Malware Analysis Report

2025-01-22 09:10

Sample ID 240522-j6fllshd6v
Target https://www.mediafire.com/file/jix0dyorugc3rdb/Lyger.zip/file
Tags
redline discovery infostealer persistence spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/file/jix0dyorugc3rdb/Lyger.zip/file was found to be: Known bad.

Malicious Activity Summary

redline discovery infostealer persistence spyware

RedLine

RedLine payload

Downloads MZ/PE file

Registers COM server for autorun

Executes dropped EXE

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

Drops file in Program Files directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

NTFS ADS

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies registry class

Enumerates processes with tasklist

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Runs ping.exe

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 08:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 08:16

Reported

2024-05-22 08:50

Platform

win11-20240508-en

Max time kernel

1800s

Max time network

1449s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/jix0dyorugc3rdb/Lyger.zip/file

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2405-x64.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3180 set thread context of 4336 N/A C:\Users\Admin\AppData\Local\Temp\7zOCCB96F13\VortV2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ba.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\hi.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nb.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zCon.sfx C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\an.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\eu.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File created C:\Program Files (x86)\7-Zip\7z.sfx C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll.tmp2 C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\7zG.exe C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\History.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ro.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\sr-spc.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2405.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\lij.txt C:\Users\Admin\Downloads\7z2405.exe N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608396133983131" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2405.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2405.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2405.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2405.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2405.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2405.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2405.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2405.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{E4695574-CC8D-4382-B48A-D8B10B1429F5} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2405-x64.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0f000000010000002000000020d814fd5fc477ce74425e441d8f5b48d38db6f1dd119441bc35777689bd094c030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b0640200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e003000000000000b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900000020000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 140000000100000014000000f352eacf816860c1097c4b852f4332dd93eb5d4f0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b0640f000000010000002000000020d814fd5fc477ce74425e441d8f5b48d38db6f1dd119441bc35777689bd094c20000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 190000000100000010000000dbd91ea86008fd8536f2b37529666c7b0f000000010000002000000020d814fd5fc477ce74425e441d8f5b48d38db6f1dd119441bc35777689bd094c030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b0640200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e003000000000000b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079000000140000000100000014000000f352eacf816860c1097c4b852f4332dd93eb5d4f20000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 C:\Program Files (x86)\7-Zip\7zFM.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Temp\7zOCCB10833\AbondonedTapeV1.exe:Zone.Identifier C:\Program Files (x86)\7-Zip\7zFM.exe N/A
File opened for modification C:\Users\Admin\Downloads\Lyger.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 484002.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 456476.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2405-arm64.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 879946.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2405.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\a.htm:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2405-x64.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\7zOCCB96F13\VortV2.exe:Zone.Identifier C:\Program Files (x86)\7-Zip\7zFM.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\154300\Dos.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\154300\Dos.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\154300\Dos.pif N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5032 wrote to memory of 2520 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 2520 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 2996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 2996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5032 wrote to memory of 3604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/jix0dyorugc3rdb/Lyger.zip/file

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5b82ab58,0x7ffa5b82ab68,0x7ffa5b82ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2124 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3852 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4324 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4504 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4936 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5092 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5496 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5968 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6120 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6240 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5688 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6424 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6856 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6664 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6924 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6972 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7308 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7472 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7668 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7844 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7788 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8124 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8304 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8484 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7992 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8820 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9020 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9156 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9040 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9276 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9556 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9696 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9716 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9700 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10000 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10284 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10308 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10576 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10732 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10876 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=11024 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10896 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=11300 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=11448 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=11620 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11788 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10424 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=12152 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=12188 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=12324 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=12760 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=12720 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=12848 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=12068 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=6832 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=5472 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8760 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa478a3cb8,0x7ffa478a3cc8,0x7ffa478a3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:8

C:\Users\Admin\Downloads\7z2405-x64.exe

"C:\Users\Admin\Downloads\7z2405-x64.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2512 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10732 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9160 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3596 /prefetch:2

C:\Users\Admin\Downloads\7z2405-x64.exe

"C:\Users\Admin\Downloads\7z2405-x64.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=12596 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=11748 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6532 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=12696 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9228 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=12400 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4676 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12444 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12312 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10432 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13228 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-701.exe

"C:\Users\Admin\Downloads\winrar-x64-701.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6372 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,12999535802094689878,13677028612680023058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6572 /prefetch:8

C:\Users\Admin\Downloads\7z2405.exe

"C:\Users\Admin\Downloads\7z2405.exe"

C:\Users\Admin\Downloads\7z2405.exe

"C:\Users\Admin\Downloads\7z2405.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=9192 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=10772 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=12344 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=13192 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=5192 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6648 --field-trial-handle=1792,i,8083065243090347682,13142264767666755077,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D8

C:\Program Files (x86)\7-Zip\7z.exe

"C:\Program Files (x86)\7-Zip\7z.exe"

C:\Program Files (x86)\7-Zip\7z.exe

"C:\Program Files (x86)\7-Zip\7z.exe"

C:\Program Files (x86)\7-Zip\7z.exe

"C:\Program Files (x86)\7-Zip\7z.exe"

C:\Program Files (x86)\7-Zip\7z.exe

"C:\Program Files (x86)\7-Zip\7z.exe"

C:\Program Files (x86)\7-Zip\7zFM.exe

"C:\Program Files (x86)\7-Zip\7zFM.exe"

C:\Program Files (x86)\7-Zip\7zG.exe

"C:\Program Files (x86)\7-Zip\7zG.exe" a -i#7zMap15931:64:7zEvent16832 -ad -saa -- "C:\Users\Lyger"

C:\Program Files (x86)\7-Zip\7zG.exe

"C:\Program Files (x86)\7-Zip\7zG.exe" a -i#7zMap10096:64:7zEvent9501 -ad -saa -- "C:\Lyger"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\7zOCCB96F13\VortV2.exe

"C:\Users\Admin\AppData\Local\Temp\7zOCCB96F13\VortV2.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\7zOCCB10833\AbondonedTapeV1.exe

"C:\Users\Admin\AppData\Local\Temp\7zOCCB10833\AbondonedTapeV1.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Prev Prev.cmd & Prev.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 154300

C:\Windows\SysWOW64\findstr.exe

findstr /V "downtownipshangingretain" Versus

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Lodging + Troubleshooting + Belongs + Speed 154300\n

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\154300\Dos.pif

154300\Dos.pif 154300\n

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 104.16.113.74:443 www.mediafire.com udp
US 104.21.63.106:443 www.ezojs.com tcp
US 104.21.42.32:443 privacy.gatekeeperconsent.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
GB 18.154.84.124:443 cdn.amplitude.com tcp
GB 142.250.187.238:443 translate.google.com tcp
US 104.21.42.32:443 privacy.gatekeeperconsent.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
FR 15.188.219.54:443 g.ezoic.net tcp
US 104.21.87.79:443 g.ezodn.com tcp
US 104.21.87.79:443 g.ezodn.com tcp
US 104.21.87.79:443 g.ezodn.com tcp
US 104.26.3.173:443 www.mediafiredls.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 44.224.18.40:443 api.amplitude.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 104.21.87.79:443 g.ezodn.com udp
BE 74.125.133.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 54.219.188.15.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 173.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.187.196:443 www.google.com tcp
BE 74.125.133.154:443 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 104.21.87.79:443 bshr.ezodn.com tcp
IE 52.48.217.227:443 bcp.crwdcntrl.net tcp
GB 18.245.143.118:443 tags.crwdcntrl.net tcp
IE 52.17.55.191:443 ad.crwdcntrl.net tcp
US 104.21.87.79:443 bshr.ezodn.com udp
GB 142.250.187.202:443 translate-pa.googleapis.com udp
GB 142.250.187.238:443 consent.google.com udp
US 104.26.8.169:443 script.4dex.io tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 104.18.36.155:443 dsum-sec.casalemedia.com tcp
IE 54.228.103.145:443 ap.lijit.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
GB 108.138.217.61:443 hb.yellowblue.io tcp
FR 15.188.219.54:443 g.ezoic.net tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
IE 52.209.216.93:443 hb.minutemedia-prebid.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 18.245.254.89:443 cdn.prod.uidapi.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 23.227.151.242:443 ghb1.adtelligent.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 34.120.135.53:443 oajs.openx.net tcp
DE 162.19.138.118:443 id5-sync.com tcp
US 104.18.36.155:443 dsum-sec.casalemedia.com udp
DE 51.89.9.251:443 onetag-sys.com udp
US 34.120.135.53:443 oajs.openx.net udp
US 23.227.151.242:443 ghb1.adtelligent.com tcp
US 34.98.64.218:443 us-u.openx.net tcp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 89.254.245.18.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 93.216.209.52.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 209.31.22.104.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 242.151.227.23.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
GB 172.217.169.65:443 865ed80c53e78ce6dea211df294d79cb.safeframe.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 104.16.53.110:443 cdn.otnolatrnup.com udp
US 199.91.155.1:443 download2260.mediafire.com tcp
US 199.91.155.1:443 download2260.mediafire.com tcp
N/A 224.0.0.251:5353 udp
US 104.16.53.110:80 cdn.otnolatrnup.com tcp
US 104.16.53.110:80 cdn.otnolatrnup.com tcp
GB 142.250.180.10:443 translate-pa.googleapis.com udp
DE 79.127.216.47:443 c3.a-mo.net tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 52.223.40.198:443 data.adsrvr.org tcp
GB 18.165.227.106:443 woreppercomming.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
US 104.21.96.72:443 www.ovardu.com tcp
DE 52.59.177.93:443 www.opera.com tcp
IE 54.75.221.163:443 ce.lijit.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
GB 172.217.16.238:443 www.googleoptimize.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
DE 52.59.177.93:443 www.opera.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
DE 3.121.157.160:443 rtb.mfadsrvr.com tcp
SE 104.73.92.198:443 ads.pubmatic.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 185.89.210.244:443 secure.adnxs.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
DE 142.132.249.184:443 s.adtelligent.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 193.3.178.1:443 s.e-planning.net tcp
US 104.19.159.19:443 assets.a-mo.net tcp
US 104.17.43.93:443 gum.aidemsrv.com tcp
US 8.8.8.8:53 1.178.3.193.in-addr.arpa udp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
BE 2.21.18.175:443 eus.rubiconproject.com tcp
NL 81.17.55.108:443 ssbsync-global.smartadserver.com tcp
NL 2.18.121.26:443 player.aniview.com tcp
FR 217.182.178.228:443 ssbsync.smartadserver.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
DK 37.157.2.229:443 c1.adform.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 172.67.40.173:443 mwzeom.zeotap.com tcp
NL 193.3.178.4:443 u-ams03.e-planning.net tcp
US 34.98.64.218:443 eu-u.openx.net udp
US 3.210.83.218:443 cookies.nextmillmedia.com tcp
IE 52.94.223.167:443 aax-eu.amazon-adsystem.com tcp
GB 18.164.68.91:443 api-2-0.spot.im tcp
GB 185.83.71.234:443 sync.adtelligent.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 34.96.71.22:443 s.company-target.com tcp
US 8.8.8.8:53 166.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 79.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 93.43.17.104.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 131.151.46.52.in-addr.arpa udp
US 8.8.8.8:53 91.68.164.18.in-addr.arpa udp
US 8.8.8.8:53 167.223.94.52.in-addr.arpa udp
US 8.8.8.8:53 234.71.83.185.in-addr.arpa udp
US 8.8.8.8:53 218.83.210.3.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
FR 217.182.178.234:443 rtb-csync.smartadserver.com tcp
FR 217.182.178.234:443 rtb-csync.smartadserver.com tcp
DK 37.157.6.254:443 dmp.adform.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
IE 34.240.80.220:443 pr-bh.ybp.yahoo.com tcp
US 151.101.1.44:443 trc.taboola.com tcp
IE 34.250.160.0:443 pm.w55c.net tcp
NL 188.42.34.65:443 ads.betweendigital.com tcp
US 54.175.113.230:443 sync.srv.stackadapt.com tcp
DE 162.19.138.118:443 id5-sync.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
IE 34.241.112.102:443 match.prod.bidr.io tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 3.231.143.36:443 dmp.v.fwmrm.net tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 34.111.113.62:443 pixel.tapad.com tcp
NL 34.91.62.186:443 um.simpli.fi tcp
US 23.20.26.217:443 aorta.clickagy.com tcp
US 54.175.113.230:443 sync.srv.stackadapt.com tcp
GB 143.204.194.105:443 sync.serverbid.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
IE 34.241.112.102:443 match.prod.bidr.io tcp
US 64.74.236.255:443 b1sync.zemanta.com tcp
US 64.74.236.255:443 b1sync.zemanta.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 18.235.112.164:443 cs-server-s2s.yellowblue.io tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
IE 52.211.27.233:443 jadserve.postrelease.com tcp
US 192.132.33.67:443 bttrack.com tcp
US 69.173.146.5:443 pixel-us-east.rubiconproject.com tcp
GB 108.156.39.117:443 s.ad.smaato.net tcp
IE 52.94.223.167:443 aax-eu.amazon-adsystem.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
IE 54.194.31.123:443 dpm.demdex.net tcp
NL 89.149.192.74:443 sync.smartadserver.com tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
DE 3.78.95.215:443 aa.agkn.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
IE 52.212.221.115:443 obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
DK 37.157.2.230:443 cm.adform.net tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 230.113.175.54.in-addr.arpa udp
US 8.8.8.8:53 36.143.231.3.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 186.62.91.34.in-addr.arpa udp
US 8.8.8.8:53 105.194.204.143.in-addr.arpa udp
US 8.8.8.8:53 217.26.20.23.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 233.27.211.52.in-addr.arpa udp
US 8.8.8.8:53 117.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 134.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 164.112.235.18.in-addr.arpa udp
US 8.8.8.8:53 5.146.173.69.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 255.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 74.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 93.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 123.31.194.54.in-addr.arpa udp
US 8.8.8.8:53 215.95.78.3.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 115.221.212.52.in-addr.arpa udp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
DE 57.129.18.105:443 wt.rqtrk.eu tcp
NL 188.166.17.21:443 match.adsby.bidtheatre.com tcp
GB 185.64.190.81:443 image4.pubmatic.com tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
IE 52.48.56.87:443 ice.360yield.com tcp
DE 18.153.6.160:443 sonata-notifications.taptapnetworks.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 35.186.193.173:443 cm.ctnsnet.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
NL 35.214.131.164:443 csync.loopme.me tcp
SE 213.155.156.164:443 d5p.de17a.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
SE 213.155.156.164:443 d5p.de17a.com tcp
NL 35.214.131.164:443 csync.loopme.me tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
SI 195.5.165.20:443 core.iprom.net tcp
NL 64.158.223.137:443 pubmatic-match.dotomi.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
IE 54.217.19.5:443 cm.adgrx.com tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
FR 141.94.242.206:443 green.erne.co tcp
FR 141.94.171.214:443 pixel-eu.onaudience.com tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
US 8.2.110.33:443 us.shb-sync.com tcp
DE 52.57.150.20:443 ps.eyeota.net tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
GB 18.245.143.118:443 tags.crwdcntrl.net tcp
US 34.111.131.239:443 idsync.frontend.weborama.fr tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
FR 146.59.148.16:443 pixel-eu.onaudience.com tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
NL 46.228.164.13:443 d.turn.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
FR 54.36.150.182:443 cookie-matching.mediarithmics.com tcp
US 34.95.81.168:443 euexchangesync.digitaleast.mobi tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 34.111.113.62:443 pixel.tapad.com udp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
US 172.64.146.152:443 capi.connatix.com tcp
GB 99.84.9.86:443 live.primis.tech tcp
US 172.64.146.152:443 capi.connatix.com udp
DE 3.120.79.213:443 match.sharethrough.com tcp
NL 23.62.61.115:443 www.bing.com tcp
NL 23.62.61.152:443 r.bing.com tcp
NL 23.62.61.152:443 r.bing.com tcp
NL 23.62.61.179:443 www.bing.com tcp
NL 23.62.61.179:443 www.bing.com tcp
NL 40.126.32.68:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
NL 23.62.61.179:443 www.bing.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.178.14:443 google.com tcp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
FR 15.188.219.54:443 g.ezoic.net tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 34.37.6.135:443 e2c72.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gvt2.com tcp
US 192.178.49.163:443 beacons.gvt2.com udp
GB 142.250.178.14:443 google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.179.238:443 play.google.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.179.238:443 play.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 194.26.232.43:20746 tcp
US 8.8.8.8:53 43.232.26.194.in-addr.arpa udp
US 8.8.8.8:53 NhsARPFIUmxeOfvEaxRzO.NhsARPFIUmxeOfvEaxRzO udp
US 172.67.186.163:443 employeedscratshj.shop tcp
US 104.21.32.80:443 museumtespaceorsp.shop tcp
US 104.21.45.202:443 buttockdecarderwiso.shop tcp
US 8.8.8.8:53 averageaattractiionsl.shop udp
US 104.21.62.60:443 averageaattractiionsl.shop tcp
US 8.8.8.8:53 202.45.21.104.in-addr.arpa udp
US 8.8.8.8:53 80.32.21.104.in-addr.arpa udp
US 172.67.141.63:443 femininiespywageg.shop tcp
US 104.21.85.81:443 employhabragaomlsp.shop tcp
US 8.8.8.8:53 stalfbaclcalorieeis.shop udp
US 172.67.131.36:443 stalfbaclcalorieeis.shop tcp
US 8.8.8.8:53 civilianurinedtsraov.shop udp
US 172.67.197.146:443 civilianurinedtsraov.shop tcp
US 8.8.8.8:53 60.62.21.104.in-addr.arpa udp
US 8.8.8.8:53 63.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 36.131.67.172.in-addr.arpa udp
US 8.8.8.8:53 81.85.21.104.in-addr.arpa udp
US 172.67.146.92:443 roomabolishsnifftwk.shop tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp

Files

\??\pipe\crashpad_5032_TTIFJNPRBVQQWJUA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8e08098dbcf43a190ebd8d717fb39e1f
SHA1 eca297ef58b643b61ae55288b675ec3f91cbcf20
SHA256 6879d22d64832d080359c3ce73871deff52c003a6be9d36b425ae25104013655
SHA512 fa30e5eb305da5a52d3bf0599347f32bf5884e0c7514c4a4b0d88a58259a29be9316b25cc75ab5a9f04fbae59d644b7c8205c563f781fcca410e8231b5a191b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 efa556b3686b3ce19fbc804444dd8c6b
SHA1 1fbbf85c67469505812be57849d6b2af0010bfd9
SHA256 b76cef041a7a50fd1e26c170c02a6bf0c52d105bb048076c9a3933fb15cedc10
SHA512 3e754ab996b6b934e198cf3ace9ccfef790bfd8554f28951aa8e1f6a275bc1c02e9fac18be38b73982ba3b01d72892ac969109d1170e67613fb2cc7e7ae412f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e41848bcacf3f4858a80488d12a54209
SHA1 c1cc4734bfaeb47e9568aedc36dd70638ce0dbd0
SHA256 6acf89a8b1993e7bc3e841887af3d17a0bcd827df21750f0e306d9ff45b25aa2
SHA512 de6aa99a954748b8a97d003e5aa6ba573fe0a5734b56ada0fe087107306d2ab2a1967b3647f2e9fb5f311955b9f18714afe886e24e343747119b6cba34fbf2dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 28218d0dbd6955863ae306dd3af6123a
SHA1 3625cef58a442c0afa5ce9b6adc3005894680c0f
SHA256 4cfb159bafe6b0facf7e353c10c49de5acb9c4de71d2693ef060a0b5a7a7278c
SHA512 cac3470a175294932fa7f629074313ae11579a148b99090ae88980f0fb2c68a98d515bae8e13450bc8977ae387b797539d41350f1dc6a269bb0f43a64e5eccac

C:\Users\Admin\Downloads\Lyger.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b8704243d0002435d770799957530910
SHA1 c612492405a8d62f2182b8152aadf1670109da6c
SHA256 65bfa795e531ae836d8d82508867a97fb5646e9bfb03027d29fdff5fc1c26478
SHA512 edecc279db0461e6234a48ad41e0bfe03fa2c6072564aa81ab07d2706295ecfa4fa6d64f6bf3e85d6b1620c2f19ec1464cf5a871101ae03af7606d7c0035c4e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e6cc183faed5000a95cf7776a1ea6474
SHA1 f1de145ba7259aab442a6866e4c6724d4df5a28c
SHA256 f132e5adf83c2649b9b3ad6a80d73ac53aeab571af31665204b58ba1ceb4dd93
SHA512 fd72a4d89614b3739638375e4c44168b74d8b661c2c799cff2105106acc420c8edea173bde61f15e15bc2218550e2eb88cf58b90b50e50fbfd6d845d22b4717e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c1c7e2f451eb3836d23007799bc21d5f
SHA1 11a25f6055210aa7f99d77346b0d4f1dc123ce79
SHA256 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800
SHA512 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6876cbd342d4d6b236f44f52c50f780f
SHA1 a215cf6a499bfb67a3266d211844ec4c82128d83
SHA256 ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e
SHA512 dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab05569ae41754194801e54e19c94b8d
SHA1 5db99af305499f7ced4f9adc1313f1da38fa6be9
SHA256 2d33a0d2a53e639f2515d4934266360156bc9ea8ca60196ff2eb01cb08aaadab
SHA512 6eea2a75b2b6854b2e689304279298b3caa3327b9f868a8ab4ae769315cdb71d74267ca46cc6da371a96996733ac051209467db94785024b5c032066d651439e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7486172146a7998db29d87d6ca13a972
SHA1 a09500a07056c2ca1fcb7fb478af5c7e3f2cab76
SHA256 b2bcbf312b020c95a39d968da78f047e8898c968169338e0ac85afcf1c53a369
SHA512 6e60c73b4fb51a2002af7a7e3d6539c718176dbdc0cd7ea411635b18aac51dff78cb4310b062ce194457a5f54304763e1776cc280833e46c539a47cec4ec7986

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 19bd0e455df73780ace52a158eed249e
SHA1 d518e3b3f8f6d58c7993b3797f25b19603306c61
SHA256 b2b0e481b710d79c215a67ce062516f748a96b12b2f16c110570841381dd0e2d
SHA512 47b05b7de66552e4076877895ae7b07b1696976bec694c0ed04a605e73c82bdf2001a10f0c365d1e30f59ae1c1ac7fef860b2cb0564d4f898aa4d65163b5ab16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 cd1f47da2575e2b93805c9a5d289b995
SHA1 f4c2fd1e99bfb831523f36377559ccddf8cc8df3
SHA256 fa0b04f90f25bf3aecdb0ee74f5f76c4119adbb4a019fc3fb70bcb5b496b4ddc
SHA512 008ac0c1867d5990f647dc0fc8019939cb1cd3bdd89c9ed35c5d8494febc2f5aec7e4d3c07dd30bf77c62b560c79810f7132e49c03725f555643dde69ad67098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 d2d55f8057f8b03c94a81f3839b348b9
SHA1 37c399584539734ff679e3c66309498c8b2dd4d9
SHA256 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA512 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 153d9573f0f824b040ac13793d95e406
SHA1 f8a73c205962012c4fa5b93ccbc77d7b1be3b5d8
SHA256 c70c12b65715e837682baf0eea8ff99a7531d9036b0b5a9d640def85df92d016
SHA512 5e0f64f8d333be4fff5b869952fe18f3189d6af97bfce10aad8acae96153b790108351083f1b80c40d76cebdca35e5d7e0f3371c588a02c74e6ea0055a3d2b20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 276cbe0e423c1afc94d3257b0fa0cce1
SHA1 2ddc36b6c8c579a6c8faeae11ab498915aa15077
SHA256 85e508215d0527008615f03ec83fe74fb8ccec00353402c6369f319ac65ef9ad
SHA512 dcbd0415ffa118170ec211c0c8f01f37f6a839d6c2a4bec151135ca355d73fd178b9ce0d8ebd51039e117f1ddaff6ff362452117dbcd07f7434fc9eebb63b6c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0040324bb336d5f5b10e77eb680e6262
SHA1 e5e4d11f9980bd5c19cd349980720ecc457027a5
SHA256 63be9fc6424302ec96a45601b042aadef7e065296bf7b560fd7aa83a305aeedb
SHA512 f65c0931589c98dc8736348627d8aa088891eef161f69d8d9b0ae014a6b4162dee0b8edd378f4733838f51ab1f56dec68c8a4a8044aed18b96a6a1dd38059e6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f03562cec35e4f166b399aeb3312ce3a
SHA1 dde758ddab2d53aedbfc221c304070c08ec44942
SHA256 9fca12457de23a43ffe0f7fcce49180a2e3a0a715ac561b9b87113373e6c3fca
SHA512 19deee675e280c54a3ef1109f6fa29126975d746654f6d37709132e84341d6455bb6aa77d89ff8963ff9a808836f3abb448289215b2b8637a97848749a848482

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 cf989be758e8dab43e0a5bc0798c71e0
SHA1 97537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256 beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512 f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 3cd0f2f60ab620c7be0c2c3dbf2cda97
SHA1 47fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA256 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512 ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 616ef3e3e66cb008187da4343d3a26ed
SHA1 d550ab450a731bbf9870edcb1397ad07cf899176
SHA256 6d7176b5afb6c5c3e3007da3ee5ed48a6b3d73a183fee79ed17fb07801012a8b
SHA512 4c3935cea6bf09f1f996e72f0f2fa8c55914b5b4112076236dcb9962745694791af3554fc3140afc9a3bad62cb5554992967081a1d7fbc5635356d04da2c043a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584fd1.TMP

MD5 2c66967e719fb4bf7871b3bee22a73e7
SHA1 98f115804990fe3ec735f11b37f30e32cdf9bacc
SHA256 cee195237847d0f9a070df87b30ea7110ff4d19a9cfa7c91e10f83fde86a40dd
SHA512 a340d0fa5530c2e8f40e30178e88f10a95dd7cbc330f80cadefc9b4b68eb48c5ec8d763585f8242c71dc92f82bb2cee00e9a972722f6715af8713d69233b5daa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab294228dc9b765385a0d86713251ccc
SHA1 927bbb5a752724985902d288822179442671346e
SHA256 71d8a090ae56bede68433956dc3908b7ca61c12652e8679ca638cb5ee32a34f2
SHA512 aa7e1db2e43c060e3e65cb2a4479896fd93c248a3342b6b0619eb3e52fcd03774b9d222df14a27460fdd9e4c0eb5abed35ad37f4ee01013c12cd17e3a035fe16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 546f9b13602610810ca7afa99969134b
SHA1 f668853ad177b00368bb2a71227fd94796067bad
SHA256 c061d01851dc8a95b32d2dce390d0a04a2afb2c798a5f022be56e5c947026099
SHA512 97bd4cf5e8748ef39c7254ea98fc3de852b6ee020210c5cd9271cdebb7b506bf45deed6e22cb6b2f6c3c4eefa8422c7bff01b53a82c37cbb4fde02a4f550d5c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 544617e70bd50dfa7760555cb410647a
SHA1 6af9f3be10972213b21b56c38c98ba74c5e41dd2
SHA256 f4af2cd2adc6ed057c4906360e78801ac5ffddd8bbf6d35bff873b3adf1e7a7b
SHA512 ba5e3225cc51f689ae1f08ea04530612f8d11cc8e0ad8474ce80bea9e266fdda7573a02b7122baad238c509223600f0ade91887fb089a5dce2b6f2cf89ae4627

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7a1a3b0eb21e5344097a41d847344066
SHA1 41b09bdaeaaccc6e422deee610118c4b688409fb
SHA256 d0fc1ff3063dc6603ca3fb5249b119a3789f33a89c64fe09d05b678b934c99e0
SHA512 f732af6354a020e58b5a07136175f6ef48161f8a562c0d9f64b6f21b20ad48708d641f4283664d98c3a48c94d7b252634b9d5c21bdfe93b5ffd594642a852874

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f44269c06c4ba3d301488dc1665d3f0d
SHA1 e725063a337c7cbf5eb6d45342a9788ff0a1c5cd
SHA256 657d728a0e498e928694c0a5e6eb35803be35866fc3acb253941463cc7a841ac
SHA512 63082560cb75ac13de187fadc88387f56829edaa34c5ef099e8c2775b266274c5e8c2380064b9f3fdcc59fb1c7e06cf96040f9e26f0791c01f3f7bc8fde9c7f8

C:\Users\Admin\Downloads\7z2405-x64.exe

MD5 c73433dd532d445d099385865f62148b
SHA1 4723c45f297cc8075eac69d2ef94e7e131d3a734
SHA256 12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9
SHA512 1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ac636403dac0428bb37ad7a8d0fdcd40
SHA1 4f220a3fa256f8b6a3cab15de49fa422b0156080
SHA256 aaa4f74b3937d01e1deac9b84104072f2d472cce2ca3bd5e3866887c3d94d492
SHA512 93dd27c128fe60a691c271d111663c395953a45d5f7d2018c49c84b3f0a72290da9bcdcb4075d31c67853e0d8f67bb2c388541ab1d6b6addaeed29b94aca3f81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bf3e3ad54bb4341147173f47cc981fb1
SHA1 0bdd2f95a9e14229702d0a2b60e42ac4b2987e0f
SHA256 d6961f057bdc82409641716a1d03b4cdaae5ec96ecf9e1d00d2be3237c4d2e21
SHA512 503f162ef89c1cd833b648a35f28b3ab60f17bf9c4dacd00dc1701607486f9357c7bd419267ded18f6323b0d35850292027293cedf07875b89cbf9ccb545b077

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 eb33e614a48ee55255a6f2fa6854d10a
SHA1 0db9b54058ec7e0db77a8b88dfe127802e102b99
SHA256 63101ebdc1010e971c9727a4641f87cfcb8920244c113c893716186a2778c0f7
SHA512 391fcd5d1e8200aa1784364f5ddb4a0191477173fda34da2f862c5df856e66d04b9c17df306cd406ad93ce9424dbe22ed03d9a9e3fa0def247d4298721da0142

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 46ef816152bc7e4585475f9846115fdc
SHA1 3dcc22385b71e147dd00436b67dbfb6f1f5ad002
SHA256 4213bcf6e00a707afe2408f42136232709ec99c09da49a881705b71d520f6855
SHA512 c9daf174a1dfb58404af24711e2777eb610294de36aa3bac6168689ba37cb82ce282006d97bb4732bedd5f96a3b5c222853412540bdefc00e844b305a26fe5f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59712f.TMP

MD5 bf855fa394244a6e35e202c5f7c8150c
SHA1 3a262692e62dcca00c8b5336ed07342f383b141f
SHA256 09c030bbc64ce8c7882f727a21a368ccc62473c4500753f850c6c53f90481dd2
SHA512 6d2a395f468a792eff6c384d901a4273acff3def5162d48b4286125a40d39f7b3fe87d5fa8f214e186a44ed21b0d0ec3647b11b6189fb89443d2c0c364c4ec49

C:\Program Files\7-Zip\7-zip.chm

MD5 f6d464ca296e94e3f79d0770e8d3e6f0
SHA1 fcf6869a2f663f9f799ec62922d433b4a4d0eff7
SHA256 344ca6be6922c6122b2bf0fabd0f7902771de845f5c4a4f5a003f47f2e49f8d2
SHA512 2e4e6ee2a17e87ddf52ebb1c94e900ef88a89e85611bbb442268bb3a81b873a9eaa8b976751f8e2434047140a5ff952f975d36d655ba8d3b190c647ec8a6fc66

C:\Program Files\7-Zip\7zFM.exe

MD5 b161d842906239bf2f32ad158bea57f1
SHA1 4a125d6cbeae9658e862c637aba8f8b9f3bf5cf7
SHA256 3345c48505e0906f1352499ba7cbd439ac0c509a33f04c7d678e2c960c8b9f03
SHA512 0d14c75c8e80af8246ddf122052190f5ffb1f81ffd5b752990747b7efcb566b49842219d9b26df9dbe267c9a3876d7b60158c9f08d295d0926b60dbbebc1fa3c

C:\Program Files\7-Zip\7-zip.dll.tmp2

MD5 3428b9967f63c00213d6dbdb27973996
SHA1 1cf56abc2e0b71f5a927ea230c8cca073d20fc97
SHA256 56008756553ea5876fb8aad98f6f5dbca1ba14c5e53f4fa9ec318e355e146a7e
SHA512 b876b39d030818ce7879eb9bb5ff4375712cf145b7457a815880bf010215bd9dcde539e7d0877c56558e0d23a310bc75bfb9d315f9966cbda4ae02a7821980cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9fb8e13574e78f7cbf509842e7c0b64f
SHA1 700b65cb21108f2e971d1417020872745e7ad6a0
SHA256 58dc327f6694f158cbb3dfe608bd4ecc0b107ac4b4ac6a1e994b3e85097446f1
SHA512 d699b04425f8d11f36b0c10229d2a31d533f51b6d8762323a5bb80d73e0d882c0c956d3d686e21642e4ab1e9a8e0e6ce98904660fd322354d06e2555a12df8d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2076600bf8e0d3b36e1c4fdae8417235
SHA1 97788bbdd51e9056c1e58c33f927ea50372df715
SHA256 bb4c225054125b2fbb15041d82ed1538ec812ca4009bea349de1162a6e118c2c
SHA512 0a7c0fbade8cbe639d969fa4b9e43ed0b4cdeefde1e7411684f43b3f231da31c7be367b50a880dd49e5230f6ea39d7b5404212a4f1c1549c00efc2a2945d43a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7e716c75977bda08cf0943ac484906d3
SHA1 b4aa97d2bff8d99d7ee99141e7e664153e733a05
SHA256 3f50900b67222e15869c338cc0ae265a0f5d64f1c793cdd76c1e4492aff1c98c
SHA512 e185bee1cd399edd0457a82f931efe1caaa9ba495a39a5b4a1b4e74de514194968b5331dbdf758d233795a35948f1ab5ce20d26458c054d1d3cb3f3ac858bb0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0e64364580453a63dedd838c45174e40
SHA1 4944b13bd3934dc8580cdbd190402036ceafa3a0
SHA256 cccfe509de3fe6b11342f465089b3d6119616c76af93e0a027fbf05004da6f49
SHA512 493dc26f69834ec8746d330d66f6c63d29d9f26e1320c1e828e7d87ad2e7fde950cf68ba0934fc6af1cf8a8f9aac017df2d53ebaf123fa5d789233d9b196f17d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c4e1dbf176ed7a1eabc98c6e8a1b412f
SHA1 39738ac2347db0fdd59e8feb47d85ac7c93e79fc
SHA256 fe1dc7c6792724bb18ab9e966da8da011f2d12c019eac037897c71df4f3ffda5
SHA512 87c532793931581df7f37624094beb602c313b6a0c355fc45c9ab13cdb984420028744f7ba9af9a7c9d0aed31130d56a0d847be1072e57465b721d044a2df16a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 5b50e551c2e03848db18e6c33a3014b5
SHA1 2655c35694a67fad040576aa503e6902810fa6e9
SHA256 c9eaef8f87036b0756ef132eb8bff36aae7d4d16a77a88685e541a6d6b45e755
SHA512 63ef7845f23ab747eff93aa63d468f76c8763c64c6e7447c325d59f142ce22f9b53f9c182516d103a9694f7aa0273cd770a908f18383c784fefb6520f37707af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de73927079a381bf99758655d90a1b19
SHA1 5a40fded14781fa69a41647ea378c2ac9567552f
SHA256 84f7e9fea215538a7d8da1b76ac9ace566f84a72d2617d1dd6d397acc43321a0
SHA512 198df3338140cfb388e58fd565e2ecc672085eb81b15a8a5f75589cfc7420cbcda3916bd869def912068d96c222895fbc91c5e086795918d78771394c1955978

C:\Users\Admin\Downloads\7z2405-arm64.exe

MD5 03fb368db41e4567ab099fb3885f1d1f
SHA1 847910a1bcf09943393286dfe8d394a1ce2326f1
SHA256 40f19d312dd3df245b3d319ef8a2deed354710ca69f7cd109db458b1c42259f2
SHA512 f0ac5e5022ba755f26be1a2b11123d4c3708b8c48d3f3c9af06b68c918e6a32c07dc59cab785f3d26b7bca1f22fdd0f2a7b97143c44b6d5f6c0f0b7915bd8df0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 674dab234dd43a7073faf79162776eaa
SHA1 97fa644c8f7a2782e21bb4e956a6c245b67ee152
SHA256 f971c67ab7c3bf6c454a485b0980ea43ed767c5b0889ea8bac6b13a39d4ca08b
SHA512 e45e2ed0f54839dbab4591ea8e9e874480f9a89e3042664ef957cc2994c00202744ab0befc7dbcbfa21e470a0b65b533bbaf8c0dd00512328a79c3cfa8d23974

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c266cf9bb703cde7dcb1d7de7f60d4a
SHA1 027b658c25231caeb2f5b029d0fedad27d47ffd5
SHA256 be6d7e075494249846a1002dba1d121e57c2036b24904dade900339682368c16
SHA512 2d469cdcf8eb484d81ea9d88603aaaef4a06c72add2505fc72a81ea216998c7d27ab02c43e6a525e0e449f636604435c7e4ed115d83172bd6dc58d2b8d13dd15

C:\Users\Admin\Downloads\Unconfirmed 879946.crdownload

MD5 69dae4e2aecbff04270d79d404e21b49
SHA1 8d6f4a3d2e974f17d58cc81cc5f41aa2ba068304
SHA256 3194526f123508f9fa56c66e767738e2648fd491c44531af28323a126a679c5d
SHA512 31b5aba01fbcdec9398fe3f05298a8925dd91784b5add1c2a696398d50417437d90b2aed583daf2a44ebad48c18bb424174862c9be5d88c79387ff6d3e693a68

C:\Program Files (x86)\7-Zip\History.txt

MD5 1feef6bc069440e729bc2b12ee465fc4
SHA1 7f42777076c1d55e13552d421b48fd6f1588b561
SHA256 2bd2b5a99376b37e9ff92b6871cc3540b14fc6e5973979e9425aa8d78f300015
SHA512 6a250716c7a7cb73bc9378251202476f1d8cb84c9f058f7d863545749e16a3f70c0b2ece4d3eb052624d619c6da1c53bc3d1c31652176b0e9461e813669e562d

C:\Program Files (x86)\7-Zip\Lang\be.txt

MD5 b1dd654e9d8c8c1b001f7b3a15d7b5d3
SHA1 5a933ae8204163c90c00d97ba0c589f4d9f3f532
SHA256 32071222af04465a3d98bb30e253579aa4beceaeb6b21ac7c15b25f46620bf30
SHA512 0137900aeb21f53e4af4027ea15eed7696ed0156577fe6194c2b2097f5fb9d201e7e9d52a51a26ae9a426f8137692154d80676f8705f335fed9ae7e0e1d0a10e

C:\Program Files (x86)\7-Zip\Lang\bn.txt

MD5 771c8b73a374cb30df4df682d9c40edf
SHA1 46aa892c3553bddc159a2c470bd317d1f7b8af2a
SHA256 3f55b2ec5033c39c159593c6f5ece667b92f32938b38fcaf58b4b2a98176c1fc
SHA512 8dcc9cc13322c4504ee49111e1f674809892900709290e58a4e219053b1f78747780e1266e1f4128c0c526c8c37b1a5d1a452eefba2890e3a5190eebe30657ba

C:\Program Files (x86)\7-Zip\Lang\bg.txt

MD5 2d0c8197d84a083ef904f8f5608afe46
SHA1 5ae918d2bb3e9337538ef204342c5a1d690c7b02
SHA256 62c6f410d011a109abecb79caa24d8aeb98b0046d329d611a4d07e66460eef3f
SHA512 3243d24bc9fdb59e1964e4be353c10b6e9d4229ef903a5ace9c0cb6e1689403173b11db022ca2244c1ef0f568be95f21915083a8c5b016f07752026d332878a4

C:\Program Files (x86)\7-Zip\Lang\ba.txt

MD5 387ff78cf5f524fc44640f3025746145
SHA1 8480e549d00003de262b54bc342af66049c43d3b
SHA256 8a85c3fcb5f81157490971ee4f5e6b9e4f80be69a802ebed04e6724ce859713f
SHA512 7851633ee62c00fa2c68f6f59220a836307e6dde37eae5e5dca3ca254d167e305fe1eb342f93112032dadafe9e9608c97036ac489761f7bdc776a98337152344

C:\Program Files (x86)\7-Zip\Lang\az.txt

MD5 3c297fbe9b1ed5582beabfc112b55523
SHA1 c605c20acf399a90ac9937935b4dbdb64fad9c9f
SHA256 055ec86aed86abbdbd52d8e99fec6e868d073a6df92c60225add16676994c314
SHA512 417984a749471770157c44737ee76bfd3655ef855956be797433dadc2a71e12359454cc817b5c31c6af811067d658429a8706e15625bf4ca9f0db7586f0ae183

C:\Program Files (x86)\7-Zip\Lang\ast.txt

MD5 1cf6411ff9154a34afb512901ba3ee02
SHA1 958f7ff322475f16ca44728349934bc2f7309423
SHA256 f5f2174daf36e65790c7f0e9a4496b12e14816dad2ee5b1d48a52307076be35f
SHA512 b554c1ab165a6344982533cceed316d7f73b5b94ce483b5dc6fb1f492c6b1914773027d31c35d60ab9408669520ea0785dc0d934d3b2eb4d78570ff7ccbfcf9c

C:\Program Files (x86)\7-Zip\Lang\ar.txt

MD5 5747381dc970306051432b18fb2236f2
SHA1 20c65850073308e498b63e5937af68b2e21c66f3
SHA256 85a26c7b59d6d9932f71518ccd03eceeba42043cb1707719b72bfc348c1c1d72
SHA512 3306e15b2c9bb2751b626f6f726de0bcafdc41487ba11fabfcef0a6a798572b29f2ee95384ff347b3b83b310444aaeec23e12bb3ddd7567222a0dd275b0180ff

C:\Program Files (x86)\7-Zip\Lang\an.txt

MD5 f16218139e027338a16c3199091d0600
SHA1 da48140a4c033eea217e97118f595394195a15d5
SHA256 3ab9f7aacd38c4cde814f86bc37eec2b9df8d0dddb95fc1d09a5f5bcb11f0eeb
SHA512 b2e99d70d1a7a2a1bfa2ffb61f3ca2d1b18591c4707e4c6c5efb9becdd205d646b3baa0e8cbd28ce297d7830d3dfb8f737266c66e53a83bdbe58b117f8e3ae14

C:\Program Files (x86)\7-Zip\Lang\af.txt

MD5 df216fae5b13d3c3afe87e405fd34b97
SHA1 787ccb4e18fc2f12a6528adbb7d428397fc4678a
SHA256 9cf684ea88ea5a479f510750e4089aee60bbb2452aa85285312bafcc02c10a34
SHA512 a6eee3d60b88f9676200b40ca9c44cc4e64cf555d9b8788d4fde05e05b8ca5da1d2c7a72114a18358829858d10f2beff094afd3bc12b370460800040537cff68

C:\Program Files (x86)\7-Zip\descript.ion

MD5 eb7e322bdc62614e49ded60e0fb23845
SHA1 1bb477811ecdb01457790c46217b61cb53153b75
SHA256 1da513f5a4e8018b9ae143884eb3eaf72454b606fd51f2401b7cfd9be4dbbf4f
SHA512 8160b581a3f237d87e664d93310f5e85a42df793b3e22390093f9fb9a0a39950be6df2a713b55259fce5d5411d0499886a8039288d9481b4095fabadddbebb60

C:\Program Files (x86)\7-Zip\Lang\br.txt

MD5 07504a4edab058c2f67c8bcb95c605dd
SHA1 3e2ae05865fb474f10b396bfefd453c074f822fa
SHA256 432bdb3eaa9953b084ee14eee8fe0abbc1b384cbdd984ccf35f0415d45aabba8
SHA512 b3f54d695c2a12e97c93af4df09ce1800b49e40302bec7071a151f13866edfdfafc56f70de07686650a46a8664608d8d3ea38c2939f2f1630ce0bf968d669ccc

C:\Program Files (x86)\7-Zip\Lang\ca.txt

MD5 264fb4b86bcfb77de221e063beebd832
SHA1 a2eb0a43ea4002c2d8b5817a207eb24296336a20
SHA256 07b5c0ac13d62882bf59db528168b6f0ffdf921d5442fae46319e84c90be3203
SHA512 8d1a73e902c50fd390b9372483ebd2ec58d588bacf0a3b8c8b9474657c67705b6a284bb16bba4326d314c7a3cc11caf320da38d5acb42e685ed2f8a8b6f411f4

C:\Program Files (x86)\7-Zip\Lang\co.txt

MD5 de64842f09051e3af6792930a0456b16
SHA1 498b92a35f2a14101183ebe8a22c381610794465
SHA256 dcfb95b47a4435eb7504b804da47302d8a62bbe450dadf1a34baea51c7f60c77
SHA512 5dabeed739a753fd20807400dfc84f7bf1eb544704660a74afcf4e0205b7c71f1ddcf9f79ac2f7b63579735a38e224685b0125c49568cbde2d9d6add4c7d0ed8

C:\Program Files (x86)\7-Zip\Lang\he.txt

MD5 0771f160d56b1890a1cdc2ca040d2616
SHA1 36e69202682bf6993273b521424ec082998f6ca9
SHA256 03b4ea89cce3aa4193a7e3e1e6180dab8359388df3b574379935ea39d7b8d723
SHA512 b452c75292c7d365aa5759fb3f49de674255e839caa687436474b782f615b2ad86a11a58809a5bb60115b070c9b738a461db24e70502598a3bfeccf373220dbb

C:\Program Files (x86)\7-Zip\Lang\hu.txt

MD5 a5e899ee18c546e3080d10bcf60aaca3
SHA1 18d4f8f22325ed0d646cfc0aedf76a2e0e753c40
SHA256 486f622e2ed81e2110b7c2a2a53809c46c86b6712e2c58b1e1b6c0b65a4e429e
SHA512 6dcff6573196bb2fdb69c1e190979926f8907708788d0d810d685e281faaa33d8f21f0b850a26bd062206ae234e513f30656a7d2ea8a4d54bbc1e7748482b4b4

C:\Program Files (x86)\7-Zip\Lang\hr.txt

MD5 9d8216183493ac2190a4d6e142ecab9a
SHA1 e534ebb714dbae2a9e12accbe96c6f2568b814c4
SHA256 210af273246d30cfde87295cd5f4ff135b0bdfb04fe7173bb60f935e685b8e10
SHA512 5b56560ad70652c9c6287f939b25676d8149c000c2388365197354dbe38c5cba5c25f0a3a529f0601a5b5d964b7278ab3a668e8469cf0ec718821fdabcf044bc

C:\Program Files (x86)\7-Zip\Lang\hi.txt

MD5 18d9c82f12e07b71e03d6086deba0dc3
SHA1 c6c11c6f1fc00a25dd53e1c78f207f6c8c8b8b13
SHA256 5f79ae167a917860f95f73e5ed007fe250f30af794bcfce17941f9ef87d22a05
SHA512 196a859d52a1a742b98460eaf113552dce2cfc63378b19d2902beabc1e66cbd9e26bf37fc26453832aa10929aaf0196ed9211332e63c830b0e5946013c82bdc1

C:\Program Files (x86)\7-Zip\Lang\gu.txt

MD5 93cdc8832328a22e198920630d597268
SHA1 315e5b1c77fb4e2d0c3cc1f48b6db4c79ce9488a
SHA256 c6e54e2a93b821bc974209cd7e2d10e9fbc4ff07d238ae84f552e4ade271702c
SHA512 e8355a42f3a3b5f21d5d4c7a21324433c997ad39412b3bcdcf26edbd5ef882179168b2b5618f9fe631b88407608ab1a83bf139db05c09b608fddf01694b710df

C:\Program Files (x86)\7-Zip\Lang\gl.txt

MD5 6cd7c2b4d6bba163b1623035feb4297d
SHA1 5df07bcfd1edbd448b566aea5789ef251303de69
SHA256 9280ab90261b0c8f206eef7196d7531e4e4932c9174ab899cee4f8ed97cc87c6
SHA512 7ed13085ebc2545b434f5671f958f7a5faa1bc29f7c10721a972afd2c886fc39f0a6e290e70f1f8ea798199ca26974257eaf9b8445652c9b02c789e198191a3e

C:\Program Files (x86)\7-Zip\Lang\ga.txt

MD5 236cfc435288002763c68c4bbee7b39d
SHA1 e74a2402c2cb744dbed8ac1c2154fb1de38148f9
SHA256 b18730124208d26e5e88b76bb99985bf61938d7a994b626b2de5230557d2d8dd
SHA512 fa6941594454cda55e081f15f367f430559849d218895b0b157a2204e8b30ae95db99c62981a9c30a152a63d1bdb8edd975bf06ee5adf1f31b42a2c10cf11580

C:\Program Files (x86)\7-Zip\Lang\fy.txt

MD5 03d38f09189799a0d927727d071c54b6
SHA1 17ff3a2c83e6a0b0733f2a9a8ce6b83af4f1b137
SHA256 c1c050ed6fe2f8fbc048fd7d82944b8ada784415b6e62316d590c3c7aa45e112
SHA512 e511c1a271a3d78cb7f6111759eec4d7cfc2d46f71f87aa3c4ac1bb11cd4e55e7d4dbe54f9c5107025ffe8c5fcadad4359dc673bc802b82388e74a8f2fa60ff7

C:\Program Files (x86)\7-Zip\Lang\hy.txt

MD5 fe73c2aacf07d5120aedd08792cb8268
SHA1 2c6e7d2ff42c5f65ef5f4c27600819354caa03b0
SHA256 91aac9368bd116ab11fda0b70ee4d75911a65713a272a3ba55d1435c33250f5a
SHA512 79dbd84fe71888b7c9fdbcd23f2d4735f731e3c2c7724fbd531c3ca531b1992e756b13b66889af30ec46770d350fcfaef2d7abe607594a2b4b92f60ed326d537

C:\Program Files (x86)\7-Zip\Lang\id.txt

MD5 ba3591ccf26438cbe93e9c1d56bd1818
SHA1 758619a702d5a0794e4412aa6ae93fc46ea3dfb9
SHA256 90308689870ad079e1206a877157f7389bc4351a6b104ffa2bd9311409d6d92d
SHA512 2e9066bd733caaa9cedde2346be543d4360bd796e01bcb669602c9e6450ca5a2718cb67613469c11a4d2aa8c458d7fe9c59ab8eb9bde39846c195ce2cc22686b

C:\Program Files (x86)\7-Zip\Lang\fur.txt

MD5 06b08fe12c0f075d317cf9a2a1dd96bc
SHA1 0062ba87b9207536b9088e94505d765268069f63
SHA256 6ba88938c468e7217bd300b607d7a730530e63d1f97562604ec0bb00d66a06c9
SHA512 9f9fb1c045d92c1f8035d547554457e3466ae861a04f1cd3f57965e4a92f0fc433b2a7b3e9e1e71588e97f8c73d5914a750deded5d3056e327d7efe19a220198

C:\Program Files (x86)\7-Zip\Lang\fr.txt

MD5 a49801879184c9200b408375fc4408d7
SHA1 763231bd9b883692c0e5127207cbfc6a2a29bc7d
SHA256 397a3af716eb7f0084f3aa04ad36eab82aab881589a359e7d6d4be673e1789a8
SHA512 f408203907594afa116a2003d0b65d77c9bca47663f7f6b26e9158b91dad40569e92851bf788a39105298561f854264a8dc57611637745e04e68585b837702f2

C:\Program Files (x86)\7-Zip\Lang\fi.txt

MD5 a04b6a55f112679c7004226b6298f885
SHA1 06c2377ac6a288fe9edd42df0c52f63dce968312
SHA256 12cc4a2cef76045e07dafc7aec7cf6f16a646c0bb80873ec89a5ae0b4844443b
SHA512 88c7ed08b35558d6d2cd8713b5d045fba366010b8c7a4a7e315c0073cd510d3da41b0438f277d2e0e9043b6fcb87e8417eb5698ab18b3c3d24be7ff64b038e38

C:\Program Files (x86)\7-Zip\Lang\fa.txt

MD5 741e0235c771e803c1b2a0b0549eac9d
SHA1 7839ae307e2690721ad11143e076c77d3b699a3c
SHA256 657f2aceb60d557f907603568b0096f9d94143ff5a624262bbfeb019d45d06d7
SHA512 f8662732464fa6a20f35edcce066048a6ba6811f5e56e9ca3d9aa0d198fc9517642b4f659a46d8cb8c87e890adc055433fa71380fb50189bc103d7fbb87e0be5

C:\Program Files (x86)\7-Zip\Lang\ext.txt

MD5 459b9c72a423304ffbc7901f81588337
SHA1 0ba0a0d9668c53f0184c99e9580b90ff308d79be
SHA256 8075fd31b4ebb54603f69abb59d383dcef2f5b66a9f63bb9554027fd2949671c
SHA512 033ced457609563e0f98c66493f665b557ddd26fab9a603e9de97978d9f28465c5ac09e96f5f8e0ecd502d73df29305a7e2b8a0ad4ee50777a75d6ab8d996d7f

C:\Program Files (x86)\7-Zip\Lang\eu.txt

MD5 c90cd9f1e3d05b80aba527eb765cbf13
SHA1 66d1e1b250e2288f1e81322edc3a272fc4d0fffc
SHA256 a1c9d46b0639878951538f531bba69aeddd61e6ad5229e3bf9c458196851c7d8
SHA512 439375d01799da3500dfa48c54eb46f7b971a299dfebff31492f39887d53ed83df284ef196eb8bc07d99d0ec92be08a1bf1a7dbf0ce9823c85449cc6f948f24c

C:\Program Files (x86)\7-Zip\Lang\et.txt

MD5 d6a50c4139d0973776fc294ee775c2ac
SHA1 1881d68ae10d7eb53291b80bd527a856304078a0
SHA256 6b2718882bb47e905f1fdd7b75ece5cc233904203c1407c6f0dcdc5e08e276da
SHA512 0fd14b4fd9b613d04ef8747dcd6a47f6f7777ac35c847387c0ea4b217f198aa8ac54ea1698419d4122b808f852e9110d1780edcb61a4057c1e2774aa5382e727

C:\Program Files (x86)\7-Zip\Lang\es.txt

MD5 54ce4d279862f4674c19b6901372208a
SHA1 3e27e163fc9f2f7a574bf6fafa926db4a937ebd1
SHA256 85e1a8a9e7da2afc0444f6fa00d6814bd4e6bd038c00ce7edd8eea091ba2989d
SHA512 5439859e4362a916c8438e9bd78e7bc57f00375f281d7d9625c00b337fac6d6f8743e9c6c794d533648915839d0ec913b212518759803431c0a5116e1fdc9187

C:\Program Files (x86)\7-Zip\Lang\eo.txt

MD5 29caad3b73f6557f0306f4f6c6338235
SHA1 d4b3147f23c75de84287ad501e7403e0fce69921
SHA256 a6ef5a5a1e28d406fd78079d9cacf819b047a296adc7083d34f2bfb3d071e5af
SHA512 77618995d9cf90603c5d4ad60262832d8ad64c91a5e6944efd447a5cc082a381666d986bb294d7982c8721b0113f867b86490ca11bb3d46980132c9e4df1bd92

C:\Program Files (x86)\7-Zip\Lang\en.ttt

MD5 bf2e140e9d30d6c51d372638ba7f4bd9
SHA1 a4358379a21a050252d738f6987df587c0bd373d
SHA256 c218145bb039e1fd042fb1f5425b634a4bdc1f40b13801e33ed36cfdbda063ed
SHA512 b524388f7476c9a43e841746764ff59bdb1f8a1b4299353156081a854ee4435b94b34b1a87c299ec23f8909e0652222595b3177ee0392e3b8c0ff0a818db7f9a

C:\Program Files (x86)\7-Zip\Lang\el.txt

MD5 5894a446df1321fbdda52a11ff402295
SHA1 a08bf21d20f8ec0fc305c87c71e2c94b98a075a4
SHA256 2dd2130f94d31262b12680c080c96b38ad55c1007f9e610ec8473d4bb13d2908
SHA512 0a2c3d24e7e9add3ca583c09a63ba130d0088ed36947b9f7b02bb48be4d30ef8dc6b8d788535a941f74a7992566b969adf3bd729665e61bfe22b67075766f8de

C:\Program Files (x86)\7-Zip\Lang\de.txt

MD5 1e30a705da680aaeceaec26dcf2981de
SHA1 965c8ed225fb3a914f63164e0df2d5a24255c3d0
SHA256 895f76bfa4b1165e4c5a11bdab70a774e7d05d4bbdaec0230f29dcc85d5d3563
SHA512 ff96e6578a1ee38db309e72a33f5de7960edcc260ca1f5d899a822c78595cc761fedbdcdd10050378c02d8a36718d76c18c6796498e2574501011f9d988da701

C:\Program Files (x86)\7-Zip\Lang\da.txt

MD5 c397e8ac4b966e1476adbce006bb49e4
SHA1 3e473e3bc11bd828a1e60225273d47c8121f3f2c
SHA256 5ccd481367f7d8c544de6177187aff53f1143ae451ae755ce9ed9b52c5f5d478
SHA512 cbbece415d16b9984c82bd8fa4c03dbd1fec58ed04e9ef0a860b74d451d03d1c7e07b23b3e652374a3b9128a7987414074c2a281087f24a77873cc45ec5aadd2

C:\Program Files (x86)\7-Zip\Lang\cy.txt

MD5 6bdf25354b531370754506223b146600
SHA1 c2487c59eeeaa5c0bdb19d826fb1e926d691358e
SHA256 470eaf5e67f5ead5b8c3ecc1b5b21b29d16c73591eb0047b681660346e25b3fb
SHA512 c357b07c176175cc36a85c42d91b0cada79dbfb584bdf57f22a6cb11898f88aecf4392037d5cea3e1bc02df7493bb27b9509226f810f1875105bbc33c6ae3f20

C:\Program Files (x86)\7-Zip\Lang\cs.txt

MD5 dbdcfc996677513ea17c583511a5323b
SHA1 d655664bc98389ed916bed719203f286bab79d3c
SHA256 a6e329f37aca346ef64f2c08cc36568d5383d5b325c0caf758857ed3ff3953f2
SHA512 df495a8e8d50d7ec24abb55ce66b7e9b8118af63db3eb2153a321792d809f7559e41de3a9c16800347623ab10292aac2e1761b716cb5080e99a5c8726f7cc113

C:\Program Files (x86)\7-Zip\Lang\io.txt

MD5 0861ae63da2d00590369bb11b3857551
SHA1 8272f4761a3f2aca2bfaec6fcf08c82a9f36a65a
SHA256 b87a4fca8a0024a915ae86e36951cb7cea442948d9982d4247e49492445ba664
SHA512 70997d6775e1c91d021fda2143c831fe8396094e50337da3c4897da70636b7f10b363f35b997213a462b467fe6754d2c33e009e84363063eced871a2591cce88

C:\Program Files (x86)\7-Zip\Lang\ja.txt

MD5 8629c76cc39b2dfea035d862948e7b9c
SHA1 1a6620c22439953d68f6d5c72a2471a01c5abd92
SHA256 86ef36a9fd080423af19517f7965c3c3fb2a4d89c8a7b5e2bdde774847dea064
SHA512 2e827a706f8c3c20133ee315ccbc116d5a6abd5ed656b9bee8cfad6077c18240101fd7978e854c858645b23449023b215c7d553a9244f567d30055450a657d59

C:\Program Files (x86)\7-Zip\Lang\it.txt

MD5 aa7b46b6ddd673bc06bd90187e552743
SHA1 2c11a1e5f97ac1415073c2c953cd92018cf3eb93
SHA256 efb1aed5c52af731a733c720b6f5479898c9de28367a5de4c80f697fb745546a
SHA512 10c262122417b081d0403f9c917a4beba34078ca52e88478ebd2c0b6956aa6b61b34511fac71e87578d56ae1f5acdc265cddac8c92b9f14757daa75042dfc7aa

C:\Program Files (x86)\7-Zip\Lang\is.txt

MD5 c8f31d6adee368ca0aa00350df0d82df
SHA1 4146c7c62dd46b2c43c92cdf33e45fa7e2272d04
SHA256 dc61090369e1269a68c75e472d863aaf42207f702b3d3e12ca48d2852e1478e3
SHA512 758af54a33dc243992324974f01707c8027be7bdc7d07187a28038f4c9d8f7681d989b66f56a13b86e99c8bc74d80a70fa44bd5dd9532c99b78df7985b397ed8

C:\Program Files (x86)\7-Zip\Lang\ka.txt

MD5 c99e6572f5638599dbca2ceac337a320
SHA1 73c64554a00c6d5a3dab8a2e7bd50426d6c7b6f4
SHA256 8dd6073b585dd2e9d8cdd8e0fce7dfeaf2f5a2d8bfc3059f67eaa3d8b5eb2d9e
SHA512 cde3d44793d1abab3b8d0ba71d1af85c7ca49b37f4331b43d546d1f2022fc9cedd1188869acee5bf9b74046788daf26f4e4658af86663065339103d2a602f7aa

C:\Program Files (x86)\7-Zip\Lang\kaa.txt

MD5 ffc17520fb68fe464650b2f78e15ab5d
SHA1 2b83034ac04640160ddaa8e797faa5d8c80f956b
SHA256 24f7325271dd7ad2b63e977841d2f06ed0194bd9257f0db460df32baeeec4746
SHA512 4f1483796a8ef95b2be61811a6566ea2e19564f37733647b6eb4e1c82a8da8fa927afdf024a247fc7e70088f63133a7843fe6129b77b2ada01e39a1e814429c7

C:\Program Files (x86)\7-Zip\Lang\kab.txt

MD5 5af10c5616e0487d236c8cbe2f23a7a4
SHA1 2049e1a82a0af13a8ed2cf9e4eb51f1dfd377480
SHA256 f249930089c374eab59078cf16b8652d443cf2a47485d737ae5a9fca2957d6b9
SHA512 8e2db2769d8c9d4af435986bc58f66f570c4d85bf7c8a2b9369f546cf45c0848a07986582e8e7f76a9aed569da2774e5b19706ec77bfd41bb6b4af86abcfcefe

C:\Program Files (x86)\7-Zip\Lang\kk.txt

MD5 407130a212cfac68fa4873b0381b2cb1
SHA1 c0c9b84cc79619d27536e9f50f25d81237b234d3
SHA256 f813eac0b284edce156dd1e6b7ea75b027f4342e04d8b8db1131894a227a4562
SHA512 e80afdf726ccc5d495f62a9b289ee31703f151ea01eba32ad7d2da306c2c07de2f9049dc6592c3c962b7cc2cbe352b8b7a19e9dbcf7b3c6b61dcc4026b70c151

C:\Program Files (x86)\7-Zip\Lang\ko.txt

MD5 b1ec7381487571566a3e10b6f874b5b6
SHA1 6b9e907c3829d364e9e2e9076d231e416c4804d9
SHA256 03b7da63fdbbb2e89ee94a960fb329f6387e42d0fc0404b03813d9513cffb989
SHA512 63d8fb33262ff497dea1719c2e20fa7499c6c5224735fd2f3cb6b3a91603311109bbf1f1351add629919ec7eca2db83279764eb9cb41cb2d47efac94296e4b01

C:\Program Files (x86)\7-Zip\Lang\ku-ckb.txt

MD5 8c3f9ad9c824dcf74a09c9d406db22e7
SHA1 0c683bb56a13c3fbca664f1e4c6c98d0f7aec8bc
SHA256 b8b7db8c139b19d414cef35ae96d854d5a8364c32b0c3fdc4cac331b5af44c16
SHA512 da33d4098679a14d2f434221ef968951407727126b12404c8b6c3e2ad6fa346d9d515dea940f9109d5d196e648583124f31a1d27cf518ab19e3dcad673c027cf

C:\Program Files (x86)\7-Zip\Lang\ku.txt

MD5 28e69dd6e397fa98c07088e4cdbef1f4
SHA1 56e4a46b5c7360f609683562e617c75c28cd447c
SHA256 57ae544f3f9e8bf5d96ce1f9cfe5648eb6c1e2f5604da6eb0c80ae24bc1a40d7
SHA512 6bde04f3bbd42e73ea3e0a93e8ef69149f25dae491051d1655a85718af4d51f5247c610d87c20227f94beeeba038d54f7b213b0443382d080e87722485941aae

C:\Program Files (x86)\7-Zip\Lang\ky.txt

MD5 e50c04d913dc92251aa6781c02e0bd45
SHA1 57e68c80b23a9b1bd689ccd81cbcd91e0cae6aac
SHA256 9a9e4ddacc494eaaa386f1220837020f332a49e7fff7f0bf8c38c847390dab18
SHA512 c428caf314f79d533246cee4015411102ed836d0173f67f3b2f4c61c3f3f81be7fb2fff7d3e863e999617ba05fd6f7fef4b67cff8557e1d0c86035ed29daa2ce

C:\Program Files (x86)\7-Zip\Lang\lij.txt

MD5 58ff044fe195453f797dd1ac6903abf9
SHA1 4b8dae21dd14ac6daa1decf804336a1aae169aa9
SHA256 d9bb6bfc127938c47b43290241378887085314ad1326095934a362cd9836b560
SHA512 861300fe39ff0daca00b4cb56c4075afba2bb3a1654bcf35713251237630206f06bc63d7f339ecff040c9ea1f5b7094a11fe57c5848e91db9000f48d166ab1be

C:\Program Files (x86)\7-Zip\Lang\lt.txt

MD5 b8056cba4edeb98d298d16edbc34d678
SHA1 a4d39c3eda31f8ce72c62e1db91deeabc884ceb0
SHA256 9c15db408e32dc699f598aab30f539f91a212e5fbaee2095022e24b3f1f09ecd
SHA512 5c3fb76a5502c7c0312a32cff38f99c303225c31c3e5c6041765bc2beb0e9d5ac9cb4f543b80eca969d54723a52122601b2074afa8991ad64b92cfda91104dc6

C:\Program Files (x86)\7-Zip\Lang\lv.txt

MD5 056327042b9cfd5fcb5f788f22112d62
SHA1 fae6324417dc88e9a9bb0fbac9b4d4ce61c1980e
SHA256 533f9ff016e7bb36216665cca1065139a35d8da71651678814415ff457a9be7d
SHA512 fe853c2042251b3987c169f8241e0b3b0f1c3ae039dc7786b07e0db07e8a6b0f89e1d478f27d3c8dfd69473e6c6118ce13a39d7de84a22a3c2a660652b852660

C:\Program Files (x86)\7-Zip\Lang\mk.txt

MD5 c16e6946f912b49963bfa7e44be2f7a0
SHA1 496922ad3e59737ac64289ee685f2fadaa942755
SHA256 90efca5f6b8e37b963f7e42f700938440171942e0de0ab8baeb08912c0952957
SHA512 55feea50104ed2249e6f5018b6883f89acbcc0396e80349653356f40329c4a420584b29734cd1ca8930e9a383da427ec979815cc3da3f6f59ad8948b2262e874

C:\Program Files (x86)\7-Zip\Lang\mn.txt

MD5 1088565a362ebad250975f46f8a94328
SHA1 406593ac2e74b8911dda720952b7aff6c4b5c145
SHA256 c6a6cc400ee7420bfb680d71b43a9be1fbc75d7b98ae2b6ffe98229d5eefadca
SHA512 500093986ef49c23829d99251f0adcd20a6d348a91c74362e95e6d8e73b83f7ad665cb49da3e47da1ec671842abcc2d824850d243ee8d39c41e3568f9c2c89c4

C:\Program Files (x86)\7-Zip\Lang\mng.txt

MD5 a10d62cb5875cc96d53e4bc02724f366
SHA1 bb8d2f73109084a9a11246733e5da148d964d6ea
SHA256 2e488ef05895b93aca2b5f72ea08da887722215d1b4cb85b12942ea32641da2b
SHA512 b01fcfa48883431ba98522c74a8ae9511bd6f122613e80a0439a049b8f509d689b89a59f280335532af284a351c52f44313a4961ea5acbfaf7ea2617af75e797

C:\Program Files (x86)\7-Zip\Lang\mng2.txt

MD5 2be2f9c77556ca413b590b8477df5499
SHA1 dd5ce617642c977470aa20c6dc6815728c779245
SHA256 5a85cc532f802da683374c3f4c98e3f37425cf304d6772ba554d2c49bac7be0b
SHA512 3ba82549752e6bfe6c1f1706b205747d70f2f3106c49ea08d35e82047166c3d5b26457d6bf00fbbd0e9cac4ae8ec38123f533de3f68ed466f219c551b5417c40

C:\Program Files (x86)\7-Zip\Lang\mr.txt

MD5 b681f52bc54b1b340a3184cde7ff59c2
SHA1 ba8d38155c0c81416233a360f7387eaf48c57db2
SHA256 f6d67ce2eae4c125bbf54c04ac783005bddc07007398cabd3b9603020af67bfd
SHA512 82fdb75b2f2a06e3cbbeaf1dfe84b196908286b9518194485dbbb168777181fa86a7e37136756544acc98165860e8ca61b83545f6cd1f13ee91bfa995a5df0d2

C:\Program Files (x86)\7-Zip\Lang\ms.txt

MD5 e3267c5ed8158da2b7e2679107ce1394
SHA1 6550cde7359a1b3450d8c0937affbf0252fa4b82
SHA256 c88bc7ea0c20769847a0403e188e273a0897d1c77dd72cc4b45471fc67e0d5e1
SHA512 63c185613c5855379dd4cac3d2cf264d6bb2a0e9b483b22eab93b7e8b9abda88bee2f80fcd24f0e9be0972a04f6c725cb20cae678e3e4f61251721b5bdb1cdcd

C:\Program Files (x86)\7-Zip\Lang\nb.txt

MD5 3b1958da0544a6c318d18ef5779e81f5
SHA1 67e991a6525da165145c4584c3d9b398583d7e68
SHA256 f349529ea4584eba51cd519b8a1d535d2daec762cd7369673b237fa03a526cc7
SHA512 e9b5e76fc908bc193738781fdbebd894ae310f6693f7b52d4369bc4f979a8ec9e2201e5a2056fbfc380fdad3143f3e5a3bc00d7ccb00cec078bc0e8caf318861

C:\Program Files (x86)\7-Zip\Lang\ne.txt

MD5 04cfc22f9293329c5ea7ec5c4a14d3bc
SHA1 57aa51dec6bed50703054060f46918aa26ae0e4a
SHA256 e016e8872f2de7cbc1f4fc786c747cc26b2e250e6c1b8f1c46040b72c523d90f
SHA512 5099e2a8b6be04e2124280711af1bf5807dca5df93dd33cca416d56337adad19903aacef3872f550d16a82f8f1471ec5d821d6e4e096e817a8c4d8340291d402

C:\Program Files (x86)\7-Zip\Lang\nl.txt

MD5 e888911310c0b6d7a1932de36ad27250
SHA1 928d9fbdb0c0c83042cac9059ffdde48ea4e9f71
SHA256 4cb5f08449b5e22ed15f8a8cc038d021cdbcf56548587023d1ab31ab6cfc232d
SHA512 56308e46914fd3b0ef62b33331f815fe95ca4a3cf122934dd0c506a041898d94a9ed6f3e1baef386efb9aa949cd47002fa859b4843f2e32c186ecdb6055ff85f

C:\Program Files (x86)\7-Zip\Lang\nn.txt

MD5 780514af9e967d8aa65005365efa7d78
SHA1 9e060f149b110d0a0675b75d4a7b960563acca05
SHA256 db540e1a6b8ffff2497f9c1a63f85cb5f345f8cba767f05377c0365abaf7b7d4
SHA512 f85feeff1e89a371eb1143d695c76fbf84afee3699221e6e6ce7703a91ea80ac01af27d34635fa2b61b1d6d979cb91bb98affbdb1cdfae6cd04251a095eeec84

C:\Program Files (x86)\7-Zip\Lang\pa-in.txt

MD5 c9ad9d02c661644f79820e779a6d3f0f
SHA1 92bd000af1ea18b2fe8941ca4df15858b4b53106
SHA256 e542c19640d39f3c56bf11a9eaadb554d7e74d8ec525d41a321e97c5ae5191c5
SHA512 40d178a217dd51a188e5c2ac5eb59db62db95dd0a7063e39b1ecfad0943bb54a118767890d3aa7a753d7316aa2f0494cef8bd81512d611ac2856256c524a5d0f

C:\Program Files (x86)\7-Zip\Lang\ta.txt

MD5 dd0ae446ad4c5d6f20db6ece80f21606
SHA1 cddb5dc08da094ff69e48c1af7e329f6b83fb6a6
SHA256 ae1a795105574bf2674a5de98a4f06cadd9c79debde9fc288f64b3d607fa329d
SHA512 543777575d32b9e1a67afa2380b7953b79f3031ad6421314ba1dd957ec356fc0446903e09ca70a4e61f1264fc87846c968574d3adf90f1563bae3ccca875636f

C:\Program Files (x86)\7-Zip\Lang\tr.txt

MD5 cd44ef9f1c6526a18d9956517e510c16
SHA1 dd65dad1b27f26b538cb3c8fc11895a7c6a81f20
SHA256 d8ddeec7a1d5f98be9fe727d47f8bdf733e21693e988dcfe48089ac3344dcf30
SHA512 51676ae9c163686dad3748e2dec7898ed218673d15af741404c4eb30e8e8c23cc8c5bb7e33e1b7cc40de56c1acfe2639711f47bfac9ef9fae5703eaa889f924d

C:\Program Files (x86)\7-Zip\Lang\zh-tw.txt

MD5 e6c38c199079be58ee81e8da55e783ac
SHA1 1ad09b0146f317786afb0a09c7907e6ccb5c207e
SHA256 76a17b0a97925e5d6deb1ebe8ae14f83bd49957c492c3733a0ea178e28b0d74b
SHA512 014d3fb64b22da94d5ac7626b3e4bf9321fb05647bdb1be3eef79add3efb06ef6b0fc1590031d4e781489afc96ba4b7e4a86590bce98c901812e890a4680ed02

C:\Program Files (x86)\7-Zip\readme.txt

MD5 4c77d514ad9ff3f590083f3563a683c0
SHA1 1cee1992ddb44ae22d7d8262760d74d3be21b7c2
SHA256 d5c0766375c350b8f709e5c07ac05e5f703f0fa5d81590f4c9f38433ea2d0d12
SHA512 4f7d87c0a8b3c7fb698aa80d1893aa9211aeca5f2ee0c24a351b698833c79cfa8bf5fb803042f36ee25c278fa67b4ea8f53b792b29594bbee4bc641052cf6e10

C:\Program Files (x86)\7-Zip\License.txt

MD5 761b393dac39374a072e58aa6a4872fc
SHA1 fa049f28e907ab6a0489d1fec1746df3a26d22e2
SHA256 3a9a7bca133a8af4560f48dfa351f941e110d80a2c2466e537ec6680b9fc2dda
SHA512 93c5a05469d4469c713370ac8d711caf57bf87b91b4f77aaa6f950552180548624890ec0e910c0f0e2fa1e05417edf37e31e9c128815a3811110bca90885860e

C:\Program Files (x86)\7-Zip\Lang\zh-cn.txt

MD5 84a4cb4ab6c6512d12f7c3a62095ce71
SHA1 be4cbf7da822fff8e070b0a5118c2e3357fbbd93
SHA256 29256d9edeb0e737bf6c1dcb227e6cc32dfdcec1b7f7a46fda24402cb9e38e65
SHA512 47fffd23e797afec5e4dc202d22237eabe9e5cabdf0f051453b50b2c8f6e6d08c58ca18a84b1ec7f7101be2c3a6f58602b804506c7e26e90f6d446ae94caa7cb

C:\Program Files (x86)\7-Zip\Lang\yo.txt

MD5 5d90f9c7771022e43c15a4393a0670ce
SHA1 689269a4b3aed23cdf59ed395732c592b515ac83
SHA256 de2497946932d806f822082c3cf9f2f26a18752d9973f9d09e0889a94ce4c28a
SHA512 7a8bd040989cf66dd0f15be68dfcf2799c34c491fdf900315ab82619938c79be9f18c6a5b1a4ac7df6bba951b3b309ddaf4f5ed628a69b8b893406f68fbc9510

C:\Program Files (x86)\7-Zip\Lang\vi.txt

MD5 a0612fa9eb8196659d15c67ac965a5e6
SHA1 ae733bbaef962f3a10c5855ed30b6d084c8c5d5f
SHA256 c73634402c3effdb2750ab5cf6f1083abd8771529bff6f7e513d646e0fcdae23
SHA512 74991149573fbc7b5d9bef36b0f8cb00951bebe959f2d9058c227f3e75a874e22c8aa6219bbd643e483e0d969674a9ca9004e33f116bc923a30c872fc3f7909c

C:\Program Files (x86)\7-Zip\Lang\va.txt

MD5 13a237bbe39370002a52775cab3dde18
SHA1 a242ebcc0739d7eea7fbd9e7006e53d5f9244fed
SHA256 63202408e219c3684e2ca2ce11d8d1be7a0a96efcd8f3e49740c736d63744a24
SHA512 45bc12f43bce80421900d8ffd3a9beed5a747dd0696e70b0ab910a0beab62d5026b4886976ad6a89521d3e16ae1c35e12fe0f2c56e9ae8c993adac1cb31f2b98

C:\Program Files (x86)\7-Zip\Lang\uz.txt

MD5 4479712709b19297483d020d11164745
SHA1 adbf9f8ef1c44e7f7d13ef5e0abe1f49c4ed3f1b
SHA256 d62f8d3e7aa1f2636a1ad1b2aede0da9fd725941a5f81d24a9b0b7599caf0f50
SHA512 a857b93e9991aee4cdd6730de538ab3bfd13620d0a99aea1f49859b0d479ef4f757c4d99846fc1754691802b5dafd044fc306bd31c0429dcf15eb5dc3c0b9036

C:\Program Files (x86)\7-Zip\Lang\uz-cyrl.txt

MD5 0e053b461b1840743441f2b74d73e3ee
SHA1 c3f211f45c0702531c0bb09c13eafe32634ee9cc
SHA256 dd414d39f8da2fbd5caa0c7a7a9155c5f802b4d45f2e8828a79c7b4b63bd1179
SHA512 8e2144242e9000290dad52008b3db9878b35c1c3182b74273965a5f7b4dc4afe146d2c97a5318525ade263753f08413a6fa45b7ec38f9c56d5042787d9e6c78e

C:\Program Files (x86)\7-Zip\Lang\uk.txt

MD5 14c60b55d5400607c7b6443d10b0a37c
SHA1 b92d556ff934f83ac3beec3de20fbb909d0e1afb
SHA256 262bcc4ebae464d1c96fbfccdca7813e6f6cc8fdfd78fbb933de72a2b7ac8367
SHA512 bc5951287dbae1bc775293b1ccc3fce37c2776905fbcf9ec47e49e9a28e6f54b1349b49ebf65631d04617666eed483a91870e255fedaaaf9a4269b985310efe1

C:\Program Files (x86)\7-Zip\Lang\ug.txt

MD5 47c628c679ff488ddf4e14c457d2fca0
SHA1 e8da632e677a92224b5095271087a68c60504b9c
SHA256 7fd494130f9b96dfca492d495ef3fd7b4eaacf59f075172898ece5aebd1f6fce
SHA512 a4a22d6fe3c01a3e3d93c6d555b840eeecd72f396f0bcb5afd871292bca5b86f2ca76e3cf44fa71dd6c1b08d6672c50d16d0fba679a4af4aa677993a9900e497

C:\Program Files (x86)\7-Zip\Lang\tt.txt

MD5 730c16345e2a2366c2221d5f22980666
SHA1 41e92f0b3aee2436183e1263aad85787ecbabf34
SHA256 813b5264f3f2d2b632b346e800e738e04dc098c7b3a1a2af64bcf3a6acbca037
SHA512 339a9b6e5788b6b2d627c16b6dca5a942133b2f113adc21225c693951d87ee5c476a684565c2a38510a23c42e1dfa0689a62450cb2d741d4ac43a53b9b691606

C:\Program Files (x86)\7-Zip\Lang\tk.txt

MD5 1f610df86538a3ed788d6a8024c1982e
SHA1 3180f829602b83148c73a47ef4daf841bb379a14
SHA256 a0f485755cbc6356cfa4bef5cb6134653dc6743f4bfca89ced92d43ec31c5649
SHA512 c184e3898944b2c0a12806e0b0592fd19be05a75e7f3b2f9a69b8d39fa847e90aebe93e1e96588aaa38dcdbb9ff89c1667bca1b5a5fdfdb7f77e37a574981309

C:\Program Files (x86)\7-Zip\Lang\th.txt

MD5 6be5ba977c60f103b54c4289399ce43e
SHA1 48dff625438573a366d56ecef43bc43a10e124a8
SHA256 a1967002746961cdc4f3ad4f5f081bba6db231660cdfd5f2ab4a572eb11dd67c
SHA512 da61aa3c5389b5096f1c899ad17ebc20125b18d959f8c74aae10665f65de4a3c2069afe47380c093926180c952336fcbeff71329809d7fa59ab490849b647dbb

C:\Program Files (x86)\7-Zip\Lang\tg.txt

MD5 ea08a1d73a4a150d7ec590b094d4e0d5
SHA1 e4f3172cf52db8da27f7d95cfba2eacfab12d533
SHA256 e029f34ddea8b1358e1f519526ef643d79be37cfce55bb5ea21b4bd0d026f9d3
SHA512 3661ec554c82f3608099e08808e5151b8d7bcca385cf09d0fd4181073a52e1e835485df0684f5091d0f5ef487a07298286db463c3971e3986a6ad9b0bf7784c2

C:\Program Files (x86)\7-Zip\Lang\sr-spl.txt

MD5 9e08d57d48b4d8cb16f98736c5c0511b
SHA1 85a597b74bcb1cbf918d6366705f0b0c0727de31
SHA256 d8c5223fe423129145c5b55a756e499d4680b1df0a7115d72736f09e51c89c1f
SHA512 13e431e00f5ec0373de201897c68a55c91962bd3df6cd693448d3d5d6ebb478b51a1834ecd37b456761dce94dbc4e5214fd421fa7bad3b5b8a51051d0d8d6964

C:\Program Files (x86)\7-Zip\Lang\sr-spc.txt

MD5 d95e6ff9dae7fa22083d9ed73588fe1a
SHA1 f061e9e1afe02b7b92d626432cd9da55bd8bc2dd
SHA256 817d7a33f2adb19f47f45f78c314f6ae6df4ca4da133c1f7a82703e0cdee7e20
SHA512 210bfdc206c2173bd680b6f319afda3228ac44caf611c3846ef9ae0ad11701306ba923ccc9715086ff3ca5222f80713bf9fd6abf61141232834dd95692edc7c6

C:\Program Files (x86)\7-Zip\Lang\sq.txt

MD5 69720a6d09230d9747bb2aa3c0ef650d
SHA1 4750e61ec19ba905d6f2bc5828510fd08d915af8
SHA256 b6ee3c8a14230aa7d1a17c5493e0a410c5c5c638ba7a9d81681ffed4a8de6884
SHA512 92230fee3e5bc4b57013e359e43bf5f921dcfd9cad4522e09b11ef8bf2f21f96555fc3af72618a06d953f8d68050629358a8a7312a649489d6ca82780b793c88

C:\Program Files (x86)\7-Zip\Lang\sl.txt

MD5 722551a008a99008006af6ce4161537a
SHA1 294abea21d393bf624a4a97c1b4db63d3332c312
SHA256 6b53fb390da88bd79d76487ff30466ae972976d2eed030ade6d9b93991b99cbc
SHA512 4bde588e3add4b20b3dd89953136a655e0521cf3ec97e72a7ff337bf64e41f3da75f60e4e56c5b833b86d6c23fafaa92ebb0effe1d063d499ef3992c60bac8f0

C:\Program Files (x86)\7-Zip\Lang\sk.txt

MD5 3fdecae1ff188894295759380b0378da
SHA1 935a4797540ce26828569c50924baae230f2d41e
SHA256 b53fe26795b01f3347b614eaa499d28770d94eb5b51005c842386e97d8344cb6
SHA512 f5b87defb1837e98ea46e1e37e13180976c5910f13e18a178397c530e6f15c585cf55e54048206d1a343c298bfe136e0ccf259657b29d7a8c5a9ee2537288aed

C:\Program Files (x86)\7-Zip\Lang\si.txt

MD5 5203e172ecb9f384bce04d243684551f
SHA1 5f6a09b52d729f3f6c95aba9d29bfd6c7cd0340b
SHA256 5405e5b04e670ff7a5b5242a3872803725053324ffdc31f71511ea6b2573f6e0
SHA512 ce6b058891375577eb726a15e5430bce4450a9c06d3f2d3361ffe5d39c0c47097b6d0e7cdc7b907a8e5f23fa8fa5a1866661a2aa3167d982fd5aeec33fa39077

C:\Program Files (x86)\7-Zip\Lang\sa.txt

MD5 fd1b984baea0e5a905f756e9fdc54e86
SHA1 4da8da9154115f6bf0962fd02db9d7e166285c8e
SHA256 02cc9032c117a7818865af3dcadbdd3c7b348be3507681cd0032dd9bd15b76fc
SHA512 1595742cccfff001c7be0a7809f2e700460ad4cbd684d5a0cc53c5ccf615046e2e94efd96ceeaca3d6fb20aaa5249d7677ab1f6faf8dab0a1b559a0c0951913e

C:\Program Files (x86)\7-Zip\Lang\ru.txt

MD5 447e681a030c82c3832dba0b51cc790d
SHA1 401bf38c2122ae2493470820c92d069f3f6c7606
SHA256 3e76bc88db5cb108cf8750b01bdabbb3772dbf2bf14592c6ab18b7339817d6ee
SHA512 d17ef32a1de17ec1c9d6cae6199e6623db700b18e43b3b85ef403a60ec11b9efc0ac0bb188b03d13f7895dfcf4ed37d1f40c1bfc4bee469742b712ed5de70722

C:\Program Files (x86)\7-Zip\Lang\ro.txt

MD5 8777339f759657f3f309e2c332168556
SHA1 c498bbf633dedc9ec9c227d1fa7b791c5b95ba7b
SHA256 9ffe9bc4cb7f56aa082b67af8169624e42bac80eb0e6feb4d88da48df9a824e9
SHA512 5f813cc4a4e97e5ccd240c859651c1a82038fb4dd48be730537c8a0ebdb539df8b0012bc19593a043a7f0ab79629dd9be61afc70807df754928036a2e65efaab

C:\Program Files (x86)\7-Zip\Lang\pt.txt

MD5 238d20c2fd41edec7efbfda32b430156
SHA1 c63bb6dcea0b453239ebea6cbe004a0e07ee9aff
SHA256 b48dd5142c39c56d35f0ba673c3afc706af063040d7567d43b69345ddfa6e767
SHA512 7749db74a481539d997372c7931877c44c202137e9ce5e1ea1d32e61fa3ea851364c0f0fd0a57b4de8fe50564d97c544007db23093c7ed66841ce099f9d41b77

C:\Program Files (x86)\7-Zip\Lang\pt-br.txt

MD5 17351304c8dfc8318b050d57c42adfea
SHA1 7728f6631464e9834d61d2219e5d037319292b54
SHA256 a60740530002d3bcaabfa42247b1a2cb0717793afda6b94598e0f1316d73b482
SHA512 112be4c695bbf03007f16ec5e061c893c9864326d80b8d565124d8ec546cac67685b387dcd65affdf576affadf5402262442d5ad75bbe4b38aa8d2baed80a93c

C:\Program Files (x86)\7-Zip\Lang\ps.txt

MD5 23502d5cdd3671b634832d5f722cf5ea
SHA1 443fb98df15b8bfd081802938e180a87ee24104d
SHA256 fa12ca0be49f4921d06268fad673838c3a4644a70dc374a931997178f588e8f4
SHA512 e1fc00a7ad4a817b32370f2c03ea10473070b9d2febc29bb87d95ff2670e8e47ff27b2c2b6d63396306dc0185e127a49f602e969166cb27073feb735cfa47af8

C:\Program Files (x86)\7-Zip\Lang\pl.txt

MD5 f8821c75507199f4ef041eeba8b82281
SHA1 96759a3b826bb5dbc18730378d0f8ba08c1df7e1
SHA256 b4b96fdaa023a3988d514c1cb1e2914817cd538d3bb7f062778360338b73ba67
SHA512 173d6f0437a4e315f4f890f67ef93936e53205f950a9b718b8b232f6faf0ed7e33e6c72531e0c2613611f4b02f5fd1ed7cde8cbd05f2256a68fe577dae4d3a90

C:\Program Files (x86)\7-Zip\Lang\sw.txt

MD5 baac3ff9fc4b6a656ac7c51d44117bd9
SHA1 feacd226efb71ee149424f39ab47ebf6f64cab04
SHA256 9fed3c0b4e67673bc1d8bbd67d1f6651fade030f98d12173c3564f2c492a67f8
SHA512 44413a73cd0de02f245cb5d8b35bb457ae136c1c2bbb76934f120f6d0b14fce928b4763475730f018c6e4b4ad4881a32cf1c99879c197cc4e70b8a992b3bfca4

C:\Program Files (x86)\7-Zip\Lang\sv.txt

MD5 9a27f7e51e2143f4258aac9975f78f60
SHA1 49dffbd91fe27a81da38becde87de6b2df28962f
SHA256 233596e0d29dad356cd31c302eb1eb3a263736f166f5a7628a753bd808668ebb
SHA512 83c6464e05c776910552591d6d4b8dcb5cd0cc8c627519aefb7b61672f4478e42fdb8e023b5bfd29c313a22deeee75fcf66bf638f8d48156e98694f110b7d324

C:\Program Files (x86)\7-Zip\7-zip.dll

MD5 f0620ec972a09b71f15b503433cb35b8
SHA1 8b7c4a3cbdf7ab7507232f356d1e1d0d5329e774
SHA256 53300ac8de8e582eb5e425474eb8512d372c54f923ce3cdf6c6fad1c5f83bf78
SHA512 bf92c27a343c9a8f4ef7b8fc544ae864ec1c02f7ef63f368972b421a5e823717891bd96f1bb32461d8eae52d229224fc1c9a5253d36e2bc62188d87aab84a51c

C:\Program Files (x86)\7-Zip\7zCon.sfx

MD5 d698423d3b92ffabcefbd7f100d68b53
SHA1 6ae5e2cc2fc7dde2a6f2a7c0d19008bd27c8a594
SHA256 f4a6ad4a43cc987b0cd30104eb4ad2610dfe281006bbc84530cf809f88e81eff
SHA512 3ca79712ab996b170fd63d5247b7f025b86a9fda1927eddae20a54462a66850023d7e56b21bb0b9c9527389f5408af1ceac782733f79844cfaa381bf4f51f333

C:\Program Files (x86)\7-Zip\7z.sfx

MD5 82ff457d99ea0130ba45a996298dd562
SHA1 b6998d2c1a64ab97cb3ebedb32773288eaad3fa3
SHA256 3c83313554ab7d3ae6ad90fd41d98b0d8ce23cd3cfdd8e32f1b4db0e9120f9f3
SHA512 b0a56e59f0990a801c7960f6f3ef01a6508d04516876c9c1ecbcb7643f41f23973598aeb4350f6a7ca3ce84d6fa4e5ca7248e851c5767d78b5c888fddc71afa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6c78c739863ce16c1248ba29f68c7c63
SHA1 454a66492bae5e3641d4bdf8f20ddadf72785700
SHA256 872a75e2f28d6ad1f1e8c15b0cbb19a4bce1c52575989cfc91773c0cf74e7b07
SHA512 faab62f615bbf8ba2f754fa6b87c494e4f5298d079368bb56cf52ad6b753045bdbc8c6b70ba801ba9d69a84f2f9ffcd9680ffb08ae89020bdf0da98522dc386d

C:\Program Files (x86)\7-Zip\7zFM.exe

MD5 d5f2aa0c89468dc93a9b72123e5e4276
SHA1 69b318ea3fba27c335a97834ce72d34c4dbbf3f1
SHA256 0d0bcac1d4446be26f507e3145f7af7e5e570a6264f3434a98ee5d5400f25db6
SHA512 7ca6bdcf15dcaf970096f06072e9e5cbe4233fd758f7c06cbf20bf730b7585caf3077ec171c20df89cbb49f27f8a416439b08aaf64ad79c56377805d5d8ff0b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ebd0860f2812b4ea3ccd4d1a3bc0f301
SHA1 96440d4b354b53426a9d8728ef81d232087076db
SHA256 297e1014cbd18d051ac6f9870008fe632f75f1738906ffcd2e63e1495f58d293
SHA512 b5d38b67e4b49c61324104cfd5fe21d4b7497be92b158360cf13722bf6b8260ed1de0381721adb28b4ab295bcaea89d5f5f2b2fa94d1e3b87f7c4d8d27931997

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4590d7769cf27a07f42e01f26565fc7
SHA1 023429aa614f724468f856b325c16672f4b57e5b
SHA256 2fbfe5ea4c38f470bc9c22e00c25349ef4b4165f2bc0e85107c547b354156f6e
SHA512 ad2b350c1eb25cfeed91e023cc2dff55b086fcb516a6b562545589bb27371c369c7a717f433cb4eefabcd227d8e5e77f852aa5acd6e5ae2340cae32f17fae7a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 154087ed2bce4dab3d99bf3c07a9c0a6
SHA1 5f6253dd7d0d76204b49c422bb3c4970655735c4
SHA256 fde93cf29964530a059ca49225ea0036e1a7f0587e589d5c125813fb0b6a558f
SHA512 5c54511a08664761528885f429b8f1e5a27ccda78a358fa52a284c8aca391c5f4e96714d7f5c1fb752e9458263eb545f29c2c3cfb8ad7417d0ac369f98b191fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d73590540a344847d62677240d7b14ec
SHA1 667f2bd809cee437dac1d8ee1481a8bc8c204b07
SHA256 f216e8eabec030316488fe815a8f64129c160ead943e08438a505ad20298a5f2
SHA512 b6372f5c768e00a60ad848429f3fa2cc920fb85111c3c1b554cdfdbf15ac233bfd9057396b70b34615fbb7fc51b89fac1c7851e0a31e8041aa8fe5eddb671866

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 45d2ea2e565660c0a6aa3726ff5b994a
SHA1 7ec962dcb5698095b892b348e268c86476adf816
SHA256 f20fb4444c57c4a7de7e03fac3178db197358ea30be3e947813c9d75f516111f
SHA512 3811265d96c0c5f36b1dd3552a9407a15d773e731ce885f3410f746711856a2b278fa12304507216257f8aa71eb031f2ce7d63b60aadbf0b09959e4d567b34a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5533d928f391deb323cd83225e1d90c6
SHA1 050ebe3a6899fe86255b383bc9b071d04f1976ff
SHA256 f3377cc9208d49c68dd38d736a849b8d157d5e277bc86a1803b16e6e9b476599
SHA512 430fdc4dab5513464e47ac197627eba0e21b081646216c1b56ecc3c7b6c4abf89d47868d9c370a4a09190811c2d2988885e9e2ab82755b6ee468ec0ac083dbf0

C:\Program Files (x86)\7-Zip\7zG.exe

MD5 08efcb3e89d542fee9c9ac67dda36f40
SHA1 7cb576c94063f30f16587b42bfc146504923fcf0
SHA256 ef01beca9df5bba9c07c5eb0c68834e14d1b5064712d0e0c79cfee257275c41d
SHA512 764bdc1a62ce85cb2b6013f7a9feadb4d5e7343b15034c1287353292fd2666fe8f52d74a3434ce61c06584200cc7b1029e66c26c43439144a69380e972cbb082

C:\Users\Admin\AppData\Local\Temp\7zOCCB96F13\VortV2.exe:Zone.Identifier

MD5 02cf6692767f75fee15963759093bc18
SHA1 6b8da7c5a433fdd9d175228e134d4ffdcf668eee
SHA256 d833c4cae10a81b3be105451d40f66cf6f73ad242654179f0c0f6fc3dd68bc98
SHA512 47df316a0b0df7b6b11e2324a3e0d1a6dd2c5426ae98ee09b943266665c3f2051b679cd7a8d61930e93e8998b862d841f472fa44bf2276f733432a7dc2c2e424

C:\Users\Admin\AppData\Local\Temp\7zOCCB96F13\VortV2.exe

MD5 c1eb2732a058eefeb2f89344c66534c1
SHA1 1eb0da545bbe908fb33536b07c08919d4822a629
SHA256 f49256239ee5ff55f9983b9267ebdc8ea419dd59ba0e918b81bab53fcdfbf3de
SHA512 47f9932ad1792ffa7b7bd7fed2b5db8731de5baddcf74623a15b07116a0e4c8c129932e673fe3b53a8b0e1fb9d920fbc30bebc1039bfb295061def683e8e6128

memory/3180-2389-0x00000000005C0000-0x0000000000634000-memory.dmp

memory/4336-2395-0x0000000000400000-0x0000000000452000-memory.dmp

memory/4336-2397-0x00000000055A0000-0x0000000005B46000-memory.dmp

memory/4336-2398-0x0000000004FF0000-0x0000000005082000-memory.dmp

memory/4336-2399-0x0000000004F60000-0x0000000004F6A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tmp1310.tmp

MD5 1420d30f964eac2c85b2ccfe968eebce
SHA1 bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256 f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA512 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

memory/4336-2414-0x0000000005D10000-0x0000000005D86000-memory.dmp

memory/4336-2415-0x0000000006390000-0x00000000063AE000-memory.dmp

memory/4336-2418-0x00000000069D0000-0x0000000006FE8000-memory.dmp

memory/4336-2419-0x0000000006520000-0x000000000662A000-memory.dmp

memory/4336-2420-0x0000000006460000-0x0000000006472000-memory.dmp

memory/4336-2421-0x00000000064C0000-0x00000000064FC000-memory.dmp

memory/4336-2422-0x0000000006630000-0x000000000667C000-memory.dmp

memory/4336-2438-0x0000000006780000-0x00000000067E6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Prev.cmd

MD5 9d1e1ff4d246751ecd3c92d056d9a17f
SHA1 a9cd19aae507c0a47eb6bce6e37364363ba878fd
SHA256 0b2782f1e478f6ce097b758d8ca5964bc72d525fe35468c952b8392f98b0fcbe
SHA512 81a20cd0f49f12dc55ad464ee0a43f8fe80ec27c5d5f251d1f1195baa5c32b837fff539dcde3876cf2b4d850f824181c0bcc72f706c36195ee09989a3a4597fc

memory/4336-2558-0x00000000073F0000-0x0000000007440000-memory.dmp

memory/4336-2638-0x0000000007610000-0x00000000077D2000-memory.dmp

memory/4336-2653-0x0000000007D10000-0x000000000823C000-memory.dmp

memory/8084-2926-0x00000000002C0000-0x0000000000315000-memory.dmp

memory/8084-2927-0x00000000002C0000-0x0000000000315000-memory.dmp

memory/8084-2928-0x00000000002C0000-0x0000000000315000-memory.dmp

memory/8084-2929-0x00000000002C0000-0x0000000000315000-memory.dmp

memory/8084-2930-0x00000000002C0000-0x0000000000315000-memory.dmp