c2323212cd37e372c500eeb03c129e4ba21e945ee6011e34d1e864564e686d7498b89

Download Submit
C:\Users\Admin\AppData\Local\Temp\ext-0N5Ji8\extension\script\install.p.bundle.js

Filesize
59KB

MD5
cac2f2a77cb0b2c98552bd0e95d653a0

SHA1
975f48277a2c885c54511b7b664eff6b8a56ce36

SHA256
27853a624586c6a0f61a4a639ddc31b93e426cd4bc862b7dd3f6549f1ee28480

SHA512
fcc6b924dfa2efc47ecb3d13313b74a818186657dfb8970c6730f20ff81eaa3e884587e0fa89b5913ba62dede690254a623fa78f226935f91ee09111a5316e44

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-53ERE.tmp\data0.tmp

Filesize
1.9MB

MD5
24e22c40a61ed57125fd85c473bb2314

SHA1
adf4d08c5ecfe05bc4f8a02d6b03b3ba7c70d0a7

SHA256
d404597ce2080573b12f24ce416bc5f8ecdedf419e1293f61270b2d07c8d25e1

SHA512
47530a9ad7095b2e69a2318965af79a99ff5a34d4808093dcf97b6e350879eab68b33ed8eb185d2d23f8627c25a1d82bf275cfc616030ea530cfa18c8b6b6b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\LICENSES.chromium.html

Filesize
5.2MB

MD5
df37c89638c65db9a4518b88e79350be

SHA1
6b9ba9fba54fb3aa1b938de218f549078924ac50

SHA256
dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463

SHA512
93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\Setup.exe

Filesize
139.6MB

MD5
ee279ba840f69fb8d4b6f5898e92d39b

SHA1
3334eaa3e75726887798ea97f783c8c63cd47cee

SHA256
1de78ec41ea79ffcb3bcf4e0133697dca7d8a36dcc77cad510506e12a401bed8

SHA512
dd59cc2a943232a82266dd6d7cf6da4c2f918351444ef4f86c284066e4153691c33330b0357f841a262f92e4970960daafda1156639281ea78b28788b45d2d6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\chrome_200_percent.pak

Filesize
202KB

MD5
b51a78961b1dbb156343e6e024093d41

SHA1
51298bfe945a9645311169fc5bb64a2a1f20bc38

SHA256
4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9

SHA512
23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\ffmpeg.dll

Filesize
2.6MB

MD5
93d2ae354e5544386312df0b0744b3e4

SHA1
908bc552a5618afd328d07aa2611b0f171807880

SHA256
dc938bdf87d6acaac9e0ca343e917f722b12f59fd7d27124dac85b0430c3872d

SHA512
b8b869054411392965bf28523e932f07f44447c919d61c74b8ddca9917ee552e4d0579b788afdd3bd21cbc85ea919b44ce306b3083d0b2d2e07703a3583d10e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\icudtl.dat

Filesize
9.8MB

MD5
599c39d9adb88686c4585b15fb745c0e

SHA1
2215eb6299aa18e87db21f686b08695a5199f4e2

SHA256
c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859

SHA512
16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\libEGL.dll

Filesize
437KB

MD5
3412c0fbadf8fabe8a675718ccaa8bef

SHA1
fb57c24800c84ba268e91f68efc07bb2b6492e50

SHA256
98fefd22a29c37a55ceeeedabd4c9b34e777102d0f00fde51d4c0b166c162ffa

SHA512
7309e243ffee43a750c27c6c19327508e5401c4a17f0c84968d32faf0601cad3194289da89733aed63b198f36813d5d53cf0fb9b8894cd2b73c4573f0738fac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\libGLESv2.dll

Filesize
6.7MB

MD5
f4ed4af3f2bf450e18fd6c24883f82b0

SHA1
d442ff5d10251dba004db4dd690ff43c9d295745

SHA256
66de0d4ea3033c0b8e2c95edc0fc591a5eb3eaaa36b778a954799af824677e7b

SHA512
f7b01928172f063e50977c1cbcabadd921c56243fc0a1f724f31bad5ee18ff0d3e8985aee182a6437efaaefb693e6eba20b6354680defe5d020938a51554c045

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\am.pak

Filesize
175KB

MD5
e18a450ef034b42599341c3d09f280f1

SHA1
2001c8a85904962ac3a96938eccc69ad2c110fdf

SHA256
7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da

SHA512
ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\ar.pak

Filesize
181KB

MD5
6f3e791b4d35ee7d9515614d128752cf

SHA1
181ec3a84fb3e89336d77f24f562a2cbe07619d8

SHA256
e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60

SHA512
3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\bg.pak

Filesize
196KB

MD5
5ba0c7200362c9ed55610cc8b66ef53c

SHA1
d45239c2f1b00885407771a41a7776fc1fe8fa3b

SHA256
2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7

SHA512
6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\bn.pak

Filesize
253KB

MD5
47c95e191e760dee3ef43345577e2379

SHA1
609634315270a91d4ec631642b18bd0036367aad

SHA256
ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7

SHA512
46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\ca.pak

Filesize
122KB

MD5
423651c45566cd90ea5edd8631e823b8

SHA1
13bed4173a08bcbfefba034aada3d838eece6d16

SHA256
7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414

SHA512
e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\cs.pak

Filesize
125KB

MD5
3cfd9dc564cfcc33cc5524711365c376

SHA1
2e5016d2643017f37658262122974429f18625a2

SHA256
8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee

SHA512
6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\da.pak

Filesize
114KB

MD5
55a8f5883805a65c854d25edb3959209

SHA1
d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268

SHA256
e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb

SHA512
4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\de.pak

Filesize
123KB

MD5
b73344e5a72fca6f956dbab984c123ba

SHA1
0561073aa40a63a9ce9930dd18b18e12ff139b2b

SHA256
6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b

SHA512
e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\el.pak

Filesize
216KB

MD5
38440b98bfdf5ed496da0f49d59534c0

SHA1
1498d9207ecaf4923a47271e24c68a817041c82e

SHA256
b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f

SHA512
95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\en-GB.pak

Filesize
99KB

MD5
52e2826fb5814776d47a7fcaf55cb675

SHA1
51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b

SHA256
83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454

SHA512
69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\en-US.pak

Filesize
100KB

MD5
0bb857860d8c9ab6d617cea5a5bd4d00

SHA1
351b744d95846bff2ce5f542fec2e87439aa0f8b

SHA256
5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816

SHA512
33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\es-419.pak

Filesize
120KB

MD5
b261b1efe945365588befdf68879040f

SHA1
616f44a5f73f0449b483f36ccf831db6474a10d2

SHA256
1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4

SHA512
9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\es.pak

Filesize
122KB

MD5
2f11136d6b5aae996d7f4b7f56f39970

SHA1
6aea3b6f0d5f1a283c34034569a9fc65dbc929fa

SHA256
a827e2defd5d20c3332260d498b81ab35a1f8458ff0fef236f0ffc3e983397c6

SHA512
6d3d7e00afeaaacf3b055e9a416b2d033d5982f50c4ae7b8b0d0f4637c98d0004895f4e5639c1d1e9897df0f67bf0008138669410742e5fe4d56cbf88e49fb5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\et.pak

Filesize
110KB

MD5
c76db3385190c6840315c4497e40258a

SHA1
34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46

SHA256
e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f

SHA512
90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\fa.pak

Filesize
173KB

MD5
6458a239e994d8d18315deccd35389ed

SHA1
75c985f43503a6c44645786d46639a6b555ae163

SHA256
300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34

SHA512
3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\fi.pak

Filesize
112KB

MD5
cc592d91ce8eabaa75249cb78b889376

SHA1
f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac

SHA256
b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20

SHA512
58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\fil.pak

Filesize
126KB

MD5
40bddaf97f64dfea9ebafc7f82166f80

SHA1
90d1fde3c0b27d2184f0353991259c2a92c7820c

SHA256
39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2

SHA512
d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\fr.pak

Filesize
131KB

MD5
c3095ce1e88b0976ba7bef183d047347

SHA1
b14cfbf6e46ac1f189595fc09660178525301138

SHA256
66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272

SHA512
29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\gu.pak

Filesize
245KB

MD5
63a7fdc4eadf8ef1c35c72468a0ce33f

SHA1
e8d064f0e9c8a6a8c6ccb036711e292d011d9466

SHA256
e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c

SHA512
0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\he.pak

Filesize
151KB

MD5
6a02a37e1ca3215fa9ee0e1b0fbcf5e7

SHA1
89a8a126c0bbf536ac58e29fc50e045fb1b88220

SHA256
f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986

SHA512
6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\hi.pak

Filesize
253KB

MD5
f38367dcc09779c27a7b24a8b8d9e3de

SHA1
d50fb715f9de8c613330d451619404c0a16dbff1

SHA256
62aa4fe12b03a7940bed60dc17764c7e413236f078879f984fcf56fc6fd682b7

SHA512
90bca68b224249df6314934c1ab488aafea5f2d002dcbf4ec7c5ca8bd118ee619b9ba16e795394f39e9391f7f94b493846f09ec524359a009b5633bec6528154

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\hr.pak

Filesize
119KB

MD5
6f92235e6ba003af925a2d6584afd27d

SHA1
3ceba61e9c2975466b6244188f5ea72aaf042fc7

SHA256
479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840

SHA512
82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\hu.pak

Filesize
129KB

MD5
71d42cb22d2d7a8b26c4514ab12df3aa

SHA1
cd0307503a7906f1742d1e98fc816959319c2171

SHA256
b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6

SHA512
29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\id.pak

Filesize
108KB

MD5
e40cb2f3b4db379e4d187aeef0dfd300

SHA1
537b1ebc615c980c89bbe2b9e91a11199fa7d6a6

SHA256
3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5

SHA512
b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\it.pak

Filesize
123KB

MD5
5aa225aad4f9fe6d05ec24905a827d88

SHA1
f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22

SHA256
96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab

SHA512
3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\ja.pak

Filesize
143KB

MD5
833e8c4aa70351b6be7bd403e4e9a0a7

SHA1
46ccdbdea35deec8ef13a5fc833776875fad187b

SHA256
74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0

SHA512
e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\kn.pak

Filesize
277KB

MD5
5115cde84b4c674db412619b65433004

SHA1
164f33e7e2e9f685a579da492a6fc8806beb6cbf

SHA256
891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7

SHA512
090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\ko.pak

Filesize
120KB

MD5
d6e2c18c9eabba59b50d147d942125ea

SHA1
0918879203c2050b4f9f449f5616e430897ba0b9

SHA256
f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76

SHA512
f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\lt.pak

Filesize
131KB

MD5
2d4fca437a7548893dc4b51fa5b33c33

SHA1
c1493013d7d981ea9223716e415380992de65c2f

SHA256
776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769

SHA512
b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\lv.pak

Filesize
130KB

MD5
264c6e20b3088ceb4dae5773cef0cb55

SHA1
fb6ff83ff14df008092bc3ee73bda7491e8e090e

SHA256
a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda

SHA512
01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\ml.pak

Filesize
292KB

MD5
04b2540c25990a5e0a9b227dcce6ae0d

SHA1
4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e

SHA256
556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661

SHA512
4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\mr.pak

Filesize
240KB

MD5
f22c99fe6a838e333e8ee06a4d01296b

SHA1
c3542ea8dd45a2b387dd02fa5687948f135e10f2

SHA256
b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911

SHA512
882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\ms.pak

Filesize
111KB

MD5
6cfadaa784e687e6dadbcd80e631bc9b

SHA1
481acb75f525055bf4e45ecabe0eadcb9c492106

SHA256
fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71

SHA512
0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\nb.pak

Filesize
110KB

MD5
b61e42f66d581b6a8929cdf5fb10662e

SHA1
6f06fa9ee092fbcb61bbd668734fb3b92cfb549a

SHA256
1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e

SHA512
79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\nl.pak

Filesize
114KB

MD5
cf6b1cbfd669e9461553974ba37a475e

SHA1
b33867e9bc7fd88ca98a76dc4bd756bcf18887aa

SHA256
9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864

SHA512
e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\pl.pak

Filesize
125KB

MD5
644c0ace25d6e532b56510a736c6bc2c

SHA1
1bd0fec952107b493da04c46423da634ff3e1504

SHA256
2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7

SHA512
9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\pt-BR.pak

Filesize
119KB

MD5
88ad860c73676ffb4025b5c691f29942

SHA1
3c5e5b999ea7153ccdd1b4cc7b6162de3456b558

SHA256
25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e

SHA512
41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\pt-PT.pak

Filesize
123KB

MD5
ecd84b296d3bb312ee18e21017311986

SHA1
f5625523f85c10723750834a54ff59a2dd886fb3

SHA256
fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94

SHA512
e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\ro.pak

Filesize
122KB

MD5
24b01a438a3ab9699d4ca97c081b5e82

SHA1
0d0b082544d23425a74199fb0a6c11192f0bdf7d

SHA256
38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca

SHA512
43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\ru.pak

Filesize
195KB

MD5
75457b95d2bb03891232dae7db886387

SHA1
e5a7569df7f91533703626d167ecc8cddbd27205

SHA256
e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6

SHA512
9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\sk.pak

Filesize
127KB

MD5
b35daa0bd9627ca88b413a5af7c6b4a4

SHA1
d5efdcbc7ca17de29f3075f6434f31ab2e895826

SHA256
f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177

SHA512
48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\sl.pak

Filesize
121KB

MD5
e015b6f5042be2dc96a4e23dcf035502

SHA1
7946509eed8db1e4c1f3da99ffe7155c86fdb4d6

SHA256
99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4

SHA512
b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\sr.pak

Filesize
185KB

MD5
af7083f2a4bd95dcbe792efade352662

SHA1
dc69aa831836016f6e66c6079931503d534a7862

SHA256
e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd

SHA512
342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\sv.pak

Filesize
111KB

MD5
d59db925bd683480f4e3b2f4eb74c3bd

SHA1
75b40770850787ce9dbddf92725a5719f85c2ab0

SHA256
d60d3d4b8fd284a2457868fd06961bb79f3dc91b8c4505182c5e9778419fe849

SHA512
7d6b41569c2432535c0d55021ea9d78a1020f32d9d09a0624a90ebf76dc6904b04df9dc86837161e0db453a68b452ff829e0f8df29e79869af8b58314fe79ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\sw.pak

Filesize
114KB

MD5
99e385ebc1ef8d3daddb3a171fa79edf

SHA1
3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1

SHA256
8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01

SHA512
797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\ta.pak

Filesize
290KB

MD5
31dada843d0b4f9a66b184cb6d7b8b92

SHA1
0320b31981043c6e4c17470bf2ff4c7488553511

SHA256
457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b

SHA512
c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\te.pak

Filesize
270KB

MD5
793a87d41cde6e6d1bb086284f69733b

SHA1
d887e3842b664f55b7308427aa6f5bf0b352d879

SHA256
5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255

SHA512
7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\th.pak

Filesize
227KB

MD5
43edd25f67ce6e6cea5373009ff0a1f8

SHA1
ed72ca6620cf23837e1334be50ccf616806bc5a2

SHA256
287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0

SHA512
7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\tr.pak

Filesize
117KB

MD5
40491896ad21543f339467186c5efb40

SHA1
695dde7cc35056dcbf0a533aff8299d4c6b61bd8

SHA256
43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa

SHA512
18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\uk.pak

Filesize
198KB

MD5
f7cb65c30ed422de5aa691413168a994

SHA1
c14b44231f057bda8eac8d312eae001f8c34d1ce

SHA256
fc375516f856dbf8a6000fe54467dc6ea6f4d5bd3ca8ddb93274c41fb869f797

SHA512
bc8d852baf5b8de7ccfdcdac05df7beaa35b72b027d8b1915a1746bac7363473bc8a70986a4fb5353d10d0e8804263916fbfd8c2932465949878d20ed1dbb8e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\vi.pak

Filesize
140KB

MD5
69c8796439192577f48bd249175aaf37

SHA1
97c52088ca69dada593db0e42b2135d264646454

SHA256
d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2

SHA512
65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\zh-CN.pak

Filesize
101KB

MD5
098d656a4f4bd8240bed10e7678186c7

SHA1
0c19ab62b4262f1b51558e8aaa79e7741f73393a

SHA256
a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7

SHA512
084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\locales\zh-TW.pak

Filesize
101KB

MD5
029fa66683685096fd55192345222d03

SHA1
c49fd292595555e99e108b88d0b43f68a0fa6564

SHA256
bd4f963a6315f4f9670b1d9aab65ba314ddddcd4d201c931190b16a3ea2b4436

SHA512
7070c00208976a4a1d10a3e88214681a6bbb4900573b33814c56702f828c0db8b9b3629bf145f0eedb81e8d6b2fad2e4fcd09c43f9d20dc571d34a56446102ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources.pak

Filesize
4.8MB

MD5
ab74478262c856d1e2595faa1802eb29

SHA1
bcc6b4f1ef7022ccc9d1d3912c9e388966611f49

SHA256
f9ae7dbe8191d943ddadf2cc113cdec83458665cef07cf8541009f82f9aa8e03

SHA512
b9e371d4afdab9eafa6447fc483de9a7a131badbe2e9d4756682ea8f518c08040441d30c8443152a05482088fdd42a4d1fcc6940532a996e81ee93e7931bf354

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar

Filesize
7.7MB

MD5
90c25e633c8cc4878ae12d5af0eb1ea8

SHA1
51a345c529c92ebce5015099dc70315a3172ca8b

SHA256
b95f811400bc1ef88081eb7c3bd904ead47175919e79318dfa6c2ae611b3b070

SHA512
0f330e3c8feeb7750ca37d226b2a6f9db436eb58f3225f8cb885b5d06689c75d426e207a3c4a7f1414a5fe05af6d893d61464c3038bac0c22163763f692d521c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\LICENSE

Filesize
1KB

MD5
b87aed05aac36b36d87be98309779793

SHA1
eeaf2430cbadd5b0c24d636725211ddd7d71c662

SHA256
68bad23b0c3035bfdb255406410d03097dc08b0f6d59f9858497d276cd953ddb

SHA512
acf7b4a93d590041dccc81c25246bcc50b20f48b3000e7790485db765b579bb64c5cd57ab4395ff09fefce0a974792163bd9f3da525b8de4af65ce15b8f28dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\api-type-definitions.js

Filesize
3KB

MD5
129e5004e0ed840ab3b24186cdd4f69b

SHA1
51f51579c886db83fe644ae2cac21703b5d0a54a

SHA256
a619729f84e068513ff1404465de35472ad41bd3b600633dc2f3174b477080c0

SHA512
f6be717157cd8ebf46d1a1ca5846c5e89ea2e5e391d858f9d1ad79540e4b269a1517f75542924793b8cf6c0488060ca128f5906e0204347b0117e0c7484d9320

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\index.js

Filesize
1KB

MD5
205563f976ffb7fd7c60fdccbd7794cb

SHA1
a9cbd89014771bd437ae84b743ce49fed48b86df

SHA256
b2735872b2a36b0b017b1a5fce226370d6836ec066316a0e559a2c118e0cfe49

SHA512
75ea5f90636a43ec56506cb732e4e7c4290cc8d9480adf97b6ddad2ab2efaf0dc19f5020e31fae44a2ae62e596ef8e34deb1481c9a33aa8d6e7d3651d90b9609

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\package.json

Filesize
1KB

MD5
8a4ecbdf0d7058f5ef4429104dd1759d

SHA1
d2d07582927f64747122d0d3abfc237e412495ee

SHA256
dfe0f59649ec2ab079e5f3e6925e96803541be5da2d5b71cab552edda5f4501a

SHA512
81f4a8145295e7ca33caa126a672a0c4b77d30ec43133a4dd94f3161d6b1a382d5fce0feba6ba8e9e2018f06e7461722aa9f25ebd9d9320a068c0c7ad4ed1de7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\helpers.js

Filesize
3KB

MD5
a5c7f3db1c46228f30018c2787572f74

SHA1
2c45d98220089aee6eae4674d7772fbeb1927f3a

SHA256
872ba81a1d5926e66a14423d4ff7b35e3642e01e400ee0959993a1bb479611fb

SHA512
30cf7ca7095a4fef898ac16d081c004ad2cbab3211cda1f418a8c5a683a2455fce36d900d1c8bf7e12d6636cc1d22dcc1f8646d14daec76706ec7a608d9757e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\library.js

Filesize
8KB

MD5
45bcb7f9665f0111f8947654e9097edf

SHA1
d98c686dbf437f02c79c9ad20dd1f2182adbd3a3

SHA256
ab50347312ed8b0e1f8998facc59620527a54dc80affbf2515dba109b00f88c9

SHA512
2b3a3c533b90016825c81a3dc9044fe6b8e83965deda674a3c3a894af7bfa0e2b72d6fc6188f682290642f690b25123aca5fd4126328f768b143d412f29b409e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\validation.js

Filesize
23KB

MD5
b3622888d64c18f4bc45fd57545f7011

SHA1
82220d864473a7c157e74a33fa58be817582e6f9

SHA256
0d5f434d82f6d2a1990fe475dc24bc42f1287b494869a3b39dfbee3c1d1fb1c6

SHA512
0e1ebdc4140070f86a5210461c2e425ec7423207e5c7eac4be2bd2524bfb7d217ab820dd3b58c67f7a8dc20779f0bb56f744848d43b18a4570df35b9ba5ca5be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar.unpacked\node_modules\create-desktop-shortcuts\src\windows.vbs

Filesize
1KB

MD5
b18daa53f25929438a549ef5cef114e1

SHA1
8d08853cb9286b6f6efb9e2a403bdd1a9a7bf5d8

SHA256
1529bc4babe8b8f81945ec965390fe68e1df8ed806b492e878e910b1ef4e71d7

SHA512
a53c251cbfd4a8dbe6e8cb6ccfcf2937fd2295a49a388f0db412f6cf5a87a05b33965350c55860f7e6f7768b1f14dad9710017e62feab8bc695aed12c445272d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\bin\node

Filesize
34B

MD5
c0d2abf7d3fd5f932c06adf2d80efdff

SHA1
54d79709bcdab7157cee429192158de6cfe6f635

SHA256
1ac4ed15b141fd4e8684a12aa79f3c446df0bf41c237b83825170508c8843cce

SHA512
0242391b5b671c7b0533fd819c8775a5a3a739012d685552d86ed284468e1b5e4c4834116beae80c919393d4242f7fad21006295714530c1a18420100e564954

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\bin\node.exe

Filesize
61.9MB

MD5
4d3cf169b7fcb516b9bbbfae4b5f7904

SHA1
48bd79ac312ec3252db3253ae062f7e52ea0b6dd

SHA256
220db920022714e6c132623edb8c1edaba46470e8189833a6c192e28a41b055f

SHA512
55565e1624b1d7300e25a838640a84548a68173a429be3c7c056e01df53e5006cb3b3705005d5254643fa1eea55b5d4bcada5c4bc5beeb9fff3f026fb1aae526

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\installArchSpecificPackage.js

Filesize
44B

MD5
c866a4c96aee99d0a42d8901ff6d4884

SHA1
185ceafd2e21a7b7f8c899767d1be1240a51ad38

SHA256
0cf2f8df7555a24f45bbfc8de7675867e00ecf6049582b3242aa62b3ac77e9ed

SHA512
9f2c9b47526589c59e9d4e1ae134ea620eb96c5ee8ff9484a7e3f71bccd9e3e3ddae71680b1a53f12d28030d453f4722531432080294ec85194af206a6215319

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\app.asar.unpacked\node_modules\node\package.json

Filesize
460B

MD5
b3669ef5330a4151f2640b4732048163

SHA1
3c8451d4d40db6a0ed8daab7d1f32ff1381416bc

SHA256
9e732c7553077105e7a2cd73124bd6fb890bffe2bd2ff620297f04a1ddf5a1d2

SHA512
142bc847988474406852cdd3dc9f648043bf7290ba9d41e694c45d39b0f767887c931d71d9e07ac8a3203c0e57a3c91a9b0b77103af07b09b69c5006e20b42bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\resources\elevate.exe

Filesize
127KB

MD5
41ab18902435bca98f8ad33695990365

SHA1
f840e1f29c48687777b996978f62b08b20fa3f79

SHA256
c90000ea659cef04795810e574eafd370f6a18b7b918724e9a416657ee3a6692

SHA512
d99fa89aa906b143f7168e0967ff91436e7c46ab55efc245fe3230652af27cb98fed7fc3fd904d7808eed7d510e433cc4aae7758399bd18ad2e49e99b17b637b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\snapshot_blob.bin

Filesize
342KB

MD5
c9ab741bbef53fa0e84952b8891a5f5a

SHA1
e2dcb8d034e07243537c86371de0c52bce62cee1

SHA256
4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4

SHA512
177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\swiftshader\libEGL.dll

Filesize
450KB

MD5
0494ae645d81023ed69bacf4a23f51ee

SHA1
ac7b51bc102ad7b3b408e4038f42ca74cb6e4a7c

SHA256
2316524c8da04a9f31c4ef811e35e9554178b123da7f682ccb6bfe396ee80662

SHA512
5dbebb4ac4d3cbce1deffe70b37d5a26ce1f85dcb07062af2ab2b5cfe1871afdcf4715112467623047bc7130d6a7fff1467980fe1ccaad601594aa7aa7471ce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\swiftshader\libGLESv2.dll

Filesize
3.0MB

MD5
d589cb3538a721a20a80566c37b91209

SHA1
db8a9af6baf3e7a7f45cf1aae294b3e12b147a3c

SHA256
d4594ce5f939924c05c1335908d8e60551bd7ec83170c387482ff8db3443b713

SHA512
09fa400e8a7caf9e1bcf4f8e2d6c9859047080b44d391a403879c4fed12a366a3bb72d9a273d805314286592dc0b253301e1ea91acec9643e330c6a01472c8df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\v8_context_snapshot.bin

Filesize
656KB

MD5
47014c0f81bad6d216c617c9c63bf040

SHA1
7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf

SHA256
e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178

SHA512
052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\vk_swiftshader.dll

Filesize
4.4MB

MD5
1886b79f3d4cc291a736f5c948072824

SHA1
d1a99e274ec6765c8ba4fa3dbb60ae17f33621c3

SHA256
f8c1143e5106e2e024c73f73f9d9a7759b60685e386bf402e1114dc53e642065

SHA512
14a2fc9cef4151a716f7c0e4237d00aa9303577278051ef71a1124b0a4b807c01f97ad7ec2c0a10c6543243c46a14e99408a082f0cd183022ff877f04910ef39

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\7z-out\vulkan-1.dll

Filesize
819KB

MD5
c3c954ddb80eccc79d893f0294f626a9

SHA1
08de93cea7a914d7e1967001b3d30c094a1e30eb

SHA256
115e837e4c2f0df5cbf527b4a9b8d1286a6508d1ccd124653b211ad394082fcd

SHA512
85ea828aaf5357ab46a94a2380496364a0a1d8c466a174eccb78c54356d206db9da46ac2117fd9b5f5925f8a94fccd65e001e119ae46e23f9dd4ab5b8cac4cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr42F2.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\com.torrent-launcher\logs\main.log

Filesize
3KB

MD5
19e0a666e458ef0106526253936b96f3

SHA1
f33c4d5b1597f1d8403f900de0843a7accedce58

SHA256
8ae8e9e5f3f6a1563d5b06c783afd697d80b300dc10027a4ae3bf1147adaf341

SHA512
76d4bcaacf2e80c1c8414ba0bbddce1d2adb53dc5141bdc2b52b5865a57368a3fae1342768c83c6c2be8e886b6276cf0ab884f6391cd1382f2ef19bc158fcb99

Download Submit
C:\Users\Admin\AppData\Roaming\com.torrent-launcher\logs\main.log

Filesize
4KB

MD5
558d93cfbedb0d792b649aacbbb1c326

SHA1
7c88827c7f4e7916fc7fd899521b20a468748f2e

SHA256
275403e56010582cf5ac8026cd7716f351c4aba45b0c7491bcc99c22486bb573

SHA512
ed5118685fed47e262c8fcce1548cd15a0c0d1e00b5f4f918f643b150bc07a223fb029ab8150d5716e1ed134f11ae48d714fc32e5c5001dc9f1cbf7fa50130a9

Download Submit
C:\Users\Admin\Desktop\Geometry Dash-Oyunindirvip\data0.exe

Filesize
2.9MB

MD5
59522f8e1aa57d3f726511ebe4e72f73

SHA1
225e6a641b4a34425b13babe75fd9ecacb090da0

SHA256
5cbfd89a9a2e0adc91aa497dc73be7f95a338a717791468963405ad8bca09521

SHA512
3ca8a2b0bcb98e450171ea9e8ca0caf9849b5167f079961c160836a4da3c4d4a2356eca5cf89f13a8d50fa7fa9b78c091dcfd45109c55771414eacce1080667c

Download Submit
C:\Users\Admin\ex-list

Filesize
3KB

MD5
83ca82d1ef424a937d2ed3a96888acfd

SHA1
1feb78e25d5652093d12b7f5579de4e0e7218d13

SHA256
b887852c5b4a46dbc135a6fd9f6dcae77896f27f3fa98fce84c9623557f4112d

SHA512
6abd1f2ae79fe6035d24875c53744484d059094154072cd8dae5a31603f97a6137cb8f5cdd63695fc742811ce25ec64ef78b649134915179bff932737c46ac2c

Download Submit
\??\pipe\LOCAL\crashpad_4624_MDJGCXGUCGURLWNV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1020-1584-0x00007FF8E2840000-0x00007FF8E2841000-memory.dmp

Filesize
4KB

Download
memory/1020-1849-0x000001F49C330000-0x000001F49C361000-memory.dmp

Filesize
196KB

Download
memory/1932-1876-0x0000000140000000-0x0000000140057000-memory.dmp

Filesize
348KB

Download
memory/1932-12596-0x0000000140000000-0x0000000140057000-memory.dmp

Filesize
348KB

Download
memory/4596-1606-0x0000000000400000-0x00000000004A7000-memory.dmp

Filesize
668KB

Download
memory/4596-1850-0x0000000000400000-0x00000000004A7000-memory.dmp

Filesize
668KB

Download
memory/4596-19796-0x0000000000400000-0x00000000004A7000-memory.dmp

Filesize
668KB

Download
memory/4996-1854-0x0000000005E50000-0x0000000005E5F000-memory.dmp

Filesize
60KB

Download
memory/4996-19794-0x0000000000400000-0x00000000005F3000-memory.dmp

Filesize
1.9MB

Download
memory/4996-19795-0x0000000073950000-0x0000000073961000-memory.dmp

Filesize
68KB

Download
memory/4996-14133-0x0000000000400000-0x00000000005F3000-memory.dmp

Filesize
1.9MB

Download
memory/4996-14158-0x0000000005E50000-0x0000000005E5F000-memory.dmp

Filesize
60KB

Download
memory/4996-14161-0x0000000061080000-0x0000000061112000-memory.dmp

Filesize
584KB

Download
memory/4996-14153-0x0000000002BD0000-0x0000000002C47000-memory.dmp

Filesize
476KB

Download
memory/4996-1873-0x00000000737D0000-0x00000000737D7000-memory.dmp

Filesize
28KB

Download
memory/4996-1852-0x0000000002BD0000-0x0000000002C47000-memory.dmp

Filesize
476KB

Download
memory/4996-1853-0x0000000073950000-0x0000000073961000-memory.dmp

Filesize
68KB

Download
memory/4996-1851-0x0000000000400000-0x00000000005F3000-memory.dmp

Filesize
1.9MB

Download
memory/4996-1843-0x0000000073950000-0x0000000073961000-memory.dmp

Filesize
68KB

Download
memory/4996-1840-0x0000000005E50000-0x0000000005E5F000-memory.dmp

Filesize
60KB

Download
memory/4996-1625-0x0000000002BD0000-0x0000000002C47000-memory.dmp

Filesize
476KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads