Analysis

  • max time kernel
    1199s
  • max time network
    1174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 14:37

General

  • Target

    https://bettershaders.com

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 16 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Registers COM server for autorun 1 TTPs 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • An obfuscated cmd.exe command-line is typically used to evade detection. 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Kills process with taskkill 2 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 21 IoCs
  • Opens file in notepad (likely ransom note) 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 50 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bettershaders.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef94246f8,0x7ffef9424708,0x7ffef9424718
      2⤵
        PID:2536
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
        2⤵
          PID:5004
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3524
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
          2⤵
            PID:3228
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:2012
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:2104
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
                2⤵
                  PID:3476
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
                  2⤵
                    PID:3620
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
                    2⤵
                      PID:4772
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4208
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
                      2⤵
                        PID:2084
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                        2⤵
                          PID:4960
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5664 /prefetch:8
                          2⤵
                            PID:4948
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2296
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1128
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe"
                              1⤵
                              • Enumerates system info in registry
                              • Modifies data under HKEY_USERS
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:4688
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeea5eab58,0x7ffeea5eab68,0x7ffeea5eab78
                                2⤵
                                  PID:3988
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:2
                                  2⤵
                                    PID:1544
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                    2⤵
                                      PID:1564
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                      2⤵
                                        PID:1376
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                        2⤵
                                          PID:4648
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                          2⤵
                                            PID:4700
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3580 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                            2⤵
                                              PID:464
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4432 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                              2⤵
                                                PID:3276
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                2⤵
                                                  PID:3620
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                  2⤵
                                                    PID:5200
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                    2⤵
                                                      PID:5208
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                      2⤵
                                                        PID:5452
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                        2⤵
                                                          PID:5516
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                          2⤵
                                                            PID:5560
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4844 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                                            2⤵
                                                              PID:5640
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4656 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                                              2⤵
                                                                PID:6028
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4472 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                                                2⤵
                                                                  PID:4820
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:3896
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2920 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:5168
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4640 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:5300
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2232 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:5284
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=212 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:3600
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:6060
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4388 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                                                              2⤵
                                                                                PID:4948
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5568 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                                2⤵
                                                                                  PID:4304
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5460 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                                  2⤵
                                                                                    PID:5824
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5832 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                                                                    2⤵
                                                                                      PID:5836
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5784 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                                      2⤵
                                                                                        PID:1460
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5976 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                                        2⤵
                                                                                          PID:1772
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                                          2⤵
                                                                                            PID:5968
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5652 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                                                                            2⤵
                                                                                              PID:880
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4636 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                                                                              2⤵
                                                                                                PID:5680
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5788 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:2404
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:5868
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5708 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:4752
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:1460
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3352 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:5956
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5868 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8
                                                                                                          2⤵
                                                                                                            PID:3260
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4576 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:2
                                                                                                            2⤵
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            PID:5552
                                                                                                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                                          1⤵
                                                                                                            PID:2104
                                                                                                          • C:\Windows\System32\rundll32.exe
                                                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                            1⤵
                                                                                                              PID:4948
                                                                                                            • C:\Users\Admin\Downloads\7z2406-x64.exe
                                                                                                              "C:\Users\Admin\Downloads\7z2406-x64.exe"
                                                                                                              1⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Registers COM server for autorun
                                                                                                              • Drops file in Program Files directory
                                                                                                              • Modifies registry class
                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                              PID:6016
                                                                                                            • C:\Program Files\7-Zip\7zFM.exe
                                                                                                              "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\BetterShaders_3.8.0.rar"
                                                                                                              1⤵
                                                                                                              • Checks computer location settings
                                                                                                              • Executes dropped EXE
                                                                                                              • Loads dropped DLL
                                                                                                              • Modifies registry class
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                                                              PID:384
                                                                                                              • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO08151249\README.txt
                                                                                                                2⤵
                                                                                                                • Opens file in notepad (likely ransom note)
                                                                                                                PID:5444
                                                                                                              • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO08159F69\README.txt
                                                                                                                2⤵
                                                                                                                • Opens file in notepad (likely ransom note)
                                                                                                                PID:2376
                                                                                                            • C:\Users\Admin\Desktop\BetterShaders 3.8.0.exe
                                                                                                              "C:\Users\Admin\Desktop\BetterShaders 3.8.0.exe"
                                                                                                              1⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Loads dropped DLL
                                                                                                              PID:2712
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe
                                                                                                                C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe
                                                                                                                2⤵
                                                                                                                • Checks computer location settings
                                                                                                                • Executes dropped EXE
                                                                                                                • Loads dropped DLL
                                                                                                                PID:2072
                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                  3⤵
                                                                                                                    PID:5288
                                                                                                                    • C:\Windows\system32\tasklist.exe
                                                                                                                      tasklist
                                                                                                                      4⤵
                                                                                                                      • Enumerates processes with tasklist
                                                                                                                      PID:3268
                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
                                                                                                                    3⤵
                                                                                                                      PID:4768
                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                        taskkill /IM chrome.exe /F
                                                                                                                        4⤵
                                                                                                                        • Kills process with taskkill
                                                                                                                        PID:5520
                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
                                                                                                                      3⤵
                                                                                                                        PID:952
                                                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                                                          taskkill /IM msedge.exe /F
                                                                                                                          4⤵
                                                                                                                          • Kills process with taskkill
                                                                                                                          PID:1540
                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,158,56,123,155,119,128,226,65,189,77,45,80,19,37,26,47,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,143,8,155,162,221,184,73,71,232,222,51,145,193,115,97,9,130,241,224,103,6,120,76,14,50,215,61,172,124,159,238,253,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,99,253,1,12,244,37,76,196,250,204,121,176,50,84,44,171,164,192,123,43,73,12,147,211,193,42,15,39,95,26,62,201,48,0,0,0,199,59,41,134,72,150,192,161,125,143,33,114,13,155,6,139,72,133,43,120,135,38,24,218,101,6,176,207,210,73,64,67,238,175,209,152,192,141,196,93,4,159,79,39,108,201,81,243,64,0,0,0,47,182,203,76,22,230,198,116,189,169,35,195,147,254,206,160,141,223,22,83,122,129,208,253,101,155,106,250,254,105,139,55,133,60,233,210,239,137,168,177,165,144,32,46,241,126,232,206,117,88,178,220,23,105,81,227,111,16,111,158,78,1,233,96), $null, 'CurrentUser')"
                                                                                                                        3⤵
                                                                                                                        • An obfuscated cmd.exe command-line is typically used to evade detection.
                                                                                                                        PID:4812
                                                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,158,56,123,155,119,128,226,65,189,77,45,80,19,37,26,47,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,143,8,155,162,221,184,73,71,232,222,51,145,193,115,97,9,130,241,224,103,6,120,76,14,50,215,61,172,124,159,238,253,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,99,253,1,12,244,37,76,196,250,204,121,176,50,84,44,171,164,192,123,43,73,12,147,211,193,42,15,39,95,26,62,201,48,0,0,0,199,59,41,134,72,150,192,161,125,143,33,114,13,155,6,139,72,133,43,120,135,38,24,218,101,6,176,207,210,73,64,67,238,175,209,152,192,141,196,93,4,159,79,39,108,201,81,243,64,0,0,0,47,182,203,76,22,230,198,116,189,169,35,195,147,254,206,160,141,223,22,83,122,129,208,253,101,155,106,250,254,105,139,55,133,60,233,210,239,137,168,177,165,144,32,46,241,126,232,206,117,88,178,220,23,105,81,227,111,16,111,158,78,1,233,96), $null, 'CurrentUser')
                                                                                                                          4⤵
                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                          PID:5956
                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,158,56,123,155,119,128,226,65,189,77,45,80,19,37,26,47,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,204,23,200,182,199,212,101,234,51,160,20,157,150,146,144,151,39,93,3,161,164,186,212,226,57,101,160,86,167,155,8,7,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,184,144,186,180,174,237,163,184,95,232,101,63,21,177,75,98,215,199,36,30,80,192,146,63,77,115,21,70,102,42,166,165,48,0,0,0,117,126,67,77,96,159,142,116,174,11,86,56,11,231,226,145,7,63,8,207,34,20,54,206,115,112,214,184,19,252,2,122,95,58,116,12,104,15,223,163,49,195,63,147,96,226,86,246,64,0,0,0,114,72,103,37,120,230,180,221,228,136,240,64,66,22,120,71,192,126,130,46,213,57,1,27,188,210,151,225,138,111,6,223,99,131,127,243,133,142,61,229,60,15,180,41,8,227,3,169,15,181,32,167,8,219,218,233,217,48,253,19,227,158,119,122), $null, 'CurrentUser')"
                                                                                                                        3⤵
                                                                                                                        • An obfuscated cmd.exe command-line is typically used to evade detection.
                                                                                                                        PID:1696
                                                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,158,56,123,155,119,128,226,65,189,77,45,80,19,37,26,47,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,204,23,200,182,199,212,101,234,51,160,20,157,150,146,144,151,39,93,3,161,164,186,212,226,57,101,160,86,167,155,8,7,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,184,144,186,180,174,237,163,184,95,232,101,63,21,177,75,98,215,199,36,30,80,192,146,63,77,115,21,70,102,42,166,165,48,0,0,0,117,126,67,77,96,159,142,116,174,11,86,56,11,231,226,145,7,63,8,207,34,20,54,206,115,112,214,184,19,252,2,122,95,58,116,12,104,15,223,163,49,195,63,147,96,226,86,246,64,0,0,0,114,72,103,37,120,230,180,221,228,136,240,64,66,22,120,71,192,126,130,46,213,57,1,27,188,210,151,225,138,111,6,223,99,131,127,243,133,142,61,229,60,15,180,41,8,227,3,169,15,181,32,167,8,219,218,233,217,48,253,19,227,158,119,122), $null, 'CurrentUser')
                                                                                                                          4⤵
                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                          PID:3600
                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe
                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\BetterShaders" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,10264147517545638518,16886805474116344667,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1968 /prefetch:2
                                                                                                                        3⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Loads dropped DLL
                                                                                                                        PID:5880
                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe
                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\BetterShaders" --field-trial-handle=2184,i,10264147517545638518,16886805474116344667,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:3
                                                                                                                        3⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Loads dropped DLL
                                                                                                                        PID:3844
                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe
                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\BetterShaders" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2036,i,10264147517545638518,16886805474116344667,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1872 /prefetch:8
                                                                                                                        3⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Loads dropped DLL
                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                        PID:5236
                                                                                                                  • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\Passwords.txt
                                                                                                                    1⤵
                                                                                                                    • Opens file in notepad (likely ransom note)
                                                                                                                    PID:220
                                                                                                                  • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\Passwords.txt
                                                                                                                    1⤵
                                                                                                                    • Opens file in notepad (likely ransom note)
                                                                                                                    PID:1144

                                                                                                                  Network

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\Program Files\7-Zip\7-zip.dll

                                                                                                                          Filesize

                                                                                                                          99KB

                                                                                                                          MD5

                                                                                                                          7ec019d8445f4dcdb91a380c9d592957

                                                                                                                          SHA1

                                                                                                                          15fd8375e2e282a90d3df14041272e5ac29e7c93

                                                                                                                          SHA256

                                                                                                                          1cc179f097ee439bb35a582059cbc727d9cea0d5c43dfaa57f9f03050cfaea03

                                                                                                                          SHA512

                                                                                                                          d71a79091fcc6a96c24d95662a18cc24145b9531145ef0bcb4e882c12f5bb5ca6c7a9b9e50024c9c0bf4cb6bf40dca7627cecbfddd637142d04a194e1956ae9b

                                                                                                                        • C:\Program Files\7-Zip\7z.dll

                                                                                                                          Filesize

                                                                                                                          1.8MB

                                                                                                                          MD5

                                                                                                                          1939f878ae8d0cbcc553007480a0c525

                                                                                                                          SHA1

                                                                                                                          df9255af8e398e72925309b840b14df1ae504805

                                                                                                                          SHA256

                                                                                                                          86926f78fad0d8c75c7ae01849bf5931f4484596d28d3690766f16c4fb943c19

                                                                                                                          SHA512

                                                                                                                          a5e4431f641e030df426c8f0db79d4cef81a67ee98e9253f79c1d9e41d4fc939de6f3fd5fc3a7170042842f69be2bb15187bf472eeaaf8edd55898e90b4f1ddd

                                                                                                                        • C:\Program Files\7-Zip\7zFM.exe

                                                                                                                          Filesize

                                                                                                                          960KB

                                                                                                                          MD5

                                                                                                                          5764deed342ca47eb4b97ae94eedc524

                                                                                                                          SHA1

                                                                                                                          e9cbefd32e5ddd0d914e98cfb0df2592bebc5987

                                                                                                                          SHA256

                                                                                                                          c5c7ad094ad71d8784c8b0990bf37a55ffc7c7ab77866286d77b7b6721943e4f

                                                                                                                          SHA512

                                                                                                                          6809130394a683c56a0245906d709b2289a631f630055d5e6161b001e216d58045d314b0148512d8c01f0c2bf5f9f16e93fa7d61ab3d24beab4f9c3d4db13c18

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3c27f118-ea0b-4bee-913e-cac72ea50d53.tmp

                                                                                                                          Filesize

                                                                                                                          91KB

                                                                                                                          MD5

                                                                                                                          be094eb50291181ea057d86674b680c4

                                                                                                                          SHA1

                                                                                                                          17c5318f23d26eabae5554ba00e936242e58628b

                                                                                                                          SHA256

                                                                                                                          8eb831098082bd16812af29e9054063a75744c03928f05c6e6e355b4ea7bb087

                                                                                                                          SHA512

                                                                                                                          3699cec81493912b2491d9d8fcbb4f417148d89313bf28db603611c073ddc39167e4d201a028735eb0fb9aa2352841a7dcbe2bb59ac7b7c8481f08a45810ecf7

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          1008B

                                                                                                                          MD5

                                                                                                                          90f7eefe520c944074d78ff76d1b17d4

                                                                                                                          SHA1

                                                                                                                          4b344d9f10915ba42498c6b587e849c8f46e3837

                                                                                                                          SHA256

                                                                                                                          4b7d6f5e5dc584580c9f936be4c3f98338a333f9aafc98a4301a5a104bf9b0ac

                                                                                                                          SHA512

                                                                                                                          330e869e4dd7d11657eda9d459655306f3df6e93dcf7b34cef6cafe70b20b911bbdd5c3688ff9095c9d4e0aca3b36cb00753d9d65e0f4ac2f9b15ed8497fd723

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          576B

                                                                                                                          MD5

                                                                                                                          8545b60d7be04e2dc8cee582a4f57af1

                                                                                                                          SHA1

                                                                                                                          5d92a57ba7085a9a6acc486e0051382ed9a4ea6b

                                                                                                                          SHA256

                                                                                                                          6b1d77dcd2a984f09bbca7febce1c33c959acfce2dd644fa934123b8267dbb11

                                                                                                                          SHA512

                                                                                                                          da948902c16b2ce5183c55f58e475586b55f341ffbab632e9d4f2627d76360270d3fbd01e163724e7c8842e5e52c4815eec517ca14070a0a76c68aaf59fb3e13

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          33e476156096af26e1197ffe27ab62b7

                                                                                                                          SHA1

                                                                                                                          478d8bb8aa136f694225186878d088dc40513c0b

                                                                                                                          SHA256

                                                                                                                          2a289503c61f7ff5386522f70273ca222beaff8d7aca6ccacf0af0b7d0649c31

                                                                                                                          SHA512

                                                                                                                          c68ade9edd009fe58ed628252027ef17c7fbb28c27a58f48ab97187a804f5136555a794cb2568e4df78f1c7a59e7afaa6b9f7af971b14f0df4cf8a95b7790f19

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          7cdd0b7b282a3fa3f296923c476cb258

                                                                                                                          SHA1

                                                                                                                          3a789b10499d779289f7e87bf8da0af3639153bb

                                                                                                                          SHA256

                                                                                                                          0295a5ae07a1981612d78e6ee663af0bf9d59c1f9602cb0d0574f9420f6b6738

                                                                                                                          SHA512

                                                                                                                          3da9680d4f62527c08f951b525ae292e20bd987f6c7434a4346155394f25ed6e80eadecc42f9da902fe76df545067ecc1f382edbf4033a68df7d721d85654123

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                          Filesize

                                                                                                                          3KB

                                                                                                                          MD5

                                                                                                                          95016272840a6683c35eb1d91ca55da8

                                                                                                                          SHA1

                                                                                                                          ae2cd2a6e7862e15810888bc856c9b0f0c452576

                                                                                                                          SHA256

                                                                                                                          95a174a7159a01be1c769f542f58c3ac55ea5e4c4ec8eda155bc0c8b55530e27

                                                                                                                          SHA512

                                                                                                                          5338ddc956d743fc10befd0049381cc9faa16d67eb6dc7be8a7afa16c2c29d644ec40e2cdef2b4c4e0a29d2afe6c9fa6460baa6e90f1017097f2e629930e9d2b

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                          Filesize

                                                                                                                          2B

                                                                                                                          MD5

                                                                                                                          d751713988987e9331980363e24189ce

                                                                                                                          SHA1

                                                                                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                          SHA256

                                                                                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                          SHA512

                                                                                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          524B

                                                                                                                          MD5

                                                                                                                          a0404c27140cc5fa5d98deb257d26299

                                                                                                                          SHA1

                                                                                                                          e5a1efe94fe09fe67534e264ce22f1c3e1486942

                                                                                                                          SHA256

                                                                                                                          25e962c19a9abfd25207d63cd29d612d3eace851c366fc4f1c72e56773673c15

                                                                                                                          SHA512

                                                                                                                          fcca074c751426befb8fe216c8111b332ce52e02507584339107f8781ba574a000c8214a4e53d39d503f16159864e53fd2c7cb91b4f36a1bebc8a64872e6c32d

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          356B

                                                                                                                          MD5

                                                                                                                          125eff0fccd89d839a4773269bf6395e

                                                                                                                          SHA1

                                                                                                                          f327a063865025fd1dfe2582450aefbc220444fe

                                                                                                                          SHA256

                                                                                                                          8b30801101c2cb20900943af3c818835660764e66372288e2df2e20352e5e8d1

                                                                                                                          SHA512

                                                                                                                          cbdaf1a891f21a95d00aa16d8d07d907e545dbabef550b2034c91599a06dee08cdee84e90eb00d16f73165d80f5613f5aea087d9d5e48e1c77a305dd449469de

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          524B

                                                                                                                          MD5

                                                                                                                          6fb988499baf826b505a0bbdd01f02cd

                                                                                                                          SHA1

                                                                                                                          0b2a3dde6cc8e322c2c23570a59ec0cb99b96b43

                                                                                                                          SHA256

                                                                                                                          8b75475f95d1b7e2faab8f2a7e3ab2d92fe938d3ef8bc0396354f546c289c972

                                                                                                                          SHA512

                                                                                                                          ddcbbc9107066e72797e466c808cede3b51dd8c87b234ba211de4c521de7517a919180d9b62192f012eef75929a2b013535ec74b0d44990f923e896ecedbbfae

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          692B

                                                                                                                          MD5

                                                                                                                          d0d1a54e32ad0a1b1d6488bb82246235

                                                                                                                          SHA1

                                                                                                                          a4c84677b5c20783bea0f7f612640cfeeb9f5b69

                                                                                                                          SHA256

                                                                                                                          ed2bf9f44d9f2efddb8c97d0747f5fd3b334fa5b1c7568d002246cbb75b66652

                                                                                                                          SHA512

                                                                                                                          cb2e7796918d893ca1f72356d105dbbfc3e4484b40727d84ea81e99ed2a03d25263b5296bec5e9a2e9f9536fb04fdb9608845f0e8ae4ddefe188044bb8a5e0df

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          7a850d411efe6fb69774a96faace0b48

                                                                                                                          SHA1

                                                                                                                          b4916f53decb100b424cf7b50ee1f903523ee511

                                                                                                                          SHA256

                                                                                                                          a698b89689dbf713d459359342f4b313ddd27824bd4801f3b4d324ec75b37883

                                                                                                                          SHA512

                                                                                                                          1a88b689074175841cffa20e13f23a2248830cb252522f871d44dfe6ca01e2184c68b381dad1357a3d14f90e224ed329ec17eb5485f394b2a5b209e5e4214974

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          9KB

                                                                                                                          MD5

                                                                                                                          78613b19c12b89e1ffe94ce86225d510

                                                                                                                          SHA1

                                                                                                                          b043c788da93227430a0c8feed1a4d3d54a126ba

                                                                                                                          SHA256

                                                                                                                          be24696be93374a03acecf11b38b85edb8396904c97a2ed8e5f7dcf725d2543d

                                                                                                                          SHA512

                                                                                                                          5e703c726058d62a5e1ed52a7ae6d479170c4b8042998a866eb0fd90c2ed5a7eb255f1bf216208c9768c79bed0d118fbebbb0557dbdee85767ef27590e4c2c4a

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          0dd5d15c0ef8702feea8d2db6290e058

                                                                                                                          SHA1

                                                                                                                          15a82bcd019de22d337200d1afbf64366c9416eb

                                                                                                                          SHA256

                                                                                                                          4b15cc8637af52f9924ee5b94f8ad87976ce60a773d88b66d1dd450bd07ba7b2

                                                                                                                          SHA512

                                                                                                                          57942a6ce35a92bba3f46db399a578e11188c06e08f8dd8ff1f4226b9154e255f98d4a44c8c10f3029b278cb0ad9de12395d5bdea6a83aa46ddcacbd3e510e6c

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          7KB

                                                                                                                          MD5

                                                                                                                          ee833fec78bd573a12be4211ab5f412c

                                                                                                                          SHA1

                                                                                                                          0415b96c9713a3700bab2da2961c39be1795af82

                                                                                                                          SHA256

                                                                                                                          609310f434798269b06fd95489c821a14038df18544f95f170fd59b8084278ec

                                                                                                                          SHA512

                                                                                                                          d01c358625aaa19eaa481bde2af64933e9afba244cd09018e01c1f1185bebce1b5d4d05c70de1bf498fa3185fcbe47c80a835433f893d489a8f56f4e2883cb30

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          8635dcadbc33a501fcd5d5a730554306

                                                                                                                          SHA1

                                                                                                                          4585100b44fc7001176977b3d761499b3cebe5c4

                                                                                                                          SHA256

                                                                                                                          4b02fb658a42b8580360493b712f600d87c54d16d02e801e6faaeb40624b8600

                                                                                                                          SHA512

                                                                                                                          b6fbe187e1a16aa412a27c33df3ab58d5174e51f799f0109759a5f66b4f444e2faaf4a680be93781f0177b4675f92f3e6383b032b37bd961bab93d3d936a0f84

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                          Filesize

                                                                                                                          16KB

                                                                                                                          MD5

                                                                                                                          e773735d6d6a984b4b964a4010c4668b

                                                                                                                          SHA1

                                                                                                                          0106f69cc9f34379e7c9d983cf82b075b7861a6c

                                                                                                                          SHA256

                                                                                                                          f841b50defecffa34851fddb6934922b137313d97a39ec3100ee9e50fc4f4894

                                                                                                                          SHA512

                                                                                                                          207d2b3b0225e8166e97cd2cc9c1842f98c6fc643af1678363eb63db76fdf3e7c4dff117e8fc8e2850254180574d1a4734978c2e29bc225c7266b70ad0e497bc

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                          Filesize

                                                                                                                          56B

                                                                                                                          MD5

                                                                                                                          ae1bccd6831ebfe5ad03b482ee266e4f

                                                                                                                          SHA1

                                                                                                                          01f4179f48f1af383b275d7ee338dd160b6f558a

                                                                                                                          SHA256

                                                                                                                          1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

                                                                                                                          SHA512

                                                                                                                          baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58bc08.TMP

                                                                                                                          Filesize

                                                                                                                          120B

                                                                                                                          MD5

                                                                                                                          96126053dbdc8109fd01031d6c756cfa

                                                                                                                          SHA1

                                                                                                                          02cc7fd2579a9484d7a95a66038b37ce26997580

                                                                                                                          SHA256

                                                                                                                          a42f3150699731820b5d24b2b63d1f4bbbb6ac10653f70b1cee4529e61a4457c

                                                                                                                          SHA512

                                                                                                                          033ced94b8cff1b71094afa251e385a9ee2a5dafbb0161f07aeca9894520c7f5877a9b1b01340010a654974c27ac62e2fe7da3e06e8fb06c318d6bfb687a3812

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          260KB

                                                                                                                          MD5

                                                                                                                          9630960cfa3e74ce1fb218a1606f9d74

                                                                                                                          SHA1

                                                                                                                          466925ce96bfe199810e576cb9a91fa859b9a8b3

                                                                                                                          SHA256

                                                                                                                          fa9b9720228880896daf4308358396d56b8f43276a3473022792fe1e9b0c199e

                                                                                                                          SHA512

                                                                                                                          824a50ceb8e229fad76f0600d25370f85c3fc17df43f392f051ce75fec9ef5bbda3801d5d797a987330147c2d39863e00f19b2af9e5d4f71470e02d5b20e26f0

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          260KB

                                                                                                                          MD5

                                                                                                                          09efeace3c5e18468b2bfe2a443c2dc5

                                                                                                                          SHA1

                                                                                                                          575e9a25aa33d3efddd60364883e04a874465c51

                                                                                                                          SHA256

                                                                                                                          36963daa5d42de6ddbaa465968353087ab855169c75bb655dd2697a4bc0622b7

                                                                                                                          SHA512

                                                                                                                          e5427c2b9701c0df08747aefde9970c760295970b692b0c4f35b3f10e63b0009221b3e5cdb042e6b18c34bf23cdf2fce36fb6556fbdf4ace678d25b6675a9afe

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          260KB

                                                                                                                          MD5

                                                                                                                          cac0f8ab0b6f8c5778f8aadbeb539e98

                                                                                                                          SHA1

                                                                                                                          aa66115fd2d5724df49af047a03b8fe3356b2c25

                                                                                                                          SHA256

                                                                                                                          0183595525cc60d4e3533315a885a0d7debfb8d8ae8c33dc45979e365e906fd1

                                                                                                                          SHA512

                                                                                                                          ea634e32df51eaa36c2d968eda26866579a6469e30c0ad4fbb2be3f7867af2c3ab93e22669da91cb7c5428a65bbd6b8faa130c1ecfc21d79790cf5527a141950

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          260KB

                                                                                                                          MD5

                                                                                                                          da667ca1f4359e370ff5d9a34fd1055f

                                                                                                                          SHA1

                                                                                                                          28684810ad9026a2a647ee7d6f09b54e16c4d823

                                                                                                                          SHA256

                                                                                                                          f75afffee1f7d6eb5c7697b1961aa1a60bc370666db7a645a84794dd11912c00

                                                                                                                          SHA512

                                                                                                                          b7d4eff7ceb5365df223975de52046b0e00e066d16a73512d6f992b78936c49124d25d3fcb577dc424d684208e6ce6cee10bc14224d3ea7e06160529db3997f5

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          260KB

                                                                                                                          MD5

                                                                                                                          079c612b332b7e8959f7595233a8653b

                                                                                                                          SHA1

                                                                                                                          14dbeced4af02954538bbd93f5187084dbb7d071

                                                                                                                          SHA256

                                                                                                                          bb7291720ec266c0a293ccf2ecb5bedddc90828f8e88f58fd1eedbb9b00884d0

                                                                                                                          SHA512

                                                                                                                          8b3197da84d27e725dcf2a48f5de71bf146e1f17e764e1d180cb7f4c2e37c80c1df038c5fe434f38631c9efc07cc7ba2967e23fceab591aaa742ada985809cbb

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                          Filesize

                                                                                                                          102KB

                                                                                                                          MD5

                                                                                                                          536fc93b02c00948a57bda61bce2b537

                                                                                                                          SHA1

                                                                                                                          d97af37f33895f8ea3e91c5071a2bb76818a76d0

                                                                                                                          SHA256

                                                                                                                          b6a0b5f93718e4ddf1380f9d2b35082bff88685bb444644ed9e5336323179aa3

                                                                                                                          SHA512

                                                                                                                          00ff182883e8f313e7ba88b7e85670636fcbeb722253d22d155ca42650fbb65c412f2f5e359abde0bce653c8f40ddd34411ea1c3e5b77bde07718812ba4a2566

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5830fe.TMP

                                                                                                                          Filesize

                                                                                                                          89KB

                                                                                                                          MD5

                                                                                                                          0f506b537f99354eb40d833517838393

                                                                                                                          SHA1

                                                                                                                          1b01515769940447a2bc0f9324925c3f96063c86

                                                                                                                          SHA256

                                                                                                                          93124c2981917fa1abccdec3c00d84961e1bb09c692a8473893f1c2a94499f50

                                                                                                                          SHA512

                                                                                                                          e99d865748980257d0d56d554ee44cdbc8fa119d9b55ca785a342a611d46913a282822d3f6133360eedfba57da830df9df285266984b4a9d36ae648edb3bdf3f

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          f61fa5143fe872d1d8f1e9f8dc6544f9

                                                                                                                          SHA1

                                                                                                                          df44bab94d7388fb38c63085ec4db80cfc5eb009

                                                                                                                          SHA256

                                                                                                                          284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

                                                                                                                          SHA512

                                                                                                                          971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          87f7abeb82600e1e640b843ad50fe0a1

                                                                                                                          SHA1

                                                                                                                          045bbada3f23fc59941bf7d0210fb160cb78ae87

                                                                                                                          SHA256

                                                                                                                          b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

                                                                                                                          SHA512

                                                                                                                          ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          120B

                                                                                                                          MD5

                                                                                                                          29615129d90af10023680f9290129b92

                                                                                                                          SHA1

                                                                                                                          6db601d87d5ba5fae0b7b46e8715c334df9377ad

                                                                                                                          SHA256

                                                                                                                          6358b6f7db2528741d0d9caf0a104fe7d1676b86d7b11320a91a15247a7a1b4b

                                                                                                                          SHA512

                                                                                                                          c84b6ddb4c4aa25d0b67ffccc3801bb743f22df568900f2c49e7468e229e7f06d32c8f400dcf7d813bd372114c3f9e85ea7cafb467e923f63588b8774efc7595

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                          Filesize

                                                                                                                          255B

                                                                                                                          MD5

                                                                                                                          07c899f72a3748cd856a3043752d4d99

                                                                                                                          SHA1

                                                                                                                          4053e4a9f635cee5a15a715c5d547d06aff4b2a5

                                                                                                                          SHA256

                                                                                                                          a8adb979d36882b0b0a4cd11c9a2365b2df5c85af705fd10a07eebef832c41e5

                                                                                                                          SHA512

                                                                                                                          23cdbd35d8aaba4d1f48ba9efdc80aadd79548bdddbb3a0ac98aa002f9459724103bd698e1d30a8fddcd605674487a644ad185ca136a50392b8cd375b1996774

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          c23170f1686e7eff40c7de5fe5c8dbc7

                                                                                                                          SHA1

                                                                                                                          94138bf39f3192324bd4f38fe0c00906e5f97787

                                                                                                                          SHA256

                                                                                                                          4b0defc99c3e75deeb0ba9df02a6dc1e54b1b98cd3939b7c784b145c950f1274

                                                                                                                          SHA512

                                                                                                                          a168d87e711453d8eea34da8d23ee2f32874da420057658fe7222c22f686c986f3532324934ae9bffcc42d742182b9a4cc784c1562882b127bb236ac2953f005

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          a0c8e5189f4d98cca7066dfc2b302655

                                                                                                                          SHA1

                                                                                                                          3c3af8f88fbc55595bb727ca3cb9375cc2ddc6e6

                                                                                                                          SHA256

                                                                                                                          c42d1aa4d0a7773e20d1f7a7cfd96f2438411e228229ab003af7a48a9aa9351b

                                                                                                                          SHA512

                                                                                                                          ad6a69ae76cbf988018d4459b1026d103dd163b06edde4d8374de8d562ffae4592be52dfc1cd29ea3cc12cf3dfbe3eb49d4577c91178acbc464f9fb728a39090

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                          Filesize

                                                                                                                          16B

                                                                                                                          MD5

                                                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                                                          SHA1

                                                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                          SHA256

                                                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                          SHA512

                                                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          11KB

                                                                                                                          MD5

                                                                                                                          686523bcaf0a2931476844c2ff64ddb1

                                                                                                                          SHA1

                                                                                                                          75dd91ccf3c1c83aee32de06e21638ad23826aca

                                                                                                                          SHA256

                                                                                                                          0a2e845e384ca9ae2f52102aaa1ef0cc86e994d30aff363b74f5f44bae4addc5

                                                                                                                          SHA512

                                                                                                                          d5aa23a5850f4358760cc4c115b45d43e43a6e48383fcccab6f04fbd967ac136f0b4d416b843f706df861405273b36b79b0462980d2951130cbf6112828a3357

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7zO08151249\README.txt

                                                                                                                          Filesize

                                                                                                                          441B

                                                                                                                          MD5

                                                                                                                          262253ed66908954550719d65cb660b0

                                                                                                                          SHA1

                                                                                                                          94f046eb21091ec7f9907bffed60152e4ba27b5e

                                                                                                                          SHA256

                                                                                                                          82b63adbdc2f1ecffb02238f7a6414b7226d9b4394028721b695842d0c98ebc4

                                                                                                                          SHA512

                                                                                                                          e18d09c7645b51c6437e92a2315ba72beac5637aeb234c59d5a9dfe064c333fad15b63706bd7c3f4b79cf71c2dcf0d37370496c8cfed8e60fb194c672bd87bea

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_que0vy4g.acp.ps1

                                                                                                                          Filesize

                                                                                                                          60B

                                                                                                                          MD5

                                                                                                                          d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                          SHA1

                                                                                                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                          SHA256

                                                                                                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                          SHA512

                                                                                                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\LICENSE.electron.txt

                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          4d42118d35941e0f664dddbd83f633c5

                                                                                                                          SHA1

                                                                                                                          2b21ec5f20fe961d15f2b58efb1368e66d202e5c

                                                                                                                          SHA256

                                                                                                                          5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

                                                                                                                          SHA512

                                                                                                                          3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\LICENSES.chromium.html

                                                                                                                          Filesize

                                                                                                                          9.8MB

                                                                                                                          MD5

                                                                                                                          b620990ddbd932d6475152e5a833860e

                                                                                                                          SHA1

                                                                                                                          70de0b3d7ffa77900f685c1788b32997a61ec386

                                                                                                                          SHA256

                                                                                                                          921452a09f92f10da4cfef0521acd6ee6c689c630661ed35189e793de2c99fc5

                                                                                                                          SHA512

                                                                                                                          ba84b5e6281dd64d5da41d0db35942b6c0b1ee6b47d24dedd5006be40b2d22d90f58dc653e17893347900fb1bfcd37b0f2fff5b532175ccacc3b63d98fe42ac7

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\chrome_100_percent.pak

                                                                                                                          Filesize

                                                                                                                          146KB

                                                                                                                          MD5

                                                                                                                          6c2827fe702f454c8452a72ea0faf53c

                                                                                                                          SHA1

                                                                                                                          881f297efcbabfa52dd4cfe5bd2433a5568cc564

                                                                                                                          SHA256

                                                                                                                          2fb9826a1b43c84c08f26c4b4556c6520f8f5eef8ab1c83011031eb2d83d6663

                                                                                                                          SHA512

                                                                                                                          5619ad3fca8ea51b24ea759f42685c8dc7769dd3b8774d8be1917e0a25fa17e8a544f6882617b4faa63c6c4f29844b515d07db965c8ea50d5d491cdda7281fc5

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\chrome_200_percent.pak

                                                                                                                          Filesize

                                                                                                                          220KB

                                                                                                                          MD5

                                                                                                                          77088f98a0f7ea522795baec5c930d03

                                                                                                                          SHA1

                                                                                                                          9b272f152e19c478fcbd7eacf7356c3d601350ed

                                                                                                                          SHA256

                                                                                                                          83d9243037b2f7e62d0fdfce19ca72e488c18e9691961e2d191e84fb3f2f7a5d

                                                                                                                          SHA512

                                                                                                                          5b19115422d3133e81f17eedbacee4c8e140970120419d6bbfe0e99cf5528d513eea6583548fa8a6259b260d73fab77758ad95137b61fe9056101dd5772e8f4a

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\d3dcompiler_47.dll

                                                                                                                          Filesize

                                                                                                                          4.7MB

                                                                                                                          MD5

                                                                                                                          a7b7470c347f84365ffe1b2072b4f95c

                                                                                                                          SHA1

                                                                                                                          57a96f6fb326ba65b7f7016242132b3f9464c7a3

                                                                                                                          SHA256

                                                                                                                          af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

                                                                                                                          SHA512

                                                                                                                          83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\ffmpeg.dll

                                                                                                                          Filesize

                                                                                                                          2.6MB

                                                                                                                          MD5

                                                                                                                          3b74a017d60d588937ccb7453ee3df14

                                                                                                                          SHA1

                                                                                                                          37505b193d45986daccb3e4c44f40675d0b4c40a

                                                                                                                          SHA256

                                                                                                                          395fc47fdafec2e93c3534da579393466703ff6f9380ca6d2c2e7628462d40ce

                                                                                                                          SHA512

                                                                                                                          38efc1f695375bc6599848b4a5d10aba8571c618b8ecc3a007dd953c9e724e9d7839eb27e2cefd2c482bd9f5f363733563a592b8fa8af16e311644e44bab0872

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\icudtl.dat

                                                                                                                          Filesize

                                                                                                                          10.2MB

                                                                                                                          MD5

                                                                                                                          74bded81ce10a426df54da39cfa132ff

                                                                                                                          SHA1

                                                                                                                          eb26bcc7d24be42bd8cfbded53bd62d605989bbf

                                                                                                                          SHA256

                                                                                                                          7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9

                                                                                                                          SHA512

                                                                                                                          bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\libEGL.dll

                                                                                                                          Filesize

                                                                                                                          469KB

                                                                                                                          MD5

                                                                                                                          c7e24104c3d3e96b15fd0e309208f6d5

                                                                                                                          SHA1

                                                                                                                          974f73ce194123d7a024aa1dcfa3cbf9f0ceec0c

                                                                                                                          SHA256

                                                                                                                          5264e6461af122eced8ef3ce198c1c40851839d987f1e974e5c760dd847b9552

                                                                                                                          SHA512

                                                                                                                          e7d8203c895aaff2e29d870979fecb2b1ccf8334fa494341bde95cebb80f51893998ed65526dd433daad7a600dc14c97417c7069cc3db9516f741280d11609b0

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\libGLESv2.dll

                                                                                                                          Filesize

                                                                                                                          7.6MB

                                                                                                                          MD5

                                                                                                                          7b6eb3934932d133f25cfda71c2cf129

                                                                                                                          SHA1

                                                                                                                          da9dfc18f03667bdc950b11cdb7db31d2417d27c

                                                                                                                          SHA256

                                                                                                                          bb4625ec2c0811fc55f66904567035d8533d6a3b88250ee2dd848cbccd6c5dbb

                                                                                                                          SHA512

                                                                                                                          059d97edb4ff4d380ce1c955312ea38509560f279b560108e7237197e80172bf38da0eda7f821efaeaf6106366faa0c5b29497f973773ee16c9eb41d5eda1b8d

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\af.pak

                                                                                                                          Filesize

                                                                                                                          481KB

                                                                                                                          MD5

                                                                                                                          94af96b7f60a4cfb9d596cd8927ba37d

                                                                                                                          SHA1

                                                                                                                          556833517bc6ad77b5427000f2c3dccad91b92e6

                                                                                                                          SHA256

                                                                                                                          716e296c2f663ad90cdde85c5134582fc2305e5ebe10649fc9653bea533500a6

                                                                                                                          SHA512

                                                                                                                          6605688a373a358ff1dfbeda1c09dd031e4a63de662555f5304843c31eb3afcedbc8ffa4dae8ddc1483b04ea24cb709ecc639a9902caa68731d8e44d04cdbd83

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\am.pak

                                                                                                                          Filesize

                                                                                                                          782KB

                                                                                                                          MD5

                                                                                                                          34b24f035bad74764b7cc57420488180

                                                                                                                          SHA1

                                                                                                                          fac3fdba1a94d7676ac4d71447178cfbd1fa4e82

                                                                                                                          SHA256

                                                                                                                          9cff5c4af5997b45fb2a384bd73560e56bcb7710149e1a7e3e172d64e6eda025

                                                                                                                          SHA512

                                                                                                                          a01da4c45c6295a57248603f01a6b6231c4ce400aa3ec94e4228b26e8cea995c31d52b2008f99d0f17482aad80f1d67725c32e0f37cad6b012b1022ecde998f0

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ar.pak

                                                                                                                          Filesize

                                                                                                                          855KB

                                                                                                                          MD5

                                                                                                                          83121a8093e7a335c577f11eaf101794

                                                                                                                          SHA1

                                                                                                                          4716966d9793e02b28573acab943453ab56dd441

                                                                                                                          SHA256

                                                                                                                          245410cc95c79310cbe9755530d6be829b9fbb3bd70f90c9531d933fe803e44e

                                                                                                                          SHA512

                                                                                                                          117f9231cb3b1fdf6db70d0222098c4fe7ef2505db021b2f27225b58a6e22228d6cca48fc7d7693272d26ffec32244d090f64f2a5c900419f0d1ffa28b877d14

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\bg.pak

                                                                                                                          Filesize

                                                                                                                          892KB

                                                                                                                          MD5

                                                                                                                          d08e8e493f0b3c8ab19070ab05a78af8

                                                                                                                          SHA1

                                                                                                                          c5fa430269dc2d32baa6885de2453fa84c36f2fc

                                                                                                                          SHA256

                                                                                                                          d223e994ad1aa6e747507187f724cdede8c369d2e8e0def50c4a6c912dba3880

                                                                                                                          SHA512

                                                                                                                          4b415fa2ae6ba399674f90ea67e571d90a35fff1ce93df77f20bf692b52c92bfc41e5a3622776e3979b1662fecd2d9665209d5d1d53ece1bff3ed01a28e499d8

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\bn.pak

                                                                                                                          Filesize

                                                                                                                          1.1MB

                                                                                                                          MD5

                                                                                                                          696016f43190747d63befa354d76e50b

                                                                                                                          SHA1

                                                                                                                          3399e641930b820b627a4e28dea0a79fc457f929

                                                                                                                          SHA256

                                                                                                                          1e49980f89360b395a70e844ccd0c43b3a34eab84461b1499e7621f757149e3e

                                                                                                                          SHA512

                                                                                                                          3966fcc5988ceeb4dca79c0053fb428e5180029d44704faa4723334c69413a6eacf622e637857c1dcc096e129dd84e2369e4595ea50316cf8eb68696611a8430

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ca.pak

                                                                                                                          Filesize

                                                                                                                          542KB

                                                                                                                          MD5

                                                                                                                          7ad12fe9117cd590312cd7d0b867de33

                                                                                                                          SHA1

                                                                                                                          f71a25d4dc5cb8b5f2bf58db5f3e4cfbc2aaaf66

                                                                                                                          SHA256

                                                                                                                          8f8511f02b6a1ea3022592d34b74abef93a5560567b09076b332961ab5a6236a

                                                                                                                          SHA512

                                                                                                                          5b823124d4b0e424a80a0d4508baf5e892c6c44f56c432956c44817d4ac74895be1d10637c22838fffd7f06047d36e7849553e08ae808bf9ec7d37ab123f5692

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\cs.pak

                                                                                                                          Filesize

                                                                                                                          558KB

                                                                                                                          MD5

                                                                                                                          c0b5c8b3e46c715f313ee78a788401ca

                                                                                                                          SHA1

                                                                                                                          5a59b4c2214f52c63f6e8c7ef7a11662c30a1ff9

                                                                                                                          SHA256

                                                                                                                          f7eafc84e6e55fc7dcfbc749e0b7bbd7cf051390bef3dbc37f2cdeecf92637e0

                                                                                                                          SHA512

                                                                                                                          b6a28846601ee937b21dc5e7c3b19e612b2a654e4de7e9dd7943f7b981ca6c3a1c86a93ce6a4b801debbbfbf71fdb243ca81e56163d44b2bc0fe8415ca5a55c4

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\da.pak

                                                                                                                          Filesize

                                                                                                                          505KB

                                                                                                                          MD5

                                                                                                                          a97f00b4bd958876ac55e9a3c73e7c79

                                                                                                                          SHA1

                                                                                                                          0a019a4e1077dbb735bacf7b19374bbeec1a3e6f

                                                                                                                          SHA256

                                                                                                                          247790939c3e549ebcc079b872ba8f3b9645875c0bae26fc49b36d9bf73c3b82

                                                                                                                          SHA512

                                                                                                                          fd6d89f016b679e3f4afad590a591e592eaf4a147b7d7566a745a695cadc51957c5df06d0d60d52de00f434d8d8a5fdc27aa5ae29086762c5fc4615f4302a10e

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\de.pak

                                                                                                                          Filesize

                                                                                                                          539KB

                                                                                                                          MD5

                                                                                                                          0e434b38cfd98a0979a4373b6ffd1b8d

                                                                                                                          SHA1

                                                                                                                          cda239ac9cbe2b93597940cad6f8554ae61bc5b4

                                                                                                                          SHA256

                                                                                                                          e1a2f20da317a6a7790dc0b2832d6533aa451a4cb2e06cf1a46525db26c96b12

                                                                                                                          SHA512

                                                                                                                          00b00aa6420dd0f7849144bc7b1d6e8ac93fe2cd759d196c5eb143a4950fe0a3af9f468fc6d952d347fc9706fffad0d5744ab5e276b4b1e0cdc5b445c90197a8

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\el.pak

                                                                                                                          Filesize

                                                                                                                          979KB

                                                                                                                          MD5

                                                                                                                          271c3234e3a07223e6db8f6ab1c18f92

                                                                                                                          SHA1

                                                                                                                          dbc1ecc686eda75627f3fa60d034ea4021da0acf

                                                                                                                          SHA256

                                                                                                                          58ca76aa55e11a475c830ac89010d4431f455f531079c1e8a0943490b4dd8e4b

                                                                                                                          SHA512

                                                                                                                          50e6fab168889a283e26eacd7731367032db41841f39fef0f99543b98266c3784ee62a956cd4415c83a6fb7451b3f618f4f3dcf9807cf9b0f2f595ce26e24aac

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\en-GB.pak

                                                                                                                          Filesize

                                                                                                                          439KB

                                                                                                                          MD5

                                                                                                                          161d0ee49ed171ea8491ceb6c994d176

                                                                                                                          SHA1

                                                                                                                          1d85de03cc44eb4f78738006ccef4e5809ff8015

                                                                                                                          SHA256

                                                                                                                          77a6578635a0cd3a89ff11116fa819ecb6b2609bf8e9ba92c687711c92c4e143

                                                                                                                          SHA512

                                                                                                                          c8600ae02234bbd846fdcdf8dbe270a0aae259a3615805a271117b04a9a2be52180520d855617c7709d694859c28fa63ec2c107ed90a4ecf84194d9717b2d278

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\en-US.pak

                                                                                                                          Filesize

                                                                                                                          443KB

                                                                                                                          MD5

                                                                                                                          88bbc725e7eedf18ef1e54e98f86f696

                                                                                                                          SHA1

                                                                                                                          831d6402443fc366758f478e55647a9baa0aa42f

                                                                                                                          SHA256

                                                                                                                          95fd54494d992d46e72dad420ceee86e170527b94d77bfaaa2bfc01f83902795

                                                                                                                          SHA512

                                                                                                                          92a5c6cfc2d88272bb5144e7ee5c48337f2c42083bc9777506b738e3bcb8f5a2c34af00c4ccc63b24fb158c79f69e7205b398c9e22634dae554410450978a2c4

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\es-419.pak

                                                                                                                          Filesize

                                                                                                                          534KB

                                                                                                                          MD5

                                                                                                                          0b2f21294e4ef0dc26b3101e3b050c15

                                                                                                                          SHA1

                                                                                                                          6964d2e5f15767e771697488b67042ad4eb7f399

                                                                                                                          SHA256

                                                                                                                          453f699a7fa645e0e1d3427e06e65c3626540c5f68e9469e1cc18dcd141c2245

                                                                                                                          SHA512

                                                                                                                          54be2b630664ffdc02cfd58803a3e4d74edebcd814efbfc1530c777030291387f09bab5200f97951a47c70e6b1881146b798dbfc1deb2f953b9e91f3519c126e

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\es.pak

                                                                                                                          Filesize

                                                                                                                          534KB

                                                                                                                          MD5

                                                                                                                          2e163e56cce7f1a0feed489ead44923f

                                                                                                                          SHA1

                                                                                                                          6a1b40ce5c3f210ccc5f64383010fa4796e36df9

                                                                                                                          SHA256

                                                                                                                          ca83c63f335929fa300129c9661ec295a3d5749ee9edb0f36ba8da902ff6a6a6

                                                                                                                          SHA512

                                                                                                                          509288b4324fb5f3e7a505aed4ea806d90fd437de52b2edf773187520c12b3d280020d90e98b0c091561da7e67c83b56846065a63d5f584cca95280a8e111c3c

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\et.pak

                                                                                                                          Filesize

                                                                                                                          485KB

                                                                                                                          MD5

                                                                                                                          23c45c6f09d13fea52fd88e366348caa

                                                                                                                          SHA1

                                                                                                                          d82057e2ce05d123d859be488adc27074771c73c

                                                                                                                          SHA256

                                                                                                                          d4111b9c6baaa2404ea5c20dfefca1dc892a244b26c420314ee467fa2822de5e

                                                                                                                          SHA512

                                                                                                                          0009c1c61839933db63e3bf73dac63453d7d5c94255da3c0650c9111424415c91bcf1f914be7ace119fe290c4aae9f282c6016a04c4082c881882b5c3f2d04e7

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\fa.pak

                                                                                                                          Filesize

                                                                                                                          794KB

                                                                                                                          MD5

                                                                                                                          5655e0036c0f7a656eb1320309d155dd

                                                                                                                          SHA1

                                                                                                                          a38bb37d74b0de424c3df345a1fda68cfa916fb5

                                                                                                                          SHA256

                                                                                                                          69454dbec49fa935ce242888de4614bf5f5321af5f26eebd3fd9a6c768652559

                                                                                                                          SHA512

                                                                                                                          48473a81c4c611849efb531390fed7efe8f0204b45fa53ba4a1445c869c37ad49293316f00c3ca6147a44d87411aa528168528f36f52b782de3baeb372464845

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\fi.pak

                                                                                                                          Filesize

                                                                                                                          495KB

                                                                                                                          MD5

                                                                                                                          671cff3aa38e9810a6fdd11c91861acd

                                                                                                                          SHA1

                                                                                                                          6062122660beade0e00cb86d9e2c8abc274f9f59

                                                                                                                          SHA256

                                                                                                                          3e69afb533da49338f036ad2c286c4193ce6b5a2476230dc4a1140cdaf03a6fd

                                                                                                                          SHA512

                                                                                                                          3127764aa594de149528b716ed135aff1e45a3fdf4a0a936b9240785812be2509f61d629c4dfae1759c87defab61e34203bf2a196381e87633d0fd02a1b76454

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\fil.pak

                                                                                                                          Filesize

                                                                                                                          559KB

                                                                                                                          MD5

                                                                                                                          4990033756bc1b2410e77a607bb62f8c

                                                                                                                          SHA1

                                                                                                                          a02c0f347606bf50aa6f281e42d2d66ce6155299

                                                                                                                          SHA256

                                                                                                                          3265ae5b6c16a09b1ec9ea53181de78df75e951c3ce28f33d4c483088a9ab37b

                                                                                                                          SHA512

                                                                                                                          3d45c6dd30eea6d6929039c0cdaa7bb6f7b665fe67fc7a5ca79567d4fd3f907011857e5cb43c16cce9c558d4f669618bc5378f05fa583b19360df58b12b5f913

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\fr.pak

                                                                                                                          Filesize

                                                                                                                          577KB

                                                                                                                          MD5

                                                                                                                          e7ee691a2570b917483afabe167d79d6

                                                                                                                          SHA1

                                                                                                                          bfdb9a930223d2a7ca6e9c493e453990a8434a4e

                                                                                                                          SHA256

                                                                                                                          10c0b55e5935764f194f9d787fcdf03a6b87df23ae4a179deb5b9ba4451b0220

                                                                                                                          SHA512

                                                                                                                          034807542dfce6b2e74a4f42c2923adeea3ac930688ebb1844f9650a4f8143b807a2a30b521bd6b131062fdf8425c77cf6a521c58bf10ba81dcd4e7274134c4d

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\gu.pak

                                                                                                                          Filesize

                                                                                                                          1.1MB

                                                                                                                          MD5

                                                                                                                          86b829b3cdcf383f11ffa787a32446a0

                                                                                                                          SHA1

                                                                                                                          c9f626a97bcf00541876caa7a49d23e0b84b83ef

                                                                                                                          SHA256

                                                                                                                          74c62dca0b7a310aa593d1dcca8b0b0b382b052837e7cae6b87cf05b8b346b1b

                                                                                                                          SHA512

                                                                                                                          72b69cc9846fb078a8c03afd60154a3b55bc828b9e13b5124a473c0ee528e3cb3ed67f67d7d763ec8e78883640c53d4c88a7a14552b851d493abf65e269353f8

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\he.pak

                                                                                                                          Filesize

                                                                                                                          696KB

                                                                                                                          MD5

                                                                                                                          433eee3490a1ea856768856f11abb357

                                                                                                                          SHA1

                                                                                                                          f40c06dfe34cc21836c35b53310019265021abfb

                                                                                                                          SHA256

                                                                                                                          30a044df9a5c665a2653a90e1a5a3868b6a16861ca945e70da1a65892f4eff44

                                                                                                                          SHA512

                                                                                                                          20893e629a067c6b92cd03a1e805c6aad857388d7556e36547ebf8b51facef330ac8a0954ff7222b406655bb9254536e2857b1bfcdb27e829eaa9199fdc1189a

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\hi.pak

                                                                                                                          Filesize

                                                                                                                          1.2MB

                                                                                                                          MD5

                                                                                                                          3751919d994ad0a1b9657b947945c5a4

                                                                                                                          SHA1

                                                                                                                          cdf66f0260e28076e56eedb07239e65cd195759f

                                                                                                                          SHA256

                                                                                                                          d9979ea297325ae36f2a467b07d41e281f0b3a9a77373cbdf76200eaed2f48a7

                                                                                                                          SHA512

                                                                                                                          8c161c5ff23cf35b6ec5c49481445d7cb978a8bafa5635d2dcdee435f73dd9bca994bdb51010223ded6c49089e5b4879ec3b4fe4a54f864fec00247c96678130

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\hr.pak

                                                                                                                          Filesize

                                                                                                                          538KB

                                                                                                                          MD5

                                                                                                                          ee08edd61377c4d0aa6e1749ebe4cdb5

                                                                                                                          SHA1

                                                                                                                          a2ce9d5f682e0b61fc2a92d42a8f90a32c6ed70c

                                                                                                                          SHA256

                                                                                                                          86761c837293c3450e68905750d6888ad76cf7fea78d6468489c8ef156a444d6

                                                                                                                          SHA512

                                                                                                                          cb140f6955a3291543b419241b0c16f8dd757643d40a7241cfcf8f2bb4dfcbc495e38716f0a54c773e91bc27415cf8450e954386227f3bda81434b8331cd7296

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\hu.pak

                                                                                                                          Filesize

                                                                                                                          581KB

                                                                                                                          MD5

                                                                                                                          92995b10868e466811b909c9702f1727

                                                                                                                          SHA1

                                                                                                                          6cd34086b876bf07dc1222cbd33e8fac60e401ae

                                                                                                                          SHA256

                                                                                                                          0a62d168c0f6d9d651dedb4e01be5b533b94e8617535cd70ad22717748fbbc64

                                                                                                                          SHA512

                                                                                                                          412d0f253d31eff5819fc05ed0da6284a39cd5dbc3f8dac81153511c69aef9cd3f1170d3c6a74616e3d9c51bc457045e9715456b1ef50e139f68f667d5662f53

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\id.pak

                                                                                                                          Filesize

                                                                                                                          478KB

                                                                                                                          MD5

                                                                                                                          fb42de6be21c78da1b05c518c5625882

                                                                                                                          SHA1

                                                                                                                          7d8d4e28ea196e3e48df4999d94a04c0be31de16

                                                                                                                          SHA256

                                                                                                                          d9fc19e683240404a60d57037f24e1d8b20cfda4c8bcacfed577b86cd8988517

                                                                                                                          SHA512

                                                                                                                          63885e8c82dbef4902c75ae7bc4c3f953057236b07d6919bf3a9f8d1e6ec0ae2cb94cbe0366e56e1272653087faf2fb07b92b18bd312e8e1b38fc76ff5eb3922

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\it.pak

                                                                                                                          Filesize

                                                                                                                          527KB

                                                                                                                          MD5

                                                                                                                          e25f7dcadda21b072cf012d3c23600f0

                                                                                                                          SHA1

                                                                                                                          f172e6bec3cdf58260ae2b265bb2d2c2024d3c2b

                                                                                                                          SHA256

                                                                                                                          53b018b82272a07929a3c4742d5217d81c49c54413010af3a9e8f3634d0ac361

                                                                                                                          SHA512

                                                                                                                          fb12276e9dca5ec27bc85137872e44f5dd1451ab9bc4f87a18e279a33de8eb694c77769a58041ec2a3bf2bc8e0ff5cc42595d6aa89b6b3542d6124515502415a

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ja.pak

                                                                                                                          Filesize

                                                                                                                          644KB

                                                                                                                          MD5

                                                                                                                          e049505ad91c088b2bc6c11f478810f6

                                                                                                                          SHA1

                                                                                                                          11ccc84a0cac8b14728997eab4529e2f365e55b3

                                                                                                                          SHA256

                                                                                                                          014c329d7c5d55364b4fb237ef3b117272a53f7a7e5f0d0cb7b2861942a5345c

                                                                                                                          SHA512

                                                                                                                          51b983cbcad124687965afab566ce52fbab6d71b25022a377b091cc8f6b2435051fff70bf671df1d7e363ef64b80216cf64a6d05a472d55fbb3ba0ed29956bc6

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\kn.pak

                                                                                                                          Filesize

                                                                                                                          1.3MB

                                                                                                                          MD5

                                                                                                                          3c7b860c21dc86f7e62ed9033960a487

                                                                                                                          SHA1

                                                                                                                          47e870d1d1f758a6d8ab6da227cfdd2ea55076cd

                                                                                                                          SHA256

                                                                                                                          b2658ad69c7b761cd12fead16e52bbdf1f1731b2ab96e6948f356f373ca01a76

                                                                                                                          SHA512

                                                                                                                          9820633cbad79f90699c5c2813ef08d28c6c1f2e496780288a710856189686a0e1de3e27f5333e35fb3bc30a6bc81b8bfc093bb0c59cbb039c7afa8814791378

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ko.pak

                                                                                                                          Filesize

                                                                                                                          544KB

                                                                                                                          MD5

                                                                                                                          114ba02546a8662240b7ec23d101f47b

                                                                                                                          SHA1

                                                                                                                          7d6f10e25b6f4bde6659aa6d661a1139c3db539a

                                                                                                                          SHA256

                                                                                                                          43086597d703d66c410d099ca76dbb2f35835b605f93fe9a98342a08cdda5c0a

                                                                                                                          SHA512

                                                                                                                          d1097da68e6cdfc5cb963e6e5d18da714f3a9f3d76ad064ab9197fa8e379eff502b7b01e7b332aa1ec0ed98157537d28c2b7db8530e512e3b5b784a56d19367e

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\lt.pak

                                                                                                                          Filesize

                                                                                                                          583KB

                                                                                                                          MD5

                                                                                                                          1bab0f6c08b1cb26db455aaf581490dc

                                                                                                                          SHA1

                                                                                                                          3a32246b812e8ed35ddf0a6842b8bf26b19be9d3

                                                                                                                          SHA256

                                                                                                                          946351ed2d74f247dea0f2742fc36d89225355480f0cec99d71599ccce3ea9e1

                                                                                                                          SHA512

                                                                                                                          c6e4502fda62e2606e31a7c67679d59d21a04342c507e1fa39ac59156a4d1e1cab1923de4bcf30b735d5bcf89824d4283b57db11af9673b5b956c2f883a3bc7c

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\lv.pak

                                                                                                                          Filesize

                                                                                                                          582KB

                                                                                                                          MD5

                                                                                                                          e4993f39d6fa671658aa3ce037aec60d

                                                                                                                          SHA1

                                                                                                                          2db9bfc42b07060f6e256c74a01c348cd6c2ac0a

                                                                                                                          SHA256

                                                                                                                          1e6f9a40f4fa1206117063234399bd7c1e7d198cbf6c4ad633e5e18ad0929836

                                                                                                                          SHA512

                                                                                                                          4192274330be238a93e370fc3fc8ada444b38fa1464889f0e3d0f6c5e548f7f7de14248937d45f8aa84c043078a69174ac1c9a5894fc9b4ff8f10deef6f77e5e

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ml.pak

                                                                                                                          Filesize

                                                                                                                          1.3MB

                                                                                                                          MD5

                                                                                                                          9f0422326953a0c48c1db82ca2a9d639

                                                                                                                          SHA1

                                                                                                                          2305bc895e9ccc5b9a3d661e891c4f06d8a503ff

                                                                                                                          SHA256

                                                                                                                          f2fb440eb0518dc695810fcb854b20b72aa47e5ffc75c803aacf05861d35a94f

                                                                                                                          SHA512

                                                                                                                          a899dd975a56a53503b5cbc7448f54423b18bfbd917f73f0871840d6cf6a574bbaac8d735ae8de6a074cd78c43b6640e3e46be1550dcef8f8cfd1971cc1513d6

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\mr.pak

                                                                                                                          Filesize

                                                                                                                          1.1MB

                                                                                                                          MD5

                                                                                                                          b0e1f36587445f28f22777d555683a0f

                                                                                                                          SHA1

                                                                                                                          42f7cd3c596c2f52662b86df9d9096bf822a80f3

                                                                                                                          SHA256

                                                                                                                          a674db4e60152fc17a32d4b92add129adaebfc02a1a783a12653f984447c535e

                                                                                                                          SHA512

                                                                                                                          575fdea827497ceab51df5fc8783f960b87d180f6031f0947525279d224189a6299943df37a014f7bcefc637ee23327fb1ae82eb77c175d63c515b29947ac0d1

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ms.pak

                                                                                                                          Filesize

                                                                                                                          502KB

                                                                                                                          MD5

                                                                                                                          c8d605a91b2b66603b379f5557783afe

                                                                                                                          SHA1

                                                                                                                          d6f294eb91675182f658158ff9399592935c779a

                                                                                                                          SHA256

                                                                                                                          7707f79a2a4aec553e68af87802a0f19d3714a25311fb7b8afdc6ff4a5b6c5ff

                                                                                                                          SHA512

                                                                                                                          a9f100dc1fe0a19a0a0a4360fff392af4e07eaed6613ab6dc61548d36afe55e4c9183e6584ca4e15feb477947ee8a79a96775718197129a555319a162281b9c7

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\nb.pak

                                                                                                                          Filesize

                                                                                                                          487KB

                                                                                                                          MD5

                                                                                                                          d1e0429ab9ad3821bb0ad398eb3ea362

                                                                                                                          SHA1

                                                                                                                          ee4efa5aa14bb10e70f3542dbe0b256df6c99fcb

                                                                                                                          SHA256

                                                                                                                          5844a4a660e41045bf86dca31242e33a6c4726b8dbde15161261446d29ec7add

                                                                                                                          SHA512

                                                                                                                          5189abc6844372ed0c115c6ce341387514034dc2c54f068fe6b479d12ee76d5a727653fa0dabb2950eabff6e6f529c17cdd7ae822515d20b74889012d27f7032

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\nl.pak

                                                                                                                          Filesize

                                                                                                                          503KB

                                                                                                                          MD5

                                                                                                                          525b638051d9ac36fa759039c17283c4

                                                                                                                          SHA1

                                                                                                                          c1922ba3bceae681b90064b60fcb85a7e6c944b1

                                                                                                                          SHA256

                                                                                                                          a2335c62cdd4875660e955b0d65d9e995946b1281ed7f34521d3ee01cedd643c

                                                                                                                          SHA512

                                                                                                                          680c18b6782f977c87ae0ecae9d1cc0e2590ad75d8146a5ee3e9b1dd9ed1081530f310e871bbd6dccbba42306d8f59778f202691e5690da1859e22d485fc75b5

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\pl.pak

                                                                                                                          Filesize

                                                                                                                          560KB

                                                                                                                          MD5

                                                                                                                          10659a05a7180f54fc46f122ab331052

                                                                                                                          SHA1

                                                                                                                          968a0faea6eac3e82f694eb76d24228be58cb734

                                                                                                                          SHA256

                                                                                                                          16e9adf63d98e00d0a5433dc9c08253c678d5e3ccdde11783da3c94e98f65e46

                                                                                                                          SHA512

                                                                                                                          b815ed62b10bc5abf8bfcaf3a1e42f821bdccb0ebfa6ac15dfb0d1246c71f613fb8c7f2f9f57001377ab5ef700406d0ce3c338fe4a41065d98398341021aad6c

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\pt-BR.pak

                                                                                                                          Filesize

                                                                                                                          527KB

                                                                                                                          MD5

                                                                                                                          c3bc628628f8809ec2d18f997db6e540

                                                                                                                          SHA1

                                                                                                                          14c6f0215b7895f2648813ad033b59242d058a13

                                                                                                                          SHA256

                                                                                                                          6bb17174a3d061afe86cf901cca658793bccc53f7edd1cbde0b58fe90e71a9e8

                                                                                                                          SHA512

                                                                                                                          73ca0eaf1f1a250bf50db5d1ae2f3b58c93289703ea85a7bb891463412a63ea8a88fbf19976d9fba637f99cca097fcefda773d2fcf07daf6f5a1d270597703a7

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\pt-PT.pak

                                                                                                                          Filesize

                                                                                                                          530KB

                                                                                                                          MD5

                                                                                                                          e4565bfa531c9c4344f84dc8be207c93

                                                                                                                          SHA1

                                                                                                                          5d1084ad5bff80383129850a853fe1319c23199f

                                                                                                                          SHA256

                                                                                                                          fcd194e5caf36be4958c559acbde4f28a957083bf2aceac893f9e5c9e65d8a95

                                                                                                                          SHA512

                                                                                                                          531a318e8ef1683abe4bc7b44e7d3a4d6ef907d5e7ddfa1f5cea20414dd33060981afdb8d1f4813b05be90985f10fb892f9060f6c1f2b975984f12acc8cdce6a

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ro.pak

                                                                                                                          Filesize

                                                                                                                          549KB

                                                                                                                          MD5

                                                                                                                          8c922129bfb61fe14fa035d965108823

                                                                                                                          SHA1

                                                                                                                          aa8d8dac978053163a303c1f1206480144d4b330

                                                                                                                          SHA256

                                                                                                                          06c6486e8a42b447a55bd789bf2bc794354fa4be062139481e4612550f16c755

                                                                                                                          SHA512

                                                                                                                          25f9c2b75febfe607cbdd872a82338aecb5f277ed2d3d80fe0ec01289e3361445102392ea23207658ac347a774a7f47bbe19672d49f080cd6aea220da5ac3618

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ru.pak

                                                                                                                          Filesize

                                                                                                                          902KB

                                                                                                                          MD5

                                                                                                                          4fb18b712580caa5cdff8c8cbe9e67f3

                                                                                                                          SHA1

                                                                                                                          79bdeed0aa9bef9a8396a426e370b4022b09243d

                                                                                                                          SHA256

                                                                                                                          bee87b5ef0ab61c05eb3ed4c43ba0900a75a853fdaef2218ffa1b2eaa4d29d21

                                                                                                                          SHA512

                                                                                                                          fd91fae4dfded1fcb6cc0e6a6da4caa123c8347d1a9eff33c0d5339aa9854dc07bbb3c84e1880f260eaf932a1a2af9784157d5656b29d661e20961f499b1e5b0

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\sk.pak

                                                                                                                          Filesize

                                                                                                                          566KB

                                                                                                                          MD5

                                                                                                                          8e5ecfbf0ab9e00401f088489afed0c2

                                                                                                                          SHA1

                                                                                                                          a99df2ed2a00ade4cde178f73893b84aaee521cc

                                                                                                                          SHA256

                                                                                                                          25e0167d708a004e36e3c344e0209e979d42874122cae03ef2e2c5e110f39364

                                                                                                                          SHA512

                                                                                                                          401ea003abfb4a32b52cfab912c2199800f54aabf1321802f973a9925f535d40cff9825832d98ca86eb3af794f64aa408dbbd99e2083f2e9fd0d02ec4debd301

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\sl.pak

                                                                                                                          Filesize

                                                                                                                          544KB

                                                                                                                          MD5

                                                                                                                          be05e8eea54a25cd15d807264f8aa284

                                                                                                                          SHA1

                                                                                                                          a63dc26044b31fb4e1a35b1f5778150d737ccfce

                                                                                                                          SHA256

                                                                                                                          63963e60a45495ff762f02e02fd42c723d7c482a44c07e50473cbf7ccdd73eca

                                                                                                                          SHA512

                                                                                                                          4163b3eeb5e55beacc53349cad6899e871d74109a50b28a001e98f0000cf6eb57d4e06f10a70557664f15f4456fbcbb80ac7dbd1174bd19a20975da108ef2dc5

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\sr.pak

                                                                                                                          Filesize

                                                                                                                          839KB

                                                                                                                          MD5

                                                                                                                          b1f52cd111da3b1ea1f31e082f15ba25

                                                                                                                          SHA1

                                                                                                                          3f4f13a0d253e8fbcfc1fb93125feed51f03bc56

                                                                                                                          SHA256

                                                                                                                          1410f7d93d53642ef9aa8dfd92497c923d71a97e419a6219c7bee7798c3561e1

                                                                                                                          SHA512

                                                                                                                          2c0ae8d36c496d570d6e013f859caf655a74047a2a27b79ad0895eba5a46c0895d123d532b8bfa4370ce67caf6b874cb29d751fd025586bfafad0bb800b22144

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\sv.pak

                                                                                                                          Filesize

                                                                                                                          489KB

                                                                                                                          MD5

                                                                                                                          8132fd35c20f775508f5440b7f3d6871

                                                                                                                          SHA1

                                                                                                                          4e50c2b45c69e95f95f34398a7a4babc06420c1a

                                                                                                                          SHA256

                                                                                                                          867687296810c4a95a1876edd91ce08e57ff1894c9f22913808fee1d21362589

                                                                                                                          SHA512

                                                                                                                          e13ca94f6766a49a9b11a128bad1a5803c3ae9aaa9a8a536995eaf510da071995fa27b087fd3f14422cf21792a54b9527a1fe658947a446a6764b32a86479d3f

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\sw.pak

                                                                                                                          Filesize

                                                                                                                          515KB

                                                                                                                          MD5

                                                                                                                          0787972a076c6690e7938758c2a92e24

                                                                                                                          SHA1

                                                                                                                          dbf02e5a3ae26acb060b533bb006756c19122bfe

                                                                                                                          SHA256

                                                                                                                          eb96ab83e2e08e811928742590178e97454863bc581dd8574d6a644fd3c6615a

                                                                                                                          SHA512

                                                                                                                          9f3560a3b648b1a7025cd8a98c39ec7634883aade1ac2c7836fde890cc04bd009aa5c1bca8354ee1259ebcd9482326c51a7d21bdee3caf92984ecbefab35d34c

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ta.pak

                                                                                                                          Filesize

                                                                                                                          1.3MB

                                                                                                                          MD5

                                                                                                                          088f7313392bd5bd898a984b434cee97

                                                                                                                          SHA1

                                                                                                                          bda9d5f5e87055674aecdb609a46a046bb0a6903

                                                                                                                          SHA256

                                                                                                                          e2868cbfde36485e8227ec24789a809ef4590f8841e5ee625cee154ba3701e78

                                                                                                                          SHA512

                                                                                                                          f8849d13924da2f5e3bb98f2aae19317d3f4260ec8e916ab88a91d6af97c9ba8fab929f91acb3b5575e30e87dda847f1192b6b2dc1d05341ce75a86a4fee8edb

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\te.pak

                                                                                                                          Filesize

                                                                                                                          1.2MB

                                                                                                                          MD5

                                                                                                                          d251d089aa789bccc27a0b473d39e46c

                                                                                                                          SHA1

                                                                                                                          283d8fb6b6195b3427144773ffc4691c82e31f0e

                                                                                                                          SHA256

                                                                                                                          8dd7d206379445bd9afa4e01ab986c439cf70841d080fca6e152b453e94fcc49

                                                                                                                          SHA512

                                                                                                                          27e6f13f6c7937c8121451d70ee90d2a2ce5e519d17e882a86b29a6a78764427022c36b6a99178e9933e01500b55bcbfd0dc79a6f028a046967c2c53f78424fa

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\th.pak

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          MD5

                                                                                                                          33dae3c79e7c1798eada31b70e3f2518

                                                                                                                          SHA1

                                                                                                                          c386f4babd6545c915dda9dfd4bcc8cae5ff6c86

                                                                                                                          SHA256

                                                                                                                          a88de31d7605a1c3eed2b5008cbf31de368d91fd57a543c995a3c2263144054a

                                                                                                                          SHA512

                                                                                                                          a1d033f85ba340a8f6f3da1aaa15bb8b04abc1acca1e9554af04576f512d38e6088c406f3227e03239e741eab68fe3a83a0ee13aff3c51554fa7e41b1d42029d

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\tr.pak

                                                                                                                          Filesize

                                                                                                                          527KB

                                                                                                                          MD5

                                                                                                                          1e661df0ee32346b7816e1cec439e9da

                                                                                                                          SHA1

                                                                                                                          2bd38e0a4ec62f306aae932d8e448a0911a5a63c

                                                                                                                          SHA256

                                                                                                                          6c5dfdfe34c0f6b2b00364dbd7ef3c62fb0d71a163f9254a7b4b3624d66c4ec0

                                                                                                                          SHA512

                                                                                                                          ef49c1f329f00e2a9350e7a6e3789c6ea2c84026e541717e4d72ea3723ac29e9be3e0d4a82e36ccfab27365feceef0012c209c53e3b079148140e0f08f55de56

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\uk.pak

                                                                                                                          Filesize

                                                                                                                          902KB

                                                                                                                          MD5

                                                                                                                          b11fcf5670f611e270552a51e8f4000a

                                                                                                                          SHA1

                                                                                                                          c28630a621b77df7434fb016f5b1e50d456cf296

                                                                                                                          SHA256

                                                                                                                          96f45509b52f046e70f3f61416b93ba8f2f5a0f06d7d849056161300a3ac6e5c

                                                                                                                          SHA512

                                                                                                                          a6f357825e59c35f72d740ca23300b3e233be1949dc4c5c5a3a268f4e0194b0be839f95fc125d8527d851971952c09ac233b294002f43911c2599859d935e8c7

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ur.pak

                                                                                                                          Filesize

                                                                                                                          790KB

                                                                                                                          MD5

                                                                                                                          7b5fed5150135b728bf8865246f7c8fc

                                                                                                                          SHA1

                                                                                                                          214b0f507ff6384b1b305f1718db43023499eeaa

                                                                                                                          SHA256

                                                                                                                          a0c752a805da7dd6608ad04625734f4d27cb75b682f51b2dc8ef08350cc7a2cc

                                                                                                                          SHA512

                                                                                                                          81fc55db4b0635e09057fd060d9eb72bda5a5fd2d2e1e4284e1b45098b287c609526c766b030dd0eaebc0836a32bcbf6dc0aae94327c103f3f736b5cd051a8a1

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\vi.pak

                                                                                                                          Filesize

                                                                                                                          624KB

                                                                                                                          MD5

                                                                                                                          b6174a2dd1e3f557cb99060fc3101063

                                                                                                                          SHA1

                                                                                                                          be115f1d2dc8135683a182ab5c09feab74a3c97f

                                                                                                                          SHA256

                                                                                                                          b654478c2d28b97d821a75543a0494bc35548749fc3eeb6b33b08b4f5f4fd84c

                                                                                                                          SHA512

                                                                                                                          ddbd38e7513f213b3603b1fbf16ad21fa34382cd11e33201cf579c2913a7b6e143a03bf12f11afb281a40c6948da9844b6c9d5ab372d7500184014e98ea74c19

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\zh-CN.pak

                                                                                                                          Filesize

                                                                                                                          450KB

                                                                                                                          MD5

                                                                                                                          8af3f2940137687b483ff2f4d9185b98

                                                                                                                          SHA1

                                                                                                                          58ce1fcadd8ca27abd11f0614401a12a7e93b11e

                                                                                                                          SHA256

                                                                                                                          766f8ac9d4e06437fd3300608ad4d31228576dcaa1e164ccbc4333d56493e9fe

                                                                                                                          SHA512

                                                                                                                          fe55fb3d0abab843e4ea1a33d590b3a9e885f6ea8a38cb8f651d090e8c5ea3400efd212502cac500ef26cc5d6b7a4a7cb66e4aee1a4bb13b97f0926ac99b16e0

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\zh-TW.pak

                                                                                                                          Filesize

                                                                                                                          445KB

                                                                                                                          MD5

                                                                                                                          ca8bf0d267507545580758c81e9fb2c2

                                                                                                                          SHA1

                                                                                                                          9ec7a2e731775bf3224317681847ffc54376702d

                                                                                                                          SHA256

                                                                                                                          eb02d499aada4f358c0776c301416de758167ada695503c0e72135ee462fcdfc

                                                                                                                          SHA512

                                                                                                                          d5322739253544d519d52aaf8a34fd0fcf3abcc49499e60d320265e85b173f49189d0f95c7ff67a9369400759830141bc342de7fb710cd047e8832070007716f

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\resources.pak

                                                                                                                          Filesize

                                                                                                                          5.1MB

                                                                                                                          MD5

                                                                                                                          65b03275e42049efcdb1d51da6dc43db

                                                                                                                          SHA1

                                                                                                                          ec69b7de36ca9876ba63005a67f6a204203b7834

                                                                                                                          SHA256

                                                                                                                          5e5a08f2b85927312b2cb9e0930e7af7099825d5783d470d40deff5bd0ebaf25

                                                                                                                          SHA512

                                                                                                                          731a0252a4970904dc4c706f1183fbe39b06e85267f1b165a529165d3b2d748cc2d944249c9ed8ad69827c929185fbc5b83963ad37b98f940ba12b448ddb58f0

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\resources\app.asar

                                                                                                                          Filesize

                                                                                                                          11.8MB

                                                                                                                          MD5

                                                                                                                          e17391bf3cc98be5554b509c39908fb9

                                                                                                                          SHA1

                                                                                                                          8f2e6726c940ce42df95a05c78385c824b4d560a

                                                                                                                          SHA256

                                                                                                                          7fbeab871461f743124788a03f048c21991e6f8cd165cf7af5ed87bf11126e3a

                                                                                                                          SHA512

                                                                                                                          998750ec0971f5aa7102253b38eb786dc3ba1f5ef9870a34ba7e4366cef37c04c15dca75467b17cfdb0b8c6950f042615ada8f6689d8cf8453460456133e67aa

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\resources\elevate.exe

                                                                                                                          Filesize

                                                                                                                          105KB

                                                                                                                          MD5

                                                                                                                          792b92c8ad13c46f27c7ced0810694df

                                                                                                                          SHA1

                                                                                                                          d8d449b92de20a57df722df46435ba4553ecc802

                                                                                                                          SHA256

                                                                                                                          9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

                                                                                                                          SHA512

                                                                                                                          6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\snapshot_blob.bin

                                                                                                                          Filesize

                                                                                                                          300KB

                                                                                                                          MD5

                                                                                                                          f7c9b4ea6c9d3e22236cb9aef84bb6c5

                                                                                                                          SHA1

                                                                                                                          56d24d42dd338ece109c11ed2ed06f4b25d5a100

                                                                                                                          SHA256

                                                                                                                          43ef9734d64580cc3dd0b9eb4f17ef69fe44945f1e34cb1342537facfc25d641

                                                                                                                          SHA512

                                                                                                                          a640e365950b9cc2d8b44650b21f88f483da39ea16261b5b5f59a14d9a97aa388551c2fbf44820324b23a0b97d8ff1f442582dbe19c3e03db4c183b680bf50a7

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\v8_context_snapshot.bin

                                                                                                                          Filesize

                                                                                                                          641KB

                                                                                                                          MD5

                                                                                                                          936a529299d925f06181035c01c3fc71

                                                                                                                          SHA1

                                                                                                                          1795ff36f04aeb830dc47c7648890bc4040eb711

                                                                                                                          SHA256

                                                                                                                          7249d4a31a52cdb29031445b9ccbe0ec2ff1b86c947fc16f8a0a96d5bd071898

                                                                                                                          SHA512

                                                                                                                          60fc3fa4ecef679bd1041e5c072c97ef907a0f6026aa00616cfdc69e4458cadcd2812ce0871a1aae13a5196357dbc3325589e00084bf8cbbf791db9e077a79e6

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\vk_swiftshader.dll

                                                                                                                          Filesize

                                                                                                                          5.1MB

                                                                                                                          MD5

                                                                                                                          063f0a33deddca0a6599386c12ee57a5

                                                                                                                          SHA1

                                                                                                                          6e05dfdfa7d5e5f35b593662227055011356ab19

                                                                                                                          SHA256

                                                                                                                          1bcf8e101bc58413bf7d64fb757cd2627b91a2b7830213657a1f0237b1a4980d

                                                                                                                          SHA512

                                                                                                                          15eb123bffde32d4d2ca22802320ecd697d091824949019420c082c2d57767aa04728874dc79bd02835e88ec7b4104f3553b4f09478cfee066273cdaacd916b2

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                                          Filesize

                                                                                                                          106B

                                                                                                                          MD5

                                                                                                                          8642dd3a87e2de6e991fae08458e302b

                                                                                                                          SHA1

                                                                                                                          9c06735c31cec00600fd763a92f8112d085bd12a

                                                                                                                          SHA256

                                                                                                                          32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

                                                                                                                          SHA512

                                                                                                                          f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\vulkan-1.dll

                                                                                                                          Filesize

                                                                                                                          935KB

                                                                                                                          MD5

                                                                                                                          fb8cb93daa4650ff759a96108c972bc9

                                                                                                                          SHA1

                                                                                                                          5bc7321f696a198496f9adac4246d139b7a5ca2e

                                                                                                                          SHA256

                                                                                                                          3389cf4e90f961466f4d0a226e649de628a537f0c2c1f6f444473f8330d94c57

                                                                                                                          SHA512

                                                                                                                          f05270c24583e3141fbceec64761156d561b8dcd334cfdaf2a42e5cedb478f1f75b42341b2bdb0e0daa011d0d1701890e91e8c110c90b06d664bde932a5f5560

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\StdUtils.dll

                                                                                                                          Filesize

                                                                                                                          100KB

                                                                                                                          MD5

                                                                                                                          c6a6e03f77c313b267498515488c5740

                                                                                                                          SHA1

                                                                                                                          3d49fc2784b9450962ed6b82b46e9c3c957d7c15

                                                                                                                          SHA256

                                                                                                                          b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

                                                                                                                          SHA512

                                                                                                                          9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\System.dll

                                                                                                                          Filesize

                                                                                                                          12KB

                                                                                                                          MD5

                                                                                                                          0d7ad4f45dc6f5aa87f606d0331c6901

                                                                                                                          SHA1

                                                                                                                          48df0911f0484cbe2a8cdd5362140b63c41ee457

                                                                                                                          SHA256

                                                                                                                          3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

                                                                                                                          SHA512

                                                                                                                          c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\nsis7z.dll

                                                                                                                          Filesize

                                                                                                                          424KB

                                                                                                                          MD5

                                                                                                                          80e44ce4895304c6a3a831310fbf8cd0

                                                                                                                          SHA1

                                                                                                                          36bd49ae21c460be5753a904b4501f1abca53508

                                                                                                                          SHA256

                                                                                                                          b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

                                                                                                                          SHA512

                                                                                                                          c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                                                                          Filesize

                                                                                                                          2B

                                                                                                                          MD5

                                                                                                                          f3b25701fe362ec84616a93a45ce9998

                                                                                                                          SHA1

                                                                                                                          d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                                                          SHA256

                                                                                                                          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                                                          SHA512

                                                                                                                          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 191910.crdownload

                                                                                                                          Filesize

                                                                                                                          1.5MB

                                                                                                                          MD5

                                                                                                                          d8af785ca5752bae36e8af5a2f912d81

                                                                                                                          SHA1

                                                                                                                          54da15671ad8a765f3213912cba8ebd8dac1f254

                                                                                                                          SHA256

                                                                                                                          6220bbe6c26d87fc343e0ffa4e20ccfafeca7dab2742e41963c40b56fb884807

                                                                                                                          SHA512

                                                                                                                          b635b449f49aac29234f677e662be35f72a059401ea0786d956485d07134f9dd10ed284338503f08ff7aad16833cf034eb955ca34e1faf35a8177ccad1f20c75

                                                                                                                        • memory/5236-1521-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5236-1523-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5236-1522-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5236-1527-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5236-1529-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5236-1533-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5236-1532-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5236-1531-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5236-1528-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5236-1530-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5956-1477-0x0000026F37CE0000-0x0000026F37D30000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          320KB

                                                                                                                        • memory/5956-1467-0x0000026F377E0000-0x0000026F37802000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          136KB